# 每日安全资讯(2025-08-12) - Recent Commits to cve:main - [Update Mon Aug 11 11:16:37 UTC 2025](https://github.com/trickest/cve/commit/d20fd74985effbf27a993bf0624bae6873c29066) - Der Flounder - [Session videos now available from Penn State MacAdmins Conference 2025](https://derflounder.wordpress.com/2025/08/11/session-videos-now-available-from-penn-state-macadmins-conference-2025/) - InfoSec Write-ups - Medium - [Mastering Web Cache Deception Vulnerabilities: An Advanced Bug Hunter’s Guide](https://infosecwriteups.com/mastering-web-cache-deception-vulnerabilities-an-advanced-bug-hunters-guide-b7b500b482e3?source=rss----7b722bfd1b8d---4) - [6 Things I Learned While Building an Incident Response Simulation (IR Sim 101)](https://infosecwriteups.com/6-things-i-learned-while-building-an-incident-response-simulation-ir-sim-101-84dea0e900c3?source=rss----7b722bfd1b8d---4) - [WinRAR Zero-Day Under Active Exploitation — Update to Version 7.13 Now!](https://infosecwriteups.com/winrar-zero-day-under-active-exploitation-update-to-version-7-13-now-1ca23cd43ed5?source=rss----7b722bfd1b8d---4) - [Lovable Subdomain Takeover | How we became #1 on Launched](https://infosecwriteups.com/lovable-subdomain-takeover-how-we-became-1-on-launched-fae323347718?source=rss----7b722bfd1b8d---4) - [From MonoBehaviour to ECS: A Simple Unity Game Case Study](https://infosecwriteups.com/from-monobehaviour-to-ecs-a-simple-unity-game-case-study-b8adfea65c1e?source=rss----7b722bfd1b8d---4) - [OSCP vs. CISSP: Which Certification Should You Pursue?](https://infosecwriteups.com/oscp-vs-cissp-which-certification-should-you-pursue-0e60fea2e763?source=rss----7b722bfd1b8d---4) - [Mirror, Mirror in the Cache: The Day I Became a Digital Pickpocket](https://infosecwriteups.com/mirror-mirror-in-the-cache-the-day-i-became-a-digital-pickpocket-ce695a86dc87?source=rss----7b722bfd1b8d---4) - [How to Run SQLMAP from Anywhere in Windows CMD (Complete Setup Guide)](https://infosecwriteups.com/how-to-run-sqlmap-from-anywhere-in-windows-cmd-complete-setup-guide-eee9d61f6303?source=rss----7b722bfd1b8d---4) - 安全客-有思想的安全新媒体 - [WinRAR 更新:零日路径遍历漏洞(CVE-2025-8088)被大肆利用投递恶意软件](https://www.anquanke.com/post/id/311109) - [特斯拉放弃Dojo超级计算机项目,转向新AI战略](https://www.anquanke.com/post/id/311077) - [研究人员揭露针对100多款戴尔笔记本中ControlVault3固件的ReVault攻击](https://www.anquanke.com/post/id/311070) - [基于Linux系统的联想网络摄像头漏洞可被远程利用发起BadUSB攻击](https://www.anquanke.com/post/id/311064) - [谷歌证实数据泄露,潜在 Google Ads 客户信息遭曝光](https://www.anquanke.com/post/id/311061) - [ChatGPT升级至GPT-5:推理与代码能力双重提升](https://www.anquanke.com/post/id/311082) - [ChatGPT连接器曝"0-click"漏洞,攻击者可窃取Google Drive数据](https://www.anquanke.com/post/id/311088) - [“GreedyBear”加密劫掠团伙曝光:滥用Firefox扩展、假冒网站盗取逾百万美元加密资产](https://www.anquanke.com/post/id/311041) - [Efimer木马警报:新型加密货币窃取程序通过虚假法律威胁和恶意种子文件劫持数字钱包](https://www.anquanke.com/post/id/311036) - [CVE-2025-5095(CVSS 9.8):ARC Solo广播设备存在严重漏洞,可被未认证攻击者完全控制](https://www.anquanke.com/post/id/311030) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [80% 案例显示:恶意活动激增时极大可能出现新安全漏洞](https://www.4hou.com/posts/2XmK) - [【附下载】重庆信通设计院:大模型 私域落地全攻略](https://www.4hou.com/posts/qo42) - CXSECURITY Database RSS Feed - CXSecurity.com - [Projectworlds Online Admission System 1.0 SQL Injection](https://cxsecurity.com/issue/WLB-2025080011) - [JetBrains TeamCity 2023.11.4 Authentication Bypass](https://cxsecurity.com/issue/WLB-2025080010) - [Cisco ISE 3.0 Remote Code Execution](https://cxsecurity.com/issue/WLB-2025080009) - [SugarCRM 14.0.0 SSRF/Code Injection](https://cxsecurity.com/issue/WLB-2025080008) - paper - Last paper - [SelectiveShield:联邦学习中对抗梯度泄露的轻量级混合防御机制](https://paper.seebug.org/3353/) - SecWiki News - [SecWiki News 2025-08-11 Review](http://www.sec-wiki.com/?2025-08-11) - Tenable Blog - [Tenable Jailbreaks GPT-5, Gets It To Generate Dangerous Info Despite OpenAI’s New Safety