[每日信息流] 2026-04-10

[chainreactorbot]

每日安全资讯（2026-04-10）

• SecWiki News
  • SecWiki News 2026-04-09 Review
• Private Feed for M09Ic
  • WAY29 starred uditgoenka/autoresearch
  • mgeeky starred xaitax/TotalRecall
  • airbus-seclab released v4.8.2 at airbus-seclab/soxy
  • bolucat released 202604092117 at bolucat/Archive
  • anthropics released v2.1.98 at anthropics/claude-code
  • github released v0.6.0 at github/spec-kit
  • safedv starred jonaslejon/malicious-pdf
  • kpcyrd starred uutils/coreutils
  • Mel0day starred TauricResearch/TradingAgents
  • Rvn0xsy starred webadderall/Recordly
  • pydantic released v0.0.10 at pydantic/monty
  • DVKunion starred Keytoyze/ossdata
  • PrefectHQ released 3.6.26.dev5 at PrefectHQ/prefect
  • rabbitmask starred anthropics/skills
  • zema1 starred mutagen-io/mutagen
  • 0xbug starred 0x676e67/wreq-python
  • gh0stkey starred Yeachan-Heo/oh-my-claudecode
  • pmiaowu starred yaklang/hack-skills
  • Rvn0xsy forked Rvn0xsy/superfile from yorukot/superfile
• Doonsec's feed
  • 渗透测试人员必备：浏览器 JWT 利用工具
  • 30 秒接管苹果账号！中东记者被跨国网络间谍攻击，背后竟是这个APT组织
  • 原创—为啥说过去是绝大多数的穷人养活着极少数的资本家，未来是极少数的资本家养活着极少数的穷人
  • AI Agent沙箱之ANOLISA内置沙箱
  • Drift Protocol遭史诗级攻击
  • 新手机踩坑体验
  • 张雪峰妻子突然发声，回应一切
  • 传统黑客渗透测试与Ai智能体自动化的完整对接- AI只是用于（我）优化和提升效率的工具
  • GoAttack——网络安全扫描分析平台
  • 运维人主流职业方向选择指南
  • 朝鲜黑客组织的分布式运作架构、安全漏洞与加密货币洗钱链路
  • frida源码分析教程更新
  • 网安公司的研发组织如何构建？AI时代的安全研发模式升级指南
  • 别让低效率的 AI成为你技术进阶的精神枷锁
  • 2025平航杯服务器取证部分
  • 大湾区大学 | 网络与信息安全研究中心招聘博士后
  • 【AI安全】大模型反杀黑客！投喂“假药”秒破越狱
  • 某中心网络安全保险数据智能化处理系统开发服务，145万，金睛云华中标。
  • 暗网情报技术能力框架及参考指标体系（指导性技术文件2026版）
  • 用 AI Agent 自动化 JavaScript 加密逆向分析
  • CTF和护网都搞不懂，还学什么网安？
  • 抖音出事了，内部50余人被抓
  • 一图读懂安博通2025年年报
  • 《纽约时报》再次宣布「找到了中本聪」
  • 蓄势待发！一线便携实战利器，带来全新体验
  • 国投智能培训基地4月培训计划火热开启！
  • （07）4.1 理解组织及其环境 — 企业信息安全负责人必读系列丛书书稿《ISO/IEC 42001: 2023人工智能管理体系标准的谬误辨析与实施详解》
  • 【福利赠送】ISO 22301业务连续性管理体系导入实施案例（12）业务影响分析和风险评估的培训
  • 学习笔记｜读懂COBIT模型，搞定IT治理核心逻辑
  • 黑客.skill
  • 光大银行打造“9×10”大模型智能助手矩阵，RPA累计应用场景1700+
  • AI快讯：微信支付发布AI接入工具箱，浦发银行打造“浦银智启”大模型服务矩阵
  • 火山引擎388万中！国信证券财富业务AI应用建设（二期）项目
  • GZCTF的搭建和CTF题目的出题
  • 兰德观点：中美人工智能竞争格局
  • 从分类洞察到长效运营，游戏私服治理的进阶之路
  • Hermes Agent vs OpenClaw：下一代 Agent 竞争，已经不是功能之争
  • Chrome浏览器存在严重漏洞，攻击者可利用这些漏洞执行任意代码
  • AI仅用4小时攻破“全球最安全系统”
  • 政策解读 | 中国信通院刘阳：从万物互联到万物智联，推动物联网高质量发展
  • 【安全圈】盗用他人信息注册账号卖给未成年人，上海警方捣毁一“游戏账号工厂”黑产链
  • 【安全圈】AI 数据独角兽遭黑客攻击，一周内吃了 5 场官司，Meta 紧急暂停合作
  • 【安全圈】洛杉矶市律师系统遭入侵，敏感警局文件泄露
  • AgentEscape：MCP服务器如何让AI助手读取你的私钥
  • 永信至诚发布「定心」产品乘服务解决方案，让数据安全风险可控、可管、可闭环
  • 专家解读｜以人为本划定数字虚拟人服务边界，助力智能经济高质量发展
  • 通知 | 网安标委就《网络安全技术 物理不可克隆功能安全技术规范（征求意见稿）》等3项国家标准征求意见（附下载）
  • 评论 | 词元安全关乎国家数据安全
  • 盘点 | 中国互联网联合辟谣平台2026年3月辟谣榜
  • 微软0day-漏洞的之“你们这些天才自己就能搞明白”后续问题········
  • 能源水务等关基工控设施遭破坏性网络攻击，美国政府紧急发布警报
  • 飓风安全发现OpenClaw高危漏洞
  • 已存在13年的Apache ActiveMQ 严重漏洞可用于远程执行命令
  • CISA：须在周日前修复已遭利用的 Ivanti EPMM 漏洞
  • 中央企业网络安全态势月报 （2026年3月）
