[每日信息流] 2025-10-30 #1035
Description
每日安全资讯(2025-10-30)
- paper - Last paper
- SecWiki News
- Recent Commits to cve:main
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Doonsec's feed
- 【资料】开源情报的政策考虑:Bellingcat在线调查模式研究(2014-2024)
- 首发 | 五眼联盟网络武器承包商Trenchant总经理为澳大利亚信号情报局前黑客
- 指数强的离谱
- G.O.S.S.I.P 阅读推荐 2025-10-29 让反编译更接近源码的“大模型修复术”
- 【英伟达开源】garak:为大型语言模型(LLM)打造的“数字免疫系统”
- 招聘 | 红队高级攻防 | 不限学历年龄
- 实战分享——致与我擦肩而过的一个shell
- 论文研读与思考|拆分降噪:SnD ——本地拆分隐私保护大语言模型推理
- 羊城三日:一位大学生女地陪的广州陪伴日记
- 安卓APP Activity越权访问测试
- 计算机学院卡布奇诺信息安全技术协会讲课活动成功举办
- 【高危漏洞预警】Docker Desktop安装程序 DLL劫持漏洞CVE-2025-9164
- 企业首获“碳中和”认证北京朝阳奖励5万元 ,赛迪认证提供专业服务助企业达标
- 【数字政府优秀案例联播】长沙市:公共数据授权运营平台助力数字经济高质量发展
- 关于开展优质数据源征集活动的通知
- 重磅!《网络安全法》八年来首次大修,AI正式入法,罚则全面升级!
- DeepSeek-OCR:把“文字变成图片”,AI 读文档的方式彻底变了!
- 国家安全部提醒:守护数字时代的密码安全
- 主流AI浏览器普遍存在致命漏洞
- 某集团子域安全缺陷引发的全域沦陷
- Azure AD 渗透学习
- SpringAI入门接入阿里云百炼之文本生成
- 【案例】Google Cloud SSRF 漏洞
- 想靠挖SRC漏洞赚钱?先想清楚这几个问题
- Tr0ll2:一张“图骗”shellshck撬开SSH,268个A引爆缓冲区溢出风暴!
- 威胁情报:异地登录账号的可疑IP
- 盘点以虚拟货币为手段的犯罪
- 美国牵引巴基斯坦参与 AIM-120C8导弹计划对南亚战略影响剖析
- CVE-2025-62725 – Docker Compose OCI 工件路径遍历
- 女科学家的平凡瞬间
- 别笑“抓包”老土,它是每个安全人最后的底线!
- MS08067顺利交付中国人民解放军某部队C#代码审计培训课程【高质量精品实战版】
- 【WP】NewStar CTF 2025 Week4 之 WEB方向题解
- 10 月特惠即将结束!从未折扣过产品、两大系列软件不容错过
- "Evtx Web Analysiser"实战案例(三)
- 圆满落幕∣一汽奔腾-汽车网络数据安全日在长春成功举办
- 《网络空间安全科学学报》第二届青年编委招募
- 少年,给个机会,了解下电子数据取证,合法又有趣(不喜欢的话明天我再来推荐别的)
- Gartner预测将重塑2026年的关键技术趋势
- 网络安全法通过!一图读懂,网络安全法到底修改了什么?
- 关于重庆第二师范学院2025年网络安全大赛决赛的一则通知!
- 【cyberstrikelab】PT-2
- 【DataCon报名中】口令安全赛道你关心的问题都在这里!
- 2025年重庆市工业互联网标识解析二级节点现场观摩暨规模化发展研讨会顺利召开
- CXSECURITY Database RSS Feed - CXSecurity.com
- 安全客-有思想的安全新媒体
- 重磅!网络安全法迎来重大修改,人工智能治理迈出关键一步
- OpenAI宣布启动重组,非营利基金会将重新掌握公司核心控制权
- 威胁行为体正结合FileFix与缓存走私攻击,以规避安全防护机制
- TEE.Fail攻击导致英特尔、AMD与NVIDIA CPU的机密计算技术失效
- 新型安卓恶意软件GhostGrab可静默窃取网银登录凭证并拦截短信验证码
- Docker Compose 中存在路径遍历漏洞(CVE-2025-62725),通过OCI制品可导致任意文件被覆盖
- Wear OS 信息应用存在权限漏洞 (CVE-2025-12080),可导致无权限应用在未经用户授权的情况下发送短信/RCS消息,且POC已公开
- Magento 中存在严重漏洞(CVE-2025-54236),可导致会话劫持与RCE,且已被活跃利用
- 新型安卓木马“希罗多德”通过模拟人类输入模式规避反欺诈系统检测
- 亚马逊启动AI战略转型,同步裁员1.4万人以推动效率提升
- 智能时代·可信AI安全 | 第九届安全开发者峰会圆满落幕!
- 先知安全沙龙 - 西安站 11月15日开启!
