[每日信息流] 2026-03-13 #1176
Description
每日安全资讯(2026-03-13)
- Recent Commits to cve:main
- SecWiki News
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 2026年“3·15”倒计时:这些行业风险点,值得关注
- 2026年3·15消费安全预警:数字幽灵与精准刺探
- 2026年3·15消费安全预警:狂奔路上的“系统性陷阱”
- 2026年3·15消费安全预警:为利益而失序的“体验经济”
- 2026年春节及“3·15”期间网络交易平台经营行为合规指引
- 2026年3·15消费安全预警:即时满足”美食背后的安全时差
- 养就养“安全龙虾”,不乱来的🦞
- 【两会“深一度”】强化国家网络安全防御体系,维系良好网络安全产业生态
- “龙虾”火上两会:姚劲波称员工开通约1000只“龙虾”,周鸿祎曾称其商业上还不够成熟
- 全国政协委员周鸿祎建议:推动安全智能体规模应用,以AI对抗AI
- 全国政协委员郑军谈“涉老年群体AI诈骗”:应从重处罚、平台担责,设消费“冷静期”
- 程伟代表:加快完善数据安全可信流通体系
- 全国政协委员齐向东:互联网大厂的网络安全意识不能停留在几年前
- 两会建言|全国政协委员李丹:筑牢出海数据合规防线 提升中企全球治理能力
- 两会新华时评|网络空间不是法外之地 依法严惩“按键伤人”
- 一图读懂!2026年全国两会知识点来了!
- 聚焦2026年全国两会:全国人大代表周云杰带来这四份建议
- 齐向东:网络安全行业迎三大变革 民企须打好技术“硬仗”
- 全国政协委员周鸿祎:科技“老兵”持续为AI普惠鼓与呼
- 筑牢“十五五”安全基座:从2026年两会透视网络安全全景趋势
- obaby 𝐢𝐧⃝ void
- Microsoft Security Blog
- Private Feed for M09Ic
- kpcyrd forked kpcyrd/ripgrep from BurntSushi/ripgrep
- mgeeky starred trustedsec/LnkMeMaybe
- zeroclaw-labs released v0.1.9a at zeroclaw-labs/zeroclaw
- PrefectHQ released 3.6.22 at PrefectHQ/prefect
- bolucat released 202603122002 at bolucat/Archive
- safedv starred trustedsec/LnkMeMaybe
- mgeeky starred homeassistant-ai/ha-mcp
- WAY29 forked WAY29/cloud-mail from maillab/cloud-mail
- mgeeky starred depthsecurity/RelayKing-Depth
- mgeeky starred thedotmack/claude-mem
- uknowsec starred Wei-Shaw/sub2api
- TideSec starred 3516634930/Payloader
- PrefectHQ released 3.6.22.dev8 at PrefectHQ/prefect
- Ascotbe starred 666ghj/MiroFish
- huoji120 starred microsoft/BitNet
- gh0stkey starred 0x4D31/airt
- ElcomSoft blog
- Cerbero Blog
- Insinuator.net
- Chromium Blog
- Blog - Atredis Partners
- GuidePoint Security
- Reverse Engineering
- Near complete hypervisor, driver, and system binary analysis for the Xbox Series consoles
- Reverse Engineering the undocumented ResetEngine.dll: A C++ tool to programmatically trigger a silent Windows Factory Reset (PBR) bypassing SystemSettings UI.
- Debugging An Undebuggable App
- Archive of classic reverse engineering tutorials (Armadillo, ASProtect, Themida, SoftICE era)
- Live From RE//verse 2026: WARP Signatures with Mason Reed (Stream - 06/03/2026)
- Reverse Engineering Action's Cheap Fichero Labelprinter
- GitHub - iss4cf0ng/Elfina: Elfina is a multi-architecture ELF loader supporting x86 and x86-64 binaries.
