每日安全资讯(2026-02-14)
- Armin Ronacher’s Thoughts and Writings
- SecWiki News
- InfoSec Write-ups - Medium
- Beyond the Perimeter: How I Bridge WiFi VLANs to Hijack Your Domain Controller
- Neural Network Backdoors: When Model Poisoning Led to System Compromise
- How I Passed the PNPT on My Second Attempt (2026): Review and Tips
- Why “Out of Scope” Doesn’t Always Mean “Out of Impact”
- Flare-On 12 Challenge 1: “Drill Baby Drill” — Detailed Writeup
- Blind OS Command Injection with Out-of-Band DNS Interaction
- Securing LLM Applications: Using LLM-as-a-Judge to Block Prompt Injection Attacks
-
[n8n: CVE-2025–68613 TryHackMe Write-Up](https://infosecwriteups.com/n8n-cve-2025-68613-tryhackme-write-up-11906959fa5c?source=rss—-7b722bfd1b8d—4) - 4. Prototype Pollution: One JSON Key That Turns You into Admin
- Proving Grounds Fired Linux Lab ( ROAD TO OSCP )
- paper - Last paper
- Recent Commits to cve:main
- ElcomSoft blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- GuidePoint Security
- Bug Bounty in InfoSec Write-ups on Medium
- SentinelOne
- Malwarebytes
-
Security Blog Praetorian - 奇客Solidot–传递最新科技情报
- HackerNews
- 安全分析与研究
- 非尝咸鱼贩
- 奇安信威胁情报中心
- 黑鸟
- 天黑说嘿话
- 腾讯科恩实验室
- 中国信息安全
-
[论坛·2025全球网安概览 2025年网络安全漏洞态势与治理趋势](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259365&idx=1&sn=31085a68ec263da2da987c324b76b107) -
[专家解读 提升入境数字化服务便利性,以数字开放赋能高水平对外开放](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259365&idx=2&sn=8c2f1acb053fac3727539005276dcbd6) -
[专家解读 夯实数据流通服务基础 释放数据要素价值](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259365&idx=3&sn=244f212f98b4f4b84bcedeb236f2aa86) -
[观点 加快完善人工智能标准化体系建设](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259365&idx=4&sn=19d757756903be394f7d75de25aa1b5b) -
[评论 依法系统治理“黑飞”让天空更安全](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259365&idx=5&sn=3d7a8d064143edcbc35aa61fec01a362)
-
- 默安科技
- 安全圈
- 安全牛
- 数世咨询
-
[报告发布 《全球数据泄露态势月度报告》(2026年1月) 附下载地址](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541747&idx=1&sn=b92b3db38dbbc9af3b19d8bf65bf0bea)
-
- 嘶吼专业版
- 火绒安全
- 极客公园
- 爆火的 OpenClaw,正在重新定价所有 AI 创业赛道
- toC 的 AI 社交产品,终于出来一个「有胆有趣」的
-
[苹果被曝新 Siri 再次延期,股价大跌4%;原荣耀 CEO 赵明官宣加入千里科技;Spotify 宣称其程序员不再写代码 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653099075&idx=1&sn=20369c34b1ad26789fd6cc809289f776)
- 吴鲁加
- 迪哥讲事
- Securityinfo.it
- DEF CON Announcements!
- 看雪学苑
- SANS Internet Storm Center, InfoCON: green
- 360数字安全
- 悬镜安全
-
[供应链情报 2025开源供应链投毒分析技术报告](https://mp.weixin.qq.com/s?__biz=MzA3NzE2ODk1Mg==&mid=2647798132&idx=1&sn=1497fac477bd3a25d2a05f30d3734458)
-
- 吾爱破解论坛
- Over Security - Cybersecurity news aggregator
- Fake job recruiters hide malware in developer coding challenges
- Garante privacy e Inl: i 3 profili di illiceità nelle ispezioni su centri logistici di Amazon
- Fintech lending giant Figure confirms data breach
- Sex toys maker Tenga says hacker stole customer information
- Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
- The Human Element: Turning Threat Actor OPSEC Fails into Investigative Breakthroughs
- Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
- Space emerges as new front in great power competition, officials warn
- Ring ends partnership plans with Flock days after privacy blowback from Super Bowl ad
- EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official
- False estensioni AI su Chrome: rubano API e sessioni
- NATO must impose costs on Russia, China over cyber and hybrid attacks, says deputy chief
- China may be rehearsing a digital siege, Taiwan warns
- Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 febbraio
- Turning IBM QRadar Alerts into Action with Criminal IP
- Estonia spy chief calls on Europe to invest in its own offensive cyber capabilities
- Sicuri del business sicuro
- CISA orders federal agencies to patch exploited SolarWinds, Apple, Microsoft bugs within weeks
- US needs to impose ‘real costs’ on bad actors, State Department cyber official says
- OpenAI, tra accelerazione difensiva e rischio abuso: che cambia col Trusted Access for Cyber
- Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns
- CISA flags critical Microsoft SCCM flaw as exploited in attacks
- Malware con AI: ma quanto c’è da preoccuparsi? Facciamo chiarezza
- Romance Scams Proliferate Domain Registrations Ahead of Valentine’s Day
- The Cyber Express Weekly Roundup: Escalating Breaches, Regulatory Crackdowns, and Global Cybercrime Developments
- Microsoft fixes bug that blocked Google Chrome from launching
- 60,000 Records Exposed in Cyberattack on Uzbekistan Government
- Adversaries Exploiting Proprietary AI Capabilities, API Traffic to Scale Cyberattacks
- Disney Agrees Record $2.75Mn Settlement for Opt-Out Failures
- Diritti senza allarme: il GDPR e la difficoltà di percepire il danno che non si vede
- 8,000+ ChatGPT API Keys Left Publicly Accessible
- ICT Security Magazine
- Arturo Di Corinto
- Schneier on Security
- Security Affairs
- New threat actor UAT-9921 deploys VoidLink against enterprise sectors
- Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release
- Google: state-backed hackers exploit Gemini AI for cyber recon and attacks
- U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog
- The Hacker News
- Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
- Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
- UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
- Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
- npm’s Update to Harden Their Supply Chain, and Points to Consider
- Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
- Deeplinks
- T00ls安全
- Security Weekly Podcast Network (Audio)
- 网安寻路人