# 每日安全资讯(2025-12-24) - SecWiki News - [ ] [SecWiki News 2025-12-23 Review](http://www.sec-wiki.com/?2025-12-23) - Recent Commits to cve:main - [ ] [Update Tue Dec 23 11:35:16 UTC 2025](https://github.com/trickest/cve/commit/db1b1e5b811aabb4c247ebe218647da2f2b9d1e6) - Doonsec's feed - [ ] [短剧影视小程序平台juhecurl接口存在任意文件读取漏洞 附POC](https://mp.weixin.qq.com/s?__biz=MzIxMjEzMDkyMA==&mid=2247489749&idx=1&sn=a38c9a26fd76d97916149bed05f3d4a2) - [ ] [俄新型反卫星武器研发引关注,全球反太空力量评估报告聚焦太空威慑博弈](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451184412&idx=1&sn=5f737c49057eff34d84519b72e4ca319) - [ ] [三年之约已到](https://mp.weixin.qq.com/s?__biz=Mzk0NTY5Nzc1OA==&mid=2247484327&idx=1&sn=fe6d657aee9f3b1e8565d1c7e7dca16e) - [ ] [技术深析快手安全事件:为何大量违规直播“关不掉”?](https://mp.weixin.qq.com/s?__biz=MzIxNzA2NzY1Nw==&mid=2655267891&idx=1&sn=0c719e90f8dc6cb75e0e03d2756886ca) - [ ] [【资料】美军打算从俄乌战争中汲取哪些经验教训?](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651153376&idx=1&sn=1a85f86beede8bd45f27fbd5c938e387) - [ ] [某证书站绕过思路](https://mp.weixin.qq.com/s?__biz=MzE5OTA3OTk2Mw==&mid=2247483943&idx=1&sn=ba9079e93c4bb24c4f784319db9ef505) - [ ] [斯坦福:《超越DeepSeek:中国多元化的开放权重AI生态系统及其政策影响》](https://mp.weixin.qq.com/s?__biz=MzUzODYyMDIzNw==&mid=2247523073&idx=1&sn=186b793e0001aebd5986aa3c8efd17a4) - [ ] [快手事件时间线](https://mp.weixin.qq.com/s?__biz=Mzg4NzgyODEzNQ==&mid=2247490134&idx=1&sn=2c6044bbce6292c64a1ad576b2661186) - [ ] [【第五空间简史】第13节 第一个CERT的成立](https://mp.weixin.qq.com/s?__biz=Mzg2NTkwODU3Ng==&mid=2247515828&idx=1&sn=55c7e0216a4c8600c9bc734e3562a051) - [ ] [【第五空间简史】第14节 第一个CERT的成立](https://mp.weixin.qq.com/s?__biz=Mzg2NTkwODU3Ng==&mid=2247515828&idx=2&sn=c00da3ab59cf7fd2e42299656fb380a2) - [ ] [【已复现】| 帆软export/excel sql注入](https://mp.weixin.qq.com/s?__biz=MzUyNzk1NjA5MQ==&mid=2247484013&idx=1&sn=514d45521e2166d6f28f10eee4417bef) - [ ] [【周年纪念】极核安全二周年总结!](https://mp.weixin.qq.com/s?__biz=MzkyNjYwMjIxNA==&mid=2247483932&idx=1&sn=66b7f4906a78414e59b67674a822cb1d) - [ ] [中原证券AI大模型投顾助手公开招标](https://mp.weixin.qq.com/s?__biz=MzIxMDIwODM2MA==&mid=2653933312&idx=1&sn=7d536e40217fefec00a8e0f69423a4b8) - [ ] [重磅 | CertiK《2025 Skynet Hack3D Web3安全报告》(附报告全文链接)](https://mp.weixin.qq.com/s?__biz=MzU5OTg4MTIxMw==&mid=2247504921&idx=1&sn=a495b662e6dd2a9bae0928cdeaf50ee1) - [ ] [TA2101假冒政府向德国、意大利和美国进行网络攻击活动样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247494969&idx=1&sn=085bb2da18e132db526fcbbe45f41d42) - [ ] [XXL-JOB的SSRF漏洞详细分析记录](https://mp.weixin.qq.com/s?__biz=MzI4MjI2NDI1Ng==&mid=2247485606&idx=1&sn=dcd065c2f4d672d87bfbc460815ce20c) - [ ] [【AI安全】炸穿热搜!快手直播涉黄40 分钟失守](https://mp.weixin.qq.com/s?__biz=MzkxNzU2NDgxNQ==&mid=2247484466&idx=1&sn=11e95d561120110aef0b8f39a2ff1d21) - [ ] [每日课程更新](https://mp.weixin.qq.com/s?__biz=MzkwOTE5MDY5NA==&mid=2247508809&idx=1&sn=c6140194c1f27cf02c38a7c2dc41629f) - [ ] [AI-Vanguard:智能自动化安全测试平台](https://mp.weixin.qq.com/s?__biz=MzkxMDE5NTIyMA==&mid=2247485389&idx=1&sn=6cad8e44b8130dd636386daff5fbdbaa) - [ ] [“魔法”打败“魔法”!“快手事件”警示:全行业亟需升级AI防御](https://mp.weixin.qq.com/s?__biz=MjM5NTU4NjgzMg==&mid=2651449784&idx=1&sn=ac893bf78bce79127554618a803c4c6b) - [ ] [王小洪在全国公安科技工作会议上强调:深入实施科技兴警战略,全面提升公安机关新质战斗力](https://mp.weixin.qq.com/s?__biz=MjM5NTU4NjgzMg==&mid=2651449784&idx=2&sn=7880f88fef842824aefe34be0e0600e4) - [ ] [【AI安全】GPT-4也守不住了?这个“暴风雨”算法让AI防御秒变筛子!](https://mp.weixin.qq.com/s?__biz=MzkxNzU2NDgxNQ==&mid=2247484460&idx=1&sn=625d90ba600062806dbe41fd09289b26) - [ ] [一文搞懂前端加密和js逆向](https://mp.weixin.qq.com/s?__biz=MzkxNjU2NjM4NA==&mid=2247484221&idx=1&sn=85839a787573b3d89fb3b192e9b3344e) - [ ] [颠覆认知!AWS Security Agent 全生命周期深度解读](https://mp.weixin.qq.com/s?__biz=MzkxNzU2NDgxNQ==&mid=2247484454&idx=1&sn=04d17518753ecf0c8600f92f97eb953d) - [ ] [某视频平台网络安全事件记](https://mp.weixin.qq.com/s?