[每日信息流] 2026-01-06

[chainreactorbot]

每日安全资讯（2026-01-06）

• SecWiki News
  • SecWiki News 2026-01-05 Review
• 奇安信攻防社区
  • 一文带你看懂MQTT——MQTT pwn初探
• 先知安全技术社区
  • 阿里集团集团安全部招聘高级风控安全工程师-漏洞挖掘方向
  • 阿里集团安全部招聘安全工程师-AI for security
  • n8n Python代码节点沙箱绕过导致系统命令执行漏洞(CVE-2025-68668)
  • 2025 HKCERT CTF Writup
• Recent Commits to cve:main
  • Update Mon Jan 5 11:27:36 UTC 2026
• obaby@mars
  • RPG！
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • Chrome 应用商店恶意扩展程序窃取用户敏感数据
• LevelBlue Blog
  • New State Laws Impact AI Governance, Risk, and Compliance
• Private Feed for M09Ic
  • mgeeky starred jenish-sojitra/JSAnalyzer
  • bolucat released 202601051941 at bolucat/Archive
  • jar-analyzer released 5.12 at jar-analyzer/jar-analyzer
  • joaoviictorti starred thecybersandeep/adbauditor
  • niudaii starred nickscamara/open-deep-research
  • Rvn0xsy starred anthropics/skills
  • airbus-seclab released v4.6.0 at airbus-seclab/soxy
  • mgeeky starred dis0rder0x00/DbgNexum
  • timwhitez starred litespeedtech/lsquic
  • Rvn0xsy starred gh0stkey/FuncExporter
  • safedv starred klezVirus/inceptor
  • PrefectHQ released 3.6.10.dev2 at PrefectHQ/prefect
  • WAY29 starred eastxiaodong/ace-tool
  • panjf2000 contributed to redis/redis
  • gh0stkey starred Pennyw0rth/NetExec
  • Ridter starred dis0rder0x00/DbgNexum
  • gh0stkey starred xaitax/Chrome-App-Bound-Encryption-Decryption
  • wuhan005 starred moeru-ai/airi
  • joaoviictorti starred dtolnay/proc-macro2
  • Rvn0xsy starred journey-ad/gemini-watermark-remover
• ElcomSoft blog
  • The Shift from Disk Imaging to Digital Triage
• Filippo Valsorda
  • go.sum Is Not a Lockfile
• Horizon3.ai
  • CVE-2025-14733
• Toooold
  • The Physics of mHC: Why Deep Learning Needs Energy Conservation
• Bug Bounty in InfoSec Write-ups on Medium
  • Bug Bounty Burnout Almost Killed My Motivation — Then This Logic Flaw Paid Me
  • From Low to Medium - How a simple email injection earned me some $$$
  • Cache Key Injection: Chaining Cache-Poisoning and CRLF Using an Unkeyed Parameter
  • Key to the Kingdom: How I Found API Secrets Hiding in Plain Sight in JavaScript Files
  • Cache Clash: How CDN Misconfigurations Let Me Hijack Thousands of User Sessions
• Malwarebytes
  • ALPRs are recording your daily drive (Lock and Code S06E26)
  • Grok apologizes for creating image of young girls in “sexualized attire”
  • A week in security (December 29 – January 4)
• HackerNews
  • 因 Grok 生成未成年人色情图片，欧盟监管机构加大对 X 平台审查力度
  • 特朗普下令叫停 290 万美元芯片交易，要求剥离资产以维护美国安全利益
  • 美国司法部：两名网络安全从业者承认参与 BlackCat 勒索软件攻击
  • 英国黑客入侵政府网站后，竟获澳大利亚罕见签证
• 奇客Solidot–传递最新科技情报
  • 安娜的档案 .org 域名被封禁
  • 《彩虹六号：围攻X》服务器再次遭到入侵
  • 日本收紧外国人在留资格取得条件
  • AI 智能体将成为企业在 2026 年最大的内部威胁
  • 研究未发现素食和非素食儿童生长发育有显著差异
  • PCSX2 2.6.0 释出
  • EAST 托卡马克装置证实密度自由区的存在
  • 科学家测量流浪行星质量
  • Reddit 在英国超过 TikTok 成为访问量第四大的社媒
  • 测试显示 Windows 11 的速度在六个 Windows 版本中垫底
• 安全分析与研究
  • SideWinder APT组织攻击活动样本分析
• 雷神众测