  • Hermes Agent - 咱们的赫妹小助理十分钟上手体验
  • 我发现不上班真的会上瘾，今天躺在家挖漏洞，入手500
  • 19,000份未公开原档在手：Handala黑客曝光以军前总长哈莱维影像资料
  • 启明星辰首批通过中国信通院OpenClaw类智能体安全防护产品能力评测
  • 发现 33 个 OpenClaw 与 Linux 内核漏洞后，我们也从 Claude Mythos 看到了安全攻防的下半场
  • 入选全国 TOP100 案例！360 企业级智能体为高校数智化提供可复制路径
  • 启明星辰ADLab |xa0从美以伊冲突观察AI驱动网络战形态变革
  • 威胁通缉令 · 红桃K丨Tomcat RCE漏洞（新增）
  • 桌面软件暗藏后门？不懂代码也能看懂的黑客攻防
  • 暗网传上海某芯片企业遭“s1ic3r”入侵
  • BlockSec 安全周报｜九起攻击，从合约漏洞到治理失守（3.30–4.05）
  • 构建动态感知与主动防御体系，打造智能制造全域可控安全新格局
  • 【安全研究】银狐远控远程屏幕使用场景和优化建议
  • 计算机的进化
  • 《2025年度中小企业发展环境评估报告》发布
  • xa0中本聪真身曝光！已死
  • 特朗普.skill 上线了！
  • 从内部打造并强化安全防线，领取CISSP会员推荐专属福利
  • 技术教科书：顶级开发团队设计的Harness工程项目源码什么样
  • 给你的“龙虾”穿上铠甲！飞天诚信OpenClaw身份认证解决方案
  • 【论文速读】|RuleForge：面向大规模 Web 漏洞检测的规则自动生成与验证
  • 好好吃饭 打好基础之初遇wsdl
  • 【免费领】超700页！CISSP官方权威学习指导手册（中文版）
  • 万山磅礴看主峰｜习近平论网络内容建设
  • 俄军成立无人装备部队促进新质战斗力生成
  • 美国农业部启动“农业科技验证网络”，推动AI等技术落地应用
• Tenable Blog
  • What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
• CXSECURITY Database RSS Feed - CXSecurity.com
  • Docker Desktop 4.44.3 Unauthenticated API Exposure
  • MaNGOSWebV4 4.0.6 Reflected XSS
  • Grafana 11.6.0 SSRF
  • OctoPrint 1.11.2 File Upload
  • esm-dev 136 Path Traversal
• Microsoft Security Blog
  • The agentic SOC—Rethinking SecOps for the next decade
  • Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
  • Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
• paper - Last paper
  • SkillTrojan：针对基于技能的智能体系统的后门攻击
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 新型CrystalRAT恶意软件新增远程控制、数据窃取等功能
  • 嘶吼安全动态｜中央网信办召开全国网络法治工作会议 设备码钓鱼攻击暴增36倍，新型攻击工具在网上大肆扩散
• ongoing by Tim Bray
  • Password Manager Angst
• Recent Commits to cve:main
  • Update Thu Apr 9 11:20:06 UTC 2026
• Google Online Security Blog
  • Protecting Cookies with Device Bound Session Credentials
• Sandfly Security Blog RSS Feed
  • Agentless Linux EDR for Government and Critical Infrastructure
• Bug Bounty in InfoSec Write-ups on Medium
  • So… You Thought Your VPN Was Keeping You Safe and Secure? Think Again (Hacker’s Edition)
  • CI/CD Takeover & Supply Chain Risk! $$$$ Bounty
• Securelist
  • The long road to your crypto: ClipBanker and its marathon infection chain
• SentinelOne
  • Edge Decay: How a Failing Perimeter Is Fueling Modern Intrusions
• VMRay
  • Release Highlights: VMRay Platform 2026.2.0
• The Trail of Bits Blog
  • Master C and C++ with our new Testing Handbook chapter
• Exploit-DB.com RSS Feed
  • [webapps] React Server 19.2.0 - Remote Code Execution
  • [webapps] RomM 4.4.0 - XSS_CSRF Chain
  • [webapps] Jumbo Website Manager - Remote Code Execution
  • [local] ZSH 5.9 - RCE
• Malwarebytes
  • Scammers pose as Amazon support to steal your account
  • NSFW app leak exposes 70,000 prompts linked to individual users
  • 30,000 private Facebook images allegedly downloaded by Meta employee