__biz=MzI5MTIwOTQ5MA==&mid=2247489852&idx=1&sn=7f7e719c5c331850c97537ee95ae8903) - [ ] [三未信安与上海CA签署战略合作协议丨共筑数字信任底座,共赢商用密码未来!](https://mp.weixin.qq.com/s?__biz=MzA5ODk0ODM5Nw==&mid=2650333220&idx=1&sn=8b6ca929c20e35d206d3a3e564e27d19) - [ ] [【2025 SCUCTF网络安全新生赛】战果出炉!新星闪耀,安全未来由你守护!](https://mp.weixin.qq.com/s?__biz=MzUxNDk1ODUxMw==&mid=2247486992&idx=1&sn=cf7c98d2f1b464fbbd0eb49284a1f54d) - [ ] [免费工具手撕2025平航杯,服务器取证,全部题目解说](https://mp.weixin.qq.com/s?__biz=MzE5MTgwMzEyNQ==&mid=2247484070&idx=1&sn=769f481e0deeed6010fe626a0063691f) - [ ] [人工报告](https://mp.weixin.qq.com/s?__biz=MzkyNzIxMjM3Mg==&mid=2247491927&idx=1&sn=39cbc2c80a0316227acff4ab398831c6) - [ ] [【大话工控安全】工业控制系统行业知识:电力行业通信安全标准IEC62351(GB/T 25320)-PART3数字认证证书系统](https://mp.weixin.qq.com/s?__biz=MzI0MzM3NTQ5MA==&mid=2247485881&idx=1&sn=d3df3da1facfa6e67a50f08662ff2cdc) - [ ] [AI 安全治理,正在悄悄拉开企业之间的差距](https://mp.weixin.qq.com/s?__biz=MzkwMTM5MDUxMA==&mid=2247508602&idx=1&sn=c147f47ed3be063619e261c0f15144ec) - [ ] [让rust帮你制作ms16-135洞洞](https://mp.weixin.qq.com/s?__biz=Mzk0MTQxOTA3Ng==&mid=2247489778&idx=1&sn=652d5d068367f2865a6b55c48ade323a) - [ ] [业务防御的“下半场”:前置防御是破解“蝗虫式攻击”的必然选择](https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247502037&idx=1&sn=b3ca9f6fcf9a4e00d1a0434c462d14a9) - [ ] [当你的 AI 助手开始\"阳奉阴违\":一场你看不见的安全危机 —— 解读《AI Agent安全:架构、攻击面和防御》](https://mp.weixin.qq.com/s?__biz=MjM5ODY2MDAzMQ==&mid=2247484890&idx=1&sn=55f62a080493db56156c6fd04f3fdd79) - [ ] [快手1222大规模直播涉黄事件](https://mp.weixin.qq.com/s?__biz=MzU2NjgzMDM3Mg==&mid=2247494433&idx=1&sn=55bddd6f339b2ec1c1b10976be91e011) - [ ] [又双叒叕平薪来初创公司了,Title 是安全运营专家...](https://mp.weixin.qq.com/s?__biz=MzI5MjI4ODU4Nw==&mid=2247493071&idx=1&sn=5856b8630f4af30eaee84fa98241d03d) - [ ] [javaweb笔记2](https://mp.weixin.qq.com/s?__biz=MzkzODYzNzQ5MQ==&mid=2247486640&idx=1&sn=2b3e18ddd68d40f64a1d5665481b066e) - [ ] [【协会专享】学技术、探场景、促落地——数据要素产业应用加速营来了!](https://mp.weixin.qq.com/s?__biz=MzkwOTUyODE5Mg==&mid=2247486210&idx=1&sn=8db97af9d17fd9ab2843a48176e59442) - [ ] [【工具分享】一款音频|视频转文字工具,免安装 单机版](https://mp.weixin.qq.com/s?__biz=MzA3MzgwMzYyMA==&mid=2452890505&idx=1&sn=54d93f131280c9b5c39fcb0c32c5615b) - [ ] [【安全预警】泛微OA E-Cology WorkflowCenterTreeData SQL注入](https://mp.weixin.qq.com/s?__biz=Mzk0ODYwNjI1NA==&mid=2247484174&idx=1&sn=360704d5689f7681857ae3b0574bad85) - [ ] [专题·漏洞生态 | 推动漏洞治理从单点防御向生态协同演进](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=1&sn=8862eb8de14b179335cfc86281a76981) - [ ] [前沿 | 人工智能在电信行业安全应用的价值发挥——基于人工智能技术的数据分类分级及其应用实践分析](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=2&sn=91df6b7aec3686b6bc4bd60a9127f86d) - [ ] [专家解读 | 申卫星:以数据可信销毁实现责任闭环、流转信任与产业创新——解读《基于数据销毁车间的公共数据流通安全技术应用案例》](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=3&sn=e7e4e6f5fabfae167d63545711d80f08) - [ ] [观点 | 筑牢网络安全的法治防线](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=4&sn=cc2a54512a35b20c2fc1074774d82f5e) - [ ] [评论 | 别让公共Wi-Fi成为窃取数据的“盛宴”](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=5&sn=c5a84091185fe3c3bed44bbc7bb03cb1) - [ ] [继快手后 抖某可能要出事](https://mp.weixin.qq.com/s?__biz=Mzg2MTg4NTMzNw==&mid=2247484711&idx=1&sn=1d4a05551d56413b87dacfead7fa1053) - Private Feed for M09Ic - [ ] [mgeeky starred professor-moody/ludus_scorch](https://github.com/professor-moody/ludus_scorch) - [ ] [bolucat released 202512231939 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202512231939) - [ ] [kpcyrd contributed to kpcyrd/cargo-debstatus](https://github.com/kpcyrd/cargo-debstatus/pull/77) - [ ] [Ridter starred repplus/rep](https://github.com/repplus/rep) - [ ] [CHYbeta starred ARCANGEL0/EVA](https://github.com/ARCANGEL0/EVA) - [ ] [Mr-xn