# 每日安全资讯(2026-04-30) - SecWiki News - [ ] [SecWiki News 2026-04-29 Review](http://www.sec-wiki.com/?2026-04-29) - 先知安全技术社区 - [ ] [面向大模型隐私推理的安全协议-MPC与ZK的角色分工](https://xz.aliyun.com/news/92061) - [ ] [Agentic / Context](https://xz.aliyun.com/news/92060) - [ ] [AI洪流下的防守对抗新范式](https://xz.aliyun.com/news/92059) - [ ] [LLM 能帮一个安全工程师干些什么](https://xz.aliyun.com/news/92058) - [ ] [AI For Security:AI在云产品安全建设中能做什么?](https://xz.aliyun.com/news/92056) - Private Feed for M09Ic - [ ] [mgeeky starred TauricResearch/TradingAgents](https://github.com/TauricResearch/TradingAgents) - [ ] [github released v0.8.3 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.8.3) - [ ] [bolucat released 202604292144 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202604292144) - [ ] [modelcontextprotocol released v1.7.4 at modelcontextprotocol/registry](https://github.com/modelcontextprotocol/registry/releases/tag/v1.7.4) - [ ] [itm4n released 2026.04.29-1 at itm4n/PrivescCheck](https://github.com/itm4n/PrivescCheck/releases/tag/2026.04.29-1) - [ ] [WAY29 starred t8y2/dbx](https://github.com/t8y2/dbx) - [ ] [4ra1n starred HelloYmf/DLLHijacking-Patcher](https://github.com/HelloYmf/DLLHijacking-Patcher) - [ ] [zema1 starred HelloYmf/DLLHijacking-Patcher](https://github.com/HelloYmf/DLLHijacking-Patcher) - [ ] [kpcyrd contributed to mozilla/thin-vec](https://github.com/mozilla/thin-vec/pull/82) - [ ] [WAY29 contributed to WAY29/own-the-newsletter](https://github.com/WAY29/own-the-newsletter/pull/1) - [ ] [kpcyrd forked kpcyrd/thin-vec from mozilla/thin-vec](https://github.com/kpcyrd/thin-vec) - [ ] [PrefectHQ released 3.6.29.dev3 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.29.dev3) - [ ] [gh0stkey starred dohooo/helmor](https://github.com/dohooo/helmor) - [ ] [LoRexxar contributed to LoRexxar/Kunlun-M](https://github.com/LoRexxar/Kunlun-M/pull/313) - [ ] [shmilylty starred jaywcjlove/awesome-mac](https://github.com/jaywcjlove/awesome-mac) - [ ] [pydantic released v1.88.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.88.0) - 安全客-有思想的安全新媒体 - [ ] [安全进入“AI自主攻击”时代,瑞数信息如何用AI对抗AI](https://www.anquanke.com/post/id/315417) - [ ] [智能体关键年:Agent扎根业务流,AI生产力正在形成](https://www.anquanke.com/post/id/315419) - [ ] [深度分析Sorry勒索软件的加密实现与行为特征](https://www.anquanke.com/post/id/315390) - Recent Commits to cve:main - [ ] [Update Wed Apr 29 11:15:54 UTC 2026](https://github.com/trickest/cve/commit/9edbb018c0d81e99e33edf3064ce19ffcd1635d8) - LoRexxar's Blog | 信息技术分享 - [ ] [Ghost Bits,Java WAF之殇?](https://lorexxar.cn/2026/04/29/java-ghost-bits/) - Verne in GitHub - [ ] [在 OpenClaw 中使用 Moomoo API Skills 查看和分析日本股市](https://blog.einverne.info/post/2026/04/openclaw-moomoo-api-japan-stock-analysis.html) - Doonsec's feed - [ ] [MajorDoMo admin.php接口存在远程代码执行漏洞CVE-2026-27174 附POC](https://mp.weixin.qq.com/s/Z2dWGAwId9e7H5yXQVsxPA) - [ ] [(19)6.3 变更的策划 — 企业信息安全负责人必读系列丛书书稿《ISO/IEC 42001: 2023人工智能管理体系标准的谬误辨析与实施详解》](https://mp.weixin.qq.com/s/scBT9TwoXwBP1lLRpURbgA) - [ ] [(18)6.2 人工智能目标及其实现的策划—企业信息安全负责人必读系列丛书《ISO/IEC 42001:2023人工智能管理体系标准谬误辨析与实施详解》](https://mp.weixin.qq.com/s/LqUTynQyndu3zhMUk6zwww) - [ ] [(17)6.1.4 人工智能系统影响评估—企业信息安全负责人必读系列丛书《ISO/IEC 42001: 2023人工智能管理体系标准的谬误辨析与实施详解》](https://mp.weixin.qq.com/s/foCIiZyI8NKHyPm1ZCUj7w) - [ ] [(16)6.1.3 人工智能风险应对 —企业信息安全负责人必读系列丛书书稿《ISO/IEC 42001: 2023人工智能管理体系标准的谬误辨析与实施详解》](https://mp.weixin.qq.com/s/vEUHywddCn63M8wvlxkRrA) - [ ] [(15)6.1.2 人工智能风险评估 —企业信息安全负责人必读系列丛书书稿《ISO/IEC 42001: 2023人工智能管理体系标准的谬误辨析与实施详解》](https://mp.weixin.qq.com/s/wzb3mCpekOkwHPGDH-nB4Q) - [ ] [这才是公安需要的警务研判新大脑!](https://mp.weixin.qq.com/s/kGJx5twKjeCG6hQA4ZBsRQ) - [ ] [国投智能战略“跃迁”:基本盘稳固,新引擎发力](https://mp.weixin.qq.com/s/urPhZzpkWNW7MwcvNe1gjQ) - [ ] [Misc-Galaxysail:一站式 CTF Misc 杂项分析工具](https://mp.weixin.qq.com/s/3bFWifwmXZaF_jwDkJNbQA) - [ ] [红石V5:资产管理功能](https://mp.weixin.qq.com/s/zE5q7hGyoFLHSrGBkB4abA) - [ ] [供应链攻击永无眠:SAP CAP & Cloud MTA npm 供应链攻击事件报告](https://mp.weixin.qq.com/s/gaeeRzgxg-E_9G6_vtfO_g) - [ ] [Ghost Bits 绕waf原理研究分析](https://mp.weixin.qq.com/s/7rOTGcXQCkOoiVUmXGI8sA) - [ ] [第一次密评题库易错题公益答疑圆满完成,未来不忘初心,继续前行](https://mp.weixin.qq.com/s/hyfpyTYv2VwqjPTWD5H4-A) - [ ] [网络安全行业,已经连续 11 个季度没增长了](https://mp.weixin.qq.com/s/GmFsx4DJt85gVXzLqtgFMw) - [ ] [DeepSeek突然「开眼」,识图模式灰度上线](https://mp.weixin.qq.com/s/FsWfW-KZpr1EmiTg8ha1NA) - [ ] [2026护网专项行动,你参与不](https://mp.weixin.qq.com/s/m7rB8Q6MKjmVjJA4v_vchg) - [ ] [勒索动态 | 新勒索组织对深圳某上市通信制造企业发起勒索威胁,核心数据面临泄露风险](https://mp.weixin.qq.com/s/A3OgtT-DMOHb0CdsxrtlNQ) - [ ] [【首发】从APIServer到Kubelet:K8sPenTool如何串起一条云原生攻击链?](https://mp.weixin.qq.com/s/l0lfe6LbD5BHT89dl650qQ) - [ ] [倒计时1天 | 2026智能云生态大会](https://mp.weixin.qq.com/s/t7d8RkkihWnzo2eoA81R3w) - [ ] [获奖名单公布!2026数字中国创新大赛·数字安全赛道——网络和数据安全产业赛圆满落幕](https://mp.weixin.qq.com/s/Stro6eS_0wz8xxxEn4xPTg) - [ ] [公安机关发布景区游览、大型活动安全提示](https://mp.weixin.qq.com/s/NrMGihjXaJ1BvpIyYCMNPQ) - [ ] [9秒删库,AI“越狱”的真实样本](https://mp.weixin.qq.com/s/KOXyj1MY81F8w0CL8ikS1w) - [ ] [GhostBits-WAF-Bypass-Toolkit——针对 Java 幽灵比特位漏洞的 WAF 绕过辅助脚本](https://mp.weixin.qq.com/s/Q6SqplB6NUzs2_lc5WuQww) - [ ] [Telegram担保市场深度研究:平台演化、生态结构与监管挑战](https://mp.weixin.qq.com/s/xZpj8v8VWZwTpBHOwPDo0g) - [ ] [破解数据跨境难题!