[每日信息流] 2025-02-06

[chainreactorbot]

每日安全资讯（2025-02-06）

• SecWiki News
  • SecWiki News 2025-02-05 Review
• Private Feed for M09Ic
  • kpcyrd forked kpcyrd/asn1-rs from rusticata/asn1-rs
  • praetorian-inc forked praetorian-inc/velociraptor from Velocidex/velociraptor
  • praetorian-inc forked praetorian-inc/Gato-X from AdnaneKhan/Gato-X
  • Y4er forked Y4er/web-chains from Java-Chains/web-chains
  • WAY29 starred nevalang/neva
  • geohot released tinygrad 0.10.1 at tinygrad/tinygrad
• Doonsec's feed
  • Topert4|修复完毕|开启注册
  • 【刘农TV】强网杯用户数据疑似泄露
  • 首发 | 告别WPS会员，一天用deekseep手搓PDF工具箱，用过之后，真香！！
  • deepseek大模型思考（一）
  • 深信服今年的年终奖。。。
  • 【直卖实拍】北七家3居变4居豪装，理想楼层、户型、朝向
  • 【干货原创】实网攻防演习常态化，会带来什么变化01
  • 【干货原创】K12教育，鲜为人知的模式秘密
  • 原创文章目录
  • 打靶日记 Kioptix Level 3（SQL注入法）
  • 【吃瓜】u200b小时候看这集吓哭了
  • 博客更新-自搭靶场（web打点&&内网穿透）
  • 世界需要一个能谋善断的AI（九）终章：谋断共生——硅基文明的“启蒙运动”
  • DeepSeek研究报告
  • 用 DeepSeek 做 AI 视频，和吃饭一样简单！
  • 像哪吒一样突破职场困境：网络安全行业的成长与突破
  • 250+ DeepSeek精选版提示词
  • 五分钟搭建 DeepSeek R1 +Ollama 本地化 打造自己的私私有化AI知识库
  • 黑屏平等的降临暗影精灵9用户
  • 开工大吉！
  • ctftools-all-in-oneV7.5正式发布
  • EMobility - 网络安全挑战和解决方案
  • 交通运输网络威胁和创新技术解决方案
  • 下一代加密标准的挑战和解决方案 NIST
  • IDOR的高阶技巧
  • 【25HW】人员招募
  • 实战中的WebService利⽤⽅法
  • SRC专项知识库
  • 网页服务总繁忙，本地部署下DeepSeek R1
  • 免费| 国产开源 Go + EMQX 企业级 IoT 物联网平台让充电桩、充电宝、换电柜系统二开更轻松！
  • Windows登录类型完全解密：7种登录方式暗藏安全陷阱
  • 伪装成DeepSeek安装程序进行钓鱼攻击
  • 思科：DeepSeek R1极易受有害提示词影响
  • 警惕传播恶意软件的假DeepSeek PyPI软件包
  • AI通用越狱攻击不再可怕？“宪法分类器”成新防御利器
  • 新型ValleyRAT恶意软件通过伪造Chrome下载传播
  • NVIDIA GPU 显示驱动程序漏洞
  • 观安信息GPT+大模型上线“DeepSeek版”安全智能体 威胁感知与智能体能力再升级
  • Apache Cassandra 漏洞允许攻击者远程访问数据中心
  • mac电脑快速搭建DeepSeek集群方法
  • 变量覆盖
  • 分享图片
  • 135个上榜！2024年网络安全技术应用典型案例项目名单公布
  • Deepseek钓鱼链接卷土重来
  • 【安全圈】DeepSeek遭遇大规模网络攻击，暂停新用户注册
  • 【安全圈】DeepSeek AI 数据库曝光：超过 100 万行日志、密钥泄露
  • 【安全圈】Pwn2Own Automotive 2025 黑客因破解 49 个零日漏洞获 886,250 美元奖励
  • 【安全圈】以色列间谍软件公司Paragon涉嫌利用WhatsApp零点击漏洞发动攻击
  • DeepSeek 带你解读《2024年Q4企业邮箱安全报告》
  • 情报解码（经典案例复盘）
  • 接下来的AI时代
  • AI大模型竞争或激发创新浪潮
  • 程序员注意！PyPI惊现DeepSeek高仿投毒包！
  • 我花费了400$完成了对大量组织的供应链攻击
  • 一句话让DeepSeek帮我写了个识别图形验证码的工具
