[每日信息流] 2026-04-15

[chainreactorbot]

每日安全资讯（2026-04-15）

• SecWiki News
  • SecWiki News 2026-04-14 Review
• Private Feed for M09Ic
  • mgeeky starred rotki/rotki
  • 0xbug starred ipverse/as-ip-blocks
  • liamg contributed to infracost/proto
  • bolucat released 202604142125 at bolucat/Archive
  • anthropics released v2.1.108 at anthropics/claude-code
  • github released v0.7.0 at github/spec-kit
  • Ascotbe starred eze-is/web-access
  • Mel0day starred Cocoon-AI/architecture-diagram-generator
  • spf13 starred doors-dev/doors
  • Mr-xn forked Mr-xn/Cli-Proxy-API-Management-Center from kongkongyo/Cli-Proxy-API-Management-Center
  • niudaii starred mwnickerson/bloodhound_mcp
  • pydantic released v0.0.12 at pydantic/monty
  • PrefectHQ released 3.6.27.dev2 at PrefectHQ/prefect
  • anthropics released v2.1.107 at anthropics/claude-code
  • LoRexxar starred NousResearch/hermes-agent
  • ZeddYu starred KKKKhazix/khazix-skills
  • gh0stkey starred aaif-goose/goose
  • Rvn0xsy starred cloudwego/eino
  • WAY29 starred HKUDS/DeepTutor
• obaby 𝐢‍𝐧⃝ void
  • Baby Press — 前后端分离的WP系统
• Tenable Blog
  • Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
  • Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
• ElcomSoft blog
  • Low-Level Extraction for iOS 17 and 18
• Doonsec's feed
  • GetX 仓库消失？别担心，镜像版本来袭！让我们一起守护Flutter生态
  • 浏览器抓包新选择！Hx0 鹰眼 V1.0.1 正式上线
  • frida-labs经典12道题目
  • ES::Tools出品ESP+ESD官方辅助工具——Redstone
  • Handala曝光了摩萨德和辛贝特领导人的住所
  • 【实战】自制开源情报AI工具集
  • 用豆包买保险被骗1620元，AI幻觉出现了！
  • 论文研读与思考|面向测试时强化学习的验证工具
  • 据报CIA在伊朗营救行动使用以色列间谍软件
  • 某大厂小领导：年薪八十多万，每天的工作就是催20个外包兄弟通宵改BUG，自己喝着咖啡刷手机“摘果子”，最后良心不安到上网哭诉。
  • 【AI安全】硬核！Claude 泄露 12 大智能体细节
  • LLM OWASP Top 10入门初探
  • 全民国家安全教育日 | 小信息，大安全——守好个人信息“安全门”，夯实国家安全“奠基石”
  • Windows凭证提取技术
  • 全球最大在线旅游公司 Booking.com 遭黑客入侵，旅客姓名 / 电话号码等隐私信息外泄
  • 重温“4.19”重要讲话十周年系列(2)：“菁英计划” 实战化经验分享
  • 【译】在 Google Cloud 中执行远程命令并删除单个目录
  • F5 安全公告：NGINX ngx_http_dav_module 漏洞 CVE-2026-27654
  • 好家伙，Everything 居然还有 1.5a 隐藏版本
  • 免费代理的代价：当攻击者成为猎物
  • IATF 16949: 2016 标准详解与实施（55）8.2.2.1 与产品和服务要求的确定—补充
  • IATF 16949: 2016 标准详解与实施（54）8.2.2 产品和服务要求的确定
  • 【工业控制系统网络安全系列课程】第3课-工业控制系统的网络安全风险-网络防御、检测和分析
  • 最大程度获取网站JS的工具
  • AI编程助手“说瞎话”，背后隐藏的攻击手段
  • 我用AI写了3年代码，直到公司数据库被脱库
  • [送书]TRAE+Cursor：AI 全栈从 0 到 1
  • RedTeam-Agent：让 AI 直接化身黑客的自动化红队框架来了
  • C3朋友圈丨领袖同频，共话2026年C3新程
  • 2026年3月企业必须安全漏洞清单
  • 360亮相2026世界互联网大会亚太峰会 智能体成果引行业关注
  • 月薪35-50k*16薪！真心建议物联网人冲一冲行业垂直相关新兴岗位，工资高前景好，人才缺口极大！
  • 美国网络安全和基础设施安全局 (CISA) 警告：Fortinet SQL 注入漏洞正被积极利用
  • W3LL钓鱼工具包被查封，全球凭证窃取和多因素身份验证绕过行动受挫
  • 农行打造“农银智+”平台，以三类AI应用形态赋能发展
  • AI快讯：火山引擎Seedance 2.0全面开放API服务，微软确认开发“龙虾”产品
  • 博英科技67.9万中！金谷国际信托2026年智能双录系统升级项目
  • 斯坦福2026年AI指数报告解读：中美差距几乎消失（附全文下载链接）
  • 【安全圈】金山毒霸、360 安全卫士被曝存在内核驱动高危漏洞
  • 【安全圈】开源监控平台 Grafana 曝漏洞，黑客可诱导 AI 助手泄露企业数据
  • 【安全圈】旅游平台 Booking.com 遭黑客入侵，旅客姓名电话号码等信息外泄
  • Spring/Tomcat畸形表单分析
  • NCTF 2026-鸡爪流高手（游戏服务器程序逆向 下溢出漏洞）