  • 雷神众测漏洞周报2025.12.29-2026.1.4
• 黑鸟
  • 开源情报资产调查报告模板
• 威努特安全网络
  • 威努特介质管控方案有效破解离线数据摆渡难题
  • 威努特再获国家工信安全中心致谢！
• 安全客
  • 360独家分析 | 从美国“闪击”委内瑞拉事件看关键基础设施致命弱点
• 代码卫士
  • QNAP修复高危SQL注入和路径遍历漏洞
  • CISA提醒注意 WHILL Model C2 电动轮椅中的严重漏洞
• 360漏洞云
  • 360独家分析 | 从美国“闪击”委内瑞拉事件看关键基础设施致命弱点
• 安全内参
  • 美国大学研究机构正研究构建武器系统零信任全面方法原则
  • CNCERT：关于“黑猫”团伙利用搜索引擎传播仿冒Notepad++下载远控后门的风险提示
• 青山青吖
  • 4浪调整浪买入策略（20260105） | 黄金
• 腾讯安全应急响应中心
  • 当 AI 成为代码贡献者，软件安全正在发生怎样的变化？
• 奇安信 CERT
  • 【已复现】n8n Pyodide 命令执行漏洞(CVE-2025-68668)安全风险通告
• 天黑说嘿话
  • 一些常见key的利用工具
  • 漏洞与补丁管理｜安全运维的基础防线
• 吾爱破解论坛
  • 某AppCDRM 直播m3u8 SM4-CBC解密分析
• 中国信息安全
  • 专题·金融安全 | 金融行业网络钓鱼攻击的范式演进与防御体系的适应性强化
  • 专家解读 | 丁晓东：《网络安全法》修改，积极应对人工智能治理安全挑战
  • 专家观点 | 牢牢掌握人工智能治理主动权
  • 关注 | 这71款移动应用违法违规收集使用个人信息，被通报！
  • 关注 | 北京启动“清朗京华·清源正声”专项行动！重点整治四类违规开展互联网新闻信息服务活动乱象
• 安全学术圈
  • 中山大学、TAMU、哈工大(深圳)、浙理工｜鱼与熊掌可兼得：FedCEO如何打破隐私与性能的取舍困局
• 安全圈
  • 【安全圈】《英雄联盟》证书过期登热搜！草台班子闯大祸？
  • 【安全圈】黑客入侵员工网络时落入Resecurity蜜罐陷阱
  • 【安全圈】自传播恶意软件GlassWorm利用VS Code扩展攻击macOS用户
  • 【安全圈】别乱用！下载的Skills竟成后门，聊聊Skills不为人知的安全风险
• 360Quake空间测绘
  • 360独家分析 | 从美国“闪击”委内瑞拉事件看关键基础设施致命弱点
• 信息安全国家工程研究中心
  • 小寒 | 欢鹊垒新巢，衔柴绕树梢。
• 看雪学苑
  • 一次完整的 Unity Mono 安卓游戏逆向：Frida Hook 绕过碰撞死亡判定
  • 黑客入侵反落陷阱：Resecurity用AI蜜罐捕获攻击者并戏耍ShinyHunters团伙
  • 本周更新2节！看雪安卓高级研修班（月薪一万计划）
• 网安杂谈
  • 网安杂谈知识记录本2026.1.5
• 数世咨询
  • MITRE发布2025年最危险软件漏洞榜单Top25
• 安全牛
  • 2025 年国外金融证券领域十大安全事件回顾
  • 委内瑞拉网络断连背后：美军或首次公开使用网络战能力；工信部：关于防范SleepyDck恶意软件的风险提示 | 牛览
• 小米安全中心
  • 新年礼盒已就位 | MiSRC 新年漏洞活动来啦～
• 极客公园
  • 这个 AI 视频应用，让我不再满足只做「爆火短视频贩子」
  • 马斯克宣布量产脑机接口；宇树回应上市「绿色通道被叫停」：与事实不符；纳德拉开设个人博客 | 极客早知道
• 嘶吼专业版
  • Chrome应用商店恶意扩展程序窃取用户敏感数据
• 阿里安全响应中心
  • 阿里集团安全部招聘安全工程师/高级风控安全工程师
• 情报分析师
  • 一次没有预警的战争，看委内瑞拉情报体系在2026年是如何失效的
• 火绒安全
  • 火绒安全终端防护数据月报（2025-12）
  • 小寒寒意浓 护网暖心中
  • 诚邀渠道合作伙伴共启新征程
• 威胁猎人Threat Hunter
  • 威胁猎人9周年｜以情报+AI，助力企业夯实业务安全底座
• IntelTechniques Blog
  • GrapheneOS 2026 Settings
  • iOS 26 Settings
  • macOS 26 Settings
• 360数字安全
  • 360独家分析 | 从美国“闪击”委内瑞拉事件看关键基础设施致命弱点
• Securityinfo.it
  • Nel 2026 sempre più attacchi autonomi AI-driven e deepfake: le previsioni di sicurezza di ClearSkies
  • Grave vulnerabilità nei chip Bluetooth Airoha: molti i marchi colpiti
• Over Security - Cybersecurity news aggregator
  • Coupang, una violazione dati con terremoto al seguito: quale lezione dalla Corea del Sud
  • Cloud file-sharing sites targeted for corporate data theft attacks
  • ClickFix attack uses fake Windows BSOD screens to push malware
  • Russian hackers target European hospitality industry with ‘blue screen of death’ malware
  • US broadband provider Brightspeed investigates breach claims
  • Hacktivist deletes white supremacist websites live on stage during hacker conference
  • Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
  • Exploit test (con ghostcat)
  • VSCode IDE forks expose users to "recommended extension" attacks
  • Analysis of PPPP “encryption”
  • Cyberattack forces British high school to close