- Chip Uploading - Emulation Online
- HellsUchecker: ClickFix to blockchain-backed backdoor
- runtime jvm analysis tool i made
- Didier Stevens
- PortSwigger Blog
- Intigriti
- daniel.haxx.se
- Malwarebytes
- Wallarm
- Offensive Security Blog: Latest Trends in Hacking | Praetorian
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 绿盟科技技术博客
- 安全分析与研究
- 腾讯玄武实验室
- 安全客
- 威努特安全网络
- 微步在线研究响应中心
- 青衣十三楼飞花堂
- 安全内参
- 代码卫士
- 黑鸟
- 360漏洞云
- 绿盟科技CERT
- 信安之路
- 吾爱破解论坛
- [十八周年开放注册微信抽奖活动,再送40个账号注册码或300论坛币,下午两点开奖,详见:【开放注册公告】吾爱破解论坛2026年3月13日十八周年开放注册公告
ps:中奖的同学会收到中奖通知,务必当天发邮件领奖。](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143721&idx=1&sn=ec4f67d6e9066af4bc43321ed14b9f6a)
- 安全学术圈
- 看雪学苑
- 奇安信 CERT
- 微步在线
- 网安杂谈
- 网络空间安全科学学报
- 默安科技
- XCTF联赛
- 中国信息安全
- 安全圈
- 安全牛
- 阿里安全响应中心
- 滴滴安全应急响应中心
- Tide安全团队
- 嘶吼专业版
- 慢雾科技
- 枇杷熟了
- 数世咨询
- 极客公园
- 火绒安全
- 复旦白泽战队
- 安全行者老霍
- 360数字安全
- TrustedSec
- 字节跳动技术团队
- 迪哥讲事
- 美团技术团队
- 纽创信安
- IntelTechniques Blog
- Over Security - Cybersecurity news aggregator
- Canadian retail giant Loblaw notifies customers of data breach
- US, Europol disrupt SocksEscort network that exploited thousands of residential routers
- England Hockey investigating ransomware data breach
- AI-generated Slopoly malware used in Interlock ransomware attack
- Exclusive: New data shows increase in FBI searches of Americans’ data last year
- US sanctions North Korea IT worker networks in Laos, Vietnam
- This one’s for you, Mom
- Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks
- Law enforcement shuts down botnet made of tens of thousands of hacked routers
- PixRevolution: The Agent-Operated Android Trojan Hijacking Brazil’s PIX Payments in Real Time
- Veeam warns of critical flaws exposing backup servers to RCE attacks
- UK regulators demand social media platforms make it harder for kids under 13 to access sites
- US disrupts SocksEscort proxy network powered by Linux malware
- Cyber National Mission Force to get new commander amid broader leadership turnover
- Google paid $17.1 million for vulnerability reports in 2025
- Il Dragone nel Viminale: quando la stretta di mano nasconde un furto
- Stryker tells SEC that timeline for recovery from cyberattack unknown
- Telus Digital confirms breach after hacker claims 1 petabyte data theft
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Apple patches older iPhones and iPads against Coruna exploits
- Fake government and Starlink apps used in malware campaign targeting Brazil
- The State of Cyber Warfare in 2026: Nation-State Attacks, AI Weapons, and the New Digital Battlefield
- US charges another ransomware negotiator linked to BlackCat attacks
- MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection
- La security secondo Microsoft nell’era dell’Agentic AI
- Sciami di bot AI infestano i social media: una minaccia alla democrazia
- Who Is Handala — The Iran-Linked Ghost Group That Just Wiped 200K Stryker Devices
- Vulnerability in MediaTek Chips Could Impact 25% Android Smartphones
- I pilastri del TPRM con DORA: come trasformare il rischio terze parti in vantaggio competitivo
- India Outlines Legal Framework to Protect Children from AI and Online Harm
- India Introduces Bug Bounty Program to Target Gaps in Aadhaar Ecosystem
- February 2026 Cyber Attacks Statistics
- DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass
- Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
- Rapporto Clusit 2026: gli attacchi cyber crescono del 49%
- Lenny Zeltser
- ICT Security Magazine
- Schneier on Security
- 云鼎实验室
- SANS Internet Storm Center, InfoCON: green
- Qualys Security Blog
- NetSPI
- bellingcat
- Instapaper: Unread
- HACKMAGEDDON
- GRAHAM CLULEY
- The Hacker News
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- The Register - Security
- TorrentFreak
- Security Affairs
- Apple issues emergency fixes for Coruna flaws in older iOS versions
- Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
- ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance
- U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog
- Bell Ambulance data breach impacted over 238,000 people
- DEFION Research Labs
