[每日信息流] 2025-11-11 #1048
Description
每日安全资讯(2025-11-11)
- Private Feed for M09Ic
- pydantic released v1.14.0 at pydantic/pydantic-ai
- xnl-h4ck3r released v6.6 at xnl-h4ck3r/waymore
- bolucat released 202511101936 at bolucat/Archive
- PrefectHQ released 3.6.1 at PrefectHQ/prefect
- pydantic released v1.13.0 at pydantic/pydantic-ai
- LloydLabs starred simplerhacking/Evilginx3-Phishlets
- Ridter forked Ridter/claude-code-router from musistudio/claude-code-router
- ring04h starred dop251/goja
- liamg contributed to infracost/infracost
- chainreactors released v0.1.2 at chainreactors/malefic
- LoRexxar contributed to LoRexxar/LSpider-P
- gh0stkey starred 0cat-r/websiteSimilar
- CHYbeta starred cwkiller/xxe-smb-server
- ring04h starred hashicorp/go-plugin
- Rvn0xsy starred gtsteffaniak/filebrowser
- Rvn0xsy starred ThisSeanZhang/landscape
- gh0stkey starred Gaurav-Gosain/tuios
- Doonsec's feed
- 打靶日记 DIGITALWORLD.LOCAL: Development
- 黑客靠谷歌定位找时机,窃密后远程摧毁手机核心数据!
- AWS 服务中断导致 Amazon、Prime Video、Fortnite、Perplexity 等平台崩溃
- 【高危漏洞预警】Open WebUI任意代码执行漏洞CVE-2025-64495
- 丝滑渗透之soap接口
- 网安成长日记day2:应急响应为什么排查不到恶意外联?
- KINGOSOFT高校智慧校园教学综合服务平台downloadzgkssmwd.jsp接口存在任意文件读取漏洞 附POC
- Vulnhub靶场之funbox11
- 超值999!知道创宇ZoomEye终身会员限时回归!基于ZoomEye的恶意站点高效发现与扩展实战
- 一道疑似德胜2025初一上学期期中考试题中的算法扯淡
- vcenter利用方法
- XXE漏洞进阶玩法
- windows应急响应:我的时间线排查法分享
- 5分钟挖出网站漏洞的高效排查法u200bu200b
- 活该你能挖到洞
- js逆向案例--建设库
- 双 11 大促巅峰时刻开启,全部优惠已解锁!这 6 款高效工具不能错过
- G.O.S.S.I.P 阅读推荐 2025-11-10 “人家不是不懂安全,只是不熟悉MCU嘛!”
- 公开的泄露数据有什么价值?
- 回顾|我可以参加黑客松吗?-从练习到实战(下)
- 【安全科普】“翻墙”软件窃密?假猎奇,真危险,警惕“自由”背后的陷阱!
- 第八届浙江省大学生网络与信息安全竞赛初赛 Writeup
- 英伟达北京公司工资,月薪11.43万,总薪酬1688万(股票),文末2026校招
- 深入解读工信部11号令,帮助企业理解通保的来龙去脉。
- 考完软考中项,我复盘了几个没理解透的知识点
- ES::Dirscan | 新品即将发布
- 双十一活动即将结束,再不冲就真的亏大了!
- PMP双十一省钱攻略!
- 国务院发布新政,推动新场景创新应用
- 工信部通报39款违规收集使用个人信息的APP及SDK
- 论文研读与思考|PeerGuard:基于相互推理的多智能体系统后门攻击防御方案
- 还在苦恼Codeql对闭源代码建库的问题吗?
- 新手靶场推荐 burp-labs 靶场实验室
- SecWiki News
- Tenable Blog
- 安全客-有思想的安全新媒体
- iPhone未来图景:卫星通信将支持地图导航、照片传输及“自然交互”功能
- 三星设备零点击漏洞(CVE-2025-21042)可通过恶意DNG图像传播LANDFALL间谍软件
- 软件供应链投毒警报:9个NuGet包内嵌定时触发破坏逻辑,将在硬编码日期导致应用彻底损毁
- GlassWorm蠕虫重现:利用隐形Unicode字符重复感染VS Code扩展,并扩散至GitHub平台
- 智能体编排框架LangGraph中存在远程代码执行漏洞(CVE-2025-64439),系统面临安全风险
- 信息窃取木马Vidar首次攻击npm生态系统:通过17个仿冒软件包及安装后脚本传播
- Elastic Defend 中存在高危漏洞(CVE-2025-37735),可导致本地攻击者以SYSTEM权限删除任意文件
- Snapchat斥资4亿美元达成协议,为其My AI功能引入Perplexity先进搜索技术
- 新型工具“Whisper Leak”可窃取加密流量中用户向主流AI智能体发送的提示词
- OpenAI计划推出三大核心版本:GPT-5.1、GPT-5.1 Reasoning与GPT-5.1 Pro
- Microsoft Security Blog
- Recent Commits to cve:main
- 奇安信攻防社区
- 一个被知识诅咒的人
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- ElcomSoft blog
- gynvael.coldwind//vx.log (pl)
- Malwarebytes
- VMRay
- Y4tacker:Hacking The World!
