# 每日安全资讯(2026-05-19) - SecWiki News - [ ] [SecWiki News 2026-05-18 Review](http://www.sec-wiki.com/?2026-05-18) - Doonsec's feed - [ ] [终于!我的公众号也有‘账号检测’功能了!](https://mp.weixin.qq.com/s/WeXf4DOzQeXa_fcTtRdZPw) - [ ] [XS语言:2.9MB 单二进制集成全套开发工具链](https://mp.weixin.qq.com/s/4ywK9whNQWO6sCo0jSFBFw) - [ ] [【文末抽奖】21天跑通海外SRC漏洞挖掘闭环!海外漏洞赏金猎人共学营等你来战~](https://mp.weixin.qq.com/s/vX7Y9OkDp3qTkBah8cWDag) - [ ] [基础模型公司下场做实施,中转站也不能只卖 token](https://mp.weixin.qq.com/s/ZJk-UaraxA6YxhJPTGSsug) - [ ] [槐树下的热汤与屏幕前的坚守:一个网安老兵的《渡尘寰》感悟](https://mp.weixin.qq.com/s/oQZW0jkGQRBOTwEXAAPUwg) - [ ] [陨落的上帝货币](https://mp.weixin.qq.com/s/ML9XSbp1MwgGEhviaISSpw) - [ ] [别迷信模型了:Cisco开源Foundry Security Spec,用8个Agent角色+11条铁律告诉你——AI安全测试的核心不是模型,是模型周围的验证闭环](https://mp.weixin.qq.com/s/dOb69l3BpslUWcieh7vlYQ) - [ ] [聊真东西的地方,今天终于敢开门了](https://mp.weixin.qq.com/s/V11z7c7E5LrCcC6l0JR1Fw) - [ ] [崩溃后的重生-用概率博胜率](https://mp.weixin.qq.com/s/ZD1KT8x7Nn0ecONQqqIIZw) - [ ] [快看!2026年第十四届ICPC陕西省大学生程序设计竞赛](https://mp.weixin.qq.com/s/XDQLRm40XCe4RMq8_4ZukA) - [ ] [邮件钓鱼免杀完全指南(2026 实战版)· 四、VHD/ISO 武器化免杀](https://mp.weixin.qq.com/s/LP1ICYkOn4Ut-QFKSAeFJQ) - [ ] [HVV护网行动:域名信息搜集](https://mp.weixin.qq.com/s/nBhmsBoOAbJM-WjrGIxHjw) - [ ] [东胜物流软件CrmProxyMailListGridSource.aspx接口存在SQL注入漏洞 附POC](https://mp.weixin.qq.com/s/mpjz1CQ5daPOfSgFkSzJUw) - [ ] [Ai逆向工程-从零开始通过创建自己喜欢的东西来提升自己的技术能力。](https://mp.weixin.qq.com/s/7un-0Dz8rnC1WcM-VMoOXA) - [ ] [MCP协议的安全攻防:当AI Agent编排150+工具时,攻击面不再是代码而是元数据](https://mp.weixin.qq.com/s/E8Df1P31_puTiOQKgMQZxQ) - [ ] [谷歌突然“偷跑”!Gemini 3.2 Flash炸场:2200行代码一镜到底,AI三巨头彻底坐不住](https://mp.weixin.qq.com/s/QhvxZtDdXSBMiT7Jhz82gw) - [ ] [什么是IPSG?](https://mp.weixin.qq.com/s/Uac8MOUMN7S9oNA_OTBfbA) - [ ] [三大运营商可以冲Token了!用AI就像交话费](https://mp.weixin.qq.com/s/jgQpeKYYOHyB5UOzqySwPw) - [ ] [Linus点名AI漏洞报告!Linux安全列表已被挤爆](https://mp.weixin.qq.com/s/hADw9UEwBED_oGvooDT3mw) - [ ] [CVE-2026-34621:Adobe Acrobat 2026 原型污染和 JS 注入链 — 研究 PoC](https://mp.weixin.qq.com/s/u6d6fAUs_qncuAnW97-qug) - [ ] [安全警报 | 勒索未果!黑客威胁泄露常州姚力电子科技数据,企业数据安全再敲警钟](https://mp.weixin.qq.com/s/w9-P1bqJqbHW3wtpxyc6tQ) - [ ] [上邦 电子文档安全管理系统 skins 任意文件读取漏洞](https://mp.weixin.qq.com/s/fssaYRWZnW5kJrw0kvJnvQ) - [ ] [专家证实,Fast16恶意软件曾破坏核武器试验,很可能发生在伊朗【机翻】](https://mp.weixin.qq.com/s/FA9Kp-aETxgzfKUtWaeJow) - [ ] [扎心真相 | 为什么国内的安全公司难出真创新?](https://mp.weixin.qq.com/s/viTYYbtWd2oLV8JOT5k9xA) - [ ] [大白哥红队课第9期,报名就送1个亿token](https://mp.weixin.qq.com/s/TVbNmyjh7CXzNnLRgChfLQ) - [ ] [DoublePulsar:Crystal Palace 与 Tradecraft Garden 时代的用户自定义反射加载器](https://mp.weixin.qq.com/s/dQDFrouR3t9DH6I8vR8xEg) - [ ] [为什么信任你的漏洞扫描器是个坏主意](https://mp.weixin.qq.com/s/YchTiKWTdScwT3TFTQLRIw) - [ ] [等保测评“高风险判定实施指引”神器:高风险判定实施指引桌面客户端来了!](https://mp.weixin.qq.com/s/Gb5badrDpHR-FJlZ3LqTxw) - [ ] [好家伙,伊朗为霍尔木斯海峡创建了一个账号](https://mp.weixin.qq.com/s/gywEfUz_knAmbRO_Jz9JlA) - [ ] [本地离线语音转文字与翻译工具](https://mp.weixin.qq.com/s/NWfiUolxJvw4Mbchp0tIAQ) - [ ] [行业首发!硬核临检神器严打无人机飞控破解!](https://mp.weixin.qq.com/s/m8L0cKvX3HnY9gRUpoWA-Q) - [ ] [原创 | ShadowScan 安全扫描器v1.0.1更新](https://mp.weixin.qq.com/s/-z9LkP752HHL1WAEDJ9dLw) - [ ] [论文研读与思考|从 Web 应用中提取数据库访问控制策略](https://mp.weixin.qq.com/s/U4G6nPSU910uPZOF8PO8og) - [ ] [记录一次逆向实战](https://mp.weixin.qq.com/s/7bWoWh6Fwj-HNeMnYKu6LQ) - [ ] [2025年全球DDoS攻击态势分析报告解读](https://mp.weixin.qq.com/s/vboBni6wSSv7im87vYvUeA) - [ ] [智护数字生命线,AI赋能云网安|华为亮相2026年世界电信日厦门论坛赋能数字发展](https://mp.weixin.qq.com/s/-fRiX496uerWlPIS2026DA) - [ ] [Windows“MiniPlasma”新零日漏洞让攻击者获得系统访问权限——概念验证已发布](https://mp.weixin.qq.com/s/tRfaJzYeOKfIXdOXTbQsTQ) - [ ] [Patch免杀工具更新!!!](https://mp.weixin.qq.com/s/fMLvmIgbsJWcPwD2pUBtzw) - [ ] [美国网络安全和基础设施安全局 (CISA) 警告:微软 Exchange 服务器漏洞已被攻击者利用](https://mp.weixin.qq.com/s/grRRPmFUY6TLDIWEHeJdaA) - [ ] [【安全圈】AI 假图“仅退款”成风:商家叫苦不迭,国家反诈中心“AI 鉴定师”进入实战阶段](https://mp.weixin.qq.com/s/DQ85wnQys3V08f_PJIQKPA) - [ ] [【安全圈】针对电话诈骗 谷歌要推新识别功能了](https://mp.weixin.qq.com/s/rO_5jm5QmJo8GzeDuJaU8g) - [ ] [【安全圈】警惕 AI 造谣传谣!“张家界大峡谷玻璃桥断裂垮塌”视频系伪造](https://mp.weixin.qq.com/s/jJfW6Rrcdfz6-uPT7aHwTQ) - [ ] [🔥 净网2026大捷!你的信息可能正被倒卖…](https://mp.weixin.qq.com/s/20_pa0qrrUTtemmQ2OsBOA) - [ ] [360数字安全集团与泰达数科达成战略合作 共筑AI创新与数字安全新生态](https://mp.weixin.qq.com/s/0-c6cLeka0iJvDwj-N5jOQ) - [ ] [奇安信Qcodexa0Agents重磅升级,正式解锁操作系统级漏洞挖掘能力](https://mp.weixin.qq.com/s/v1WWoUTBqfePcajNAUqQeg) - [ ] [奇安信受邀出席西城区民营经济高质量发展推进会](https://mp.weixin.qq.com/s/RRLoDA67kf7ncxYntgapGg) - [ ] [这是什么鱼啊?](https://mp.weixin.qq.com/s/16VJjlwMdzX1AWCJ576jvw) - [ ] [Linux常用命令大全](https://mp.weixin.qq.com/s/xlBy93Q2iFKIVHVp38uxIQ) - [ ] [【漏洞通告】Linux Kernel ptrace 权限提升漏洞](https://mp.weixin.qq.com/s/x97x810gB4_vgAjnpQkKkg) - [ ] [全球「共享充电宝第一股」黯然退市!