杨“数”浦数字沙龙第十五期精彩回顾](https://mp.weixin.qq.com/s/Q9A5yxJ74p-g4KopG6ubAw) - [ ] [五一假期将至:网警以案说法防微杜渐 守好网络安全关](https://mp.weixin.qq.com/s/q2MfLE2ACbQm_gBnQUZF6Q) - [ ] [CCB决赛有感(附RE/AI题目附件)](https://mp.weixin.qq.com/s/yL69Ee2pmFD2AMe6YX6RQQ) - [ ] [腾讯员工公寓曝光,竟是这样的布置!](https://mp.weixin.qq.com/s/0tOs8D31gMUc6C6pSFctNg) - [ ] [全球海拔高度数据集下载服务上线](https://mp.weixin.qq.com/s/Yl0-mDD3WZ7HzdnkqofaHg) - [ ] [【漏洞通告】Github-Enterprise远程命令执行漏洞(CVE-2026-3854)](https://mp.weixin.qq.com/s/bWSo1ktSYgWQXCQZvY_DJw) - [ ] [【漏洞通告】LiteLLM SQL注入漏洞(CVE-2026-42208)](https://mp.weixin.qq.com/s/ruU7aGSsvZY24ILNi4zkrw) - [ ] [网络安全信息与动态周报2026年第17期(4月20日-4月26日)](https://mp.weixin.qq.com/s/OyeRfDTqiOZPgJgebAJBsg) - [ ] [如何让齐静春帮我打CTF](https://mp.weixin.qq.com/s/gaRO5oL73NuILTNofHRvYg) - [ ] [紧急通知:此号即将注销!](https://mp.weixin.qq.com/s/YbhUXF5vy1NQJvdlPC5MuA) - [ ] [花600美元就能监听天上数据?银行记录、军事机密全在卫星上裸奔!](https://mp.weixin.qq.com/s/ZHzG0n-iecHrEg1Titl4BA) - [ ] [Ubuntu 22中找不到libcrypto.so.1.1](https://mp.weixin.qq.com/s/oSTBkL9GbSY_ixtGXRjXcw) - [ ] [王小洪在全国公安机关常态化开展扫黑除恶斗争推进会议上强调 以为人民出政绩以实干出政绩的使命担当 坚决抓好常态化扫黑除恶斗争](https://mp.weixin.qq.com/s/hMi7yAGOhfJz_cxiJ2MtWw) - [ ] [AI彻底取代产品经理?言之凿凿,却为时尚早](https://mp.weixin.qq.com/s/LwuX9E5XodMYKdU0_CUPdw) - [ ] [新型 VECT 2.0 勒索软件可破坏 Windows、Linux 和 ESXi 系统上超过 128 KB 的文件](https://mp.weixin.qq.com/s/rp85FK3zKX3GPpIOGcdMJA) - [ ] [实验室学生参加软件系统安全赛华东区现场赛](https://mp.weixin.qq.com/s/5PDDKgKYlCgS_usfUxWU2w) - [ ] [什么是Eth-trunk?](https://mp.weixin.qq.com/s/NcsEOuSdajNzu8JGDfiJXg) - [ ] [最近的收藏爱好:攒内存条](https://mp.weixin.qq.com/s/qQ_ITMkqlcZHfiKMzMdabQ) - [ ] [假期出行,请勿随意扫描来源不明的二维码](https://mp.weixin.qq.com/s/mDnCOQtflfawUEzp0qsqZQ) - [ ] [新型沙虫通信技术利用Tor隧道进行SSH远程访问](https://mp.weixin.qq.com/s/XcU7KHJfuzugFibEBOtE-w) - [ ] [cPanel发布严重身份验证漏洞警告——紧急补丁已发布](https://mp.weixin.qq.com/s/eBnlFVk8Q4GQNP6keHuSjQ) - [ ] [北京银行打造AI原生能力、已建成280+智能体](https://mp.weixin.qq.com/s/qTqzCEsbJ1ad3pDlF9HGhQ) - [ ] [AI快讯:去年我国Token调用量达21100万亿,DeepSeek灰度测试多模态识图模式](https://mp.weixin.qq.com/s/vjlI9P8JuV7r59OpZ1FdQw) - [ ] [金智维单一!国联民生证券金智维RPA系统采购项目](https://mp.weixin.qq.com/s/MDqRG6punPHfxSPEHSHwPA) - [ ] [【安全圈】伊朗黑客组织:已“开盒” 2379 名美国海军陆战队员,掌握数万名中东美军姓名、住址、日常轨迹、购物习惯等](https://mp.weixin.qq.com/s/-8ESG0kUMs_4Grq6RAlDgA) - [ ] [【安全圈】医疗科技大厂美敦力 IT 系统遭遇黑客入侵,未影响服务交付](https://mp.weixin.qq.com/s/ez8tByW_23TppI7DUoq5BA) - [ ] [【安全圈】巴西 LofyGang 团伙沉寂三年后卷土重来,发起 Minecraft LofyStealer 窃取器活动](https://mp.weixin.qq.com/s/KzK57Of1l-GhHE2Kj7EH9g) - [ ] [Ghost Bits 自动化提效:让WAF绕过告别重复劳作](https://mp.weixin.qq.com/s/WMD3MQ-8QM8hZXtTpbxFnA) - [ ] [分享一个渗透测试必备的POC速查网站](https://mp.weixin.qq.com/s/RAbn3W0NNbqbALHktf8U5Q) - [ ] [如何通过幽灵比特位绕过限制与利用](https://mp.weixin.qq.com/s/w_OG-WYREo4emmpcfVoNnQ) - [ ] [某省级发改委线上会议竟全程被外人旁听:警惕线上会议泄密](https://mp.weixin.qq.com/s/Zun7a5k3PRBUgJ9znhFykA) - [ ] [化身自主思考、动态演进的攻击者:AI如何重塑钓鱼攻击格局](https://mp.weixin.qq.com/s/lNtPDgGmg09mZBWA_JGqhQ) - [ ] [第三届“长城杯”网数智安全大赛(防护赛)总决赛在福州顺利闭幕](https://mp.weixin.qq.com/s/wl3kEqASy-iL1bS6MuW6lQ) - [ ] [信安世纪深耕新兴应用场景 打开安全防护新增长曲线](https://mp.weixin.qq.com/s/9XSwSWLCXn5r4bZsn7jl9g) - [ ] [周三:资讯速递(OpenAI漏洞赏金、安全skills库、OpenClaw漏洞)](https://mp.weixin.qq.com/s/7HTN5GYNkrQkfFuL2gaVJw) - [ ] [2025-2026免杀技术年鉴](https://mp.weixin.qq.com/s/PupDKHBbyP1ZKlaaAOoKow) - [ ] [众测src测试姿势总结上](https://mp.weixin.qq.com/s/G4L5Q1hQ-OuPMNqKpGTmTQ) - [ ] [关于AI与工作的一点思考](https://mp.weixin.qq.com/s/FYfaQiomvZ7lYJPFpLyupQ) - [ ] [以资产治理为基,筑网络安全之盾。灵创网络空间资产风险感知系统,智能感知每一处风险,用心守护每一份资产!](https://mp.weixin.qq.com/s/n6bAWp_-aUIgecjVyoJQsA) - [ ] [咱网安人自己的度娘,漏洞情报查询一步直达](https://mp.weixin.qq.com/s/RpN6WMjou-yH-sGyWtnCWg) - [ ] [【红队工具】Kerberos TGT Monitor BOF](https://mp.weixin.qq.com/s/E3yEN4vu9t4mZ-A_hgei1g) - [ ] [生成端合规之后,传播端的真正考题才开始](https://mp.weixin.qq.com/s/Ml4_15zIVuGET9eeZgq4IQ) - [ ] [Ghost Bits,Java WAF之殇?](https://mp.weixin.qq.com/s/JaxVrys8tqGnXsWhfFzAPw) - [ ] [构建密码学资产清单:微软密码学态势管理实践指南](https://mp.weixin.qq.com/s/cZI1bHPiEJnaznUEibrz9Q) - [ ] [前沿 | 人工智能对关键信息基础设施安全治理带来的影响](https://mp.weixin.qq.com/s/UZmvE9meJQB9mnjqr-UhPQ) - [ ] [发布 | 国家数据局发布《数字中国发展报告(2025年)》](https://mp.weixin.qq.com/s/SvQekhWc5qvm4Irr0ih7dg) - [ ] [第九届数字中国建设峰会“数据基础设施和数据标准化分论坛”在福州召开](https://mp.weixin.qq.com/s/18BuZVSRCxUe_0AMQ1J57w) - [ ] [第九届数字中国建设峰会数字技术赋能工业园区高质量发展专题会议在福州成功举办](https://mp.weixin.qq.com/s/vlcPXxwXOp9tBD3xh2YifA) - [ ] [关注 | 国家网信办就个人信息保护政策法规问题最新解答](https://mp.weixin.qq.com/s/BFr1Qo4lxNDY_zOxNBEbgQ) - [ ] [关注 | 市场监管总局部署开展网络食品销售虚假宣传专项整治](https://mp.weixin.qq.com/s/5ldOyozCgpHlp3FgALwq4A) - [ ] [成功复现!