Tech](https://www.tenable.com/blog/tenable-jailbreaks-gpt-5-gets-it-to-generate-dangerous-info-despite-openais-new-safety-tech) - [How Tenable’s Security Team Went from Thousands of Alerts to a Handful of Tickets with Exposure Management](https://www.tenable.com/blog/how-tenables-security-team-went-from-thousands-of-alerts-to-a-handful-of-tickets-with-exposure) - 一个被知识诅咒的人 - [【智能设备】固态电池赋能未来:智能穿戴设备电池技术的革命性突破](https://blog.csdn.net/nokiaguy/article/details/150212256) - [【人工智能】边缘AI驱动的2025智能工厂:工业物联网中的革命性应用](https://blog.csdn.net/nokiaguy/article/details/150212218) - Payatu - [Decoded: Why WPA3 Still Isn’t the End of Wi-Fi Hacking](https://payatu.com/blog/wpa3-isnt-the-end-of-wi-fi-hacking/) - GuidePoint Security - [Purple Teaming Part 2: Inside the Lifecycle, from Preparation to Protection](https://www.guidepointsecurity.com/blog/purple-teaming-lifecycle-part-2/) - Bug Bounty in InfoSec Write-ups on Medium - [Mastering Web Cache Deception Vulnerabilities: An Advanced Bug Hunter’s Guide](https://infosecwriteups.com/mastering-web-cache-deception-vulnerabilities-an-advanced-bug-hunters-guide-b7b500b482e3?source=rss----7b722bfd1b8d--bug_bounty) - [Mirror, Mirror in the Cache: The Day I Became a Digital Pickpocket](https://infosecwriteups.com/mirror-mirror-in-the-cache-the-day-i-became-a-digital-pickpocket-ce695a86dc87?source=rss----7b722bfd1b8d--bug_bounty) - [How to Run SQLMAP from Anywhere in Windows CMD (Complete Setup Guide)](https://infosecwriteups.com/how-to-run-sqlmap-from-anywhere-in-windows-cmd-complete-setup-guide-eee9d61f6303?source=rss----7b722bfd1b8d--bug_bounty) - Horizon3.ai - [CVE-2025-8356](https://horizon3.ai/attack-research/vulnerabilities/cve-2025-8356/) - Reverse Engineering - [It's the certificates, stupid!](https://reverse.put.as/2025/08/11/itsthecertificatesstupid/) - Malwarebytes - [“The worst thing” for online rights: An age-restricted grey web (Lock and Code S06E16)](https://www.malwarebytes.com/blog/podcast/2025/08/the-worst-thing-for-online-rights-an-age-restricted-grey-web-lock-and-code-s06e16) - [Online portal exposed car and personal data, allowed anyone to remotely unlock cars](https://www.malwarebytes.com/blog/news/2025/08/online-portal-exposed-car-and-personal-data-allowed-anyone-to-remotely-unlock-cars) - [A week in security (August 4 – August 10)](https://www.malwarebytes.com/blog/uncategorized/2025/08/a-week-in-security-august-4-august-10) - Reverse Engineering - [/r/ReverseEngineering's Weekly Questions Thread](https://www.reddit.com/r/ReverseEngineering/comments/1mn63rm/rreverseengineerings_weekly_questions_thread/) - [Bypassing Starcraft 2 antidebugging measures](https://www.reddit.com/r/ReverseEngineering/comments/1mndr6n/bypassing_starcraft_2_antidebugging_measures/) - [Creating the longest possible Ski Jump in The Games: Winter Challenge](https://www.reddit.com/r/ReverseEngineering/comments/1mn0lag/creating_the_longest_possible_ski_jump_in_the/) - [Am i found the best way to bypass any security ?](https://www.reddit.com/r/ReverseEngineering/comments/1mnjoa8/am_i_found_the_best_way_to_bypass_any_security/) - Exploit-DB.com RSS Feed - [[webapps] JetBrains TeamCity 2023.11.4 - Authentication Bypass](https://www.exploit-db.com/exploits/52411) - [[webapps] ServiceNow Multiple Versions - Input Validation & Template Injection](https://www.exploit-db.com/exploits/52410) - [[webapps] Ghost CMS 5.59.1 - Arbitrary File Read](https://www.exploit-db.com/exploits/52409) - [[webapps] Ghost CMS 5.42.1 - Path Traversal](https://www.exploit-db.com/exploits/52408) - [[remote] Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials](https://www.exploit-db.com/exploits/52407) - [[webapps] VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)](https://www.exploit-db.com/exploits/52406) - [[remote] Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52405) - [[remote] Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection](https://www.exploit-db.com/exploits/52404) - [[webapps] Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape](https://www.exploit-db.com/exploits/52403) - [[webapps] Grav