# 每日安全资讯(2026-04-07) - SecWiki News - [ ] [SecWiki News 2026-04-06 Review](http://www.sec-wiki.com/?2026-04-06) - Microsoft Security Blog - [ ] [Inside an AI‑enabled device code phishing campaign](https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/) - [ ] [Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations](https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/) - Recent Commits to cve:main - [ ] [Update Mon Apr 6 11:09:56 UTC 2026](https://github.com/trickest/cve/commit/9f129a52f674fdf8560cd256a1307188fa52a320) - Filippo Valsorda - [ ] [A Cryptography Engineer’s Perspective on Quantum Computing Timelines](https://words.filippo.io/crqc-timeline/) - Doonsec's feed - [ ] [“开源情报俱乐部”备用账号正式启用](https://mp.weixin.qq.com/s/Wd1SqZ3QeyTFnX_x2OiDqA) - [ ] [eCapture V2 来了,AI Agent 是主要重构者](https://mp.weixin.qq.com/s/0E3_6UkDjgr4PUhzTXkrbw) - [ ] [打通最后一公里!只需一句话轻松拿捏小程序](https://mp.weixin.qq.com/s/xFHGvHC6ca4pO4QHKDY-4g) - [ ] [你拼命学的AI技能,正在慢慢废掉你](https://mp.weixin.qq.com/s/HLpbQFhZMVe-rCDXppHz9w) - [ ] [GandCrab和REvil勒索软件团伙头目被锁定](https://mp.weixin.qq.com/s/bcZvmLanIzly97ThvP4h2g) - [ ] [针对典型 OPENCLAW 龙虾威胁的综合防御](https://mp.weixin.qq.com/s/ZSktcU3Dph4Xi9PvWaajXg) - [ ] [OSCP百日备考04|80%的OSCP考生考场卡壳,都栽在没吃透这层底层逻辑](https://mp.weixin.qq.com/s/Rwy0KMoqi7ugUfjKZK40nw) - [ ] [[安全预警]全网爆火的“龙虾”AI,被黑客PUA成内鬼](https://mp.weixin.qq.com/s/4L9ueFHM-0uO7sg07HU4sw) - [ ] [【情报实战】美军营救F-15E“攻击鹰”(Strike Eagle) 战斗机飞行员的位置在哪里?](https://mp.weixin.qq.com/s/eFGtEyuXIuoxx6Syg_Hgow) - [ ] [【培训】开源情报分析师实战能力培训班-4月成都开班](https://mp.weixin.qq.com/s/y8sQt4wlKjXTKXHJSMfW3A) - [ ] [34岁大厂程序员被裁,蹲在工位哭:28万赔偿,撑不起杭州一个家](https://mp.weixin.qq.com/s/Zry2VZ6s971_A7cw1Y0o0g) - [ ] [伊朗要炸掉美国!OpenAI 300亿Stargate AI数据中心](https://mp.weixin.qq.com/s/2LYQpLWlVLoTxZ_DWX8kYA) - [ ] [究极无敌的srcAI-xss手法(快看过来)](https://mp.weixin.qq.com/s/VhsWE5aoQ5-epKVaQ6aCMg) - [ ] [新一代数据安全架构 | AI时代,数据安全到底应该怎么做?如何落地?](https://mp.weixin.qq.com/s/Zd-M9uIgHf5yEACSbMeiUQ) - [ ] [渗透测试:多功能网络信息扫描工具](https://mp.weixin.qq.com/s/PSgRlL-Lo87Cqqp7rMlg-g) - [ ] [震惊!靠“复制粘贴”躺赢CTF,解题率91.7%!](https://mp.weixin.qq.com/s/7Eb6Jxy1LCeGJFaq8-wE9w) - [ ] [Gemma4,iPhone 14 pro max流畅运行](https://mp.weixin.qq.com/s/K0CvWouJ-Si61GBLxKMY7Q) - [ ] [在2000年代的某个时期,几乎每个人都用过这](https://mp.weixin.qq.com/s/RpVDgjdfK5pbZBFgN0dbyg) - [ ] [2026年,只会用AI工具的人正在被淘汰](https://mp.weixin.qq.com/s/i4SDN9fKB-vT7huXowVrjQ) - [ ] [零成本!普通手机跑最强 Gemma 4 模型 (原生多模态),安卓+iPhone 部署实测体验!](https://mp.weixin.qq.com/s/L5gaAuGJ2yaYbeGDB96dBw) - [ ] [Sqlmap-FluX:强化WAF规避能力的SQL注入安全测试工具](https://mp.weixin.qq.com/s/CqWBA9xeHCL1QujFtCpCyQ) - [ ] [集合多种渗透测试常用的功能和工具的安全测试工具](https://mp.weixin.qq.com/s/hSfNtfmqrGw1Mce_WAeeuQ) - [ ] [PwnForums新论坛](https://mp.weixin.qq.com/s/_7f4NxLvLAw4_nmSPKNZ7A) - [ ] [图形化未授权访问漏洞扫描器,支持检测 40+种 常见服务的未授权漏洞](https://mp.weixin.qq.com/s/3VnNNmAzmDz0zyLb7YW3SQ) - [ ] [Claude_Code_记忆系统架构深度拆解](https://mp.weixin.qq.com/s/kCL6XOUU_tp8D97Un7mp7w) - [ ] [23:59结束,最后四小时](https://mp.weixin.qq.com/s/JqTVkZQT1DXL6BWnsRDXLw) - [ ] [当你问AI\"我错了吗\",它永远不会说\"是\"——直到你失去说\"对不起\"的能力](https://mp.weixin.qq.com/s/xw3U7va1Rhb6pWrc9kd6fA) - [ ] [核爆级!朝鲜黑客毒穿Axios攻击OpenClaw](https://mp.weixin.qq.com/s/VxImG1GW3FFE_mFp7pB9AQ) - [ ] [【AI安全】核爆级!朝鲜黑客毒穿Axios攻击OpenClaw](https://mp.weixin.qq.com/s/g1AVmKM7OKRMR8gJ3It0xg) - [ ] [CVE-2026-24291-Windows权限提升漏洞“RegPwn”复现分析](https://mp.weixin.qq.com/s/rULYChYHUKd8TZJW8nBFfQ) - [ ] [全球威胁情报周报(2026年3月30日–4月5日)](https://mp.weixin.qq.com/s/5W7GlhY6jsmW6FIR0_BO_g) - [ ] [Dgraph 数据库存在严重漏洞,攻击者可绕过身份验证](https://mp.weixin.qq.com/s/4XBkiguahhoy1ma2tRzRgA) - [ ] [Claude 代码中的一个严重缺陷会悄无声息地绕过开发者配置的安全规则](https://mp.weixin.qq.com/s/z04vmw88cdPKhWObzHPpqg) - [ ] [开源免费!