一条 git push 即可接管 GitHub 服务器,任意拉取他人私有仓库 (CVE-2026-3854)](https://mp.weixin.qq.com/s/3BgVRD3ap1MukW8C2kPS2w) - [ ] [直播回顾|安全运营AI 进阶:AI威胁研判的场景化应用与落地路径](https://mp.weixin.qq.com/s/nWS-Udu2X_qLvPcnUWcbww) - [ ] [持安科技五一劳动节放假期间值守通知!](https://mp.weixin.qq.com/s/h13-V5F4wIiyD5r_6MighA) - [ ] [28个Claude子Agent重构渗透测试,一键部署AI黑客军团](https://mp.weixin.qq.com/s/7UvpaAmzQtg7IQ21p8wuQw) - [ ] [直播预告:“古法挖洞”还能走多远?](https://mp.weixin.qq.com/s/hxW_S8aaOza2awbuqv_LuA) - Tenable Blog - [ ] [Mastering agentic AI security through exposure management](https://www.tenable.com/blog/mastering-agentic-ai-security-through-exposure-management) - Microsoft Security Blog - [ ] [8 best practices for CISOs conducting risk reviews](https://www.microsoft.com/en-us/security/blog/2026/04/29/8-best-practices-for-cisos-conducting-risk-reviews/) - bunnie's blog - [ ] [Name that Ware, April 2026](https://www.bunniestudios.com/blog/2026/name-that-ware-april-2026/) - [ ] [Winner, Name that Ware March 2026](https://www.bunniestudios.com/blog/2026/winner-name-that-ware-march-2026/) - ElcomSoft blog - [ ] [New Security Features and Low-Level Extraction of iOS 26](https://blog.elcomsoft.com/2026/04/new-and-updated-security-features-in-ios-26-and-their-forensic-implications/) - Blog on STAR Labs - [ ] [Three Bugs Walk Into a PDF: Prototype Pollution, Served Cold](https://starlabs.sg/blog/2026/04-three-bugs-walk-into-a-pdf-prototype-pollution-served-cold/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [Backup Files + .env Exposure Developers Ki Sabse Badi Galti: Config Files Se Credentials Nikalo!](https://infosecwriteups.com/backup-files-env-exposure-developers-ki-sabse-badi-galti-config-files-se-credentials-nikalo-1432674639b8?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [From Zero Reports to My First Hall of Fame](https://infosecwriteups.com/from-zero-reports-to-my-first-hall-of-fame-177eb70afd58?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [This Is How I Could Have Reactivated Your Instagram Account Without Your Knowledge](https://infosecwriteups.com/this-is-how-i-could-have-reactivated-your-instagram-account-without-your-knowledge-9d220bda5620?source=rss----7b722bfd1b8d--bug_bounty) - Reverse Engineering - [ ] [I'm not an expert but a beginner. So using guides I've tried an app in everyway for intercepting network traffic.Frida didn't worked even. The app doesn't even work in a rooted I tried decompiling and change network config. But doesn't work as after installed the app redirects play store for update.](https://www.reddit.com/r/ReverseEngineering/comments/1sywof4/im_not_an_expert_but_a_beginner_so_using_guides/) - [ ] [I built a free open-source CAN bus reverse engineering workstation in Python — 15 tabs, offline ML, dual AI engines, MitM gateway](https://www.reddit.com/r/ReverseEngineering/comments/1syxlkh/i_built_a_free_opensource_can_bus_reverse/) - Malwarebytes - [ ] [Researchers built a chatbot that only knows the world before 1931](https://www.malwarebytes.com/blog/ai/2026/04/researchers-built-a-chatbot-that-only-knows-the-world-before-1931) - [ ] [Microsoft won’t patch PhantomRPC: Feature or bug?](https://www.malwarebytes.com/blog/news/2026/04/microsoft-wont-patch-phantomrpc-feature-or-bug) - [ ] [Scam-checking just got a lot easier: Malwarebytes is now in Claude](https://www.malwarebytes.com/blog/product/2026/04/scam-checking-just-got-a-lot-easier-malwarebytes-is-now-in-claude) - Malware-Traffic-Analysis.net - Blog Entries - [ ] [2026-04-22: Malicious ad leads to ClickFix-style page for macOS malware](https://www.malware-traffic-analysis.net/2026/04/22/index.html) - daniel.haxx.se - [ ] [curl 8.20.0](https://daniel.haxx.se/blog/2026/04/29/curl-8-20-0/) - Exploit-DB.com RSS Feed - [ ] [[webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS)](https://www.exploit-db.com/exploits/52526) - [ ] [[webapps] Craft CMS 5.6.16 - RCE](https://www.exploit-db.com/exploits/52525) - [ ] [[local] GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation](https://www.exploit-db.com/exploits/52524) - [ ] [[webapps] phpMyFAQ 4.0.16 - Improper Authorization](https://www.exploit-db.com/exploits/52523) - [ ] [[webapps] GeographicLib v2.5.1 - stack buffer overflow](https://www.exploit-db.com/exploits/52522) - [ ] [[local] OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52521) - [ ] [[webapps] OpenKM 6.3.12 - Multiple](https://www.exploit-db.com/exploits/52520) - [ ] [[webapps] GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52519) - [ ] [[webapps] JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution](https://www.exploit-db.com/exploits/52518) - [ ] [[webapps] FacturaScripts 2025.43 - XSS](https://www.exploit-db.com/exploits/52517) - [ ] [[webapps] Xibo CMS 4.3.0 - RCE via SSTI](https://www.exploit-db.com/exploits/52516) - [ ] [[local] Fedora - Local Privilege Escalation](https://www.exploit-db.com/exploits/52515) - [ ] [[webapps] LangChain Core 1.2.4 - SSTI/RCE](https://www.exploit-db.com/exploits/52514) - [ ] [[local] Atlona ATOMERX21 - Authenticated Command Injection](https://www.exploit-db.com/exploits/52513) - The