CMS 1.7.48 - Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52402) - [[remote] Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure](https://www.exploit-db.com/exploits/52401) - [[webapps] atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)](https://www.exploit-db.com/exploits/52400) - [[local] Microsoft Windows - Storage QoS Filter Driver Checker](https://www.exploit-db.com/exploits/52399) - [[webapps] projectworlds Online Admission System 1.0 - SQL Injection](https://www.exploit-db.com/exploits/52398) - [[remote] Cisco ISE 3.0 - Authorization Bypass](https://www.exploit-db.com/exploits/52397) - [[remote] Cisco ISE 3.0 - Remote Code Execution (RCE)](https://www.exploit-db.com/exploits/52396) - 绿盟科技技术博客 - [简析国家网络身份认证公共服务管理办法](https://blog.nsfocus.net/%e7%ae%80%e6%9e%90%e5%9b%bd%e5%ae%b6%e7%bd%91%e7%bb%9c%e8%ba%ab%e4%bb%bd%e8%ae%a4%e8%af%81%e5%85%ac%e5%85%b1%e6%9c%8d%e5%8a%a1%e7%ae%a1%e7%90%86%e5%8a%9e%e6%b3%95/) - [简析国家数据局公布2025年可信数据空间创新发展试点名单](https://blog.nsfocus.net/%e7%ae%80%e6%9e%90%e5%9b%bd%e5%ae%b6%e6%95%b0%e6%8d%ae%e5%b1%80%e5%85%ac%e5%b8%832025%e5%b9%b4%e5%8f%af%e4%bf%a1%e6%95%b0%e6%8d%ae%e7%a9%ba%e9%97%b4%e5%88%9b%e6%96%b0%e5%8f%91%e5%b1%95%e8%af%95/) - [《汽车数据出境安全指引(2025版)(征求意见稿)》思考分析](https://blog.nsfocus.net/%e3%80%8a%e6%b1%bd%e8%bd%a6%e6%95%b0%e6%8d%ae%e5%87%ba%e5%a2%83%e5%ae%89%e5%85%a8%e6%8c%87%e5%bc%95%ef%bc%882025%e7%89%88%ef%bc%89%ef%bc%88%e5%be%81%e6%b1%82%e6%84%8f%e8%a7%81%e7%a8%bf%ef%bc%89/) - [欧盟《人工智能法》实施时间线(AI Act Implementation Timeline)情况简析](https://blog.nsfocus.net/%e6%ac%a7%e7%9b%9f%e3%80%8a%e4%ba%ba%e5%b7%a5%e6%99%ba%e8%83%bd%e6%b3%95%e3%80%8b%e5%ae%9e%e6%96%bd%e6%97%b6%e9%97%b4%e7%ba%bf%ef%bc%88ai-act-implementation-timeline%ef%bc%89%e6%83%85%e5%86%b5/) - [《关键信息基础设施商用密码使用管理规定》学习思考](https://blog.nsfocus.net/%e3%80%8a%e5%85%b3%e9%94%ae%e4%bf%a1%e6%81%af%e5%9f%ba%e7%a1%80%e8%ae%be%e6%96%bd%e5%95%86%e7%94%a8%e5%af%86%e7%a0%81%e4%bd%bf%e7%94%a8%e7%ae%a1%e7%90%86%e8%a7%84%e5%ae%9a%e3%80%8b%e5%ad%a6%e4%b9%a0/) - [《政务数据共享条例》8月1日起施行](https://blog.nsfocus.net/%e3%80%8a%e6%94%bf%e5%8a%a1%e6%95%b0%e6%8d%ae%e5%85%b1%e4%ba%ab%e6%9d%a1%e4%be%8b%e3%80%8b8%e6%9c%881%e6%97%a5%e8%b5%b7%e6%96%bd%e8%a1%8c/) - [Angr符号执行练习–对付OLLVM Control Flow Flattening/控制流平坦化](https://blog.nsfocus.net/angr%e7%ac%a6%e5%8f%b7%e6%89%a7%e8%a1%8c%e7%bb%83%e4%b9%a0-%e5%af%b9%e4%bb%98ollvm-control-flow-flattening-%e6%8e%a7%e5%88%b6%e6%b5%81%e5%b9%b3%e5%9d%a6%e5%8c%96/) - [QUIC协议科普](https://blog.nsfocus.net/quic%e5%8d%8f%e8%ae%ae%e7%a7%91%e6%99%ae/) - [获取windbgx离线安装包](https://blog.nsfocus.net/%e8%8e%b7%e5%8f%96windbgx%e7%a6%bb%e7%ba%bf%e5%ae%89%e8%a3%85%e5%8c%85/) - [Windows遭遇「删除文件失败」](https://blog.nsfocus.net/windows-5/) - HackerNews - [黑客利用 RPC 与 LDAP 漏洞,将公共域控制器组建成恶意僵尸网络​](https://hackernews.cc/archives/60180) - [近 50 万英国公民联合请愿,要求废除《在线安全法案》](https://hackernews.cc/archives/60178) - 奇客Solidot–传递最新科技情报 - [年轻血清配合骨髓细胞逆转皮肤衰老](https://www.solidot.org/story?sid=82016) - [研究发现素食者癌症风险比肉食者低 12%](https://www.solidot.org/story?sid=82015) - [量子流体首次观测到类似梵高名画《星空》的漩涡结构](https://www.solidot.org/story?sid=82014) - [Steam 创意工坊知名模组遭遇大规模恶意 DMCA 举报](https://www.solidot.org/story?sid=82013) - [Debian 14 考虑支持龙芯的 LoongArch CPU](https://www.solidot.org/story?sid=82012) - [Linux 6.17-rc1 释出,未合并 Bcachefs 任何补丁](https://www.solidot.org/story?sid=82011) - [中国制造了全球三分之一的常用塑料](https://www.solidot.org/story?sid=82010) - [澳大利亚大堡礁珊瑚白化创纪录](https://www.solidot.org/story?sid=82009) - [英伟达和 AMD 同意将 15% 的中国营收上缴给美国](https://www.solidot.org/story?sid=82008) - [读卖新闻起诉 Perplexity 侵犯著作权](https://www.solidot.org/story?sid=82006) - [人与自然联结度 220 年来下降逾 60%](https://www.solidot.org/story?sid=82005) - 安全分析与研究 - [银狐新型注入型攻击样本与威胁情报](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247493165&idx=1&sn=787562d0fd87d5fd8f1267a4fb57fcc1) - 赵武的自留地 - [一群身价数亿的穷光蛋](https://mp.weixin.qq.com/s?