  • 主动出击！2025年，用CISP/CISSP认证为你的职业生涯充电续航！
  • 网络安全文化“特训营”全新启航：助您实现质的飞跃
  • 本地离线部署DeepSeek、qwen等，超详细教程
  • DeepSeek写高考作文，真的可以满分？
  • 【水文章】记录漏洞提交半自动化脚本完善日记
  • 成功丨2025，对您的未来许下承诺
  • 新岁启新程 携手共奋进
  • 专家解读 | 完善数据流通安全治理机制 促进数据高质量发展
  • 专家解读 | 做好个人信息出境个人信息保护认证实施
  • 观点 | 健全个人数据保护的安全治理机制
  • 评论 | AI搜索虽便捷，但伴随三大挑战
  • 30万台Prometheus服务器暴露在DoS攻击风险下，你的系统安全吗？
  • 干货 | 油气长输管道SCADA系统安全防护实践
  • AI安全丨《人工智能安全标准体系（V1.0）》（征求意见稿），附下载
  • 技术革新浪潮下的安全托底：从DeepSeek突围看网络安全成未来战略风口
  • 调查显示，支付勒索赎金的公司很少能取回数据
  • 重磅！国投智能自研平台成功接入DeepSeek，引领智能领域新风暴
  • 【课程】人社部能力建设中心电子数据调查分析技术（中级）线上培训报名启动
  • 车机OTA包解密
  • 紧急提醒！Netgear 路由器高危漏洞来袭，速更新固件！
  • @本课程已全部更新 | .NET程序的文件解析及保护技术
  • 阿塞拜疆和美国的欧亚大陆西部战略
  • DeepSeek：2025年中国汽车网络与数据安全6大趋势分析
  • 丰田官宣上海独资建厂！纯电雷克萨斯2027年国产
  • 对 Wi-Fi 网络的远程攻击
  • 关于征集《物联网终端网络安全测试通用技术要求》地方标准起草单位及起草人的通知
  • 开工大吉丨开好头、起好步！喜迎“开门红”！
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 我国牵头提出的国际标准《信息技术 信息安全事件管理 第4部分：协同》正式发布
  • Zyxel发现不良签名更新导致防火墙关键错误
• paper - Last paper
  • Ai红队体系思考
• Trustwave Blog
  • Penetration Testing ROI: How to Convince Leadership to Invest in Cybersecurity
• obaby@mars
  • 白月光 II
• Recent Commits to cve:main
  • Update Wed Feb 5 20:21:36 UTC 2025
  • Update Wed Feb 5 12:26:54 UTC 2025
  • Update Wed Feb 5 04:25:07 UTC 2025
• 安全客-有思想的安全新媒体
  • Ivanti端点管理器中的关键路径穿越漏洞（CVE-2024-10811、CVE-2024 -13161、CVE-2024-13160和CVE-2024-13159
  • 新的ValleyRAT恶意软件变体通过虚假Chrome下载传播
  • Dynatrace公布人工智能、安全和开发人员工具更新
  • 喜讯！360获评2024软件和信息服务业年度领航企业及创新成果两项大奖
  • DeliverbleFerret恶意软件攻击macOS用户，逃避XProtect检测
  • 卡西欧英国网站受到攻击，配备网页浏览器
  • Apache Cassandra漏洞让攻击者远程访问数据中心
  • Apple Service Ticket门户漏洞泄露数百万用户数据
  • 研究人员发现了抵御人工智能模型通用越狱攻击的新方法
  • Sophos 以 8.59 亿美元收购 Secureworks
• Security Boulevard
  • Unlocking the Freedom of Secure Cloud Environments
  • Delivering Value with Streamlined IAM Protocols
  • Gaining Assurance with Advanced Secrets Rotation
  • DeepSeek AI Model Riddled With Security Vulnerabilities
  • In The News | TCEA 2025: 10 Ways K–12 Schools Can Secure Their Microsoft and Google Environments
  • Are You Still Using VMware Tanzu? (And Is Now the Time to Migrate?)