Trail of Bits Blog - [ ] [Extending Ruzzy with LibAFL](https://blog.trailofbits.com/2026/04/29/extending-ruzzy-with-libafl/) - HackerNews - [ ] [塴輿 LofyGang 团䟙沉寂三嚴ĺŽĺˇĺœŸé‡ćĽďźŒĺ‘辡 Minecraft LofyStealer çŞƒĺ–器洝动](http://0.0.0.0:8080/post/64195) - [ ] [Signal é’“éąźć´ťĺŠ¨çž„ĺ‡†ĺžˇĺ›˝ĺŽ˜ĺ‘˜ďźŒç–‘äźźäż„ç˝—ć–ŻčĄŒĺŠ¨](http://0.0.0.0:8080/post/64194) - [ ] [ćœ‰çźşé™ˇçš„ VECT 2.0 勒索软䝜寚大文䝜充当数ćŽć“Śé™¤ĺ™¨](http://0.0.0.0:8080/post/64193) - [ ] [视频ćœĺŠĄ Vimeo 祎莤 Anodot ćł„éœ˛äş‹äťśĺŻźč‡´ç”¨ćˆˇć•°ćŽćš´éœ˛](http://0.0.0.0:8080/post/64192) - [ ] [靑厢ćŁĺœ¨ĺˆŠç”¨ LiteLLM éŤ˜ĺąé˘„čŽ¤čŻ SQL 注兼ćźć´ž](http://0.0.0.0:8080/post/64191) - [ ] [ç ”çŠśäşşĺ‘˜ĺ‘现关锎 GitHub RCE ćźć´žďźšäť…éœ€ä¸€ćŹĄ Git Push ĺłĺŻĺˆŠç”¨](http://0.0.0.0:8080/post/64190) - 奇客Solidot–传递最新科技情报 - [ ] [Zed 编辑器发布 1.0 版本](https://www.solidot.org/story?sid=84187) - [ ] [城里的鸟更怕女性,原因未知](https://www.solidot.org/story?sid=84186) - [ ] [.icu 域名被短暂劫持](https://www.solidot.org/story?sid=84185) - [ ] [荷兰政府上线开源代码托管平台](https://www.solidot.org/story?sid=84184) - [ ] [报告称逾三分之二婴儿使用屏幕,最多花 8 小时在屏幕上](https://www.solidot.org/story?sid=84183) - [ ] [马斯克称他创办非盈利的 OpenAI 是为了对抗 Google](https://www.solidot.org/story?sid=84182) - [ ] [打呵欠有助于大脑清理脑液](https://www.solidot.org/story?sid=84181) - [ ] [食肉细菌在三天内就破坏了男子的手臂和腿](https://www.solidot.org/story?sid=84180) - [ ] [Ghostty 项目将退出 GitHub 平台](https://www.solidot.org/story?sid=84179) - [ ] [Fedora Linux 44 释出](https://www.solidot.org/story?sid=84177) - [ ] [美国数据中心新建天然气项目排放量超过部分国家一年总排放量](https://www.solidot.org/story?sid=84176) - text/plain - [ ] [Exploiting Vulnerable Drivers](https://textslashplain.com/2026/04/29/exploiting-vulnerable-drivers/) - 绿盟科技技术博客 - [ ] [Claude Mythos Preview 模型能力解析:大模型攻防实测与企业应对建议](https://blog.nsfocus.net/claude-mythos-preview-%e6%a8%a1%e5%9e%8b%e8%83%bd%e5%8a%9b%e8%a7%a3%e6%9e%90%ef%bc%9a%e5%a4%a7%e6%a8%a1%e5%9e%8b%e6%94%bb%e9%98%b2%e5%ae%9e%e6%b5%8b%e4%b8%8e%e4%bc%81%e4%b8%9a%e5%ba%94%e5%af%b9/) - [ ] [绿盟云原生靶场:体系化教学,让客户安全人才培养更高效](https://blog.nsfocus.net/%e7%bb%bf%e7%9b%9f%e4%ba%91%e5%8e%9f%e7%94%9f%e9%9d%b6%e5%9c%ba%ef%bc%9a%e4%bd%93%e7%b3%bb%e5%8c%96%e6%95%99%e5%ad%a6%ef%bc%8c%e8%ae%a9%e5%ae%a2%e6%88%b7%e5%ae%89%e5%85%a8%e4%ba%ba%e6%89%8d%e5%9f%b9/) - [ ] [【公益译文】2026年国际AI安全报告(六)](https://blog.nsfocus.net/%e3%80%90%e5%85%ac%e7%9b%8a%e8%af%91%e6%96%87%e3%80%912026%e5%b9%b4%e5%9b%bd%e9%99%85ai%e5%ae%89%e5%85%a8%e6%8a%a5%e5%91%8a%ef%bc%88%e5%85%ad%ef%bc%89/) - [ ] [权威认证 | 绿盟科技再次荣膺CNCERT甲级支撑单位](https://blog.nsfocus.net/%e6%9d%83%e5%a8%81%e8%ae%a4%e8%af%81-%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e5%86%8d%e6%ac%a1%e8%8d%a3%e8%86%bacncert%e7%94%b2%e7%ba%a7%e6%94%af%e6%92%91%e5%8d%95%e4%bd%8d/) - 锦行科技 - [ ] [锦行科技获评广东省制造业单项冠军--以网安技术赋能制造业高质量发展](https://mp.weixin.qq.com/s?__biz=MzIxNTQxMjQyNg==&mid=2247494887&idx=1&sn=9f95427d136c978534caa7d31e2c0251) - 腾讯玄武实验室 - [ ] [每日安全动态推送(26/4/29)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960463&idx=1&sn=015c75ee26b3745447c1f01f5cf34c2f) - 黑鸟 - [ ] [APT29曾经最隐秘的武器:目标机器运行的定制化间谍木马](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186574&idx=1&sn=3ee6eff7d3195af7bf9e10f8f0051298) - 代码卫士 - [ ] [仅凭一条 git push 命令,即可在 GitHub 实现RCE 并访问数百万仓库](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525909&idx=1&sn=3a1d88cd8e20887b0792cd899f1b843e) - [ ] [刚刚,cPanel紧急修复影响所有受支持版本的认证漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525909&idx=2&sn=80fc4007516f0fcfc9072f775b3c330a) - 安全内参 - [ ] [上海隧道新加坡公司发生数据泄露,甲方暂停数字系统访问权限](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515877&idx=1&sn=2332d7f8b501a1d47d2a083c76ffaca2) - [ ] [美国空军部发布人工智能和数据战略以加速提升军事优势](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515877&idx=2&sn=efe28fc0af81525c9a1f74dd319f9bba) - Black Hills Information Security, Inc. - [ ] [A Practical Guide to BloodHound Data Collection](https://www.blackhillsinfosec.com/bloodhound-data-collection/) - 青衣十三楼飞花堂 - [ ] [Ubuntu 22中找不到libcrypto.so.1.1](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489366&idx=1&sn=25aed7e787c8a2adcf137c0d79400ac7) - 安全客 - [ ] [深度分析Sorry勒索软件的加密实现与行为特征](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649789890&idx=1&sn=7105facbd94397f0277f8dda2ce10396) - 绿盟科技研究通讯 - [ ] [AI靶场安全实战系列:训练数据投毒——利用标签翻转实现内容审核定向漏判](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247499884&idx=1&sn=5d65fb971fbb00e7c92b236e86eaaed1) - 漕河泾小黑屋 - [ ] [CVE-2024-38812 深度分析:从堆风水到远程代码执行](https://mp.weixin.qq.com/s?__biz=MzA4NzQwNzY3OQ==&mid=2247484086&idx=1&sn=5d6bbe68afada10fbfe35201dfeb801e) - 微步在线研究响应中心 - [ ] [一个人,两个AI,0代码,把墨西哥政府打成筛子](https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247508657&idx=1&sn=91bbcd48f789f8112b1e17c05ef2e94e) - 威努特安全网络 - [ ] [智能体工厂来了!解读工信部、国家数据局联合“模数共振”行动](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141486&idx=1&sn=2e505e08a56c51d68a942c64211bbcc1) - 丁爸 情报分析师的工具箱 - [ ] [【AI报告】近一周全球安全态势简报(4.29)](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651155341&idx=1&sn=db01cc12a23f4f1115c2458d833e039c) - 中国信息安全 - [ ] [视频 | 百队竞技淬精英 数智筑盾护山河!