__biz=MjM5NDQ5NjM5NQ==&mid=2651626431&idx=1&sn=64878d1c095ef412fdf0bb1bf5c58c1d) - 安全客 - [GPT-5发布24小时即被越狱:AI安全防线再遭质疑](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649788913&idx=1&sn=b2f53de178e1e7b45481e54b4794dfdb) - 腾讯玄武实验室 - [每日安全动态推送(25/8/11)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960179&idx=1&sn=02f11b9a464c766dba2b1130fb64ad1b) - 威努特安全网络 - [工信部最新发布网络安全相关行政执法事项清单](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651134706&idx=1&sn=6b1e7f8455547ab819c82bee4204b0b9) - 奇安信 CERT - [安全热点周报:AI 编辑器 Cursor 漏洞致远程代码执行,软件供应链面临威胁](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247503769&idx=1&sn=f6d7391cbf47b90775ba7517271f948c) - 看雪学苑 - [APP登录请求之协议分析](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458598456&idx=1&sn=077e930f49993a71483a18a915e3909b) - [组队冲奖!2025 KCTF 参赛指南出炉,8月15日12:00开赛](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458598456&idx=2&sn=32e68381b5b6f400499463c6b09bdcbc) - [GPT-5安全机制被突破,研究人员使用回声室和叙事攻击成功绕过防护](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458598456&idx=3&sn=30627bfda73444a820c21a46eb0ca4ff) - 青衣十三楼飞花堂 - [Windows中遭遇「删除文件失败」](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247488487&idx=1&sn=63a6033310489ae60ddefaee02ddb954) - 安全内参 - [微软2025财年发放了超1.2亿元漏洞赏金,单个漏洞最高奖励143万元](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247514820&idx=1&sn=3d427152300194dd252c1c51ba218fb7) - [美国防部称AIxCC标志着网络防御的关键转折点](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247514820&idx=2&sn=515465d945a0b51072afe02adc8e1787) - RapidDNS - [RapidDNS 数据更新服务 最后一次测试更新](https://mp.weixin.qq.com/s?__biz=Mzg4NDU0ODMxOQ==&mid=2247485823&idx=1&sn=6c4ab465993fcdf4460dbb27432afa2b) - vivo千镜 - [vivo签署《人工智能安全承诺》并参与《中国人工智能安全承诺框架》,共筑AI可信未来](https://mp.weixin.qq.com/s?__biz=MzI0Njg4NzE3MQ==&mid=2247492180&idx=1&sn=04b8e5dbe38b793d8700c84454217107) - 先进攻防 - [ClickHouse高效实体数据存储与查询终极指南](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649908672&idx=1&sn=c95b4d6b7b61af2e443ac54d2153a13d) - 丁爸 情报分析师的工具箱 - [【情报机构】印度情报架构:机构、职能和监督](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651151512&idx=1&sn=ca642b68287211dd1c13536345b98c5e) - dotNet安全矩阵 - [.NET Web 缝合怪,一键支持在线打包 & 内存远程加载 & 无需依赖 cmd.exe 执行系统命令](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500276&idx=1&sn=5f4e0c70e2a2f51dcfeb634ca37127f0) - [国内最专业、最全面的 [ .NET 代码审计 ] 体系化视频学习课程](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500276&idx=2&sn=a8528751d679f66cef50268cba404e03) - [.NET 2025 年第 84 期实战工具库和资源汇总](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247500276&idx=3&sn=8280d659027336aa0dc153be20a92181) - 腾讯安全威胁情报中心 - [情报每周回顾 2025-08-10](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247510702&idx=1&sn=faf47000a5f29c0d0b85dc7b7045eeb7) - 威胁棱镜 - [网络侧典型指纹识别算法](https://mp.weixin.qq.com/s?__biz=MzkyMzE5ODExNQ==&mid=2247487866&idx=1&sn=5f86c8bfb155d8a482fead07c079df7c) - 天黑说嘿话 - [50个文件上传绕过技巧,懂一半绝对高手!](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247484560&idx=1&sn=f662dcf67d09a79337f2d375feea0e8d) - 安全圈 - [【安全圈】突发!上海全市医保系统瘫痪](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652071098&idx=1&sn=c799817d475b66a269ae6ad7fff0bf1c) - [【安全圈】歌手伍佰紧急公告:官网被黑客入侵](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652071098&idx=2&sn=d333ae983138abe4aa57a5b3eecd153e) - [【安全圈】美联邦法院电子档案系统遭大规模黑客攻击,或泄露机密证人身份](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652071098&idx=3&sn=67c706faad15406f0171eab099a2c5bf) - 中国信息安全 - [专题·原创 | 筑牢能源领域网络安全屏障:中国石油的实践与思考](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664247347&idx=1&sn=218600a0f8e7b3f3bcd0dcde04fde3ee) - [专家解读|加快信息化领域改革创新发展 为推进中国式现代化提供坚实支撑](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664247347&idx=2&sn=59ac96c01aa0be620dd733209a221b00) - [通知 | 网安标委下达2项网络安全推荐性国家标准计划](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664247347&idx=3&sn=1c47e5f57ae8e1c852ca0c747f190376) - [前沿 | 