[每日信息流] 2025-11-13 #1050
Description
每日安全资讯(2025-11-13)
- SecWiki News
- Doonsec's feed
- AI 辅助开发对于我来说已经从工具变成了伙伴
- 警惕!朝鲜 IT 从业者转型招聘者,跨国欺诈套路已盯上自由职业者
- 公开课利用jndi,反序列化注入agent内存马
- 09 宇宙的十二种假说:全息宇宙
- 【靶场】青少年CTF靶场功能公测!邀请码获取的方式有三种!
- 喜报!!OneTS安全团队荣获荣耀安全奖励计划「2025年度杰出团队奖」
- 针对 CVE-2025-60710 的安全公告,这是针对该 LPE 的 PoC
- 写FastAPI项目前必读:这份开源最佳实践让你少踩 90% 的坑!
- 2025年广西网络与信息安全职业技能竞赛WriteUP
- WinPEAS提权
- 【漏洞预警】Elastic Cloud Enterprise权限提升漏洞CVE-2025-37736
- 【高危漏洞预警】微软11月多个安全漏洞
- 从对抗到出洞:某金融APP 实战渗透与 Frida 反检测绕过(Rpc + Flask + AutoDecoder)
- 学吧 学无止境 太深了
- SDL序列课程-第62篇-安全需求-文件上传需求-下载服务器不应该使用XXX主域名
- 一通敲打 AI,整了个 frida 16 脚本一键升级 17 的工具
- 安全工具“Slack”:在重复造轮子中创新,打造实用新功能
- 手把手教会你白加黑无敌免杀(附工具和源码)
- 无需返场折扣依旧,TOP15 双 11 热销排行榜出炉!
- Spring AI Alibaba基础入门
- KINGOSOFT 高校智慧校园教学综合服务平台 downloadzgkssmwd.jsp 任意文件读取漏洞
- Nand2Tetris(计算机系统要素)Unit 0 学习笔记
- 双十一安全保卫战圆满收官 | “军长”领航,团队共铸辉煌
- 【连载】红蓝对抗-攻防演练-WEB安全渗透测试:XSS跨站脚本攻击漏洞(一)
- linux系统使用fwknop实现单包授权(SPA)
- GoldenEye靶机手册
- 语法混淆:利用多语言语法差异实现漏洞利用的高级技巧
- G.O.S.S.I.P 阅读推荐 2025-11-12 Android大战iOS
- 论文研读与思考|用于异常检测的图证据学习
- 网安原创文章推荐【2025/11/11】
- 网安原创文章推荐【2025/11/10】
- Windows 11 PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)附带POC
- 四步三利:如何判断一个终端安全需求的价值
- 紧急!中南有木马病毒入侵!
- 安卓逆向第一篇:刷机与root(补充未解锁BL设备实现Apatch root方案,解锁BL设备转SukiSU和Root隐藏)
- 我的路虎为什么没有按时交付?
- 一款符合我所有需求的AI翻译工具
- 15个隐私保护的搜索引擎
- 巴基斯坦提议美国开发帕斯尼港对我战略影响
- QQ社区将注销,请各位有业务的粉丝注意本文消息
- Linux | 利用vmap断链实现内核模块隐藏
- 三载耕耘终折桂——专访第十届美亚杯团队赛(线下)学生组冠军“朱朱侠”
- 李飞飞:AI下一个前沿是“空间智能”(附全文翻译)
- Windows内核0day漏洞遭野外利用实现权限提升
- Ivanti Endpoint Manager 漏洞允许攻击者在目标系统任意位置写入文件
- 【重磅推荐】每个安全从业者都应收藏的“黑客”资源宝库!
