[每日信息流] 2025-11-04 #1040
Description
每日安全资讯(2025-11-04)
- SecWiki News
- Armin Ronacher's Thoughts and Writings
- Doonsec's feed
- 通过黑客技术使用德州扑克洗牌机作弊技术完整视频【中文字幕】
- 05 宇宙的十二种假说:量子世界的三种解释
- 网络安全从业者必看:2025年最流行的编程语言与学习价值
- 继续防守
- 同享人力资源管理系统PeiXun.asmx接口存在SQL注入漏洞 附POC
- “黄金入场券”变“卖身契”:美国网络安全人才计划为何面临崩盘?
- 丝滑的三要素信息泄露
- Fastjson原生反序列化
- Z0Scan设计与实现:通用插件与分布式扫描新思路
- DNS 被“动手脚”,全网都可能被带偏:这是如何做到的?
- 对国防软件建设中项目制与招投标模式的反思
- 浅谈网络安全中的“两高一弱”
- 昭告矣,其实此公众号小编,具操纵时空之能.
- 这可能是最早的2025【全年】攻防演练复盘
- 2025第二届“数证杯”电子取证大赛WP-手机取证部分
- 每天一个小知识:Git
- 朝鲜Kimsuky APT组织针对韩国最新攻击活动分析
- CertiK《2025 Skynet数字资产财库(DAT)报告》(附报告全文链接)
- 安全日志到 ATT&CK 洞察:利用 LLMs 进行高级威胁理解和认知特征推断
- 高级代码审计AI系统-----AuditLuma
- 自动化检测 Swagger API 接口未授权访问漏洞工具 - SwaggerHound
- 【连载】红蓝对抗-攻防演练-WEB安全渗透测试:SQL注入漏洞深度解析(三)
- Balancer V2攻击事件初步分析
- 专题·网络靶场 | 助力构建实战化网安人才培育新范式
- 预约报名 | 破局黑产:守护亿级DAU游戏的安全实战密码
- 专家解读 | 胡坚波:以数据赋能“五个更加”为引领,系统推进城市全域数字化转型
- 专家观点 | 加快建设自主可控的科学数据体系
- 注意 | 你是如何被诈骗团伙盯上的?
- G.O.S.S.I.P 阅读推荐 2025-11-03 互联网上SSH密钥与客户端安全性大检查
- 合规视角下数据要素的分类分级管理机制研究
- “星火标识×”贯通应用案例08 | 标识助力家居行业品质升级
- 《APEC人工智能倡议(2026-2030)》正式发布!(附全文翻译)
- 上海通管局下架27款侵害用户权益行为APP
- 网警雷霆出击!这条黑产链的内幕令人胆寒……
- 记一次被做局的实战
- 2万元,国产信创私有化部署!IoT技术普惠,物联网已跨越鸿沟,开启县域级商用场景的新未来
- dddd持续优化中
- 【高危漏洞预警】JumpServer ConnectionToken权限验证不当漏洞CVE-2025-62712
- 【暗网漫步】21 个暗网开源情报工具
- 人物xa0|xa0汪锦岐:换位思考经验是安全赋能业务的门道
- 免费赠送 | 防范金融财产诈骗宣传资料(第一期)
- 免费赠送 | 诸子云星球福利大放送 · 网络威胁报告合集
- 蚂蚁数科余滨:金融AI的升级,需要科技与业务的深度融合
- AI快讯:香港金管局将推出全新AI策略,银联基于通义千问打造金融支付垂域大模型
- 京北方、天阳宏业各中2个!国银金租AI专项建设项目(四个子项目)
- 【安全圈】新型BOF工具利用Microsoft Teams Cookie加密漏洞可访问用户聊天
- 【安全圈】SMILODON 木马通过伪造 PNG 潜入 WooCommerce 执行支付信息窃取
- 【安全圈】俄当局逮捕 Meduza Stealer 开发者:政府机构被黑引发连锁打击
- 【安全圈】Hezi Rash黑客组织,两个月内发动350起DDoS攻击
- 热点速览 | 每周网安大事件(20251027-20251102)
- 赏金猎人笔记:XSS漏洞的四种高级利用方式
- 进博必打卡!蜚语科技携手长亭科技重磅亮相进博会,联合发布“AI+治理”解决方案!
- 人工智能智能体白皮书:2025年智能体时代来临
- 北约与日本举行首次国防工业合作与能力专题对话
- 即将重磅升级!这款黑科技为实战而来!