  • Operazione Absolute Resolve per catturare Maduro: autopsia di una decapitazione strategica in ambiente multi-dominio
  • Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
  • Ledger customers impacted by third-party Global-e data breach
  • EU looking ‘very seriously’ at taking action against X over Grok
  • NordVPN denies breach claims, says attackers have "dummy data"
  • Governance del rischio nei luoghi di lavoro e spettacolo: ecco perché serve una black box
  • Nel 2026 sempre più attacchi autonomi AI-driven e deepfake: le previsioni di sicurezza di ClearSkies
  • L’importanza dell’immutabilità assoluta nello storage di backup
  • Il nuovo reato di deepfake: quando il diritto penale diventa l’ultima difesa dell’incertezza
  • The DocuSign Impersonation Wave with Real-Time Customizable LogoKit
  • Grave vulnerabilità nei chip Bluetooth Airoha: molti i marchi colpiti
• CNVD漏洞平台
  • CNVD漏洞周报2025年第51期
  • 上周关注度较高的产品安全漏洞(20251229-20260104)
• Schneier on Security
  • Telegram Hosting World’s Largest Darknet Market
• SANS Internet Storm Center, InfoCON: green
  • Risks of OOB Access via IP KVM Devices, (Mon, Jan 5th)
  • ISC Stormcast For Monday, January 5th, 2026 https://isc.sans.edu/podcastdetail/9752, (Mon, Jan 5th)
• The Hacker News
  • Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
  • Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
  • ⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More
  • The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations
  • Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act
  • New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
• Instapaper: Unread
  • Gli attacchi informatici più devastanti del 2025
  • Tracciare gli utenti su WhatsApp usando le ricevute di consegna
  • AI giuridica perché i LLM non capiscono (ancora) le leggi e cosa serve per renderli affidabili
  • The Worst Hacks of 2025
  • Examining the IconCache database
  • Introducing Elcomsoft Quick Triage
  • All-In-One Password Recovery Pro 2025
• Security Affairs
  • Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
  • Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices
  • The cybercriminal behind the 2016 Bitfinex hack has been released from prison early thanks to Trump’s 2018 First Step Act
  • VVS Stealer, a new python malware steals Discord credentials
  • Sedgwick discloses data breach after TridentLocker ransomware attack
• Daniel Miessler
  • AI Changes I Expect in 2026
• TorrentFreak
  • Anna’s Archive Loses .Org Domain After Surprise Suspension
• The Register - Security
  • Congrats, cybercrims: You just fell into a honeypot
  • Playing Koi: Palo Alto isn't saying if it will buy security start-up
  • Gmail preparing to drop POP3 mail fetching
  • New Zealand orders review into ManageMyHealth cyberattack
• Security Weekly Podcast Network (Audio)
  • Why are cybersecurity predictions so bad? - ESW #440
• 网安寻路人
  • 精准识别和治理“拟人化互动服务”：一个初步方案