肖茜:两份文件凸显中美AI发展理念差异](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664247347&idx=4&sn=6e1db5d66e7feede612298f697924eb5) - 安全研究GoSSIP - [解锁后量子密码魔法:PQMagic-Python 上手指南](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247500541&idx=1&sn=314abb83684cefc51beb9ecc83dac8ae) - 安全学术圈 - [2025年CCF-绿盟科技“鲲鹏”科研基金项目申报指南](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247493329&idx=1&sn=015b76d103270ff39173591ee553bca5) - 电子物证 - [【英国健康医疗数据处理规则】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048567&idx=1&sn=f89cc985e22797068cb866b660138f5a) - [【暗网犯罪国内外存在的问题与因应】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048567&idx=2&sn=3831b86d2aeef6af7a4b3376b895396f) - 信安之路 - [限时免费下载!数十亿域名解析记录数据](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247500016&idx=1&sn=90193331dd52c7df02452f936f74ea6e) - 数世咨询 - [最新报告:仅10%的员工就造成了73%的网络风险](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247539843&idx=1&sn=edfa3ce5eabf9e7cfcdc62806e55a377) - 深信服千里目安全技术中心 - [【漏洞通告】WinRAR 目录遍历漏洞(CVE-2025-8088)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247524487&idx=1&sn=1715268ae74041049ca916f2777014a9) - 安全牛 - [AI Agent原生企业落地技术路径之一](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651138272&idx=1&sn=83a3b005db223341620730bf1e2f51a0) - [GPT-5重磅发布却遇“滑铁卢”,用户感受差,安全能力严重不足;联想部分型号网络摄像头中存有“BadCam”远程控制漏洞| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651138272&idx=2&sn=38363e9cb0a08878e53ec5f7008bc9be) - 微步在线 - [CSOP2025看点 | 中交集团刘学忠:AI驱动的一体化网络安全智能防护](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650184422&idx=1&sn=7b1a17aa929faa73953859ae9f14b682) - 情报分析师 - [揭秘支持乌克兰军队的高度机密的美国非营利组织](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650561887&idx=1&sn=1c5fbf7b822eb51e909bb432491deebe) - [脱北者爆料:朝鲜网诈背后竟是美韩联手炒作!](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650561887&idx=2&sn=b4b0750f8d631f0c1219b848ef9bc986) - NOVASEC - [【工具】DeepSeek太牛了!一天挣了598,普通人挣钱最简单的方法](https://mp.weixin.qq.com/s?__biz=MzUzODU3ODA0MA==&mid=2247490752&idx=1&sn=adb8cc683cf0421a3ab3c8f83dd49375) - 威胁猎人Threat Hunter - [威胁猎人2025年7月安全情报和产品升级汇总](https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247501249&idx=1&sn=2c77a82ba683bf130d7080ccaaed76d1) - 李姐姐的扫描器 - [大型AISecOps Agent难题: 20+功能Agent, 300+API的复杂集成](https://mp.weixin.qq.com/s?__biz=MzkyNjM0MjQ2Mw==&mid=2247483808&idx=1&sn=2e6ecc30ce3fff61e73b6ec2266707e1) - 山石网科安全技术研究院 - [发现废弃硬件中的0Day漏洞](https://mp.weixin.qq.com/s?__biz=MzUzMDUxNTE1Mw==&mid=2247512597&idx=1&sn=0a7b543b616720275a771dd7a24aaa4b) - 代码卫士 - [Google Calendar 邀请被用于劫持 Gemini,泄露用户数据](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247523771&idx=1&sn=202844570d8eb4bdbaf371dc692e7896) - [RubyGems 生态系统遭供应链攻击](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247523771&idx=2&sn=5f9142f7ea3b0ae81a5cf2c382a83ba1) - 360数字安全 - [ISC.AI 2025:360数字安全生态合作伙伴大会成功召开 共探AI时代安全生态新路径!](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247581560&idx=1&sn=9156564369cdf266351afb04db6492f7) - [ISC.AI 2025 Agentic SOC:安全运营新范式论坛召开,共绘AI赋能安全新蓝图](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247581560&idx=2&sn=fe92a4cfd32709a908ee9070976bb6ab) - [勒索月报|360独家披露7月勒索软件流行态势,黑产对抗手段现趋同化特征](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247581560&idx=3&sn=666f9de302fe77abfd92206a1d3acd45) - CNVD漏洞平台 - [CNVD漏洞周报2025年第30期](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247496213&idx=1&sn=4f18303591ad20120bf0bb77a60cf801) - [上周关注度较高的产品安全漏洞(20250804-20250810)](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247496213&idx=2&sn=51a77ac2248dc327d0b5184f5b7b1442) - 极客公园 - [当人们怀念 GPT-4o,他们在「怀念」什么?](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653084625&idx=1&sn=adc4b5c926f15c05e8a914b4658081b9) - [世界机器人大会:笨拙的今天,与狂奔的明天](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653084569&idx=1&sn=abf2497af0f50cdd370529ddc06a2cf2) - [马斯克:可能失去特斯拉控制权;何小鹏:听雷军劝,新 P7 做 24 小时耐力测试;传华为将发 AI 推理突破成果 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653084509&idx=1&sn=fc33cfa914ca654925f3808b045ca87a) - 