  • Fake VS Code extension on npm uses altered ScreenConnect utility as spyware
  • 4 Ways to Mitigate the Human Factors of Cybersecurity
  • Forging a Better Operator Quality of Life
  • Preventing account takeover on centralized cryptocurrency exchanges in 2025
• Horizon3.ai
  • Proactive Cyber Defense: Why Continuous Security Testing is Essential for General Counsels in Regulated Industries
• Securelist
  • Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024
  • Take my money: OCR crypto stealers in Google Play and App Store
• Bug Bounty in InfoSec Write-ups on Medium
  • XSS — Bypassing WAF with Hex Overflow
  • PII Exposure: The Data Heist You Never Knew Was Possible!
  • Brute Forcing Financial Apps With HackerOne
• Twitter @bytehx
  • Re @YoyoDavelion @yeswehack Congrats 🎉🎉🎉🎉
  • Re @0a_yso looks like a good program. Is it public or private?
• Hexacorn
  • DWRCSAccess.log artifact
• Trail of Bits Blog
  • Preventing account takeover on centralized cryptocurrency exchanges in 2025
• Malwarebytes
  • Small business owners, secure your web shop
• glzjin
  • 懒猫微服外挂虚拟机管理器 WebVirtCloud 启动方法说明
• Webroot Blog
  • Passkeys: The future of secure and seamless authentication
  • OpenText Secure Cloud: Streamline workflows with integrations
• daniel.haxx.se
  • curl 8.12.0
• Intigriti
  • Hybrid Pentesting: The Smart Approach to Securing your Assets
• FreeBuf网络安全行业门户
  • 微软发布脚本更新可启动媒体以应对BlackLotus UEFI启动工具包威胁
  • 2024年勒索软件赎金支付额下降35%，总额达8.1355亿美元
  • FreeBuf早报 | DeepSeek本地化部署是否安全？新的Tiny FUD正针对macOS用户
  • SparkCat恶意活动利用OCR技术窃取加密货币钱包恢复短语
  • 美国CISA紧急提醒：四漏洞遭利用，需在2025年2月25日前修复
  • 研究人员发现新方法防御 AI 模型的通用越狱攻击
• rtl-sdr.com
  • Saveitforparts Checks out the Discovery Dish
• 安全牛
  • 安全运营：自建还是外包?