contributed to wgpsec/fofa_viewer](https://github.com/wgpsec/fofa_viewer/pull/168) - [ ] [goplus released v0.11.8 at goplus/llgo](https://github.com/goplus/llgo/releases/tag/v0.11.8) - [ ] [safedv starred klezVirus/ThreadPoolExecChain](https://github.com/klezVirus/ThreadPoolExecChain) - [ ] [Ridter starred klezVirus/Moonwalk--](https://github.com/klezVirus/Moonwalk--) - [ ] [huoji120 starred kokke/tiny-AES-c](https://github.com/kokke/tiny-AES-c) - [ ] [PrefectHQ released 3.6.8.dev2 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.8.dev2) - [ ] [gh0stkey starred sensepost/pipetap](https://github.com/sensepost/pipetap) - [ ] [veo starred asaurusrex/Silent_Chrome](https://github.com/asaurusrex/Silent_Chrome) - [ ] [esrrhs starred DayuanJiang/next-ai-draw-io](https://github.com/DayuanJiang/next-ai-draw-io) - [ ] [zema1 starred xaitax/Chrome-App-Bound-Encryption-Decryption](https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption) - [ ] [Rvn0xsy forked Rvn0xsy/arachne from MythicAgents/arachne](https://github.com/Rvn0xsy/arachne) - [ ] [FunnyWolf starred anthropics/skills](https://github.com/anthropics/skills) - [ ] [WAY29 starred byJoey/cfnew](https://github.com/byJoey/cfnew) - [ ] [pydantic released v1.38.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.38.0) - 安全客-有思想的安全新媒体 - [ ] [极智守护 驭见未来|第一届小米汽车守护活动圆满结束](https://www.anquanke.com/post/id/313963) - Tenable Blog - [ ] [The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure](https://www.tenable.com/blog/the-3-rule-how-to-silence-97-of-your-cloud-alerts-and-be-more-secure) - 奇安信攻防社区 - [ ] [信息搜集之边缘资产和隐形资产的发掘](https://forum.butian.net/share/4675) - Armin Ronacher's Thoughts and Writings - [ ] [Advent of Slop: A Guest Post by Claude](https://lucumr.pocoo.org/2025/12/23/advent-of-slop/) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [ ] [快手平台深夜遭黑灰产攻击,平台紧急修复并报警](https://www.4hou.com/posts/mkDE) - [ ] [新型UEFI漏洞曝光:技嘉、微星、华硕、华擎主板面临启动前攻击风险](https://www.4hou.com/posts/0MWV) - 美团技术团队 - [ ] [美团 LongCat-Video-Avatar 正式发布,实现开源 SOTA 级拟真表现](https://tech.meituan.com/2025/12/23/longcat-video-avatar.html) - LevelBlue Blog - [ ] [LevelBlue Predictions 2026: The Never Ending Story Evolving Threats and Adversary Tactics](https://levelblue.com/blogs/levelblue-blog/levelblue-predictions-2026-the-never-ending-story-evolving-threats-and-adversary-tactics/) - obaby@mars - [ ] [永夜](https://h4ck.org.cn/2025/12/22224) - CCC Event Blog - [ ] [39C3: Telefonie](https://events.ccc.de/2025/12/23/39c3-poc/) - Securelist - [ ] [Assessing SIEM effectiveness](https://securelist.com/siem-effectiveness-assessment/118560/) - [ ] [From cheats to exploits: Webrat spreading via GitHub](https://securelist.com/webrat-distributed-via-github/118555/) - Malware-Traffic-Analysis.net - Blog Entries - [ ] [2025-12-23: MacSync Stealer infection](https://www.malware-traffic-analysis.net/2025/12/23/index.html) - [ ] [2025-12-11: Kongtuke ClickFix activity using finger command](https://www.malware-traffic-analysis.net/2025/12/11/index2.html) - Malwarebytes - [ ] [Hacktivists claim near-total Spotify music scrape](https://www.malwarebytes.com/blog/news/2025/12/hacktivists-claim-near-total-spotify-music-scrape) - daniel.haxx.se - [ ] [A curl 2025 review](https://daniel.haxx.se/blog/2025/12/23/a-curl-2025-review/) - Wallarm - [ ] [From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security](https://lab.wallarm.com/how-wallarm-redefines-agentic-ai-security/) - Checkmarx - [ ] [Bringing IDE-Native AppSec to Kiro with Checkmarx One Assist](https://checkmarx.com/blog/bringing-ide-native-appsec-to-kiro-with-checkmarx-one-assist/) - 奇客Solidot–传递最新科技情报 - [ ] [大模型真的加快了程序员的编程速度?](https://www.solidot.org/story?sid=83134) - [ ] [网信办等发布《互联网平台价格行为规则》限制利用算法操纵价格](https://www.solidot.org/story?sid=83133) - [ ] [日本资助企业万亿日元开发国产 AI](https://www.solidot.org/story?sid=83132) - [ ] [两大中文暗网市场每月涉嫌洗钱 20 亿美元](https://www.solidot.org/story?sid=83131) - [ ] [皮肤和内脏使用不同的方式感知冷](https://www.solidot.org/story?sid=83130) - [ ] [Spotify 称反版权极端分子抓取了其音乐库](https://www.solidot.org/story?sid=83129) - [ ] [三星将为其冰箱集成 Google Gemini AI](https://www.solidot.org/story?sid=83128) - [ ] [微软计划到 2030 年用 Rust 代码替代所有 C 和 C++ 代码](https://www.solidot.org/story?sid=83127) - [ ] [记事本支持表格](https://www.solidot.org/story?sid=83126) - [ ] [EA 高管、《使命召唤》系列联合创始人 Vince Zampella 因车祸去世](https://www.solidot.org/story?sid=83125) - [ ] [韦伯望远镜发现流浪超大质量黑洞](https://www.solidot.org/story?sid=83124) - 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [CattoPic:基于Cloudflare的开源自托管图床](https://blog.upx8.com/4929) - HackerNews - [ ] [网络间谍伪装高级军官邀请函渗透俄罗斯国防工业](https://hackernews.cc/archives/62009) - [ ] [黑客攻击 WatchGuard Firebox 防火墙:12 万个 IP 地址暴露并处于高危状态](https://hackernews.cc/archives/62007) - [ ] [DDoS 攻击扰乱法国邮政与银行服务,圣诞前配送受阻](https://hackernews.cc/archives/62004) - [ ] [开源组织爬取 Spotify 8600 万首歌曲,平台回应:禁用相关账户](https://hackernews.cc/archives/62002) - [ ] [罗马尼亚国家水务机构遭 BitLocker 勒索软件攻击](https://hackernews.cc/archives/62000) - 安全分析与研究 - [ ] [TA2101假冒政府向德国、意大利和美国进行网络攻击活动样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247494969&idx=1&sn=085bb2da18e132db526fcbbe45f41d42) - 黑鸟 - [ ] [俄新型反卫星武器研发引关注,全球反太空力量评估报告聚焦太空威慑博弈](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451184412&idx=1&sn=5f737c49057eff34d84519b72e4ca319) - 代码卫士 - [ ] [Log4j 的安全盲点:TLS新漏洞可用于拦截敏感日志](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247524719&idx=1&sn=e66447dfb5cb6f92f28d1ed15a93d766) - [ ] [Red Hat服务器受陷,日产1.2万名客户数据遭泄露](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247524719&idx=2&sn=f5d89f84af3cc83b347bda7d39e298df) - 天黑说嘿话 - [ ] [EasyTools渗透测试工具箱V2.0.2更新(新增漏洞扫描功能,优化存在的诸多bug)](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247485863&idx=1&sn=a228a3989709b4114ebc2f1150ba7100) - 安全内参 - [ ] [国家水务部门遭勒索攻击:上千个系统遭破坏 IT全面瘫痪](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515369&idx=1&sn=02fcc1c278879ee214b4085f23bf45c0) - [ ] [快手直播间出现大量色情内容:官方紧急切断直播功能 称遭到黑灰产攻击](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515369&idx=2&sn=d05081217f9ec60a6dd57045a8578b5d) - 天御攻防实验室 - [ ] [美国网络司令部通过网络攻击瘫痪了委内瑞拉的关键基础设施](https://mp.weixin.qq.com/s?__biz=MzU0MzgyMzM2Nw==&mid=2247486640&idx=1&sn=045ac0efb08d44016266f45f87cbd75b) - 先进攻防 - [ ] [快手攻击事件技术假设复盘](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649908798&idx=1&sn=4c22bd97efb0ab61deb382ca5b26a5dd) - 奇安信 CERT - [ ] [【已复现】FreeBSD rtsold 远程命令注入漏洞(CVE-2025-14558)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504372&idx=1&sn=ec0ca2fb20e9061517a7d4a32162d553) - [ ] [【已复现】n8n 远程代码执行漏洞(CVE-2025-68613)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504372&idx=2&sn=59a1b1bff23e5eb7f44f8ac5c6c09d3d) - 威胁棱镜 - [ ] [从 Llama 3 的训练了解大规模 AI 基础设施的可靠性](https://mp.weixin.qq.com/s?__biz=MzkyMzE5ODExNQ==&mid=2247488141&idx=1&sn=2b86f6ef9f02eb20ecf233106656c7dc) - 安全圈 - [ ] [【安全圈】“黄播”涌入快手,平台网络安全体系缘何失控?](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073353&idx=1&sn=6a05fff41514f80e34f6421a9529e9bf) - [ ] [【安全圈】内鬼威胁:黑客重金收买企业内部人员绕过安全防护](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073353&idx=2&sn=a20b429385801bb3f92fcb4d3decaa52) - [ ] [【安全圈】银狐(Silver Fox)SEO 投毒活动与受害者 IP 分析](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073353&idx=3&sn=d0b39d50e5cd1a3aa74775acc1035c56) - [ ] [【安全圈】日产汽车确认因红帽服务器遭未授权访问导致数据泄露](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073353&idx=4&sn=ce91e795246ee50e3ccec29a01d0ba3c) - ChaMd5安全团队 - [ ] [HKCERT CTF 2025 Writeup by Mini-Venom](https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247514021&idx=1&sn=09c23efa451e92d4bff5670cfb649062) - 中国信息安全 - [ ] [专题·漏洞生态 | 推动漏洞治理从单点防御向生态协同演进](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=1&sn=8862eb8de14b179335cfc86281a76981) - [ ] [前沿 | 人工智能在电信行业安全应用的价值发挥——基于人工智能技术的数据分类分级及其应用实践分析](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=2&sn=91df6b7aec3686b6bc4bd60a9127f86d) - [ ] [专家解读 | 申卫星:以数据可信销毁实现责任闭环、流转信任与产业创新——解读《基于数据销毁车间的公共数据流通安全技术应用案例》](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=3&sn=e7e4e6f5fabfae167d63545711d80f08) - [ ] [观点 | 筑牢网络安全的法治防线](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=4&sn=cc2a54512a35b20c2fc1074774d82f5e) - [ ] [评论 | 别让公共Wi-Fi成为窃取数据的“盛宴”](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664256073&idx=5&sn=c5a84091185fe3c3bed44bbc7bb03cb1) - 嘶吼专业版 - [ ] [快手平台深夜遭黑灰产攻击,平台紧急修复并报警](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586042&idx=1&sn=562bc64fe315b0cade24101406eb5dc4) - [ ] [新型UEFI漏洞曝光:技嘉、微星、华硕、华擎主板面临启动前攻击风险](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586042&idx=2&sn=e4c71c7c6977a72cfa6ba1d0e49d8b0e) - 安全牛 - [ ] [旧手机旧电脑不敢处理?放心,国家新规来了!营销短信扰民,为何运营商不担责?司法判例厘清责任边界| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651139813&idx=1&sn=1396c526c9ef34e5b0d36333ef7dde0c) - [ ] [建议收藏!边缘网络安全的关键标准与合规要求](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651139813&idx=2&sn=124a77a6979b7ff29de5076aa560f0f7) - 数世咨询 - [ ] [《全球数据泄露态势月度报告》(2025年11月)](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541240&idx=1&sn=aa0a02613a6cb65d7cefb3857385d266) - [ ] [永信至诚发布「数字风洞」具身智能原生安全解决方案](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541240&idx=2&sn=bfd997ae9aa47b1517f5869527c704c0) - 火绒安全 - [ ] [紧急预警!仿冒火绒官网暗藏陷阱 请广大用户擦亮双眼谨防上当!](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247529337&idx=1&sn=9b4451945e6a1e6821ae5fa095526c73) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247529337&idx=2&sn=5a3e37dbe67c1c17fb4e0cb667418a57) - 极客公园 - [ ] [对科技圈,小红书是个「新绿洲」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653095409&idx=1&sn=df4a0fa8fe07835dbb5410b63431738c) - [ ] [MiniMax 港股 IPO 背后:被低估与被错读的中国大模型](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653095346&idx=1&sn=af97f8418672380e470257d830eb2fca) - [ ] [卢伟冰:小米 17Ultra 将涨价;传智元机器人今年销售破 10 亿;华为 nova15 系列发布,2699 起 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653095321&idx=1&sn=c9c25b2b8d119d011dddaddc8720d3e6) - 恒脑与AI - [ ] [快手深夜惊现 10 万人不雅直播!1.7 万僵尸号秒级霸屏,AI对抗时代已至](https://mp.weixin.qq.com/s?__biz=MzI1MDU5NjYwNg==&mid=2247497308&idx=1&sn=4aca475b770a5028547e298f979083a6) - 情报分析师 - [ ] [5大社交媒体情报调查技巧,揭秘隐藏账号真相](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650564686&idx=1&sn=f0cac65afb987b7cfe8dc815050296f2) - [ ] [2025年12·22我头部APP网络攻击事件深度分析](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650564686&idx=2&sn=28d569529a99547f8824f6962fc95dd5) - Beacon Tower Lab - [ ] [从快手平台“T0级网安事件”看网络黑灰产的现代战场](https://mp.weixin.qq.com/s?__biz=MzkyNzcxNTczNA==&mid=2247487972&idx=1&sn=4c5680d7b96110b9b6ff330a9143fd8c) - 表图 - [ ] [[译苑雅集 Vol. 5]可信 AI Agent 的工程路径:从可靠性到“有意义的自主性”](https://mp.weixin.qq.com/s?