  • This fake Windows support website delivers password-stealing malware
• bishopfox.com
  • Inside Cirro: Attack Paths, Cloud Graphs, and Extensible Schemas
• HackerNews
  • 洛杉矶市律师系统遭入侵，敏感警局文件泄露
  • Apache ActiveMQ Classic 潜伏 13 年的 RCE 漏洞曝光
  • OpenSSL 修复数据泄露等七处漏洞
  • Masjesu 僵尸网络隐蔽攻击物联网设备，专注持久化而非大规模感染
  • 美国马萨诸塞州医院遭网络攻击，被迫分流救护车
  • Anthropic 推出 Claude Mythos 模型，发现数千零日漏洞
• 奇客Solidot–传递最新科技情报
  • NASA 宇航员的笔记本电脑运行 VLC
  • 欧洲男性过去一万年摄入的肉量一直多于女性
  • 英国科学家量化交通对城市温度的贡献
  • FBI 称 2025 年美国因网络犯罪损失 210 亿美元
  • LinkedIn 扫描浏览器扩展面临集体诉讼
  • 免费领取价值30/90美金的NVIDIA DLI自学课程并测试获得证书
  • 大电芯降本、AI算力“施压”，谁来替储能系统兜底这笔“物理账”？
  • 两个超大质量黑洞可能在百年内合并
  • 科学家捏造了一种病，AI 告诉人们这是真的
  • W玻色子质量测量结果与标准模型一致
  • 微软考虑加固数据中心以抵御战火
  • 微软终止 VeraCrypt 账户 Windows 版本更新暂停
  • 纽时记者称 Adam Back 是中本聪
• 威努特安全网络
  • 安全龙虾WinClaw：一句话搞定全网200+搜索引擎
  • WinClaw安全龙虾🦞｜10000名用户Token永久免费！
• 黑鸟
  • 30 秒接管苹果账号！中东记者被跨国网络间谍攻击，背后竟是这个APT组织
• 奇安信 CERT
  • 【已复现】OpenPrinting CUPS 多个高危漏洞安全风险通告
  • 【已复现】OpenAM 远程代码执行漏洞(CVE-2026-33439)安全风险通告
• 青衣十三楼飞花堂
  • 三角形的内角和等于180度吗
• 代码卫士
  • 已存在13年的Apache ActiveMQ 严重漏洞可用于远程执行命令
  • CISA：须在周日前修复已遭利用的 Ivanti EPMM 漏洞
• 安全内参
  • 能源水务等关基工控设施遭破坏性网络攻击，美国政府紧急发布警报
  • 打破传统边界：乌克兰战后网络防御转型对北约现代战争准备的三大启示
• 绿盟科技研究通讯
  • 无需认证即可执行：Langflow CVE-2026-33017 未授权远程代码执行漏洞深度剖析与靶标实战
• 微步在线研究响应中心
  • 漏洞通告 | ActiveMQ远程代码执行漏洞
• 腾讯安全应急响应中心
  • 发现 33 个 OpenClaw 与 Linux 内核漏洞后，我们也从 Claude Mythos 看到了安全攻防的下半场
• 安全学术圈
  • 大湾区大学 | 网络与信息安全研究中心招聘博士后
• 网安杂谈
  • 【资料】无糖信息《2026网络犯罪趋势研究报告》：人工智能加持下的网络犯罪生态对抗2.0时代
• 安全圈
  • 【安全圈】盗用他人信息注册账号卖给未成年人，上海警方捣毁一“游戏账号工厂”黑产链
  • 【安全圈】AI 数据独角兽遭黑客攻击，一周内吃了 5 场官司，Meta 紧急暂停合作
  • 【安全圈】洛杉矶市律师系统遭入侵，敏感警局文件泄露
• 看雪学苑
  • 天才程序员上线：AI 逆向与安全开发全栈实战
  • 间接提示词注入和供应链投毒，正在威胁你的 AI Agent
  • 未完全修复旧漏洞！Docker Engine新漏洞可致容器逃逸与主机接管
• 威胁棱镜
  • 思科如何基于 Llama 3.1 构建安全原生推理大模型
• 网络空间安全科学学报
  • 学术前沿 | 基于ATT&CK框架的技术关联分析方法综述
• 微步在线
  • 攻击已持续5个月！黑客利用PDF让Adobe Reader执行恶意代码
• 极客公园
  • 放弃把算力硬塞进眼镜，这家公司用「便携空间主机」拿下千万美元融资
  • ropet 完成超千万美元融资：跨过 AI 宠物的「价格、销量、留存」不可能三角
  • DeepSeek 网页升级，上线「专家模式」；腾讯上线「浏览器龙虾」；传比特币之父「中本聪」真实身份曝光｜极客早知道
• 字节跳动安全中心
  • 抖音生活服务邀你来测！单个漏洞奖励10万元！
• 情报分析师
  • 卫星图像免费获取平台汇总——情报人员案头必备的7个信源
  • 美国科学家离奇失踪或死亡案例增至8起，我获前FBI局长公开点名，警惕美国对我系统性污名化风险
  • 【热点研判】美财政部"通用许可证"明确将我排除在委内瑞拉矿产交易之外/菲对南海131个岛礁地物实施菲律宾命名/日法联合声明强调T海问题
• 嘶吼专业版
  • 新型CrystalRAT恶意软件新增远程控制、数据窃取等功能
  • 嘶吼安全动态｜中央网信办召开全国网络法治工作会议 设备码钓鱼攻击暴增36倍，新型攻击工具在网上大肆扩散
• 数世咨询
  • 报告发布 | 暗网情报技术能力框架及参考指标体系
  • 永信至诚发布「定心」产品乘服务解决方案，让数据安全风险可控、可管、可闭环
• 枇杷熟了
  • 别让低效率的 AI成为你技术进阶的精神枷锁
• 美团技术团队
  • 2025-2026 | 美团科研合作优秀课题获得者名单公布
  • 2026 美团 LongCat 大模型 | 北斗实习计划
  • 2026 美团科研合作课题 | 公开征集进行中
• 国家互联网应急中心CNCERT
  • 网络安全信息与动态周报2026年第14期（3月30日-4月5日）
• 360数字安全
  • 入选全国 TOP100 案例！360 企业级智能体为高校数智化提供可复制路径
• 迪哥讲事
  • 一次400美元赏金的实战挖掘之旅
• Desync InfoSec
  • Rapid7一线实录：CVE-2025-59718 FortiGate 防火墙入侵事件深度剖析
  • KongTuke FileFix 攻击链：新型 PHP 版 Interlock RAT 深度剖析
• Qualys Security Blog
  • Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