  • 超过 150 万人数据泄露：康涅狄格州和加利福尼亚州医疗系统遭遇网络攻击；纽约血液中心因勒索软件入侵而中断运营 | 牛览
• 奇客Solidot–传递最新科技情报
  • F-Droid 项目获得约 40 万美元拨款
  • 泰国对妙瓦底等缅甸地区断电断网
  • DeepSeek 研究称华为昇腾 910C 推理性能能达到英伟达 H100 的六成
  • AI 生成内容进入了公共图书馆
  • 天文学家在系外行星上发现风速高达 9 公里/秒的超音速气流
  • Paragon 证实美国及其盟国是其客户
  • 美国邮政停收内地和香港的包裹
  • Google 更新 AI 政策移除了不将 AI 用于武器和监视的承诺
  • 波兰逮捕批准购买间谍软件 Pegasus 的前司法部长
  • FSF 将在下月拍卖纪念品
  • Framework 推出售价 199 美元的 RISC-V 主板
  • 工商总局对谷歌发起反垄断调查
• HackerNews
  • 亚马逊 Redshift 推出新默认设置以防止数据泄露
  • 2024 年漏洞利用激增 20% 约 40 万台联网设备面临攻击威胁
  • 微软 SharePoint 连接器漏洞可能使 Power Platform 上的凭据被盗
  • 谷歌修复 47 项安卓安全漏洞 含已遭利用的高危内核漏洞
  • AMD SEV-SNP 漏洞允许具有管理员权限的攻击者注入恶意微代码
  • 俄罗斯黑客利用 7-Zip 漏洞绕过 Windows MotW 保护
• 黑海洋 - IT技术知识库
  • AI Cover-开源AI 红包封面生成器
  • 全能型AI写作工具：笔灵AI
  • 免费AI智能线稿生成器：GenColor AI
  • GenSFX：在线AI音效生成器
• 锦行科技
  • 初八 | 发财致富
• 腾讯玄武实验室
  • 每日安全动态推送(25/2/5)
• 安全客
  • 【开工大吉】金蛇纳福，万象启新
• 安全分析与研究
  • 伪装成DeepSeek安装程序进行钓鱼攻击
• 吾爱破解论坛
  • 【2025春节】解题领红包活动 排行榜TOP图（初八 2/5）
• 青衣十三楼飞花堂
  • 殷郊吸干了元始天尊的法力
• 看雪学苑
  • 车机OTA包解密
  • 紧急提醒！Netgear 路由器高危漏洞来袭，速更新固件！
  • @本课程已全部更新 | .NET程序的文件解析及保护技术
• 丁爸 情报分析师的工具箱
  • 【资料】关于打击洗钱和恐怖主义融资的古老智慧：来自一本拥有1400年历史的书籍的解决方案
  • 【资料】“国内恐怖主义 “还是 ”政治抗议？“： 党派有线电视新闻对 1 月 6 日美国国会大厦袭击事件的报道
• 安全学术圈
  • 美国海军学院 | 使用FEP(完全加密协议)隐藏协议元数据
• 360漏洞云
  • 【开工大吉】金蛇纳福，财源滚滚‌来
• dotNet安全矩阵
  • 2025 持续防范 GitHub 投毒，通过 Sharp4SuoExplorer 分析 Visual Studio 隐藏文件
  • .NET 内网攻防实战电子报刊
  • 内网痕迹清理，通过 Sharp4ModifyTime 伪造文件时间戳
• 长亭科技
  • 2025开工大吉，奋勇展宏图
• 慢雾科技
  • 每月动态 | Web3 安全事件总损失约 9,819 万美元
• 默安科技
  • 开工大吉，心情好，财源滚滚，烦恼少！
• 中国信息安全
  • 专家解读 | 完善数据流通安全治理机制 促进数据高质量发展
  • 专家解读 | 做好个人信息出境个人信息保护认证实施
  • 观点 | 健全个人数据保护的安全治理机制
  • 评论 | AI搜索虽便捷，但伴随三大挑战
• 数据安全与取证
  • 电子数据取证分析师培训通知
• 嘶吼专业版
  • Zyxel发现不良签名更新导致防火墙关键错误
  • 我国牵头提出的国际标准《信息技术 信息安全事件管理 第4部分：协同》正式发布
• 国家互联网应急中心CNCERT
  • CNVD漏洞周报2025年第4期
  • 上周关注度较高的产品安全漏洞(20250120-20250126)
• 情报分析师
  • 情报高手秘籍：从数据搬运到决策预判的进阶之路
  • 美蒙合作新动向：我方如何应对这场地缘政治“大戏”？
• 火绒安全
  • 大年初八开工啦，火绒安全祝大家鸿运当头，好运连连~
  • 诚邀渠道合作伙伴共启新征程
• 极客公园
  • 蛇年开工第一天，特斯拉打响价格战！
  • 大疆 DJI Flip 深度体验：再一次挑战无人机形态「下限」
  • 回家过年，长辈不催婚，反向我「安利 AI」！
  • 传15万元特斯拉Model Q 6月发布；阿里千问超DeepSeek；《硅谷》华人男星任Perplexity安全官｜极客早知道
• 墨菲安全
  • 程序员注意！PyPI惊现DeepSeek高仿投毒包！
• RedTeaming
  • 我花费了400$完成了对大量组织的供应链攻击
• 白帽子章华鹏
  • 程序员注意！PyPI惊现DeepSeek高仿投毒包！
• 吴鲁加
  • 置顶
• 数世咨询
  • 开工大吉 | 众人携手奋进，共谱数安新篇
• 黑伞安全
  • 30万台Prometheus服务器暴露在DoS攻击风险下，你的系统安全吗？
• 安全圈
  • 【安全圈】DeepSeek遭遇大规模网络攻击，暂停新用户注册
  • 【安全圈】DeepSeek AI 数据库曝光：超过 100 万行日志、密钥泄露
  • 【安全圈】Pwn2Own Automotive 2025 黑客因破解 49 个零日漏洞获 886,250 美元奖励
  • 【安全圈】以色列间谍软件公司Paragon涉嫌利用WhatsApp零点击漏洞发动攻击
• Qualys Security Blog
  • Qualys Unveils mROC: The Industry’s First Managed Risk Operation Center To Help Partners Scale Risk Management Services
• 迪哥讲事
  • IDOR的高阶技巧
• 白泽安全实验室
  • 揭秘ValleyRAT恶意软件攻击活动，疑似与银狐组织有关
• 安全419
  • 新岁启新程 携手共奋进
• Over Security - Cybersecurity news aggregator
  • Microsoft script updates bootable media for BlackLotus bootkit fixes
  • Spanish police arrest hacker accused of attacks on NATO, US Army
  • Paragon spyware used to target citizens across Europe, says Italian government
  • OPM asks judge to dismiss federal workers’ lawsuit, files privacy assessment of email system
  • Robocallers posing as FCC fraud prevention team call FCC staff
  • Cracked & Nulled: il Sequestro dei giganti del cybercrime