- Horizon3.ai
- GuidePoint Security
- 奇客Solidot–传递最新科技情报
- 黑海洋 - Wiki
- 安全分析与研究
- 威努特安全网络
- 黑鸟
- 奇安信 CERT
- 看雪学苑
- 三欢师哥
- 腾讯玄武实验室
- 二道情报贩子
- 安全内参
- 知道创宇404实验室
- 吾爱破解论坛
- 代码卫士
- 中国信息安全
- 信息安全国家工程研究中心
- 安全客
- 数世咨询
- 默安科技
- 天黑说嘿话
- 极客公园
- 安全圈
- 安全研究GoSSIP
- 微步在线
- 安全牛
- 情报分析师
- 嘶吼专业版
- 安全学术圈
- 火绒安全
- ChaMd5安全团队
- 阿里安全响应中心
- Beacon Tower Lab
- 腾讯安全威胁情报中心
- 表图
- 360数字安全
- 迪哥讲事
- CNVD漏洞平台
- 字节跳动技术团队
- Qualys Security Blog
- 安全419
- ICT Security Magazine
- Over Security - Cybersecurity news aggregator
- Mozilla Firefox gets new anti-fingerprinting defenses
- Russian hacker to plead guilty to aiding Yanluowang ransomware group
- Cena di Natale 2025
- Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
- Enforcement begins for New York’s algorithmic pricing law
- Yanluowang initial access broker pleaded guilty to ransomware attacks
- CISA orders feds to patch Samsung zero-day used in spyware attacks
- Data privacy whistleblowers would get expanded protections under California proposal
- Yanluowang initial access broker to plead guilty to ransomware attacks
- Popular JavaScript library expr-eval vulnerable to RCE flaw
- Former Trump official named NSO Group executive chairman
- Accesso sicuro allo smartphone: dal provisioning all’identità digitale
- Il rogo del data center sud-coreano: la tecnologia senza governance è un castello di sabbia
- Securing Corporate Crypto: Why Your LLC’s Private Keys Matter More Than You Think
- Five Serverless Security Tools You Need To Adopt Right Now
- Four-Step Intelligence Model for Decision Making
- Unusual Journeys into Infosec Featuring Phillip Wylie
- Sharpen Your OSINT Queries: How to Use AI to Eliminate Intelligence Gaps
- Whistleblowing come leva per la cultura organizzativa aziendale
- Russian missile barrage disrupts internet, customs databases in Ukraine
- 5 reasons why attackers are phishing over LinkedIn
- Short-term renewal of cyber information sharing law appears in bill to end shutdown
- Knownsec colpita da un catastrofico breach: esposti oltre 12.000 documenti sensibili
- Why a lot of people are getting hacked with government spyware
- The Week in Vulnerabilities: From IT Systems to Airport Weather Monitoring
- AI Act, un anno di grazia: pragmatismo europeo o resa alle Big Tech?
- GDPR e DORA, verso un modello unico di governance bancaria
- CERT-AGID 1–7 novembre: phishing su Banca d’Italia e Agenzia delle Entrate
- Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API
- SEI Blog
- Securityinfo.it
- CyberCrime & Doing Time
- SANS Internet Storm Center, InfoCON: green
- CENSUS
- The Hacker News
- Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
- Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon
- ⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
- New Browser Security Report Reveals Emerging Threats for Enterprises
- Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
- GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
- TorrentFreak
- Graham Cluley
- The Register - Security
- Critical federal cybersecurity funding set to resume as government shutdown draws to a close - for now
- Phishers try to lure 5K Facebook advertisers with fake business pages
- Russian broker pleads guilty to profiting from Yanluowang ransomware attacks
- Allianz UK joins growing list of Clop’s Oracle E-Business Suite victims
- As AI enables bad actors, how are 3,000+ teams responding?
- Cisco creating new security model using 30 years of data describing cyber-dramas and saves
- Microsoft teases agents that become ‘independent users within the workforce’
- Security Affairs
- GlassWorm malware has resurfaced on the Open VSX registry
- Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
- Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting
- Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads
- QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
- Schneier on Security
- Security Weekly Podcast Network (Audio)