国内最强AIoT物联网视频管理平台,Python开发基于ZLMediakit框架,支持GB/T 28181新国标,适配海康、大华、宇视](https://mp.weixin.qq.com/s/pGt7vhlqUzAmj_l8ZOPIlQ) - [ ] [从同事.skill到女娲.skill:AI“炼化”人类](https://mp.weixin.qq.com/s/J7hfO33qfYpJr2GdtUgUpg) - [ ] [苹果8号员工,身价5000万还在打工:14岁入职,64岁没退休,他到底图什么?xa0](https://mp.weixin.qq.com/s/VPML7SCwroKOe15VVMJwtQ) - [ ] [美国银行AI入局财富管理,会议效率再升级](https://mp.weixin.qq.com/s/cT9HwS4xPSk0E5uMGjPjXA) - [ ] [科大讯飞968万、中关村科金831万、神州数码1420万!中国进出口银行AI大模型一体机采购项目](https://mp.weixin.qq.com/s/K4lcjWkwUEM9_0rnQTUEdQ) - [ ] [【安全圈】俄罗斯打击VPN致全国银行瘫痪](https://mp.weixin.qq.com/s/5zRfXCVqRPB2wg8gbuBifg) - [ ] [【安全圈】用户隐私遭泄露,OpenClaw被黑客\"PUA\"成内鬼](https://mp.weixin.qq.com/s/DtYqWAKSK4PjLDp0k-Ar5g) - [ ] [【安全圈】3月勒索软件攻势创纪录](https://mp.weixin.qq.com/s/iCrqx1X3o7hoqPX18VkpOA) - [ ] [Apache 流量服务器漏洞使攻击者能够触发拒绝服务攻击](https://mp.weixin.qq.com/s/toUWdwleS-4MT-LMKnM9og) - [ ] [OpenSSH 10.3 发布,修复 Shell 注入及其他安全漏洞](https://mp.weixin.qq.com/s/hhvbv9yEs72Xk6ZgZojkHw) - [ ] [AI 渗透测试工具 - shannon](https://mp.weixin.qq.com/s/fDQ_AZCal8jv0xlluOsMFg) - [ ] [网工运维有必要“养龙虾”吗?](https://mp.weixin.qq.com/s/6LMfJTbOr_MZhHuvMqKNYw) - [ ] [Claude Code代码泄露引发武器化攻击潮](https://mp.weixin.qq.com/s/Y4rMP8W9T1MRBMkMFTIygQ) - [ ] [FortiClient EMS 重大零日漏洞已被在野利用](https://mp.weixin.qq.com/s/2_iivzfMZppd9n-9r8JyoQ) - [ ] [微软披露攻击者正通过利用HTTP cookie来触发执行、传递指令并激活恶意功能](https://mp.weixin.qq.com/s/wG3XptvW8BkQP996vHrMcA) - [ ] [天才程序员上线:AI 逆向与安全开发全栈实战](https://mp.weixin.qq.com/s/CTzWYU-B0PakolN-W1kLZA) - [ ] [安全锐见:网络安全行业历经事件驱动、合规驱动的时代后,正在步入价值驱动的第三个新时代](https://mp.weixin.qq.com/s/Me6aT6ht2xjOHF3OUlee5Q) - [ ] [一句适配多人的话:“任何足够先进的技术都与魔法无异。”](https://mp.weixin.qq.com/s/4PO3wTNF32yMhaQy9e5dng) - [ ] [Everything vs Listary:谁才是Windows搜索王者?](https://mp.weixin.qq.com/s/OqWeBJ5NYLFF1MyaSTQR_g) - [ ] [大模型在漏洞挖掘中的“逻辑跳跃”问题与解决方案](https://mp.weixin.qq.com/s/R6Dnc2CW_OlxVTv-t1vg1g) - [ ] [清明节看美伊交锋:美军遗体现身残骸,才懂战争有多残忍](https://mp.weixin.qq.com/s/nFBotGz_jz-_rcGWljljig) - [ ] [[工具推荐]安全测试工具集Onyx](https://mp.weixin.qq.com/s/oijf5BILBPxaQpotBNZvNw) - [ ] [2025年网络安全意识培训统计数据启示(基于100+项研究)](https://mp.weixin.qq.com/s/fXRx8m8kMDL_jT1ShxeGQg) - [ ] [电脑越用越卡?关闭这个“隐形吃内存大户”,速度直接起飞!](https://mp.weixin.qq.com/s/eWY_34IHBZDcwRwpiInrww) - [ ] [实战 | shop靶场](https://mp.weixin.qq.com/s/b7KzFiPqUCKEKdyWu7Q7UA) - [ ] [使用Flipper Zero玩转汽车UDS诊断](https://mp.weixin.qq.com/s/78vVQ7Cifbj2b_FXwcqmrw) - [ ] [iPhone 实用的快捷指令不会等于白买了](https://mp.weixin.qq.com/s/PHuB-Ba3RvWvgGqKrzS5Ew) - [ ] [PacketScope:MCP支持的路由路径分析及PCAP流量智能检测](https://mp.weixin.qq.com/s/upfno1sO-xbNRAdAyz-G4w) - [ ] [《何以为父》读书笔记](https://mp.weixin.qq.com/s/3NUMhvJmOcmDhHG02QGQtg) - [ ] [实战 | 红日靶场一](https://mp.weixin.qq.com/s/8nWfHbtkz85oUh7SWABROw) - [ ] [今日(2026年4月6日)热点网络安全漏洞动态](https://mp.weixin.qq.com/s/u6ILXE87wjp1d1Kbj0Oo8Q) - [ ] [AI 艺术创作:是工具还是艺术家?](https://mp.weixin.qq.com/s/KnotE-LU2Xb4apUL686Aiw) - [ ] [PHP反序列化__toString ()](https://mp.weixin.qq.com/s/uigR21AnFKDeHC5zI67lsg) - [ ] [[0406] 一周重点情报汇总|天际友盟情报站](https://mp.weixin.qq.com/s/2u8YJEgpKIhoNSoeDJ_DmA) - [ ] [分享图片](https://mp.weixin.qq.com/s/LeZ3g7FJ5IKg-YaZ1JPylA) - [ ] [漏洞#13 CORS 泄露 Token 结合 CSRF 实现无感账号接管](https://mp.weixin.qq.com/s/VPTSmhTbEABYInFZ89HCVg) - [ ] [开源情报|国际动态|德欧“防务AI观察”报告揭示巴西军事智能化困境及其对全球南方战略格局的启示](https://mp.weixin.qq.com/s/jN0NNMcs_Z4BeyF5U5O7KA) - [ ] [【深度研判】特朗普\"彻底摧毁\"威胁、美伊地面战争图谋与文明基础设施战争化的战略研判](https://mp.weixin.qq.com/s/gW3g-f_Q4HjyOmTG7ZSXDw) - [ ] [Cursor 3 