  • Ransomware payments fell by 35% in 2024, totalling $813,550,000
  • Thousands of McKinney, Texas, residents impacted by October data breach
  • Thailand cuts power supply to Myanmar scam hubs
  • CISA orders agencies to patch Linux kernel bug exploited in attacks
  • Hackers spoof Microsoft ADFS login pages to steal credentials
  • New target of Paragon spyware comes forward
  • AMD fixes bug that lets hackers load malicious microcode patches
  • SmokeLoader malware aimed at multiple Ukrainian industries, using bug in file archiver
  • NSA employees offered deferred resignation, early retirement
  • CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
  • How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
  • Spain arrests suspected hacker of US and Spanish military agencies
  • Software NDR: le soluzioni Network Detection and Response da considerare
  • Come l’AI sta migliorando la cybersecurity per le aziende e quali soluzioni la utilizzano
  • Piattaforme XDR: le soluzioni da considerare per una sicurezza più solida
  • App infette negli store Apple e Google: come eludono i sistemi di sicurezza e come proteggersi
  • Work Smarter in 2025: 7 Benefits of Automating CTI into SOC Activities
  • Crypto-stealing apps found in Apple App Store for the first time
  • Software per sicurezza SaaS: le soluzioni da considerare
  • Treasury says DOGE review has ‘read-only’ access to federal payments system
  • Ransomware payments drop for first time in years following law enforcement disruptions
  • CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities Catalog – Critical Updates Required
  • Cyber Attacks on DeepSeek AI: What Really Happened? Full Timeline and Analysis
  • Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024
  • Hacker russi fruttano un bug 0-day di 7-Zip per distribuire SmokeLoader
  • Australian Cyber Security Centre Urges Immediate Action to Combat Email Scammers
  • Certificazione GDPR dei responsabili del trattamento: la proposta della CNIL
  • SSE Security Service Edge: 5 soluzioni per la migliore sicurezza nella transizione digitale
  • SD-WAN: quali soluzioni considerare per una rete performante e sicura
  • SASE: quale soluzione scegliere per la sicurezza della rete
  • Software di email security: quali scegliere e perché sono importanti per le aziende
  • Stealthy Attack: Dual Injection Undermines Chrome’s App-Bound Encryption
  • Che cosa chiedere a un provider di cyber security
  • Take my money: OCR crypto stealers in Google Play and App Store
  • Hacking on the Go: Wi-Fi Karma Attacks with Mobile Devices
  • Researchers warn of risks tied to abandoned cloud storage buckets
• Securityinfo.it
  • Hacker russi fruttano un bug 0-day di 7-Zip per distribuire SmokeLoader
• SANS Internet Storm Center, InfoCON: green
  • Phishing via "com-" prefix domains, (Wed, Feb 5th)
  • ISC Stormcast For Wednesday, February 5th, 2025 https://isc.sans.edu/podcastdetail/9310, (Wed, Feb 5th)
• Schneier on Security
  • On Generative AI Security
• Hacking Exposed Computer Forensics Blog
  • Daily Blog #739: USN Versions (2, 3 and 4)
• ICT Security Magazine
  • Sicurezza dei Big Data: Protezione e Innovazione nell’Era della Trasformazione Digitale
• Krypt3ia