  • 12 Best Practices for Securing AWS Cloud in 2026
• Over Security - Cybersecurity news aggregator
  • New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
  • New VENOM phishing attacks steal senior executives' Microsoft logins
  • Brockton Hospital cyberattack: Anubis names victim publicly and launches countdown, new details emerge
  • Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels
  • FCC proposes new rule to further crackdown on illegal robocalls
  • Healthcare IT solutions provider ChipSoft hit by ransomware attack
  • Google Chrome adds infostealer protection against session cookie theft
  • The threat hunter’s gambit
  • Treasury Department announces crypto industry cyber threat sharing initiative
  • Smart Slider updates hijacked to push malicious WordPress, Joomla versions
  • Cosa impariamo dal Paese UE più massacrato dalla disinformazione russa
  • L’hub cinese del supercomputing colpito da una massiccia violazione di dati: cosa sappiamo
  • Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
  • Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
  • Active Subscription Scam Campaigns Flooding the Internet
  • Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
  • Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
  • Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
  • The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
  • Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
  • CVE-2025-55182 Exploitation Hits the Smart Home
  • Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
  • Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
  • Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
  • LummaStealer Is Getting a Second Life Alongside CastleLoader
  • Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
  • Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
  • Windsurf IDE Extension Drops Malware via Solana Blockchain
  • Data breach cloud in Europa: TeamPCP svela la fragilità strutturale della sicurezza multi-tenant
  • When attackers already have the keys, MFA is just another door to open
  • L’attacco invisibile a Axios: quando la sicurezza fallisce nella supply chain del software
  • Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack
  • UNC6783 Turns BPO Providers into Cyberattack Gateways
  • Webinar: From noise to signal - What threat actors are targeting next
  • Russian Hackers Exploit SOHO Routers for DNS Hijacking Campaign
  • How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing
  • Eurail says December data breach impacts 300,000 individuals
  • Cybercriminals target accountants to drain Russian firms’ bank accounts
  • From the field to the report and back again: How incident responders can use the Year in Review
  • The long road to your crypto: ClipBanker and its marathon infection chain