来了,Gemma 4 开源了!](https://mp.weixin.qq.com/s/bAJ_4IApV7WbYC7q-NGaIw) - [ ] [BreachForums 碎片化时代的又一个继承者](https://mp.weixin.qq.com/s/s9bYzFZ65ishpKXNFdnu7w) - [ ] [戏剧性变化出现了!](https://mp.weixin.qq.com/s/9ZXIpplHJ-yQnJYNvg87vQ) - [ ] [秦安:伊朗打出了“ 三不怕”,这四件事中国必须做好万全准备](https://mp.weixin.qq.com/s/P6AcoWYHco4Usv471OlGpA) - [ ] [Fastjson漏洞复现上](https://mp.weixin.qq.com/s/GpHSIDyccZ71fPSbvVy_0g) - [ ] [皮皮宋渗透日记19|JNDI 注入避坑指南,别再被面试问懵了!](https://mp.weixin.qq.com/s/0VQQ4y5_DtsGxUW8at5keg) - [ ] [伊朗腹地最惊险的美军生死营救全解析——断踝上校、7000英尺山脊、CIA假情报](https://mp.weixin.qq.com/s/t78O3lfHxcXBbUo4jgniFw) - [ ] [对于洛克希德·马丁的软件工厂落地的个人解读](https://mp.weixin.qq.com/s/mWsgpTx91wXRBcqwX1mcpA) - [ ] [御话资讯 | 聚焦“AI+安全”动态,网安热点精选](https://mp.weixin.qq.com/s/L974Kgb2L9uwkES7Djlzmw) - [ ] [Universal-POC Validator || 万能POC验证器](https://mp.weixin.qq.com/s/H0-ogtipSCBX0iHpzu4QRg) - [ ] [墨西哥海军港口智能安全系统遭黑客攻击,64 万港口操作员信息泄露](https://mp.weixin.qq.com/s/88mHMRatGHWKMRlkX7JdzQ) - [ ] [事关AI,工信部、央行等十部门联合发文!](https://mp.weixin.qq.com/s/1oIaUpzIIHIIL_KCuRDAQg) - [ ] [网络安全新人售前为何容易成为工具人](https://mp.weixin.qq.com/s/ycSIPqtT-fID5sAB3Ex4eA) - [ ] [JS逆向沙箱化补环境框架|一站式「采集→注入→监控→AI补全」工作台](https://mp.weixin.qq.com/s/IgyEA34YGqnoEAbW0w7wDA) - [ ] [基于SAST+AI代码审计 架构与功能详解](https://mp.weixin.qq.com/s/OyaZkFJJ_IbMNdpfp4OThQ) - [ ] [星盟安全直播课:JS 挖掘工作流与 vue 站点、供应链安全通用解法](https://mp.weixin.qq.com/s/LcecwIgEWXuX5iFJ6-jjnw) - [ ] [周一| 论文/资料精选:大语言模型安全框架](https://mp.weixin.qq.com/s/V2d-omfoYzHi21jKqCVcuA) - [ ] [漫谈 MCP 与 Skill](https://mp.weixin.qq.com/s/ZygypNXon4bfMHsq6Ti-8g) - [ ] [蓝牙测试思路分析](https://mp.weixin.qq.com/s/LXvBWWTdX-IA9-RlIAnTQA) - [ ] [警惕!Edge浏览器竟成黑客窃密工具,俄罗斯APT组织Laundry Bear专盯乌克兰搞渗透](https://mp.weixin.qq.com/s/dl-DRjtV3YfrQsPKe-9Haw) - Tenable Blog - [ ] [CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild](https://www.tenable.com/blog/cve-2026-35616-fortinet-forticlientems-improper-access-control-vulnerability-exploited-in-the) - obaby 𝐢𝐧⃝ void - [ ] [Baby Anti-Spam 自建反垃圾评论系统](https://zhongxiaojie.cn/2026/04/798/) - Private Feed for M09Ic - [ ] [bolucat released 202604062110 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202604062110) - [ ] [Y4er forked Y4er/java-chains from vulhub/java-chains](https://github.com/Y4er/java-chains) - [ ] [Y4er starred Aethersailor/Custom_OpenClash_Rules](https://github.com/Aethersailor/Custom_OpenClash_Rules) - [ ] [wuhan005 contributed to wuhan005/NekoBox](https://github.com/wuhan005/NekoBox/pull/72) - [ ] [IC3-CR3AM starred Alishahryar1/free-claude-code](https://github.com/Alishahryar1/free-claude-code) - [ ] [Fplyth0ner-Combie starred utoni/mingw-w64-ksocket](https://github.com/utoni/mingw-w64-ksocket) - [ ] [IC3-CR3AM forked IC3-CR3AM/free-claude-code from Alishahryar1/free-claude-code](https://github.com/IC3-CR3AM/free-claude-code) - [ ] [Mr-xn forked Mr-xn/proxy-pulse from Vogadero/proxy-pulse](https://github.com/Mr-xn/proxy-pulse) - [ ] [Mr-xn starred daijro/camoufox](https://github.com/daijro/camoufox) - Cerbero Blog - [ ] [APFS Format Package](https://blog.cerbero.io/apfs-format-package/) - Payatu - [ ] [GDPR Meets DPDP: What Every Indian CISO Operating in the EU Must Know](https://payatu.com/blog/gdpr-meets-dpdp-what-every-indian-ciso-operating-in-the-eu-must-know/) - [ ] [Top 7 Cybersecurity Companies in India – 2026 Edition](https://payatu.com/blog/top-7-cybersecurity-companies-in-india-2026-edition/) - Horizon3.ai - [ ] [CVE-2026-35616](https://horizon3.ai/attack-research/vulnerabilities/cve-2026-35616/) - VMRay - [ ] [An MSP’s Guide to Phishing Protection](https://www.vmray.com/msps-guide-to-phishing-protection/) - Malware-Traffic-Analysis.net - Blog Entries - [ ] [2026-04-06: SmartApeSG activity](https://www.malware-traffic-analysis.net/2026/04/06/index.html) - Malwarebytes - [ ] [A week in security (March 30 – April 5)](https://www.malwarebytes.com/blog/news/2026/04/a-week-in-security-march-30-april-5-2) - Reverse Engineering - [ ] [/r/ReverseEngineering's Weekly Questions Thread](https://www.reddit.com/r/ReverseEngineering/comments/1sdrln0/rreverseengineerings_weekly_questions_thread/) - [ ] [Cracking a Malvertising DGA From the Device Side](https://www.reddit.com/r/ReverseEngineering/comments/1sdyged/cracking_a_malvertising_dga_from_the_device_side/) - Exploit-DB.com RSS Feed - [ ] [[local] is-localhost-ip 2.0.0 - SSRF](https://www.exploit-db.com/exploits/52496) - [ ] [[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass](https://www.exploit-db.com/exploits/52495) - [ ] [[local] Windows Kernel - Elevation of Privilege](https://www.exploit-db.com/exploits/52494) - [ ] [[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation](https://www.exploit-db.com/exploits/52493) - [ ] [[webapps] ASP.net 8.0.10 - Bypass](https://www.exploit-db.com/exploits/52492) - [ ] [[webapps] Grafana 11.6.0 - SSRF](https://www.exploit-db.com/exploits/52491) - [ ] [[webapps] Zhiyuan OA - arbitrary file upload leading](https://www.exploit-db.com/exploits/52490) - [ ] [[webapps] WBCE CMS 1.6.4 - Remote Code Execution](https://www.exploit-db.com/exploits/52489) - [ ] [[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution](https://www.exploit-db.com/exploits/52488) - [ ] [[webapps] WordPress Madara - Local File Inclusion](https://www.exploit-db.com/exploits/52487) - Offensive Security Blog: Latest Trends in Hacking | Praetorian - [ ] [The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security](https://www.praetorian.com/blog/the-attack-helix-praetorian-guards-ai-architecture-for-offensive-security/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [Mac Mini/Studio因内存短缺面临发货延迟](https://blog.upx8.com/Mac-Mini-Studio%E5%9B%A0%E5%86%85%E5%AD%98%E7%9F%AD%E7%BC%BA%E9%9D%A2%E4%B8%B4%E5%8F%91%E8%B4%A7%E5%BB%B6%E8%BF%9F) - [ ] [调查显示日本4成单身男性家里没电视了](https://blog.upx8.com/%E8%B0%83%E6%9F%A5%E6%98%BE%E7%A4%BA%E6%97%A5%E6%9C%AC4%E6%88%90%E5%8D%95%E8%BA%AB%E7%94%B7%E6%80%A7%E5%AE%B6%E9%87%8C%E6%B2%A1%E7%94%B5%E8%A7%86%E4%BA%86) - bishopfox.com - [ ] [Delivered by Trust: What the Axios Supply Chain Attack Means for Security Leaders](https://bishopfox.com/blog/delivered-by-trust-what-the-axios-supply-chain-attack-means-for-security-leaders) - 奇客Solidot–传递最新科技情报 - [ ] [德国公开俄罗斯勒索软件组织 REvil 头目的身份](https://www.solidot.org/story?sid=83970) - [ ] [Chrome 148 将延迟加载视频和音频以改进性能](https://www.solidot.org/story?sid=83969) - [ ] [美国科罗拉多州推出测均速相机系统](https://www.solidot.org/story?sid=83968) - 奇安信 CERT - [ ] [今日(2026年4月6日)热点网络安全漏洞动态](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247505147&idx=1&sn=89fe2878c3fb4cf1379fdb01ae46bf92) - 黑鸟 - [ ] [GandCrab和REvil勒索软件团伙头目被锁定](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186234&idx=1&sn=1dd8691df07acc0fbf10899d0fd078b4) - 安全学术圈 - [ ] [2026年开源鸿蒙技术课题](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495207&idx=1&sn=3ebcd63487d8015fc8e7628e271c9dab) - 安全圈 - [ ] [【安全圈】俄罗斯打击VPN致全国银行瘫痪](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652075396&idx=1&sn=c6085f131fdc450df2a07abfce2b968b) - [ ] [【安全圈】用户隐私遭泄露,OpenClaw被黑客"PUA"成内鬼](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652075396&idx=2&sn=c657f4db3859cf209543f15462b0f3a4) - [ ] [【安全圈】3月勒索软件攻势创纪录](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652075396&idx=3&sn=bb43052532ab728e0182f7d8751ce43d) - 漏洞战争 - [ ] [用 GPT-5.4 单挑 NCTF 团队赛,成功解出91.7%的题目](https://mp.weixin.qq.com/s?