- 界面新闻采访CertiK创始人顾荣辉:携手ADGM,以安全技术破解监管痛点
- 【真相往往反转】天道好轮回,吃瓜吃到自己头上了
- Tomcat常见漏洞汇总
- 日本规模最大的银行联手OpenAI 加速银行业AI推广应用
- AI快讯:央行将稳妥推进金融领域AI大模型应用,支付宝MCP接入讯飞智能体平台
- 兴业基金招人工智能工程师,有AI+金融落地项目经验优先
- 未来智安47.98万中标众诚保险AI智能体安全运营平台采购项目
- 渊亭科技入选“2025数字政府解决方案提供商TOP100”
- 【安全圈】火绒曝光360旗下鲁大师及相关软件进行流量劫持
- 【安全圈】各国陆续开发本土地图系统以减少对GoogleMaps依赖
- 【安全圈】GitHub 红队演练引发误报:伪造 npm 包“攻击”实为内部安全测试
- 【安全圈】Android 远控木马 Fantasy Hub 以 MaaS 形式售卖
- “鲁大师” 竟劫持用户流量:数十家关联企业被指织网收割
- 如何在海量目标中进行识别和降噪,smart & nice
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- obaby@mars
- Private Feed for M09Ic
- mgeeky starred dandavison/delta
- bolucat released 202511121934 at bolucat/Archive
- mandiant released v9.3.0 at mandiant/capa-rules
- mgeeky starred reconurge/flowsint
- Ridter starred masterqiu01/cross-file-obfuscator
- chainreactors released v0.1.2 at chainreactors/malefic
- safedv starred Print3M/epic
- 0xbug starred gh0stinthemirr0r/Pan_Engine
- niudaii starred MorDavid/DonPwner
- DVKunion starred fullstorydev/grpcui
- gh0stkey starred dqzg12300/fridaUiTools
- uknowsec starred D4m0n/CVE-2025-50168-pwn2own-berlin-2025
- gh0stkey starred frida/frida
- niudaii starred InterceptSuite/ProxyBridge
- joaoviictorti starred RustCrypto/SSH
- pydantic released v1.14.1 at pydantic/pydantic-ai
- 先知安全技术社区
- Trustwave Blog
- ElcomSoft blog
- Recent Commits to cve:main
- 安全客-有思想的安全新媒体
- 一场通过Telegram传播的网络钓鱼活动正针对欧洲企业,利用HTML附件窃取用户凭证
- Devolutions Server存在严重漏洞(CVE-2025-12485,CVSS 9.4),可通过预MFA Cookie劫持实现用户冒充
- CMMC新规出台,国防供应链面临网络安全合规挑战
- 被动 Wi-Fi 嗅探攻击:识别智能手机用户准确率高达 98%
- 黑客入侵网站注入恶意链接,借机操纵搜索引擎优化
- DragonForce勒索软件进化:利用BYOVD终结EDR并修复Conti V3加密缺陷
- SuiteCRM中存在SQL注入漏洞(CVE-2025-64492与CVE-2025-64493),致客户数据面临泄露风险
- Triofox零日漏洞(CVE-2025-12480)正遭积极利用:主机头验证绕过可导致未授权管理员接管
- 欧盟频谱争夺战:6GHz高频段将归属Wi-Fi 7还是6G网络?
- Windows 11 Version 26H1正式发布,但仅面向骁龙X2等新款ARM芯片
- 奇安信攻防社区
- Sucuri Blog
- Horizon3.ai
- Malwarebytes
- Shostack & Friends Blog
- 奇客Solidot–传递最新科技情报
- 安全分析与研究
- 安全客
- 奇安信 CERT
- 看雪学苑
- 小迪随笔
- 阿里云应急响应
- 安全内参
- 黑鸟
- 吾爱破解论坛
- [光棍节开放注册四小时共注册26414人,没有激活的同学请尽快激活啦,发帖前请认真阅读注册须知和总版规,防止违规封号注销。
刚加入的同学请经常登录并保持活跃(注意:签到不算活跃,只有发帖或回帖才算,这句话很重要),避免没活跃被清理,参与到论坛交流中来,对于给予帮助你的人加热心和论坛币,做一个热心受欢迎的人。
错过的同学可以“星标”公众号等待下次开放注册通知。](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143166&idx=1&sn=e26eaa066e8bb54f7f770cd195bede24)
- Black Hills Information Security, Inc.