- 赠!第10th美亚杯题解新鲜出炉,填问卷免费送
- 草履虫,会进行简单的免杀活动
- 逾百万患者病历数据泄露,医疗软件供应商赔偿超1.37亿元
- 黑客入侵赌场洗牌机,长期操控赌局作弊
- 美澳加网安机构发布微软Exchange Server防护"迟来已久"的最佳实践
- Claude AI漏洞:攻击者可利用代码解释器窃取企业数据
- Linux 内核释放后重用漏洞正被用于勒索软件攻击
- 新型Agent感知伪装技术利用ChatGPT Atlas浏览器传播虚假内容
- 网络安全实战:暴力破解工具大全——详细解析了6款常用工具
- 第120期 | GPTSecurity周报
- ISC修复 Kea DHCPv4 中的高危DoS 漏洞
- 加拿大:黑客篡改水务设施、油气企业的工控系统
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 美团技术团队
- 奇安信攻防社区
- Private Feed for M09Ic
- bolucat released 202511031933 at bolucat/Archive
- mgeeky starred BlWasp/PhantomTask
- agentscope-ai released v1.0.7 at agentscope-ai/agentscope
- modelcontextprotocol released v1.3.8 at modelcontextprotocol/registry
- niudaii starred kk12-30/Scan-X
- gh0stkey starred JaimePolop/RExpository
- timwhitez starred jpillora/go-tcp-proxy
- ourren starred LetterLiGo/Agent-WebCloak
- INotGreen starred Hammer1/cozeworkflows
- gh0stkey starred ABckh/zed-java-eclipse-jdtls
- DVKunion starred bytedance/vArmor
- Recent Commits to cve:main
- Blogs on STAR Labs
- Sandfly Security Blog RSS Feed
- Didier Stevens
- Malwarebytes
- Bug Bounty in InfoSec Write-ups on Medium
- Intigriti
- Project Zero
- 奇客Solidot–传递最新科技情报
- rtl-sdr.com
- HackerNews
- 黑海洋 - Wiki
- 安全分析与研究
- 黑鸟
- 安全客
- 奇安信 CERT
- 看雪学苑
- 微步在线研究响应中心
- 代码卫士
- 安全内参
- dotNet安全矩阵
- 二道情报贩子
- 丁爸 情报分析师的工具箱
- 安全圈
- 安全研究GoSSIP
- 安全学术圈
- 雷神众测
- 安全牛
- 火线安全平台
- 天黑说嘿话
- DataCon大数据安全分析竞赛
- GobySec
- 补天平台
- 数世咨询
- 极客公园
- 嘶吼专业版
- 情报分析师
- 滴滴安全应急响应中心
- 专注安管平台
- 复旦白泽战队
- CNVD漏洞平台
- ChaMd5安全团队
- 腾讯安全威胁情报中心
- 迪哥讲事
- 360数字安全
- Microsoft Security Blog
- Virus Bulletin's blog
- Over Security - Cybersecurity news aggregator
- How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia
- Hacker steals over $120 million from Balancer DeFi crypto protocol
- More than $100 million stolen in exploit of Balancer DeFi protocol
- Fake Solidity VSCode extension on Open VSX backdoors developers
- Lawmakers ask FTC to probe Flock Safety’s cybersecurity practices
- Cargo theft gets a boost from hackers using remote monitoring tools
- Building a Proactive Intelligence-Led Physical Security Program with Flashpoint
- Data breach costs lead to 90% drop in operating profit at South Korean telecom giant
- Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
- US cybersecurity experts indicted for BlackCat ransomware attacks
- Hackers use RMM tools to breach freighters and steal cargo shipments
- TP-Link, la proposta USA: divieto di vendita dei router prodotti in Cina
- Threat Intelligence - Vulnerability insights
- Come installare una VPN sul router, guida passo passo
- Autenticazione e tracciabilità nelle comunicazioni: così si contrasta il vishing
- Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group
- OAuth Device Code Phishing: Azure vs. Google Compared
- Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
- Hackers are attacking Britain’s drinking water suppliers
- The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes
- Il 25% dei leader aziendali italiani non comprende l’importanza della cybersecurity
- Risolvere un grave incidente informatico: dall’exploit alla difesa passo-passo
- Microsoft: Windows Task Manager won’t quit after KB5067036 update
- A practical Cisco NDO multi-site use case: modelling
- CERT-AGID 25–31 ottobre: PagoPA, ministeri e università nel mirino del phishing
- Deepfake-as-a-Service 2025 – How Voice Cloning and Synthetic Media Fraud Are Changing Enterprise Defenses
- mcp-scanner – Python MCP Scanner for Prompt-Injection and Insecure Agents
- ICT Security Magazine
- SEI Blog
- IT Service Management News
- Qualys Security Blog
- blackMORE Ops
- Schneier on Security
- Troy Hunt's Blog
- Instapaper: Unread
- The Hacker News
- Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
- Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
- ⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
- The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
- New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
- The Register - Security
- MIT Sloan quietly shelves AI ransomware study after researcher calls BS
- Ransomware negotiator, pay thyself!
- AWS, Nvidia, CrowdStrike seek security startups to enter the arena
- Cybercrooks team up with organized crime to steal pricey cargo
- Metropolitan Police hails facial recognition tech after record year for arrests
- The race to shore up Europe’s power grids against cyberattacks and sabotage
- Security Affairs
- TorrentFreak
- Tor Project blog
- Securityinfo.it
- SANS Internet Storm Center, InfoCON: green
- Deeplinks
- Security Weekly Podcast Network (Audio)