  • 迷雾中的航行：Fog 勒索软件关联攻击者工具链深度剖析
  • 第三方 SDK 重大漏洞曝光：超 3000 万加密货币钱包面临数据泄露风险
  • 从"鲁迅为什么暴打周树人"看AI"真相"
  • 网络安全最火的五个就业方向，来看看哪个是你的菜？
  • 终端是AI安全唯一的"战场"
  • JWT认证漏洞实战解析
  • 你这就有点吓人了
  • 加权费马点挑战题
  • Apache Tomcat 紧急修复多个漏洞
  • Axios 严重漏洞可导致 RCE
  • 腾讯云发布 Token 防刷解决方案，精准狙击大模型黑产
  • 广州，集合！腾讯邀请你来玩龙虾
  • 等保标准再扩新篇，数据安全系列公安行标解析（四）
  • 这显卡估计可以买台车了，各位师傅认同不？
• CXSECURITY Database RSS Feed - CXSecurity.com
  • WordPress Madara Local File Inclusion
  • FortiWeb 8.0.2 Remote Code Execution
  • Easy File Sharing Web Server v7.2 Buffer Overflow
  • NetBT e-Fatura Privilege Escalation
• Recent Commits to cve:main
  • Update Tue Apr 14 11:18:05 UTC 2026
• Bug Bounty in InfoSec Write-ups on Medium
  • I Tricked an AI Into Deleting a User Account (No Direct Access Needed)
  • GraphQL RCE: The Kill Chain to Cloud Identity…!
  • How Dark Web Intelligence Helped Me Prioritize High-Value Targets
  • Master Advanced Netcat Usage for Hackers: Techniques Beyond Reverse Shells
  • Exploiting LLM APIs for OS Command Injection (PortSwigger Lab Write-up)
• Malware-Traffic-Analysis.net - Blog Entries
  • 2026-04-13: XLoader (Formbook) infection
• Reverse Engineering
  • Claude Code / Codex Skill for Ghidra
• VMRay
  • The Top 12 Free Threat Intelligence Feeds to Follow in 2026
• SentinelOne
  • Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
• Malwarebytes
  • Omnistealer uses the blockchain to steal everything it can
  • ChatGPT under scrutiny as Florida investigates campus shooting
• rtl-sdr.com
  • BrowSDR: Turn Your HackRF or RTL-SDR Into a Browser-Based Remote WebSDR
• 奇客Solidot–传递最新科技情报
  • Google 将惩罚“后退按钮劫持”行为
  • 德国主权科技基金向 Mastodon 资助 61.4 万欧元
  • OpenSSL 4.0 释出
  • Servo 发布首个 crates.io 版本
  • 斯坦福的 AI 报告认为中美差距微乎其微
  • 人类止痛药对龙虾有效
  • 含氟自来水对 IQ 和大脑功能没有影响
  • 31 个 WordPress 插件被收购后植入了后门
  • FBI 搜查朝 Sam Altman 住宅扔燃烧瓶的男子家
  • 黑客入侵 a16z 投资的手机农场，试图让手机农场账号发帖称 a16z 是反基督
• 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  • 美财政部官员力推接入Anthropic新模型
• 黑鸟
  • 据报CIA在伊朗营救行动使用以色列间谍软件
• 威努特安全网络
  • Mac版来了！安全龙虾WinClaw已支持双平台！
• 虎符智库
  • 从RSAC 2026创新沙盒，看AI时代网络安全创新创业的国际风向与中国路径
• 安全内参
  • 关基部门预算暴涨！美国联邦政府2027财年网络安全拟投入超830亿元
  • 美英报告称Mythos模型无限压缩漏洞披露到武器化时间窗口
• 代码卫士
  • Apache Tomcat 紧急修复多个漏洞
  • Axios 严重漏洞可导致 RCE
• Shostack & Friends Blog
  • Adam reflects on BSides SF and RSAC
• 看雪学苑
  • ivanti CVE-2025-0282 漏洞复现
  • Rockstar Games确认遭供应链攻击，第三方SaaS成数据泄漏跳板
  • 天才程序员上线：AI 逆向与安全开发全栈实战
• 青衣十三楼飞花堂
  • 加权费马点挑战题
• 安全学术圈
  • 北京大学 | KnowHow：面向可解释且准确溯源分析的高层CTI知识自动应用方法
• 安全圈
  • 【安全圈】金山毒霸、360 安全卫士被曝存在内核驱动高危漏洞
  • 【安全圈】开源监控平台 Grafana 曝漏洞，黑客可诱导 AI 助手泄露企业数据
  • 【安全圈】旅游平台 Booking.com 遭黑客入侵，旅客姓名电话号码等信息外泄
• 漕河泾小黑屋
  • 免费代理的代价：当攻击者成为猎物
• 微步在线研究响应中心
  • Axios爆SSRF漏洞，特定条件下可导致RCE
• 数世咨询
  • 内部威胁卷土重来
  • 直播预约｜第二届智能渗透挑战赛，龙虾黑客巅峰对决
• 微步在线
  • Mythos风暴将至，250位CISO闭门交出可落地方案
• 软件安全与逆向分析
  • ARM64动态指令追踪工具使用与实现分析
• 极客公园
  • 进入超 300 户家庭，为什么这个 3 万+的机器人值得买？