迪哥讲事 - [H1上15000美元奖励的一个漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247498025&idx=1&sn=c6221ce014576cac8edd8a4db67ae347) - Over Security - Cybersecurity news aggregator - [North Korean Kimsuky hackers exposed in alleged data breach](https://www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/) - [Ransomware gang claims attack on St. Paul city government](https://therecord.media/ransomware-gang-behind-minnesota-attack) - [US government seized $1 million from Russian ransomware gang](https://techcrunch.com/2025/08/11/u-s-government-seized-1-million-from-russian-ransomware-gang/) - [Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs](https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/) - [Romance scam suspects extradited from Ghana, charged with more than $100 million in thefts](https://therecord.media/ghana-romance-scams-bec-suspects-extradited-us) - [Un invito Google Calendar bastava per prendere il controllo di Gemini](https://www.securityinfo.it/2025/08/11/un-invito-google-calendar-bastava-per-prendere-il-controllo-di-gemini/) - [Details emerge on WinRAR zero-day attacks that infected PCs with malware](https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/) - [GPT-5 Under Fire: Red Teaming OpenAI’s Latest Model Reveals Surprising Weaknesses | SplxAI Blog](https://splx.ai/blog/gpt-5-red-teaming-results) - [OpenAI is testing 3,000-per-week limit for GPT-5 Thinking](https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-testing-3-000-per-week-limit-for-gpt-5-thinking/) - [Microsoft tests cloud-based Windows 365 disaster recovery PCs](https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-cloud-based-windows-365-disaster-recovery-pcs/) - [Two groups exploit WinRAR flaws in separate cyber-espionage campaigns](https://therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers) - [The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks](https://www.bleepingcomputer.com/news/security/the-rise-of-native-phishing-microsoft-365-apps-abused-in-attacks/) - [Electronic Arts blocks more than 300,000 attempts to cheat after launching Battlefield 6 beta](https://techcrunch.com/2025/08/11/electronic-arts-blocks-more-than-300000-attempts-to-cheat-after-launching-battlefield-6-beta/) - [OneNote finally gets "paste text only" feature on Windows and Mac](https://www.bleepingcomputer.com/news/microsoft/onenote-finally-gets-paste-text-only-feature-on-windows-and-mac/) - [xAI is testing Grok 4.20 to take on GPT-5, may launch this month](https://www.bleepingcomputer.com/news/artificial-intelligence/xai-is-testing-grok-420-to-take-on-gpt-5-may-launch-this-month/) - [Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage](https://therecord.media/finland-charges-captain-russia-ghost-fleet-undersea-cable) - [MuddyWater’s DarkBit ransomware cracked for free data recovery](https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/) - [Formazione cyber evolutiva: le linee guida per costruire vera consapevolezza](https://www.cybersecurity360.it/cultura-cyber/formazione-cyber-evolutiva-le-linee-guida-per-costruire-vera-consapevolezza/) - [Wikipedia’s operator loses challenge to UK Online Safety Act rules](https://therecord.media/wikipedia-loses-challenge-online-safety-act-uk) - ['Chairmen' of $100 million scam operation extradited to US](https://www.bleepingcomputer.com/news/security/us-charges-ghanaians-linked-to-theft-of-100-million-in-romance-scams-bec-attacks/) - [The Week in Vulnerabilities: 717 New Cybersecurity Flaws Reported!](https://cyble.com/blog/cyble-vulnerability-intelligence/) - [Over 29,000 Exchange servers unpatched against high-severity flaw](https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/) - [Agenti Ai basati su modelli LLM: cresce la preoccupazione tra esperti di cyber](https://www.cybersecurity360.it/nuove-minacce/agenti-ai-basati-su-modelli-llm-cresce-la-preoccupazione-tra-esperti-di-cyber/) - [[eg0n] Il