  • Krypt3ia Daily Cyber Threat Intelligence (CTI) Digest
• Posts By SpecterOps Team Members - Medium
  • Forging a Better Operator Quality of Life
• The Hacker News
  • Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
  • Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
  • Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
  • New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
  • Navigating the Future: Key IT Vulnerability Management Trends
  • AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
  • CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
• Security Affairs
  • U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
  • U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
  • SparkCat campaign target crypto wallets using OCR to steal recovery phrases
  • International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
  • Online food ordering and delivery platform GrubHub discloses a data breach
• The Register - Security
  • Mixing Rust and C in Linux likened to cancer by kernel maintainer
  • DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system
  • Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge
  • US cranks up espionage charges against ex-Googler accused of trade secrets heist
• TorrentFreak
  • KickAssAnime Flagged for ‘Suspected Phishing’ by Cloudflare
  • Piracy Victories for Hollywood & Premier League Spark Progress Concerns
• Deeplinks
  • Paraguay’s Broadband Providers Continue to Struggle to Attain Best Practices at Protecting Users’ Data
  • Victory! EFF Helps Defeat Meritless Lawsuit Against Journalist
  • DDoSed by Policy: Website Takedowns and Keeping Information Alive
• Graham Cluley
  • Man sentenced to 7 years in prison for role in $50m internet scam
• Computer Forensics
  • Would digital forensics for law enforcement be a realistic career to work up into?
  • Is the same part of a storage device used each time after wipe?
  • Questions about qualifications
• Instapaper: Unread
  • The Evolution of iOS Passcode Security
  • Vulnerability Patched in Android Possibly Exploited by Forensic Tools
  • Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’
  • ITASEC25, al via la gara tra gli ITS italiani
  • 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows
  • App infette negli store Apple e Google come eludono i sistemi di sicurezza e come proteggersi
  • Paragon, chi sono gli italiani spiati dallo spyware israeliano
• Your Open Hacker Community
  • track network traffic, web search history with raspberry pi?
  • Is it possible to recover an rar file with Arabic password?
  • Motivation
  • How do you start
  • basics of hacking but for windows
  • [ Removed by Reddit ]
• Information Security
  • Is misinformation the biggest threat of our time? Why or why not?
  • Need Advice on Final Steps for ISO 27001 Certification
• Deep Web
  • Anubis Marketplace
• Technical Information Security Content & Discussion
  • Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135
• 网安寻路人
  • 2025年美国BIS《AI扩散框架》解析：受控AI模型篇
• Dark Space Blogspot
  • DeepSeek Fa Crollare NVIDIA e L' AI: Principali Funzionalità
• Security Weekly Podcast Network (Audio)
  • Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381