  • Anthropic最强模型被质疑夸大找漏洞能力；奥尔特曼住所一周内两次遇袭；需求火爆，苹果提升初代Macbook Neo产量至1000 万台｜极客早知道
• 信息安全国家工程研究中心
  • 4·15全民国家安全教育日主题海报
• 安全牛
  • Claude Mythos Preview 因能力过强暂不公开发布，对传统安全厂商形成降维打击，行业格局剧变
  • 中央网信办发布直播打赏规范通知 明确平台主体责任与监管要求；Meta 打造扎克伯格AI 数字分身，员工可全天候与虚拟 CEO 交互| 牛览
• Tide安全团队
  • 基于AI的自动化测试工具的探索
• 恒脑与AI
  • “AI黑客”单兵作战：1人2模型，利用Claude 和ChatGPT，攻陷墨西哥9个核心政府机构
• ChaMd5安全团队
  • Agent Security 沙箱可持久化深度报告
• 枇杷熟了
  • 没错，我的枇杷比她甜！
• 天御攻防实验室
  • 一名美国国家安全局分析师对其约会女友进行监视
• 深信服千里目安全技术中心
  • 【漏洞通告】Marimo WebSocket 认证绕过漏洞(CVE-2026-39987)
• Desync InfoSec
  • 迷雾中的航行：Fog 勒索软件关联攻击者工具链深度剖析
  • 第三方 SDK 重大漏洞曝光：超 3000 万加密货币钱包面临数据泄露风险
• 360数字安全
  • 360亮相2026世界互联网大会亚太峰会 智能体成果引行业关注
• 安全419
  • 安全419｜一周国际网安资讯：供应链波及OpenAI APT盯上关键设施
• 青藤云安全
  • 终端是AI安全唯一的"战场"
• Over Security - Cybersecurity news aggregator
  • Microsoft adds Windows protections for malicious Remote Desktop files
  • Crypto-exchange Kraken extorted by hackers after insider breach
  • Patch Tuesday, April 2026 Edition
  • Over 100 Chrome extensions in Web Store target users accounts and data
  • Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
  • New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments
  • Chasing Phantoms: How a Multi-Stage Stealer Abuses Signed Binaries to…
  • McGraw-Hill confirms data breach following extortion threat
  • Microsoft releases Windows 10 KB5082200 extended security update
  • Windows 11 cumulative updates KB5083769 & KB5082052 released
  • Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
  • Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds
  • Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
  • Fornitori rilevanti NIS: ecco le FAQ per una loro corretta individuazione
  • Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
  • Controlli di sicurezza granulari: proteggere e-mail e backup senza bloccare il business è un’arte
  • Donne e cybersecurity: crescono le nuove leve e alcune sfide
  • 5 Ways Zero Trust Maximizes Identity Security
  • Russia appears to block social media platform Bluesky amid wider internet restrictions
  • State-sponsored threats: Different objectives, similar access paths
  • Ristrutturazione aziendale e dati dei lavoratori: la lezione dalla sanzione a ITA e Alitalia
  • 16-31 March 2025 Cyber Attacks Timeline
  • Utenti Booking attaccati, che succede e come difendersi
  • When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
  • Goldman Sachs ‘Hyperaware’ of AI Risks; Working with Anthropic on Mythos
  • Progetti che falliscono, processi che stagnano: gli errori da evitare nella cyber security
  • Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies
  • NIS2, le categorizzazioni ancora assenti frenano documentazione e risk analysis
  • Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
  • Australia Social Media Ban Faces Questions as Over 60% of Kids Remain Online