processo di “raccolta” degli IoC con un esempio](https://roccosicilia.com/2025/08/11/eg0n-il-processo-di-raccolta-degli-ioc-con-un-esempio/) - [Connex Credit Union data breach impacts 172,000 members](https://www.bleepingcomputer.com/news/security/connex-credit-union-discloses-data-breach-impacting-172-000-people/) - [Approccio Fair: cos’è e come condurre un’analisi dei rischi quantitativi](https://www.cybersecurity360.it/soluzioni-aziendali/approccio-fair-cose-e-come-condurre-unanalisi-dei-rischi-quantitativi/) - [Dora, i rischi dei fornitori terzi sono parte integrante di tutti i rischi Ict](https://www.cybersecurity360.it/legal/dora-i-rischi-dei-fornitori-terzi-sono-parte-integrante-di-tutti-i-rischi-ict/) - [CERT-AGID 2 – 8 agosto: rubati documenti d’identità a clienti di hotel italiani](https://www.securityinfo.it/2025/08/11/cert-agid-2-8-agosto-rubati-documenti-didentita-a-clienti-di-hotel-italiani/) - [Google Calendar invites let researchers hijack Gemini to leak user data](https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/) - [How to restore GPT-4o when you've GPT-5](https://www.bleepingcomputer.com/news/artificial-intelligence/how-to-restore-gpt-4o-when-youve-gpt-5/) - Securityinfo.it - [Un invito Google Calendar bastava per prendere il controllo di Gemini](https://www.securityinfo.it/2025/08/11/un-invito-google-calendar-bastava-per-prendere-il-controllo-di-gemini/?utm_source=rss&utm_medium=rss&utm_campaign=un-invito-google-calendar-bastava-per-prendere-il-controllo-di-gemini) - [CERT-AGID 2 – 8 agosto: rubati documenti d’identità a clienti di hotel italiani](https://www.securityinfo.it/2025/08/11/cert-agid-2-8-agosto-rubati-documenti-didentita-a-clienti-di-hotel-italiani/?utm_source=rss&utm_medium=rss&utm_campaign=cert-agid-2-8-agosto-rubati-documenti-didentita-a-clienti-di-hotel-italiani) - ICT Security Magazine - [Truffe educative AI e finti corsi online: come truffatori approfittano della corsa all’AI](https://www.ictsecuritymagazine.com/notizie/truffe-educative-ai/) - [Mercato nero delle credenziali: come gli hacker vendono account Disney+, Netflix e Prime Video rubati](https://www.ictsecuritymagazine.com/notizie/mercato-nero-delle-credenziali/) - [Network Segmentation: una strategia integrata per la sicurezza informatica moderna](https://www.ictsecuritymagazine.com/articoli/network-segmentation/) - Arturo Di Corinto - [Stampa Romana: continua mattanza giornalisti palestinesi, mobilitazione necessaria](https://dicorinto.it/associazionismo/stampa-romana-continua-mattanza-giornalisti-palestinesi-mobilitazione-necessaria/) - DEF CON Announcements! - [Thanks for a Fantastic DEF CON](https://defcon.org/html/defcon-33/dc-33-news.html#goodbye) - SANS Internet Storm Center, InfoCON: green - [ISC Stormcast For Monday, August 11th, 2025 https://isc.sans.edu/podcastdetail/9564, (Mon, Aug 11th)](https://isc.sans.edu/diary/rss/32188) - Schneier on Security - [Automatic License Plate Readers Are Coming to Schools](https://www.schneier.com/blog/archives/2025/08/automatic-license-plate-readers-are-coming-to-schools.html) - Cyber Division - [Intelligenza Artificiale e nuove modalità di attacco informatico](https://cyberdivision.net/2025/08/11/intelligenza-artificiale-e-nuove-modalita-di-attacco-informatico/) - The Hacker News - [New TETRA Radio Encryption Flaws Expose Law Enforcement Communications](https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html) - [Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls](https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html) - [⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More](https://thehackernews.com/2025/08/weekly-recap-badcam-attack-winrar-0-day.html) - [6 Lessons Learned: Focusing Security Where Business Value