__biz=MzU0MzgzNTU0Mw==&mid=2247486075&idx=1&sn=5c8c4a448349149a72daf771e643ce93) - 天御攻防实验室 - [ ] [美国空军进攻性网络作战单位——第98网络作战中队](https://mp.weixin.qq.com/s?__biz=MzU0MzgyMzM2Nw==&mid=2247486867&idx=1&sn=8c3f6c79efe9f15e175ace37cf690c90) - 恒脑与AI - [ ] [4小时完成“国家级”攻击,Claude AI攻破全球最安全操作系统内核FreeBSD](https://mp.weixin.qq.com/s?__biz=MzI1MDU5NjYwNg==&mid=2247497419&idx=1&sn=e75e1d13934481529c2102688ed5c2c4) - 情报分析师 - [ ] [伊朗腹地最惊险的美军生死营救全解析——断踝上校、7000英尺山脊、CIA假情报](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567480&idx=1&sn=b1530a191d3f16620f3374661ee76298) - 吴鲁加 - [ ] [暴雨中散步](https://mp.weixin.qq.com/s?__biz=Mzg5NDY4ODM1MA==&mid=2247485993&idx=1&sn=dda9f0b4bcd9976176d1da048b23d847) - 迪哥讲事 - [ ] [swagger管理未授权访问](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499280&idx=1&sn=2279cc81477d7556def17299db38f7fa) - 极客公园 - [ ] [AI,为什么也需要睡觉?](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653102820&idx=1&sn=bd0ecc226f72f2893eed991ef780afe2) - [ ] [传 GPT-6 4 月 14 日上线,性能暴涨;段永平改口怒夸泡泡玛特:中国产品国际化先驱;57 年后,宇航员重现经典「地球升起」照片](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653102849&idx=1&sn=388525c1dc3964ae9bcf25e8f3d53a83) - 安全行者老霍 - [ ] [AI智能体能否逃离沙箱?](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486378&idx=1&sn=4d674f6cd7e29fa566bb1c963aed8880) - Qualys Security Blog - [ ] [Why Every Enterprise Needs a Risk Operations Center (ROC)](https://blog.qualys.com/category/qualys-insights) - Over Security - Cybersecurity news aggregator - [ ] [New GPUBreach attack enables system takeover via GPU rowhammer](https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/) - [ ] [Crypto Phishing and the Human Layer: The Real Weakness Is People](https://www.suspectfile.com/crypto-phishing-and-the-human-layer-the-real-weakness-is-people/) - [ ] [FBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar](https://therecord.media/cyber-fraud-surges-to-17-billion-fbi-ic3) - [ ] [Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says](https://therecord.media/medusa-ransomware-group-zero-days-microsoft) - [ ] [Big tech vows to continue CSAM scanning in Europe despite expiration of law allowing it](https://therecord.media/big-tech-vows-to-continue-csam-scanning) - [ ] [Microsoft fixes Classic Outlook bug causing email delivery issues](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/) - [ ] [Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit](https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/) - [ ] [German police unmask two suspects linked to REvil ransomware gang](https://therecord.media/german-police-unmask-suspects-linked-revil-gandcrab) - [ ] [Microsoft removes Support and Recovery Assistant from Windows](https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/) - [ ] [Watch this video of how a job interviewer exposes a North Korean fake IT worker](https://techcrunch.com/2026/04/06/watch-this-video-of-how-a-job-interviewer-exposes-a-north-korean-fake-it-worker/) - [ ] [First stalkerware maker prosecuted since 2014 receives no jail time](https://therecord.media/stalkerware-maker-receives-no-jail-time) - [ ] [Microsoft links Medusa ransomware affiliate