__biz=MzUzOTI4NDQ3NA==&mid=2247484924&idx=1&sn=859c0efe6ad0f6856332964653879548) - Over Security - Cybersecurity news aggregator - [ ] [US insurance giant Aflac says hackers stole personal and health data of 22.6 million people](https://techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-and-health-data-of-22-6-million-people/) - [ ] [More than 22 million Aflac customers impacted by June data breach](https://therecord.media/22-million-impacted-aflac-breach) - [ ] [WebRAT malware spread via fake vulnerability exploits on GitHub](https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/) - [ ] [Hackers stole over $2.7B in crypto in 2025, data shows](https://techcrunch.com/2025/12/23/hackers-stole-over-2-7-billion-in-crypto-in-2025-data-shows/) - [ ] [SEC sues crypto firms for defrauding investors out of $14 million](https://therecord.media/sec-sues-crypto-firms-defrauding-investors-14-million) - [ ] [US insurance giant Aflac says hackers stole personal and health data of 22.6 million](https://techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-data-of-22-6-million/) - [ ] [US disrupts multimillion-dollar bank account takeover operation targeting Americans](https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels) - [ ] [Vulnerabilità in GeoServer: un rischio sistemico per le infrastrutture critiche](https://www.cybersecurity360.it/news/vulnerabilita-critiche-in-geoserver-un-rischio-sistemico-per-le-infrastrutture-critiche/) - [ ] [France’s postal and banking services disrupted by suspected DDoS attack](https://techcrunch.com/2025/12/23/frances-postal-and-banking-services-disrupted-by-suspected-ddos-attack/) - [ ] [GhostPairing, l’attacco che sfrutta i dispositivi collegati per compromettere WhatsApp](https://www.cybersecurity360.it/news/ghostpairing-lattacco-che-sfrutta-i-dispositivi-collegati-per-compromettere-whatsapp/) - [ ] [RTO Scam Wave Continues: A Surge in Browser-Based e-Challan Phishing and Shared Fraud Infrastructure](https://cyble.com/blog/rto-scam-wave-continues/) - [ ] [Scegliere il framework di sicurezza, dal NIST alla ISO 27001: guida strategica per il CISO](https://www.cybersecurity360.it/soluzioni-aziendali/scegliere-il-framework-di-sicurezza-dal-nist-alla-iso-27001-guida-strategica-per-il-ciso/) - [ ] [Malicious extensions in Chrome Web store steal user credentials](https://www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/) - [ ] [Vulnerabilità critica in n8n. Rischio elevato per istanze esposte in rete](https://cert-agid.gov.it/news/vulnerabilita-critica-in-n8n-rischio-elevato-per-istanze-esposte-in-rete/) - [ ] [Microsoft Teams strengthens messaging security by default in January](https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-strengthens-messaging-security-by-default-in-january/) - [ ] [Anubis Ransomware: Inside the Mindset and Methods of a Modern Ransomware Group](https://www.suspectfile.com/anubis-ransomware-inside-the-mindset-and-methods-of-a-modern-ransomware-group/) - [ ] [The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge](https://cyble.com/blog/it-vulnerabilities-ics-record-week-new-flaws/) - [ ] [Cyberattack knocks offline France's postal, banking services](https://www.bleepingcomputer.com/news/security/cyberattack-knocks-offline-frances-postal-banking-services/) - [ ] [Assessing SIEM effectiveness](https://securelist.com/siem-effectiveness-assessment/118560/) - [ ] [Italy fines Apple $116 million over App Store privacy policy issues](https://www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/) - [ ] [Finta promozione Conad: come funziona la nuova campagna di Scam che sfrutta i punti fedeltà](https://www.d3lab.net/finta-promozione-conad-come-funziona-la-nuova-campagna-di-scam-che-sfrutta-i-punti-fedelta/) - [ ] [Baker University says 2024 data breach impacts 53,000 people](https://www.bleepingcomputer.com/news/security/baker-university-data-breach-impacts-over-53-000-individuals/) - [ ] [Kaspersky: così funziona il mercato del lavoro nel dark web](https://www.securityinfo.it/2025/12/23/kaspersky-cosi-funziona-il-mercato-del-lavoro-nel-dark-web/) - [ ] [Sextortion e responsabilità delle piattaforme: quando