Lives](https://thehackernews.com/2025/08/6-lessons-learned-focusing-security.html) - [WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately](https://thehackernews.com/2025/08/winrar-zero-day-under-active.html) - Social Engineering - [How Do You Outlast a Social Circle Manipulator](https://www.reddit.com/r/SocialEngineering/comments/1mnd5iz/how_do_you_outlast_a_social_circle_manipulator/) - [What sort of specialist can i ask for advice on interpersonal situations?](https://www.reddit.com/r/SocialEngineering/comments/1mnsalz/what_sort_of_specialist_can_i_ask_for_advice_on/) - [I wish to gain the ability to change people's perception of me](https://www.reddit.com/r/SocialEngineering/comments/1mnn9jw/i_wish_to_gain_the_ability_to_change_peoples/) - Information Security - [What’s worse: malware or someone’s unapproved flash drive?](https://www.reddit.com/r/Information_Security/comments/1mnezbv/whats_worse_malware_or_someones_unapproved_flash/) - [Weekly Cybersecurity News Summary –11/08/2025](https://www.reddit.com/r/Information_Security/comments/1mnedqk/weekly_cybersecurity_news_summary_11082025/) - Security Affairs - [Chrome sandbox escape nets security researcher $250,000 reward](https://securityaffairs.com/181057/hacking/chrome-sandbox-escape-nets-security-researcher-250000-reward.html) - [Smart Buses flaws expose vehicles to tracking, control, and spying](https://securityaffairs.com/181045/hacking/smart-buses-flaws-expose-vehicles-to-tracking-control-and-spying.html) - [MedusaLocker ransomware group is looking for pentesters](https://securityaffairs.com/181033/hacking/medusalocker-ransomware-group-is-looking-for-pentesters.html) - Your Open Hacker Community - [How can I access the internet bypassing registration](https://www.reddit.com/r/HowToHack/comments/1mnmwi8/how_can_i_access_the_internet_bypassing/) - [Home lab setup questions](https://www.reddit.com/r/HowToHack/comments/1mn8kps/home_lab_setup_questions/) - [Anybody know free trusted ai like ChatGPT without restrictions that’s on tor and usable on mobile](https://www.reddit.com/r/HowToHack/comments/1mnlfvu/anybody_know_free_trusted_ai_like_chatgpt_without/) - [How to check is R@T i am installing is m@lware free or not](https://www.reddit.com/r/HowToHack/comments/1mnl9xa/how_to_check_is_rt_i_am_installing_is_mlware_free/) - [So, not hacking exactly, but does anyone know how to spoof your location on iPhone's location sharing? Like if I'm sharing my location with someone, I can make it look like I'm somewhere else?](https://www.reddit.com/r/HowToHack/comments/1mnf0lp/so_not_hacking_exactly_but_does_anyone_know_how/) - Technical Information Security Content & Discussion - [From Drone Strike to File Recovery: Outsmarting a Nation State](https://www.reddit.com/r/netsec/comments/1mnjml0/from_drone_strike_to_file_recovery_outsmarting_a/) - [Building an Autonomous AI Pentester: What Worked, What Didn’t, and Why It Matters](https://www.reddit.com/r/netsec/comments/1mnaugi/building_an_autonomous_ai_pentester_what_worked/) - [AI-Powered Code Security Reviews for DevSecOps with Claude](https://www.reddit.com/r/netsec/comments/1mn65eb/aipowered_code_security_reviews_for_devsecops/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [Fed up with your hacking methodology chaos? Built something to fix it.](https://www.reddit.com/r/netsecstudents/comments/1mnptwp/fed_up_with_your_hacking_methodology_chaos_built/) - [NetSec research you might like to know this week (August 4th - 10th 2025)](https://www.reddit.com/r/netsecstudents/comments/1mnc2ww/netsec_research_you_might_like_to_know_this_week/) - 安全419 - [ReliaQuest 2025数字风险报告:核心暴露与风险翻倍](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247549425&idx=1&sn=53e213c341020ed9054e5287e338ae83) - Security Weekly Podcast Network (Audio) - [ESW at BlackHat and the weekly enterprise security news - ESW #419](http://sites.libsyn.com/18678/esw-at-blackhat-and-the-weekly-enterprise-security-news-esw-419)