每日安全资讯(2025-01-15)
- CXSECURITY Database RSS Feed - CXSecurity.com
- ArthurChiao’s Blog
- SecWiki News
- Recent Commits to cve:main
- Trustwave Blog
- Tenable Blog
- Security Boulevard
- The Future of Cybersecurity: Global Outlook 2025 and Beyond
-
[Unsafe Deserialization Attacks Surge December Attack Data Contrast Security](https://securityboulevard.com/2025/01/unsafe-deserialization-attacks-surge-december-attack-data-contrast-security/) - How to Prevent Risk From Unknown Build Assets
- CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
- DEF CON 32 – Pick Your Poison: Navigating A Secure Clean Energy Transition
- Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
- The AI Revolution: Navigating Cybersecurity Challenges in 2025
- Randall Munroe’s XKCD ‘Trimix’
- Sanitizing Unstructured Data In Motion—and Why It’s Important
- Six Friends Every Security Team Needs
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 一个被知识诅咒的人
- 安全脉搏
- paper - Last paper
- 安全客-有思想的安全新媒体
- 共赴商用密码盛事,开启创新发展新篇–2025第三届商用密码展将于6月11日-13日在上海举办!
- CVE-2024-56511: DataEase 中的严重身份验证绕过漏洞
- 攻击者在不使用勒索软件的情况下加密 AWS S3 数据
- OneBlood 证实个人数据在 7 月份的勒索软件攻击中被盗
- CISA 警告 BeyondTrust 和 Qlik Sense 中的关键漏洞正被积极利用
- 新型 Web3 攻击利用交易模拟窃取加密货币
- CVE-2025-22152(CVSS 9.4): 在 Atheos 基于 Web 的集成开发环境中发现严重漏洞
- Aviatrix 控制器 RCE CVE-2024-50603 在野外被利用:部署了加密劫持和后门程序
- 新 macOS 漏洞暴露: 针对 CVE-2024-54498 的 PoC 攻破了沙盒安全性
- WordPress Skimmers通过将自己注入数据库表来逃避检测
- SpiderLabs Blog
- Blogs dade
- Horizon3.ai
- Malwarebytes
- Reverse Engineering
- daniel.haxx.se
- bishopfox.com
- text/plain
- Twitter @James Kettle
- FreeBuf网络安全行业门户
-
[FreeBuf早报 由AI大模型生成的勒索软件被曝光;恶意软件利用0Day远程控制Linux](https://www.freebuf.com/news/419812.html) - 2025年十大最佳漏洞管理工具分享
- 2025年首个满分漏洞,PoC已公布,可部署后门
- 不干净的视频评论区,攻击者利用Youtube传播窃密软件
- AI抢不走的工作,微软力挺红队测试仍需人类“掌舵”
-
- Telekom Security
- HackerNews
- 奇客Solidot–传递最新科技情报
- 安全分析与研究
- 威努特安全网络
- 安全内参
- 代码卫士
- dotNet安全矩阵
-
[.NET 通过 LDAP 技术在域渗透中获取内网所有系统账户数据](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247498206&idx=1&sn=5f290cbc0e9c1a8c76d0e0cb8625cf4c&chksm=fa595733cd2ede25f81edaa97c23c5128bf81f91b9853c6992c7ea10cc5b4cccc56a8c991b67&scene=58&subscene=0#rd) - .NET 内网攻防实战电子报刊
- 无独有偶,通过.NET反序列化漏洞实现 Visual Studio 钓鱼攻击
-
- 天御攻防实验室
- 看雪学苑
- 锦行科技
- ChaMd5安全团队
- 中国信息安全
-
[关注 工信部发文 加强互联网数据中心客户数据安全保护](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=1&sn=dc708bd198a9f572466efd53343dbfd8&chksm=8b59fcc8bc2e75de31b5c2b480b2ec64e92778dc9b35802d59121facc8d6e7c61833feedffc9&scene=58&subscene=0#rd) -
[专家解读 大力发展数据标注产业 推动我国人工智能创新发展](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=2&sn=d91c7578b958313bd7938fef75996fdd&chksm=8b59fcc8bc2e75de6fabe111dccca1c7defcc7ff6d5773e24d7201e332be82ed144efa9251a1&scene=58&subscene=0#rd) -
[前沿 回望2024年国际风云之变:聚焦全球产业核心驱动力 人工智能在全球产业变革中地位凸显](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=3&sn=a05079462b873959a484178e8a5465ca&chksm=8b59fcc8bc2e75deb7ea3bfab761bb926cdf86df478279e3a58fb01d166cb47e3c0efee5a84f&scene=58&subscene=0#rd) -
[发布 公安部公布8起打击网络黑客犯罪典型案例](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=4&sn=2e01732d093aabf1cf5336f813912c9f&chksm=8b59fcc8bc2e75de2780fc803df201f7e209f94b3303aa9c130a1c6c433ed59298e6b8f736b7&scene=58&subscene=0#rd) -
[关注 16款App存在隐私不合规行为被通报!](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=5&sn=252913fbf92cf6fda05be5316b33899c&chksm=8b59fcc8bc2e75defa7884d2220357f94639b0fd3b3ae1ce27224076263b9deca934ac7724d4&scene=58&subscene=0#rd) -
[国际 新加坡个人数据跨境传输规则](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=6&sn=d0ac0ff1882c400ac7dc13ef4ed6630b&chksm=8b59fcc8bc2e75de78cf889fc80038dbbf38903352028fe61fdb87ab0d48f20aa480a5a178ed&scene=58&subscene=0#rd) -
[评论 护好“行驶中”的个人信息安全](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664234545&idx=7&sn=452fc3ec0d32e8049888b868c54dd816&chksm=8b59fcc8bc2e75dee54ec6b6220fa19c4cec530fd3dd8d6c6e35f7c706040e9d36a84c6e1a7d&scene=58&subscene=0#rd)
-
- 安全圈
- 微步在线
- 火线安全平台
- DataCon大数据安全分析竞赛
- OPPO安全中心
- 极客公园
- TikTok 难民,涌入小红书
-
[美国推出 AI 芯片管制新规,英伟达明确反对;余承东发全员信:鸿蒙三分天下有其一;菜鸟否认拆分 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653071986&idx=1&sn=38a32cc680920e2d96eec06c14bb95e8&chksm=7e57d7c449205ed21af2351357692387d8be287f55b6e16ae7f45dfcfc10e798b10f7454c57b&scene=58&subscene=0#rd)
- 嘶吼专业版
- 字节跳动技术团队
- 信息安全国家工程研究中心