  • Seven Signals Cyber Experts Agreed on at FIRST Paris 2026
  • Hackers exploiting Acrobat Reader zero-day flaw since December
  • Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
  • The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs
  • Are Risks Revealed in Actions or Activity? Understanding Behavioral Analytics in Cybersecurity
  • Calcolo quantistico: caratteristiche, servizi cloud e applicazioni emergenti
  • Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
  • Bitcoin Depot Discloses $3.6 Million Crypto Theft Following System Breach
  • Microsoft suspends dev accounts for high-profile open source projects
• TrustedSec
  • IAM the Captain Now – Hijacking Azure Identity Access
• 安全行者老霍
  • 你的 AI 智能体正在传输敏感数据。你知道流向何处吗？
• 字节跳动技术团队
  • 扣子2.5，开启全新 Agent World！
• Arturo Di Corinto
  • Fnsi, il 16 aprile sciopero per il contratto. E domani in piazza a Roma per l’equo compenso
• ICT Security Magazine
  • Iran nel cyberspazio: operazioni ibride tra Medio Oriente, infrastrutture OT e Cloud Microsoft 365
  • Supply Chain Attack nordcoreano, Contagious Interview prende di mira gli sviluppatori: 1.700 pacchetti malevoli in cinque ecosistemi open source
  • APT28 e la campagna FrostArmada: come il GRU russo ruba credenziali Microsoft senza installare malware
  • Ransomware senza cifratura: come il data extortion sta sostituendo l’attacco classico
• SANS Internet Storm Center, InfoCON: green
  • ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
  • Number Usage in Passwords: Take Two, (Thu, Apr 9th)
• bellingcat
  • ‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online
• Future of Tech and Security: Strategy & Innovation with Raffy
  • AI SOC and SIEM Are Being Repriced
• Rasta Mouse
  • Crystal Mask
• Lenny Zeltser
  • When Executives Reject Your Security Recommendation
• Schneier on Security
  • On Microsoft’s Lousy Cloud Security
• Krypt3ia
  • Threat Analysis Report: AI Enhanced Infrastructure Attacks At Scale on Critical Infrastructure
• The Hacker News
  • EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
  • UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
  • ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
  • The Hidden Security Risks of Shadow AI in Enterprises
  • Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
  • Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
• TorrentFreak
  • Kocowa Secures Win Against Dramacool Pirates, U.S. Court Grants Domain Takeovers
• 360威胁情报中心
  • APT-C-49（OilRig）以伊朗最新社会热点事件为诱饵的多阶段钓鱼攻击活动分析
• The Register - Security
  • Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case
  • 'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
  • Chevin pulls the handbrake on FleetWave software after security scare
  • Months-old Adobe Reader zero-day uses PDFs to size up targets
  • Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
  • Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
  • Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
  • Sticky-note security turned gym into hall of '80s horrors
  • Cryptographers place $5,000 bet whether quantum will matter
• Security Affairs
  • Eurail data breach impacted 308,777 people
  • Malicious PDF reveals active Adobe Reader zero-day in the wild
  • Masjesu botnet targets IoT devices while evading high-profile networks
  • The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
  • Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
• Deeplinks
  • Yikes, Encryption’s Y2K Moment is Coming Years Early
  • Comparison Shopping Is Not a (Computer) Crime
  • EFF is Leaving X
• DEFION Research Labs
  • Ruckus Unleashed: Multiple vulnerabilities exploited
  • Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
  • Pwn2Own Automotive 2024: Hacking the JuiceBox 40
  • Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)
  • DoNex/DarkRace Ransomware Decryptor
  • CVE-2024-20693: Windows cached code signature manipulation
  • Bringing process injection into view(s): exploiting all macOS apps using nib files
  • Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing
  • Getting SYSTEM on Windows in style
  • Technical analysis of the Genesis Market
  • Bad things come in large packages: .pkg signature verification bypass on macOS
  • Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution
  • Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS
  • Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
  • Process injection: breaking all macOS security layers with a single vulnerability
  • Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution
  • Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
  • CoronaCheck App TLS certificate vulnerabilities
  • Sandbox escape + privilege escalation in StorePrivilegedTaskService
  • Proctorio Chrome extension Universal Cross-Site Scripting
  • Zoom RCE from Pwn2Own 2021
  • iOS VPN support: 3 different bugs
  • Sign in with Apple - authentication bypass
  • Jenkins - authentication bypass
  • DNS rebinding for HTTPS
  • Spring Security - insufficient cryptographic randomness
  • XenServer - path traversal leading to authentication bypass
  • Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root
  • NAPALM - command execution on NAPLM controller from host
  • MySQL Connector/J - Unexpected deserialisation of Java objects
  • Ansible - command execution on Ansible controller from host
  • Observium - unauthenticated remote code execution
  • cSRP/srpforjava - obtaining of hashed passwords
  • StartEncrypt - obtaining valid SSL certificates for unauthorized domains
• 吾爱破解论坛
  • 心流鼠标手势 FlowMouse正式登陆 Edge扩展商店
• 网安寻路人
  • 人脸识别的双轨治理与通向智能技术的治理适配框架（学术专论）