- Ruckus Unleashed: Multiple vulnerabilities exploited
- Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
- Pwn2Own Automotive 2024: Hacking the JuiceBox 40
- Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)
- DoNex/DarkRace Ransomware Decryptor
- CVE-2024-20693: Windows cached code signature manipulation
- Bringing process injection into view(s): exploiting all macOS apps using nib files
- Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing
- Getting SYSTEM on Windows in style
- Technical analysis of the Genesis Market
- Bad things come in large packages: .pkg signature verification bypass on macOS
- Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution
- Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS
- Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
- Process injection: breaking all macOS security layers with a single vulnerability
- Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution
- Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
- CoronaCheck App TLS certificate vulnerabilities
- Sandbox escape + privilege escalation in StorePrivilegedTaskService
- Proctorio Chrome extension Universal Cross-Site Scripting
- Zoom RCE from Pwn2Own 2021
- Adobe Acrobat privilege escalation
- iOS VPN support: 3 different bugs
- Sign in with Apple - authentication bypass
- Jenkins - authentication bypass
- DNS rebinding for HTTPS
- Spring Security - insufficient cryptographic randomness
- XenServer - path traversal leading to authentication bypass
- Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root
- NAPALM - command execution on NAPLM controller from host
- MySQL Connector/J - Unexpected deserialisation of Java objects
- Ansible - command execution on Ansible controller from host
- Observium - unauthenticated remote code execution
- cSRP/srpforjava - obtaining of hashed passwords
- StartEncrypt - obtaining valid SSL certificates for unauthorized domains
- Deep Web
- Blackhat Library: Hacking techniques and research
- Your Open Hacker Community
- Social Engineering
- Information Security
- How much of your personal data do random companies have at this point?
- Your one-time code just got stolen by a $120 phishing kit. This is how.
- Cybersecurity Risk Assessment Practices in Organizations (Cybersecurity professionals / IT professionals)
- Inbox flooding and vishing and Quick Assist: an attack chain that slips between normal security
- Full Disclosure
- JSON Deserialiser Unconstrained Resource Consumption Quick Overview
- Defense in depth -- the Microsoft way (part 96): yet another SAFER (SRPv1) and AppLocker (SRPv2) loophole
- Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)
- Cohesity TranZman Migration Appliance - 5 CVEs (command injection, LPE, unsigned patches, weak crypto)
- APPLE-SA-03-11-2026-2 iOS 15.8.7 and iPadOS 15.8.7
- APPLE-SA-03-11-2026-1 iOS 16.7.15 and iPadOS 16.7.15
- SEC Consult SA-20260224-0 :: Multiple vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker (CVE-2025-10010)
- Technical Information Security Content & Discussion
- Betterleaks: The Gitleaks Successor Built for Faster Secrets Scanning
- Secrets are Rare not Random
- Findings Gadgets Like it’s 2026
- Alipay (1B+ users) DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 6 CVEs (CVSS 9.3)
- Forensic analysis of LummaC2 infection unmasks DPRK operative behind Polyfill.io supply chain attack and Gate.us infiltration
- Co-Pilot, Disengage Autophish: The New Phishing Surface Hiding Inside AI Email Summaries
- MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection
- We used GenAI to find 38 vulnerabilities in consumer robots in ~7 hours
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- GitHub - iss4cf0ng/Elfina: Elfina is a multi-architecture ELF loader supporting x86 and x86-64 binaries.
- Err0rs security virtual assistant for raspberry pi with ai hat repo will be going public @github.com/Gnosisone
- Bonjour, je vends mes crédits pour la certification eJPT sur INE
- CYBERMAP · Global Threat Intelligence
- Deeplinks
- Computer Forensics
- Security Weekly Podcast Network (Audio)
- 网安寻路人