第三届“长城杯”网数智安全大赛(防护赛)总决赛在福州胜利闭幕](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262069&idx=1&sn=2043a5b7f19741ec05fe604bb7078e0c) - 信息安全国家工程研究中心 - [ ] [专家解读|推动我国网络法治建设迈向更高水平](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247503779&idx=1&sn=830ec4705741bd1d0696f8b6b0283afd) - 安全圈 - [ ] [【安全圈】伊朗黑客组织:已“开盒” 2379 名美国海军陆战队员,掌握数万名中东美军姓名、住址、日常轨迹、购物习惯等](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076059&idx=1&sn=da1650f67f6af7da8ad2b79dff4f91a3) - [ ] [【安全圈】医疗科技大厂美敦力 IT 系统遭遇黑客入侵,未影响服务交付](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076059&idx=2&sn=6a35f617d45895376be8b42f42bc2cd0) - [ ] [【安全圈】巴西 LofyGang 团伙沉寂三年后卷土重来,发起 Minecraft LofyStealer 窃取器活动](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076059&idx=3&sn=86fa3d53221d6b2950f6138d34ba3c1f) - 电子物证 - [ ] [【微信附件命名规则大揭秘】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048987&idx=1&sn=280addaf3dcb224fb97d69fb695b6fc9) - [ ] [手机取证:从 WhatsApp、Signal 和 Telegram 提取媒体和消息的简单方法](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048987&idx=2&sn=309bed7249de4b6f4a119ebe6cdeaf00) - 青藤云安全 - [ ] [幽灵比特告诉你,为什么有了WAF你还需要RASP ?](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851210&idx=1&sn=dc2cdcae2121592b41fac046243f6b4d) - 安全牛 - [ ] [2283美元,AI造出可用Chrome漏洞武器:网络攻防平衡已被彻底颠覆](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141181&idx=1&sn=378f9848d3f349beb7a1bd6a965d6b46) - [ ] [网信部门依法查处剪映 App 等 AI 生成合成内容标识违法平台;CNVD周报:高危0day漏洞激增,Adobe、NVIDIA、Cisco成重灾区| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141181&idx=2&sn=a454d1c6b28958fd4ffe80cb59bd0a57) - 数世咨询 - [ ] [美国网络犯罪损失首次突破200亿美元](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542754&idx=1&sn=fcdc1d572f0c00c86d522b8289144147) - [ ] [百队竞技淬精英 数智筑盾护山河 | 第三届“长城杯”网数智安全大赛(防护赛)总决赛在福州胜利闭幕](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542754&idx=2&sn=48ad6e0c018995a383e2bee088673419) - 火绒安全 - [ ] [火绒在线 你的节日安全我包了](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532513&idx=1&sn=c47286d23b046817cbc4acd24f544a25) - [ ] [火绒小问答--「个人版」近期top问题解答](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532513&idx=2&sn=d39192aed969909ee4d3d812767f3340) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532513&idx=3&sn=f5680223b6ef6876b83daf76b88e39f7) - 极客公园 - [ ] [AI 走出屏幕,家电变成「机器人」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653104961&idx=1&sn=72388a60efefba651c7ff837db3486d0) - [ ] [比亚迪5月1日开始涨价;微信朋友圈悄然改版;麦当劳奶昔正式回归|极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653104940&idx=1&sn=148290a972a03e9d9d721582bca21cfb) - 看雪学苑 - [ ] [利用任意物理读写驱动来加载自己的驱动](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614348&idx=1&sn=3ad065ac0bd0b6e152a887670ef1e5dd) - [ ] [单个Git Push就能攻陷GitHub?CVE-2026-3854高危漏洞曝光](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614348&idx=2&sn=ce07c53a847420a458cfab9e46207714) - [ ] [月薪3W定向培养!看雪安卓高级研修班『2026春季班』火热招生中](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614348&idx=3&sn=62e4bc182f8c27b9cd4fc1664da29b41) - 国家互联网应急中心CNCERT - [ ] [网络安全信息与动态周报2026年第17期(4月20日-4月26日)](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247501549&idx=1&sn=97ecbb76c2cb79f98d955fbb80b7cdb4) - 深信服千里目安全技术中心 - [ ] [【漏洞通告】Github-Enterprise远程命令执行漏洞(CVE-2026-3854)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525429&idx=1&sn=efffa2a9040316ec6d7753bd4b59e865) - [ ] [【漏洞通告】LiteLLM SQL注入漏洞(CVE-2026-42208)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525429&idx=2&sn=576d9806998fdf7f0dbf7b40e17dcfcb) - [ ] [网络安全信息与动态周报2026年第17期(4月20日-4月26日)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525429&idx=3&sn=81c972bbb2dae75573479374efa28eb1) - Desync InfoSec - [ ] [构建密码学资产清单:微软密码学态势管理实践指南](https://mp.weixin.qq.com/s?__biz=MzkzMDE3ODc1Mw==&mid=2247490256&idx=1&sn=ceee7d855ca1354058e7b96de35db47b) - 表图 - [ ] [网络安全行业,已经连续 11 个季度没增长了](https://mp.weixin.qq.com/s?__biz=MzUzOTI4NDQ3NA==&mid=2247484986&idx=1&sn=f01cbdba037a67e00007de8cfe6dac6c) - 安全行者老霍 - [ ] [多模型协同使用比单一模型的选择更为关键](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486556&idx=1&sn=9eb2bfccb21150c4a28d244257187e81) - 360数字安全 - [ ] [360获全国五一劳动奖状、全国工人先锋号两项国家级荣誉](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585850&idx=1&sn=4ab125c5e4594f14b071f7bb4546e169) - IT Service Management News - [ ] [Privacy filter di Open AI](http://blog.cesaregallotti.it/2026/04/privacy-filter-di-open-ai.html) - LR的安全自留地 - [ ] [Ghost Bits,Java WAF之殇?](https://mp.weixin.qq.com/s?