- 绿盟科技CERT
- 安全研究GoSSIP
- 威努特安全网络
- 丁爸 情报分析师的工具箱
- 天黑说嘿话
- 安全圈
- 网络空间安全科学学报
- XCTF联赛
- 数世咨询
- 中国信息安全
- 嘶吼专业版
- OPPO安全中心
- 情报分析师
- 极客公园
- 京东安全应急响应中心
- 深信服千里目安全技术中心
- 安全牛
- 补天平台
- 代码卫士
- 国家互联网应急中心CNCERT
- 微步在线
- 迪哥讲事
- 斗象智能安全
- 360数字安全
- 火绒安全
- ICT Security Magazine
- Over Security - Cybersecurity news aggregator
- US announces ‘strike force’ to counter Southeast Asian cyber scams, sanctions Myanmar armed group
- Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns
- Google sues to dismantle Chinese phishing platform behind US toll scams
- Google sues to dismantle Chinese platform behind global toll scams
- Cybersecurity firm Deepwatch lays off dozens, citing move to “accelerate” AI investment
- Russia imposes 24-hour mobile internet blackout for travelers returning home
- British government unveils long-awaited landmark cybersecurity bill
- ‘Advanced’ hacker seen exploiting Cisco, Citrix zero-days
- Windows 11 now supports 3rd-party apps for native passkey management
- Army officer with Indo-Pacific experience emerges as potential Cyber Command, NSA pick
- Lawmakers warn Democratic governors that states are sharing drivers’ data with ICE
- Data broker Kochava agrees to change business practices to settle lawsuit
- Google files lawsuit to disrupt massive ‘Lighthouse’ smishing scheme
- DanaBot malware is back to infecting Windows after 6-month break
- La Cop30 terreno fertile per l’automazione delle truffe online: i 3 principali schemi di frode
- Server Redis lasciati senza protezione: ecco come li sfruttano gli attaccanti
- Extending Zero Trust to AI Agents: “Never Trust, Always Verify” Goes Autonomous
- German extremist arrested over operating alleged darknet assassination marketplace
- Microsoft fixes bug causing false Windows 10 end-of-support alerts
- Fantasy Hub: scoperto un nuovo RAT Android che prende il controllo totale del dispositivo
- Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks
- New UK laws to strengthen critical infrastructure cyber defenses
- NHS patients to finally be informed if hackers published their STI and cancer test data
- Fraud Year in Review: What 2025 taught us for 2026
- Synnovis notifies of data breach after 2024 ransomware attack
- Semplificare o smantellare il GDPR? Il Digital Omnibus e il futuro del cittadino digitale
- Microsoft fixes Windows Task Manager bug affecting performance
- Enshittification: il progressivo degrado delle piattaforme digitali
- Aggiornamenti Microsoft novembre 2025: 63 vulnerabilità corrette, allarme per una zero-day
- ClickFix Explosion: Cross-Platform Social Engineering Turns Users Into Malware Installers
- Tre linee guida sulle piattaforme SIEM e SOAR
- How to Choose WordPress Caching Options
- Rhadamanthys infostealer disrupted as cybercriminals lose server access
- 安全行者老霍
- 赛博昆仑CERT
- SANS Internet Storm Center, InfoCON: green
- Securityinfo.it
- Graham Cluley
- The Hacker News
- Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
- Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
- [Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR
- Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
- Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
- Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy
- Trend Micro Research, News and Perspectives
- TorrentFreak
- Security Affairs
- Google sues cybercriminal group Smishing Triad
- New Danabot Windows version appears in the threat landscape after May disruption
- Australia’s spy chief warns of China-linked threats to critical infrastructure
- Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025
- $7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
- Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug
- 白帽子章华鹏
- Instapaper: Unread
- Erase All Content and Settings does what it says
- Database con dati personali di 3,8 milioni di italiani pubblicato nel dark web
- Attenzione al phishing che attacca le mailbox degli Avvocati
- Stolen iPhones are locked tight, until scammers phish your Apple ID credentials
- You won’t believe the excuses lawyers have after getting busted for using AI
- Don’t Be a Louvre How Weak Passwords and Unpatched Software Encourage Breaches
- Fuji la soluzione open source per la copia forense dei Mac con processori Intel e Apple Silicon
- Deeplinks
- Daniel Miessler
- Schneier on Security
- Troy Hunt's Blog
- The Register - Security
- Google sues 25 China-based scammers behind Lighthouse 'phishing for dummies' kit
- Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape
- Bitcoin bandit's £5B bubble bursts as cops wrap seven-year chase
- UK's Cyber Security and Resilience Bill makes Parliamentary debut
- Aviation watchdog says organized drone attacks will shut UK airports ‘sooner or later’
- China hates crypto and scams, but is now outraged USA acquired bitcoin from a scammer
- Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’
- Security Weekly Podcast Network (Audio)
- Dark Space Blogspot