- 吴鲁加
- 360数字安全
- 青藤智库
- 丁爸 情报分析师的工具箱
- Krypt3ia
- 数世咨询
- ICT Security Magazine
- 情报分析师
- SANS Internet Storm Center, InfoCON: green
- Over Security - Cybersecurity news aggregator
- Microsoft: Happy 2025. Here’s 161 Security Updates
- Allstate car insurer sued for tracking drivers without permission
- January Windows updates may fail if Citrix SRA is installed
- Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
- US govt says North Korea stole over $659 million in crypto last year
- DOJ deletes China-linked PlugX malware off more than 4,200 US computers
- Windows 10 KB5049981 update released with new BYOVD blocklist
- Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
- Windows 11 KB5050009 & KB5050021 cumulative updates released
- Hegseth says debate over Cyber Command, NSA leadership would reach ‘conclusion’
- US issues final rule barring Chinese, Russian connected car tech
- Google OAuth flaw lets attackers gain access to abandoned accounts
- FBI wipes Chinese PlugX malware from over 4,000 US computers
- Tennessee-based mortgage lender confirms December cyberattack
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
- Connecticut city of West Haven assessing impact of cyberattack
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls
- Russia’s largest platform for state procurement hit by cyberattack from pro-Ukraine group
- Microsoft 365 apps crash on Windows Server after Office update
- Russia warned its ‘shadow fleet’ could face action from NATO allies
- Analysis of Python’s .pth files as a persistence mechanism
- Deadline Approaching for Rent 2 Own: Medusa Ransomware Threatens Data Release
- Products and people are in place for CISA to succeed, agency’s departing No. 2 official says
- Threat Intelligence Pivoting: Actionable Insights Behind Indicators
- IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader
- Hitchhiker’s Guide to Managed Security
- How Barcelona became an unlikely hub for spyware startups
- UK proposes banning hospitals and schools from making ransomware payments
- Schneier on Security
- 航行笔记
- Hacking Exposed Computer Forensics Blog
- Deeplinks
- Your Open Hacker Community
- Best course for beginner in hacking and cyber security
- Trying to figure out how to pull email addresses and stuff, wanna know how to do that
- best ethical Wi-Fi info stealer you can try and also with a gui
- What’s the best way to learn how to start hacking?
- Would like some tips
- Access MSSQL DB with lost password?
- Name Suggestion:
- What I should learn about ethical hacking? Or Kali Linux
- What are some sql queries to bypass login
- Need help making a copy of my college id card
- how can i spoof my mac address on a chromebook? (not school issued)
- [ Removed by Reddit ]
- Computer Forensics
- Trying to find how data was moved off a company computer
- Strange Request but anyone have any recommendation for Furniture/Layout for lab environment they enjoy?
- FYI: Free Enterprise licenses for data recovery professionals from Disk Drill
- How to capture and decrypt packets from an iPhone AND use the microphone
- 安全419
- Information Security
- Krebs on Security
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- Silent Signal Techblog
- Technical Information Security Content & Discussion
- Millions of Accounts Vulnerable due to Google’s OAuth Flaw
- New Microsoft OLE Vulnerability, Exploitable via Email
- RCE in rsync, CVE-2024-12084 (and 5 more vulnerabilities)
- Over 5,000 WordPress sites caught in WP3.XYZ malware attack
- Story of a Pentester Recruitment 2025
- Laser Fault Injection on a Budget: RP2350 Edition
- Threat actors exploit a probable 0-day in exposed management consoles of Fortinet FortiGate firewalls
- Command Line Underdog: WMIC in Action – How to use wmic as an alternate shell in a pinch
- Blackhat Library: Hacking techniques and research
- 迪哥讲事
- The Hacker News
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
- Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
- 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
- Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
- Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
- Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
- Security Weekly Podcast Network (Audio)