__biz=MzkwNzMyNjU0MQ==&mid=2247484328&idx=1&sn=c5e9397cfd395a2e969ca70ebe70465b) - Forensic Focus - [ ] [Magnet Forensics Redefines Digital Investigations With Evolution Of Magnet One](https://www.forensicfocus.com/news/magnet-forensics-redefines-digital-investigations-with-evolution-of-magnet-one/) - [ ] [Digital Forensics Round-Up, April 29 2026](https://www.forensicfocus.com/news/digital-forensics-round-up-april-29-2026/) - [ ] [Magnet Forensics Unveils Magnet AI, Advancing The Next Era Of Digital Investigative Intelligence](https://www.forensicfocus.com/news/magnet-forensics-unveils-magnet-ai-advancing-the-next-era-of-digital-investigative-intelligence/) - Over Security - Cybersecurity news aggregator - [ ] [A un anno dallo scandalo sullo spionaggio di giornalisti e attivisti, Paragon non ha ancora dato risposte sull'uso dei suoi spyware alla giustizia italiana](https://www.wired.it/article/paragon-spyware-risposte-indagine-italia-procura/) - ICT Security Magazine - [ ] [Le vie nascoste del digitale: vulnerabilità e sicurezza dei cavi sottomarini](https://www.ictsecuritymagazine.com/articoli/vulnerabilita-cavi-sottomarini/) - [ ] [Caso Mythos: l’AI che trova zero-day in autonomia, il leak su Discord e la nuova economia delle vulnerabilità](https://www.ictsecuritymagazine.com/notizie/claude-mythos-leak-discord/) - [ ] [Cloud forensics e il labirinto giurisdizionale: acquisire prove oltre i confini](https://www.ictsecuritymagazine.com/articoli/cloud-forensics-prove-digitali/) - 迪哥讲事 - [ ] [Java "幽灵比特位"(Ghost Bits)引发的waf通杀](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499396&idx=1&sn=42f82893ad0bb6a9c4141fc432d2ff7c) - Javvad Malik - [ ] [The Tyranny of Security](https://javvadmalik.com/2026/04/29/the-tyranny-of-security/) - Schneier on Security - [ ] [Claude Mythos Has Found 271 Zero-Days in Firefox](https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.html) - Yak Project - [ ] [Ghost Bits 自动化提效:让WAF绕过告别重复劳作](https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247529777&idx=1&sn=30895fc3b2cb1832945d2b442ce3852e) - 悬镜安全 - [ ] [拆解 Agent Loop 盲盒:从 RSAC2026 冠军看灵境 AIDR 的智能体原生安全实践!](https://mp.weixin.qq.com/s?__biz=MzA3NzE2ODk1Mg==&mid=2647799274&idx=1&sn=f6adc342d85f11907e3544292ecbc6ea) - SANS Internet Storm Center, InfoCON: green - [ ] [Today's Odd Web Requests, (Wed, Apr 29th)](https://isc.sans.edu/diary/rss/32934) - [ ] [ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)](https://isc.sans.edu/diary/rss/32932) - 安全419 - [ ] [安全419|一周国际网安资讯:APT攻击持续升级 AI安全风险凸显](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553211&idx=1&sn=35092f1c1856e8179d0335e410418fa3) - [ ] [第三届“长城杯”网数智安全大赛(防护赛)总决赛在福州顺利闭幕](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553211&idx=2&sn=1eda2a511a600e58010265bf7c2c5be8) - 360威胁情报中心 - [ ] [蔓灵花组织使用NUITKA打包的python样本进行投递](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508516&idx=1&sn=a869f67294b5777615ad597c3730105e) - TorrentFreak - [ ] [EU-Funded DNS Provider Must Block Pirate Sites, French Court Rules](https://torrentfreak.com/eu-funded-dns-provider-must-block-pirate-sites-french-court-rules/) - Security Affairs - [ ] [CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure](https://securityaffairs.com/191483/hacking/cve-2026-42208-litellm-bug-exploited-36-hours-after-its-disclosure.html) - [ ] [Internet censorship index reveals Russia’s lead and widespread content blocking](https://securityaffairs.com/191475/security/internet-censorship-index-reveals-russias-lead-and-widespread-content-blocking.html) - [ ] [All supported cPanel versions hit by critical auth bug, now patched](https://securityaffairs.com/191465/security/all-supported-cpanel-versions-hit-by-critical-auth-bug-now-patched.html) - [ ] [U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/191442/security/u-s-cisa-adds-microsoft-windows-shell-and-connectwise-screenconnect-flaws-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [ShinyHunters exploit Anodot incident to target Vimeo](https://securityaffairs.com/191448/security/shinyhunters-exploit-anodot-incident-to-target-vimeo.html) - Deeplinks - [ ] [EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians](https://www.eff.org/deeplinks/2026/04/eff-submission-un-report-role-media-context-israels-policies-toward-palestinians) - [ ] [Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors](https://www.eff.org/deeplinks/2026/04/former-eff-activism-directors-new-book-transaction-denied-explores-what-happens) - 洞源实验室 - [ ] [AI彻底取代产品经理?言之凿凿,却为时尚早](https://mp.weixin.qq.com/s?__biz=Mzg4Nzk3MTg3MA==&mid=2247488710&idx=1&sn=3cc7e4292f9336c40e881b309c0bd7f4) - Full Disclosure - [ ] [ESP-RFID-Tool v2 PRO — Full Public Disclosure](https://seclists.org/fulldisclosure/2026/Apr/18) - [ ] [Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App](https://seclists.org/fulldisclosure/2026/Apr/21) - [ ] [SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App](https://seclists.org/fulldisclosure/2026/Apr/20) - [ ] [SEC Consult SA-20260423-0 :: DLL Hijacking in EfficientLab Controlio (cloud-based employee monitoring service)](https://seclists.org/fulldisclosure/2026/Apr/19) - [ ] [SEC Consult SA-20260421-0 :: Broken Access Control in Config Endpoint in LiteLLM](https://seclists.org/fulldisclosure/2026/Apr/17) - [ ] [SEC Consult