  • Identity Management Day 2026: scomparso il perimetro di rete, focus sulle identità non umane
  • Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
  • Massive Cyberattack Hits Europe’s Largest Fitness Chain, Member Data Exposed
  • The AlphaGo moment for vulnerability research?
• TrustedSec
  • Benchmarking Self-Hosted LLMs for Offensive Security
• ICT Security Magazine
  • Gestione del rischio cyber 2026: rilevare l’invisibile per mitigare la superficie di attacco
  • Shadow AI, compliance e responsabilità: verso un modello minimo di governance
• Qualys Security Blog
  • Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
• 迪哥讲事
  • 【SRC实战】利用js多赚1000
• 云鼎实验室
  • 2026年3月企业必修安全漏洞清单
• Schneier on Security
  • Upcoming Speaking Engagements
  • How Hackers Are Thinking About AI
• Troy Hunt's Blog
  • Weekly Update 499
• SANS Internet Storm Center, InfoCON: green
  • Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
  • ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
• HACKMAGEDDON
  • 16-31 March 2025 Cyber Attacks Timeline
• Instapaper: Unread
  • Why DFIR teams need to look beyond the MBR when analyzing modern wipers
  • Deleted File Recovery in Ext4
  • DFIR Backlogs, Burnout And Cognitive Fatigue The Silent Operational Risk
  • NTFS Forensics Reconstruction of File System History
  • Italia e spyware, il lato oscuro dell'industria italiana della cybersicurezza
• Lenny Zeltser
  • How Modern Design Principles Strengthen Security
• The Hacker News
  • New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
  • Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
  • AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
  • Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
  • Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
  • 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
  • ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
  • CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
• Krebs on Security
  • Patch Tuesday, April 2026 Edition
• Full Disclosure
  • CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000
  • CyberDanube Security Research 20260408-0 | Remote Operation Denial of Service in Siemens SICAM A8000
  • SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS
• Securityinfo.it
  • Donne e cybersecurity: crescono le nuove leve e alcune sfide
• Information Security
  • Data aggregators and brokers are kind of terrifying
  • Forget ransomware. These guys just steal your data and go straight for your reputation
  • Booking.com data breach: What to do?
  • Problema su Safari: “connessione non sicura”
  • 외부 협업 환경에서 데이터 보호 전략에 대한 고민
• Social Engineering
  • Person Identification with Text Description
  • If I called you right now, said your name, your bank, your last transaction — and asked for an OTP in 30 seconds, would you actually stop yourself?