to zero-day attacks](https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/) - [ ] [Drift $280M crypto theft linked to 6-month in-person operation](https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/) - [ ] [Singapore, US warn of latest Fortinet bug being exploited in wild](https://therecord.media/singapore-us-warn-of-fortinet-bug-exploited) - [ ] [CISA orders feds to patch Fortinet flaw exploited in attacks by Friday](https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/) - [ ] [Why Simple Breach Monitoring is No Longer Enough](https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/) - [ ] [Hackers threaten to leak data after cyberattack on German party Die Linke](https://therecord.media/hackers-threaten-to-leak-german-political-party-data) - [ ] [Major outage hits Russian banking apps, metro payments across regions](https://therecord.media/outage-hits-russian-banking-apps) - [ ] [UK Businesses Are Being Targeted Through Their Middle East Supply Chains — What to Do Now](https://cyble.com/blog/middle-east-supply-chain-risk-uk-cyber-threats/) - [ ] [75% of Cyberattacks Start with Phishing Emails, UAE Cyber Council Says](https://thecyberexpress.com/uae-phishing-emails-cyberattacks/) - [ ] [North Korea Spent 6 Months Infiltrating Drift Protocol Only to Drain $285M in 12 Mins](https://thecyberexpress.com/drift-protocol-draining-285m-in-12-mins/) - [ ] [Cyberattack Disrupts Massachusetts Emergency Dispatch, 911 Services Remain Active](https://thecyberexpress.com/massachusetts-emergency-cyberattack/) - [ ] [A Compromised Tool Opened the Door to a 91GB European Commission Data Leak](https://thecyberexpress.com/european-commission-cloud-breach/) - [ ] [Education Authority Cyberattack Disrupts Schools Across Northern Ireland](https://thecyberexpress.com/education-authority-cyberattack-ni-schools/) - [ ] [FCC Moves to Fine Voxbeam $4.5M in Robocall Case Linked to Foreign Traffic](https://thecyberexpress.com/voxbeam-robocall-case-fcc-fines-firm/) - [ ] [Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab](https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/) - JUMPSEC - [ ] [ChainShell: MuddyWater & Russian MaaS](https://www.jumpsec.com/guides/chainshell-muddywater-russian-criminal-infrastructure/) - Lenny Zeltser - [ ] [Designing Security Products for Humans and AI Agents](https://zeltser.com/designing-for-humans-and-ai) - Future of Tech and Security: Strategy & Innovation with Raffy - [ ] [AI Is Becoming an Operating System Layer](https://raffy.ch/blog/2026/04/06/ai-is-becoming-an-operating-system-layer/) - Schneier on Security - [ ] [New Mexico’s Meta Ruling and Encryption](https://www.schneier.com/blog/archives/2026/04/new-mexicos-meta-ruling-and-encryption.html) - [ ] [Google Wants to Transition to Post-Quantum Cryptography by 2029](https://www.schneier.com/blog/archives/2026/04/google-wants-to-transition-to-post-quantum-cryptography-by-2029.html) - ICT Security Magazine - [ ] [Il CISO sotto processo: responsabilità personale, D.Lgs. 231 e la nuova esposizione legale](https://www.ictsecuritymagazine.com/notizie/ciso-d-lgs-231/) - SANS Internet Storm Center, InfoCON: green - [ ] [How often are redirects used in phishing in 2026?, (Mon, Apr 6th)](https://isc.sans.edu/diary/rss/32870) - [ ] [ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)](https://isc.sans.edu/diary/rss/32868) - The Hacker News - [ ] [Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations](https://thehackernews.com/2026/04/iran-linked-password-spraying-campaign.html) - [ ] [DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea](https://thehackernews.com/2026/04/dprk-linked-hackers-use-github-as-c2-in.html) - [ ] [Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps](https://thehackernews.com/2026/04/multi-os-cyberattacks-how-socs-close.html) - [ ] [⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More](https://thehackernews.com/2026/04/weekly-recap-axios-hack-chrome-0-day.html) - [ ] [How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers](https://thehackernews.com/2026/04/how-litellm-turned-developer-machines.html) - [ ] [Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools](https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html) - [ ] [BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks](https://thehackernews.com/2026/04/bka-identifies-revil-leaders-behind-130.html) - Daniel Miessler - [ ] [Inference Costs Are Not Sustainable](https://danielmiessler.com/blog/inference-costs-are-not-sustainable?utm_source=rss&utm_medium=feed&utm_campaign=website) - NetSPI - [ ] [AI Fools Week: Don’t Let AI Fool Your Pentesting Strategy](https://www.netspi.com/blog/executive-blog/ai-ml-pentesting/ai-fools-week-dont-let-ai-fool-your-pentesting-strategy/) - Deep Web - [ ] [Leak databases](https://www.reddit.com/r/deepweb/comments/1sdnyjs/leak_databases/) - [ ] [what is the best way to increase brain power for certain amount of time ?](https://www.reddit.com/r/deepweb/comments/1sdwvak/what_is_the_best_way_to_increase_brain_power_for/) - [ ] [Brazillian people here](https://www.reddit.com/r/deepweb/comments/1sdouo4/brazillian_people_here/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [Traditional Network Engineer looking to get into Network Security focused roles. Is this a worthwhile path given it niche? What skills/certs should i focus on?](https://www.reddit.com/r/netsecstudents/comments/1se5ns7/traditional_network_engineer_looking_to_get_into/) - Krebs on Security - [ ] [Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab](https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/) - Social Engineering - [ ] [Working more hours doesn’t always mean getting more done](https://www.reddit.com/r/SocialEngineering/comments/1sdo589/working_more_hours_doesnt_always_mean_getting/) - [ ] [Doing a quick study on how people make everyday decisions — would love 2 minutes of your time](https://www.reddit.com/r/SocialEngineering/comments/1se30ox/doing_a_quick_study_on_how_people_make_everyday/) - [ ] [Something is more near then you remember..............](https://www.reddit.com/r/SocialEngineering/comments/1sdwls5/something_is_more_near_then_you_remember/) - The Register - Security - [ ] [AI agents found vulns in this popular Linux and Unix print server](https://go.theregister.com/feed/www.theregister.com/2026/04/06/ai_agents_cups_server_rce/) - [ ] [Attackers exploited this critical FortiClient EMS bug as a 0-day](https://go.theregister.com/feed/www.theregister.com/2026/04/06/forticlient_ems_bug_exploited/) - [ ] [Anthropic sure has a mess on its hands thanks to that Claude Code source leak](https://go.theregister.com/feed/www.theregister.com/2026/04/06/anthropic_code_leak_kettle_podcast/) - Security Affairs - [ ] [Phishing LNK files and GitHub C2 power new DPRK cyber attacks](https://securityaffairs.com/190413/uncategorized/phishing-lnk-files-and-github-c2-power-new-dprk-cyber-attacks.html) - [ ] [BKA unmasks two REvil Ransomware operators behind 130+ German attacks](https://securityaffairs.com/190401/cyber-crime/bka-unmasks-two-revil-ransomware-operators-behind-130-german-attacks.html) - [ ] [Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed](https://securityaffairs.com/190384/security/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html) - [ ] [CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw](https://securityaffairs.com/190392/hacking/cve-2026-35616-fortinet-fixes-actively-exploited-high-severity-flaw.html) - Your Open Hacker Community - [ ] [Anyway to route the api to mock server?](https://www.reddit.com/r/HowToHack/comments/1sef8ao/anyway_to_route_the_api_to_mock_server/) - [ ] [I need a PoC from assets.adobedtm.com](https://www.reddit.com/r/HowToHack/comments/1sdwfzx/i_need_a_poc_from_assetsadobedtmcom/) - [ ] [I need guidance I am really frustrated (Read the body, mods plz do not delete it's genuine)](https://www.reddit.com/r/HowToHack/comments/1se4fa0/i_need_guidance_i_am_really_frustrated_read_the/) - [ ] [802.15a sniffing](https://www.reddit.com/r/HowToHack/comments/1sdlcw8/80215a_sniffing/) - Technical Information Security Content & Discussion - [ ] [Cracking a Malvertising DGA From the Device Side](https://www.reddit.com/r/netsec/comments/1sdv8dm/cracking_a_malvertising_dga_from_the_device_side/) - [ ] [Closing the Kernel Backport Gap: Automated CVE Detection](https://www.reddit.com/r/netsec/comments/1sdxbxj/closing_the_kernel_backport_gap_automated_cve/) - [ ] [Using Cloudflare’s Post-Quantum Tunnel to Protect Plex Remote Access on a Synology NAS](https://www.reddit.com/r/netsec/comments/1se1qs6/using_cloudflares_postquantum_tunnel_to_protect/) - Information Security - [ ] [How are you handling AI sprawl across SaaS right now](https://www.reddit.com/r/Information_Security/comments/1sdyji5/how_are_you_handling_ai_sprawl_across_saas_right/) - Computer Forensics - [ ] [Starting a business and the Experience Requirement](https://www.reddit.com/r/computerforensics/comments/1se2frn/starting_a_business_and_the_experience_requirement/) - [ ] [EVTX Question](https://www.reddit.com/r/computerforensics/comments/1sdu0r4/evtx_question/) - [ ] [sleuthkit is currently broken on debian testing](https://www.reddit.com/r/computerforensics/comments/1sdji1f/sleuthkit_is_currently_broken_on_debian_testing/) - Blackhat Library: Hacking techniques and research - [ ] [[ Removed by Reddit ]](https://www.reddit.com/r/blackhat/comments/1se9xvs/removed_by_reddit/) - [ ] [The Cybersecurity Quilt](https://www.reddit.com/r/blackhat/comments/1se4rls/the_cybersecurity_quilt/) - [ ] [I have refactored slurp s3 bucket enumerator to work with any s3 compatible cloud](https://www.reddit.com/r/blackhat/comments/1sdqytq/i_have_refactored_slurp_s3_bucket_enumerator_to/) - TorrentFreak - [ ] [Music Publishers Ask Court to Dismiss X’s ‘Weaponized DMCA’ Antitrust Suit](https://torrentfreak.com/music-publishers-ask-court-to-dismiss-xs-weaponized-dmca-antitrust-suit/) - Security Weekly Podcast Network (Audio) - [ ] [Battling payment fraud with tokenization and executive interviews from RSAC 2026 - Jimmy White, Thyaga Vasudevan, Brian Oh, Mickey Bresman, Ashish Jain - ESW #453](http://sites.libsyn.com/18678/battling-payment-fraud-with-tokenization-and-executive-interviews-from-rsac-2026-jimmy-white-thyaga-vasudevan-brian-oh-mickey-bresman-ashish-jain-esw-453)
每日安全资讯(2026-04-07)