SA-20260415-0 :: Exposed Private Key of X.509 Certificate in SAP HANA Cockpit & SAP HANA Database Explorer](https://seclists.org/fulldisclosure/2026/Apr/16) - [ ] [APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8](https://seclists.org/fulldisclosure/2026/Apr/15) - [ ] [APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2](https://seclists.org/fulldisclosure/2026/Apr/14) - [ ] [Research: When Trusted Tools Become Attack Primitives](https://seclists.org/fulldisclosure/2026/Apr/13) - [ ] [[KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability](https://seclists.org/fulldisclosure/2026/Apr/12) - [ ] [[KIS-2026-07] SocialEngine <= 7.8.0 Blind Server-Side Request Forgery Vulnerability](https://seclists.org/fulldisclosure/2026/Apr/11) - [ ] [Trojan-Spy.Win32.Small / Remote Command Execution](https://seclists.org/fulldisclosure/2026/Apr/10) - [ ] [[IWCC 2026] CfP: 15th International Workshop on Cyber Crime - Linköping, Sweden, Aug 24-27, 2026](https://seclists.org/fulldisclosure/2026/Apr/9) - [ ] [[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection](https://seclists.org/fulldisclosure/2026/Apr/8) - Your Open Hacker Community - [ ] [Force factory reset bypassing security measures](https://www.reddit.com/r/HowToHack/comments/1szdhww/force_factory_reset_bypassing_security_measures/) - [ ] [Ubuntu or Kali Linux for a CS student doing cybersecurity and CTFs?](https://www.reddit.com/r/HowToHack/comments/1syuk6f/ubuntu_or_kali_linux_for_a_cs_student_doing/) - [ ] [.](https://www.reddit.com/r/HowToHack/comments/1sza0gw/_/) - [ ] [Trying to recover my mom's lost Gmail account via hacking](https://www.reddit.com/r/HowToHack/comments/1sz6moa/trying_to_recover_my_moms_lost_gmail_account_via/) - Trend Micro Research, News and Perspectives - [ ] [Kuse Web App Abused to Host Phishing Document](https://www.trendmicro.com/en_us/research/26/d/kuse-web-app-abused-to-host-phishing-document.html) - The Hacker News - [ ] [SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack](https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html) - [ ] [New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs](https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html) - [ ] [Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks](https://thehackernews.com/2026/04/webinar-how-to-automate-exposure.html) - [ ] [What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)](https://thehackernews.com/2026/04/what-to-look-for-in-exposure-management.html) - [ ] [Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately](https://thehackernews.com/2026/04/critical-cpanel-authentication.html) - [ ] [CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV](https://thehackernews.com/2026/04/cisa-adds-actively-exploited.html) - [ ] [LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure](https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html) - GRAHAM CLULEY - [ ] [Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions](https://grahamcluley.com/smashing-security-podcast-465/) - [ ] [Alleged Silk Typhoon hacker extradited to the United States to face charges](https://www.bitdefender.com/en-us/blog/hotforsecurity/silk-typhoon-hacker-extradited-united-states) - The Register - Security - [ ] [Researchers move in the right direction, develop powerful GPS interference alarm](https://go.theregister.com/feed/www.theregister.com/2026/04/29/boffins_new_gps_interference_alarm/) - [ ] [Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack](https://go.theregister.com/feed/www.theregister.com/2026/04/29/microsoft_zero_click_exploit/) - [ ] [Legacy TLS tour continues with Exchange Online blocking old versions from July 2026](https://go.theregister.com/feed/www.theregister.com/2026/04/29/exchange_online_blocks_old_versions/) - [ ] [CISA flags data-theft bug in NSA-built OT networking tool](https://go.theregister.com/feed/www.theregister.com/2026/04/29/cisa_flags_datatheft_bug_in/) - [ ] [GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash](https://go.theregister.com/feed/www.theregister.com/2026/04/29/github_woah_a_genuinely_helpful/) - [ ] [EU waves through open source age-check tool to keep kids safe online](https://go.theregister.com/feed/www.theregister.com/2026/04/29/eu_adopts_open_source_ageverification/) - [ ] [GoDaddy customer claims registrar transferred 27-year-old domain without any security checks](https://go.theregister.com/feed/www.theregister.com/2026/04/29/godaddy_megagaffe_wrongly_transferred_27yearold/) - [ ] [30 ClawHub skills secretly turn AI agents into a crypto swarm](https://go.theregister.com/feed/www.theregister.com/2026/04/29/30_clawhub_skills_mine_crypto/) - Instapaper: Unread - [ ] [Tool – EyeWitness](https://redsiege.com/uncategorized/2026/04/tool-eyewitness/) - [ ] [Creating a FujiWinFE external drive](https://malwaremaloney.blogspot.com/2026/04/last-child-margin-bottom-15px-table-tr.html) - [ ] [Introducing crush A DFIR Workbench for Surfing Through Data Formats](https://bebinary4n6.blogspot.com/2026/04/introducing-crush-dfir-workbench-for.html) - [ ] [What Your Mac Forensic Tool Isn’t Telling You About Metadata](https://sumuri.com/what-your-mac-forensic-tool-isnt-telling-you-about-metadata/) - [ ] [Digital Triage Masterclass](https://blog.elcomsoft.com/2026/04/digital-triage-masterclass/) - [ ] [Malware nascosto in un finto JPG analisi forense di un attacco moderno](https://luca-mercatanti.com/malware-nascosto-in-un-finto-jpg-analisi-forense-di-un-attacco-moderno/) - [ ] [New Android spyware Morpheus linked to Italian surveillance firm](https://securityaffairs.com/191398/malware/new-android-spyware-morpheus-linked-to-italian-surveillance-firm.html) - [ ] [Estradato negli USA hacker del gruppo Silk Typhoon](https://www.punto-informatico.it/estradato-usa-hacker-gruppo-silk-typhoon/) - [ ] [Paragon non ha ancora dato risposte sull'uso dei suoi spyware alla giustizia italiana, a un anno dallo scandalo sullo spionaggio di giornalisti e attivisti](https://www.wired.it/article/paragon-spyware-risposte-indagine-italia-procura/) - [ ] [Perché l’immutabilità assoluta è la difesa definitiva contro il ransomware](https://www.cybersecurity360.it/soluzioni-aziendali/perche-limmutabilita-assoluta-e-la-difesa-definitiva-contro-il-ransomware/) - Information Security - [ ] [Are a lot of security programs still too focused on prevention and not enough on visibility?](https://www.reddit.com/r/Information_Security/comments/1syyg2r/are_a_lot_of_security_programs_still_too_focused/) - [ ] [Bluekit: The AI-Powered All-in-One Phishing Kit](https://www.reddit.com/r/Information_Security/comments/1sz0rb5/bluekit_the_aipowered_allinone_phishing_kit/) - [ ] [ALERT: US-Targeted Phishing Campaign Exploiting Remote Access Blind Spots](https://www.reddit.com/r/Information_Security/comments/1szagqm/alert_ustargeted_phishing_campaign_exploiting/) - [ ] [Mobile Malware Analysis Blog Series - Pegasus, Xenomorph, Blackrock & more](https://www.reddit.com/r/Information_Security/comments/1syza5p/mobile_malware_analysis_blog_series_pegasus/) - [ ] [ShinyHunters Medtronic ADT Breach: 14.5M Records Stolen](https://www.reddit.com/r/Information_Security/comments/1syyabc/shinyhunters_medtronic_adt_breach_145m_records/) - [ ] [KnowBe4 vs Adaptive](https://www.reddit.com/r/Information_Security/comments/1sz5sj3/knowbe4_vs_adaptive/) - [ ] [How know information about someone](https://www.reddit.com/r/Information_Security/comments/1sz9sw8/how_know_information_about_someone/) - [ ] [Cyera vs BigID for cloud-native DSPM when your breach surface is dev tooling](https://www.reddit.com/r/Information_Security/comments/1syz808/cyera_vs_bigid_for_cloudnative_dspm_when_your/) - Deep Web - [ ] [Need help with an account takeover type situation](https://www.reddit.com/r/deepweb/comments/1szf9iu/need_help_with_an_account_takeover_type_situation/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [How are you monitoring and handling vulnerable company credentials showing up in breaches and dark web dumps?](https://www.reddit.com/r/netsecstudents/comments/1syx78m/how_are_you_monitoring_and_handling_vulnerable/) - [ ] [Interesting bootloader if anybody wants to see how one is created in C and ASM](https://www.reddit.com/r/netsecstudents/comments/1sz0hh6/interesting_bootloader_if_anybody_wants_to_see/) - Technical Information Security Content & Discussion - [ ] [Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root](https://www.reddit.com/r/netsec/comments/1szduu3/copy_fail_exploit_lets_732_bytes_hijack_linux/) - [ ] [The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs](https://www.reddit.com/r/netsec/comments/1sz5aoi/the_internet_is_falling_down_falling_down_falling/) - [ ] [The Thymeleaf Template Injection That Only Hurts If You Let It](https://www.reddit.com/r/netsec/comments/1sz3u3l/the_thymeleaf_template_injection_that_only_hurts/) - [ ] [AI security capabilities and the human side of vulnerability management](https://www.reddit.com/r/netsec/comments/1sz68c6/ai_security_capabilities_and_the_human_side_of/) - [ ] [A Route to Root in a 4G Industrial Router](https://www.reddit.com/r/netsec/comments/1sykrpt/a_route_to_root_in_a_4g_industrial_router/) - [ ] [Set up automated dependency scanning after the recent npm/PyPI supply chain attacks](https://www.reddit.com/r/netsec/comments/1syyyea/set_up_automated_dependency_scanning_after_the/) - Security Weekly Podcast Network (Audio) - [ ] [The Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - Marc Manzano, Mark Hughes, Mehul Revankar - BSW #445](http://sites.libsyn.com/18678/the-next-frontier-autonomous-security-and-rsac-interviews-from-quantro-sandboxaq-marc-manzano-mark-hughes-mehul-revankar-bsw-445)
每日安全资讯(2026-04-30)