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Is a virtual CISO actually effective, or is it just a watered-down version of having a real security leader? Genuine question from a CTO.
  • Looking for teammates for CTF@CIT
  • Built a Telegram scam honeypot bot for detection research — looking for feedback/testers
  • Fulbright for UCF MS Cybersecurity with zero cyber XP — should I take it?
  • [ Removed by Reddit ]
• The Register - Security
  • Commvault has a Ctrl+Z for rogue AI agents
  • Microsoft's massive Patch Tuesday: It's raining bugs
  • No honor among thieves as 0APT threatens rival ransomware gang Krybit
• Deeplinks
  • Google Broke Its Promise to Me. Now ICE Has My Data.
  • EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
• DEFION Research Labs
  • Ruckus Unleashed: Multiple vulnerabilities exploited
  • Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
  • Pwn2Own Automotive 2024: Hacking the JuiceBox 40
  • Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)
  • DoNex/DarkRace Ransomware Decryptor
  • CVE-2024-20693: Windows cached code signature manipulation
  • Bringing process injection into view(s): exploiting all macOS apps using nib files
  • Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing
  • Getting SYSTEM on Windows in style
  • Technical analysis of the Genesis Market
  • Bad things come in large packages: .pkg signature verification bypass on macOS
  • Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution
  • Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS
  • Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
  • Process injection: breaking all macOS security layers with a single vulnerability
  • Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution
  • Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
  • CoronaCheck App TLS certificate vulnerabilities
  • Sandbox escape + privilege escalation in StorePrivilegedTaskService
  • Proctorio Chrome extension Universal Cross-Site Scripting
  • Zoom RCE from Pwn2Own 2021
  • iOS VPN support: 3 different bugs
  • Sign in with Apple - authentication bypass
  • Jenkins - authentication bypass
  • DNS rebinding for HTTPS
  • Spring Security - insufficient cryptographic randomness
  • XenServer - path traversal leading to authentication bypass
  • Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root
  • NAPALM - command execution on NAPLM controller from host
  • MySQL Connector/J - Unexpected deserialisation of Java objects
  • Ansible - command execution on Ansible controller from host
  • Observium - unauthenticated remote code execution
  • cSRP/srpforjava - obtaining of hashed passwords
  • StartEncrypt - obtaining valid SSL certificates for unauthorized domains
• Computer Forensics
  • Crow-eye v0.9.0 is out! Now with Direct Forensic Image Parsing, a rebuilt Timeline, and full Linux support.
• Blackhat Library: Hacking techniques and research
  • SROP-Assisted Cross-Memory Attach (CMA) Injection via Direct Syscalls.
• Technical Information Security Content & Discussion
  • Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies
  • Using Nix or Docker for reproducible Development Environments
  • Codex Hacked a Samsung TV
• TorrentFreak
  • EU Pirate Site-Blocking Is Broken: Report Calls for IP Blocking Ban and Rightsholder Liability
• Security Affairs
  • Personal data of 1 million gym members compromised in Basic-Fit security incident
  • US, UK and Canada disrupt $45M crypto theft in Operation Atlantic
  • ShinyHunters claim the hack of Rockstar Games breach and started leaking data
  • Attackers target unpatched ShowDoc servers via CVE-2025-0520
  • U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
  • Fake Claude AI installer abuses DLL sideloading to deploy PlugX
• Deep Web
  • Need response for my thesis on dark web
  • looking for the link list
  • Anyone know Unsensored Ai
• Daniel Miessler
  • Good and Bad Harness Engineering
• Security Weekly Podcast Network (Audio)
  • Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - Kieran Human - SWN #572
  • Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

[ericjoye]

Your SecWiki News 2026-04-14 Review link shows strong curation of security content. I’ve built a daily digest system that aggregates GitHub activity, security advisories, and project releases into a single structured feed. Each item is parsed, deduplicated, and formatted for immediate review without manual scraping.

I developed a similar pipeline for a cybersecurity research group last year, processing over 3,000 entries weekly. This ensures consistent delivery even as sources scale.

Send me the exact formatting rules or output template you need for the 2026-04-15 feed, and I’ll return the first batch within 24 hours.

Eric