- Private Feed for M09Ic
- pydantic released v1.9.0 at pydantic/pydantic-ai
- modelcontextprotocol released v1.3.7 at modelcontextprotocol/registry
- bolucat released 202510291936 at bolucat/Archive
- mgeeky starred jackyzha0/quartz
- modelcontextprotocol released v1.3.6 at modelcontextprotocol/registry
- pydantic released v1.8.0 at pydantic/pydantic-ai
- mgeeky starred EvilBytecode/Ebyte-Syscalls
- wh0amitz starred mayanayza/netvisor
- DVKunion starred jpts/kubectl-execws
- su18 starred zhzhdoai/flowspot-intellij-plugin
- whwlsfb starred zhzhdoai/flowspot-intellij-plugin
- PeiQi0 starred HKUDS/AI-Trader
- PrefectHQ released 3.4.26.dev4 at PrefectHQ/prefect
- gh0stkey starred CherryHQ/cherry-studio-app
- 0xbug starred microsoft/LLMLingua
- wuhan005 starred wquguru/nof0
- gh0stkey starred jd-opensource/JoySafety
- 奇安信攻防社区
- SpiderLabs Blog
- Horizon3.ai
- Hacking Dream
- VMRay
- Malwarebytes
- Exploit-DB.com RSS Feed
- Wallarm
- Darren Martyn
- 奇客Solidot–传递最新科技情报
- 绿盟科技技术博客
- 安全分析与研究
- 网安志异
- 威努特安全网络
- 安全客
- 看雪学苑
- Black Hills Information Security, Inc.
- 青衣十三楼飞花堂
- 安全内参
- 360漏洞云
- 代码卫士
- HackerNews
- DataCon大数据安全分析竞赛
- 虎符智库
- 天黑说嘿话
- 奇安信 CERT
- 信息安全国家工程研究中心
- 安全圈
- dotNet安全矩阵
- XCTF联赛
- 中国信息安全
- 默安科技
- 国家互联网应急中心CNCERT
- 复旦白泽战队
- 网络空间安全科学学报
- 极客公园
- 阿里安全响应中心
- 数世咨询
- 安全牛
- 百度安全应急响应中心
- 字节跳动技术团队
- 360数字安全
- 嘶吼专业版
- 迪哥讲事
- 大兵说安全
- Over Security - Cybersecurity news aggregator
- Malicious NPM packages fetch infostealer for Windows, Linux, macOS
- WordPress security plugin exposes private data to site subscribers
- Former Trenchant exec pleads guilty to selling cyber exploits to Russian broker
- Canada says hacktivists breached water and energy facilities
- New names surface for NSA director, other top jobs at spy agency
- Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker
- More than 10 million impacted by breach of government contractor Conduent
- Microsoft fixes Media Creation Tool broken on some Windows PCs
- Microsoft: DNS outage impacts Azure and Microsoft 365 services
- Cloud Atlas hackers target Russian agriculture sector ahead of industry forum
- Character.AI to prevent minors from accessing its chatbots
- PhantomRaven attack floods npm with credential-stealing packages
- SocialMediaGirls: la violenza algoritmica come minaccia cyber
- Former Meta lobbyist’s appointment to Irish data commission ‘conflict of interest,’ complaint alleges
- Di Codemotion e tanto altro
- Microsoft fixes 0x800F081F errors causing Windows update failures
- Visibility Gaps: Streamlining Patching and Vulnerability Remediation
- Edps: le nuove linee guida sull’uso dell’AI generativa nelle istituzioni europee
- Atlas, browser basato su ChatGPT, consente l’injection di comandi malevoli
- CoPhish abusa di Copilot Studio per rubare account: la nuova trappola del phishing
- Botnet, dallo smantellamento alla ricolonizzazione: il rischio degli attacchi iper-volumetrici
- The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble
- Quantum Computing and Cybersecurity: Looking Beyond the Obvious
- 'Living off the land' allowed Russia-linked group to breach Ukrainian entities this summer
- Unmasking Evasive Threats with apkInspector
- When Money Moves, Hackers Follow: Europe’s Financial Sector Under Siege
- I droni stanno trasformando la medicina di guerra
- Major Cyber Attacks in October 2025: Phishing via Google Careers & ClickUp, Figma Abuse, LockBit 5.0, and TyKit
- Cybersecurity on a budget: Strategies for an economic downturn
- Sette motivi che indicano l’importanza strategica della cyber security
- CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
- Aisuru Botnet Shifts from DDoS to Residential Proxies
- 网安国际
- Securityinfo.it
- 娜璋AI安全之家
- SANS Internet Storm Center, InfoCON: green
- ICT Security Magazine
- DEF CON Announcements!
- 希潭实验室
- The Hacker News
- Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
- New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts
- Discover Practical AI Tactics for GRC — Join the Free Expert Webinar
- Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc
- Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics
- 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
- Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack
- TorrentFreak
- Tor Project blog
- The Register - Security
- This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet
- EY exposes 4TB+ SQL database to open internet for who knows how long
- Marketing giant Dentsu warns staff after Merkle data raid
- Sole trader dispatched almost 1M spam texts to hard-up Brits, says watchdog
- UK government on the lookout for bargain-priced CTO
- 9 in 10 Exchange servers in Germany still running out-of-support software
- Australian police building AI to translate emoji used by ‘crimefluencers’
- 白帽子章华鹏
- NetSPI
- Schneier on Security
- Full Disclosure
- SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055
- Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013
- Stored HTML Injection - Layout Functionality - totaljsv5013
- Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013
- Current Password not Required When Changing Password - totaljsv5013
- Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
- Struts2 and Related Framework Array/Collection DoS
- Security Affairs
- Hacktivists breach Canada’s critical infrastructure, cyber Agency warns
- Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
- U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
- Herodotus Android malware mimics human typing to evade detection
- Deeplinks
- Krebs on Security
- Security Weekly Podcast Network (Audio)