il danno diventa prevedibile](https://www.cybersecurity360.it/news/sextortion-e-responsabilita-delle-piattaforme-quando-il-danno-diventa-prevedibile/) - [ ] [La necessaria revisione periodica delle misure di sicurezza di base per la conformità alla NIS 2](https://www.cybersecurity360.it/legal/la-necessaria-revisione-periodica-delle-misure-di-sicurezza-di-base-per-la-conformita-alla-nis-2/) - [ ] [From cheats to exploits: Webrat spreading via GitHub](https://securelist.com/webrat-distributed-via-github/118555/) - 迪哥讲事 - [ ] [如何发现domxss](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247498837&idx=1&sn=8b71e81122bcbca977e53d71ddd51838) - Securityinfo.it - [ ] [Kaspersky: così funziona il mercato del lavoro nel dark web](https://www.securityinfo.it/2025/12/23/kaspersky-cosi-funziona-il-mercato-del-lavoro-nel-dark-web/?utm_source=rss&utm_medium=rss&utm_campaign=kaspersky-cosi-funziona-il-mercato-del-lavoro-nel-dark-web) - 国家互联网应急中心CNCERT - [ ] [CNVD漏洞周报2025年第49期](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247500972&idx=1&sn=e4d505e64f71c2c946b8c816f028d384) - D3Lab - [ ] [Finta promozione Conad: come funziona la nuova campagna di Scam che sfrutta i punti fedeltà](https://www.d3lab.net/finta-promozione-conad-come-funziona-la-nuova-campagna-di-scam-che-sfrutta-i-punti-fedelta/) - 看雪学苑 - [ ] [APP sign参数逆向分析](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458605951&idx=1&sn=ae36d35979e942d7e12742ad3994f4af) - [ ] [黑客利用ClickFix新手法,图像藏毒窃取用户信息](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458605951&idx=2&sn=f6ff04ecfee225f9f004f2b495897d64) - [ ] [【非虫新课】阶段二:安卓软件开发与逆向分析(工具篇)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458605951&idx=3&sn=33ebc7d132c1c1f9c34a891c24ad8191) - Schneier on Security - [ ] [Denmark Accuses Russia of Conducting Two Cyberattacks](https://www.schneier.com/blog/archives/2025/12/denmark-accuses-russia-of-conducting-two-cyberattacks.html) - Full Disclosure - [ ] [Defense in depth -- the Microsoft way (part 94): SAFER (SRPv1 and AppLocker alias SRPv2) bypass for dummies](https://seclists.org/fulldisclosure/2025/Dec/29) - [ ] [Backdoor.Win32.ControlTotal.t / Insecure Credential Storage / MVID-2025-0702](https://seclists.org/fulldisclosure/2025/Dec/28) - [ ] [HEUR.Backdoor.Win32.Poison.gen / Arbitrary Code Execution / MVID-2025-0701](https://seclists.org/fulldisclosure/2025/Dec/27) - Instapaper: Unread - [ ] [Kaspersky così funziona il mercato del lavoro nel dark web](https://www.securityinfo.it/2025/12/23/kaspersky-cosi-funziona-il-mercato-del-lavoro-nel-dark-web/) - [ ] [Corea del Nord, 2025 da record per gli hacker di Stato. Sottratti asset digitali per 3,4 miliardi di dollari](https://www.cybersecitalia.it/corea-del-nord-2025-da-record-per-gli-hacker-di-stato-sottratti-asset-digitali-per-34-miliardi-di-dollari/57116/) - [ ] [World’s largest shadow library made a 300TB copy of Spotify’s most streamed songs](https://arstechnica.com/tech-policy/2025/12/worlds-largest-shadow-library-brags-it-scraped-300tb-of-spotify-music-metadata/) - [ ] [Interpol-led action decrypts 6 ransomware strains, arrests hundreds](https://www.bleepingcomputer.com/news/security/interpol-led-action-decrypts-6-ransomware-strains-arrests-hundreds/) - [ ] [Judge rules that NSO cannot continue to install spyware via WhatsApp pending appeal](https://therecord.media/judge-rules-nso-cannot-continue-whatsapp-spyware) - [ ] [Is your iPhone missing This genius camera trick helps you find it - fast](https://www.zdnet.com/article/find-lost-iphone-with-text-shortcut/) - [ ] [Comprehensive Ways to Fix iPhone Stuck on Restore Screen [Update]](https://idevicecentral.com/apple/comprehensive-ways-to-fix-iphone-stuck-on-restore-screen-update/) - NetSPI - [ ] [Securing Web Applications: The Importance of OWASP Top 10 in Pentesting](https://www.netspi.com/blog/executive-blog/application-pentesting/securing-web-applications-the-importance-of-owasp-top-10-in-pentesting/) - The Hacker News - [ ] [Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites](https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html) - [ ] [INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty](https://thehackernews.com/2025/12/interpol-arrests-574-in-africa.html) - [ ] [Passwd: A walkthrough of the Google Workspace Password Manager](https://thehackernews.com/2025/12/passwd-walkthrough-of-google-workspace.html) - [ ] [U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme](https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html) - [ ] [Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances](https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html) - [ ] [FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks](https://thehackernews.com/2025/12/fcc-bans-foreign-made-drones-and-key.html) - Security Affairs - [ ] [Red Hat GitLab breach exposes data of 21,000 Nissan customers](https://securityaffairs.com/186048/data-breach/red-hat-gitlab-breach-exposes-data-of-21000-nissan-customers.html) - [ ] [Critical n8n flaw could enable arbitrary code execution](https://securityaffairs.com/186036/hacking/critical-n8n-flaw-could-enable-arbitrary-code-execution.html) - [ ] [Why Third-Party Access Remains the Weak Link in Supply Chain Security](https://securityaffairs.com/186026/security/why-third-party-access-remains-the-weak-link-in-supply-chain-security.html) - [ ] [U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/186021/security/u-s-cisa-adds-a-flaw-in-digiever-ds-2105-pro-to-its-known-exploited-vulnerabilities-catalog.html) - Deeplinks - [ ] [How to Sustain Privacy & Free Speech](https://www.eff.org/deeplinks/2025/12/how-sustain-privacy-free-speech) - [ ] [AI Police Reports: Year In Review](https://www.eff.org/deeplinks/2025/12/ai-police-reports-year-review) - [ ] [The Fight Against Presidential Targeting of Law Firms: 2025 in Review](https://www.eff.org/deeplinks/2025/12/fight-against-presidential-targeting-law-firms-2025-review) - [ ] [2025 in Review](https://www.eff.org/deeplinks/2025/12/2025-review) - The Register - Security - [ ] [ServiceNow opens $7.7B ticket titled 'Buy security company, make it Armis'](https://go.theregister.com/feed/www.theregister.com/2025/12/23/servicenow_to_buy_armis_in/) - [ ] [21K Nissan customers' data stolen in Red Hat raid](https://go.theregister.com/feed/www.theregister.com/2025/12/23/21k_nissan_customers_data_stolen/) - [ ] [Microsoft rushes an out-of-band update for Message Queuing bug](https://go.theregister.com/feed/www.theregister.com/2025/12/23/microsoft_fixes_message_queuing_issue/) - TorrentFreak - [ ] [French Torrent Giant YggTorrent Faces User Revolt after Introducing Paid ‘Turbo Mode’](https://torrentfreak.com/french-torrent-giant-yggtorrent-faces-user-revolt-after-introducing-paid-turbo-mode/) - Dark Space Blogspot - [ ] [Furti Nelle Abitazioni? Tecniche Usate Dai Ladri e Come Difendersi](http://darkwhite666.blogspot.com/2025/12/furti-nelle-abitazioni-tecniche-usate.html) - Security Weekly Podcast Network (Audio) - [ ] [Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540](http://sites.libsyn.com/18678/holiday-special-part-1-youre-gonna-click-the-link-rob-allen-swn-540) - [ ] [Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362](http://sites.libsyn.com/18678/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362)
每日安全资讯(2025-12-24)