淘宝、小米被套牢,王校长终于不用吃翔了](https://mp.weixin.qq.com/s/g6_rkp_bgbtwJpeQtIJyQg) - [ ] [汽车网络安全之 AUTOSAR - SHE 密钥更新](https://mp.weixin.qq.com/s/1NnryxkMgU9X5xMZI4-BNg) - [ ] [定制沙龙 | 走进车企 | 培训 | 媒体 | 产业研报——谈思汽车一站式产业服务手册](https://mp.weixin.qq.com/s/VW-L8bVb4LGac8A40p8RZA) - [ ] [TC260-TR-004-2026《工业具身智能安全标准化研究》](https://mp.weixin.qq.com/s/ohmbFdBmGr_0DoqjIlvElQ) - [ ] [浙江大学:具身智能安全治理](https://mp.weixin.qq.com/s/wq2HkM5HpGXRu0PNAXgHDg) - [ ] [中科院:智能算法安全:内涵、科学问题与展望](https://mp.weixin.qq.com/s/rZ8fKDnX44cXdBZVOevvUw) - [ ] [CCSP更新丨CCSP考试大纲将于2026年8月1日更新](https://mp.weixin.qq.com/s/e_uvtS3EcR6a4U2sS0n8kA) - [ ] [送了二十万单外卖,却送不来一单\"回本\"](https://mp.weixin.qq.com/s/5FuVOCsrMvMSgmib4Wsu-g) - [ ] [UI可爱又能打:给Hermes Agent套个Web壳部署实录](https://mp.weixin.qq.com/s/80PHnm4TJ8AsivVxYG1erw) - [ ] [精品产品 | 捷普WEB应用防火墙系统](https://mp.weixin.qq.com/s/nh2D-Fpngy9AUaxTGIeS7A) - [ ] [精品产品 | 捷普WEB应用漏洞扫描系统](https://mp.weixin.qq.com/s/Qpo3OshWc19dGjQoDgib_A) - [ ] [精品产品 | 捷普漏洞扫描系统](https://mp.weixin.qq.com/s/OnStDyH9PmjXabAKkE9mig) - [ ] [精品产品 | 捷普日志审计分析系统](https://mp.weixin.qq.com/s/Nvoqkpa4kqF8heAekdZUjQ) - [ ] [精品产品 | 捷普信息审计系统](https://mp.weixin.qq.com/s/11a2i3hpaANFlxWRZ5zajQ) - [ ] [AI Native知识普惠工程(三):AI编排能力分享,带你从 Prompt 走向 Workflow](https://mp.weixin.qq.com/s/ALypELtEdFXR3uYw9dFRkg) - [ ] [AI 渗透测试背后的 Cairn](https://mp.weixin.qq.com/s/Z-R8KRdPbzA9kGERSLBUXQ) - [ ] [AI安全案例分析:Prompts Become Shells —— 从提示词注入到AI Agent远程代码执行(RCE)](https://mp.weixin.qq.com/s/bCtX2GiVm_sPVVnoc-hpfQ) - [ ] [华青融天入选嘶吼 2026 网络安全产业图谱,安全运营实力再获权威产业研究机构认可](https://mp.weixin.qq.com/s/WXz2K5BaVcSmCWAmEt487w) - [ ] [CNVD漏洞周报2026年第19期](https://mp.weixin.qq.com/s/xCOHPjPHnf3Dvy6V3gUDCg) - [ ] [上周关注度较高的产品安全漏洞(20260511-20260517)](https://mp.weixin.qq.com/s/Po35jvbH6lGfLRzwzcuH2w) - [ ] [网安周报|一周全球网安重大事件速览(5.11—5.17)](https://mp.weixin.qq.com/s/kZE862H5kGyfIbSdYOMf8w) - [ ] [IPv6网络地址管理和防探测技术](https://mp.weixin.qq.com/s/2NbYgqepLDAVK03CTlEmSw) - [ ] [四项金融行业标准获批发布](https://mp.weixin.qq.com/s/1SKv7D2V9DYDRMBt2EXrOw) - [ ] [【AI代码审计工具】ai自动代码审计平台](https://mp.weixin.qq.com/s/puVQIimyvKQsTrJA3eJCeg) - [ ] [每日一段子](https://mp.weixin.qq.com/s/cYqCudb6I100ew47UVf1vw) - [ ] [开始起飞](https://mp.weixin.qq.com/s/YzBscJ04Xtos48r7ckFs3A) - [ ] [一图读懂 | 公共安全行业标准GA/T 1390.8—2025 《信息安全技术 网络安全等级保护基本要求 第8部分:IPv6网络安全扩展要求》](https://mp.weixin.qq.com/s/Gy9GhbTLAGxqY3hekKBH9w) - [ ] [从零信任到“零信任+”:网络安全范式的演进与创新](https://mp.weixin.qq.com/s/yK9vvcxP-RqtRP180Qz0SA) - [ ] [东北师范大学携手绿盟科技 共筑产学研深度融合示范高地](https://mp.weixin.qq.com/s/QMrDB0DoexSET5tzj3gJtw) - [ ] [第144期 | GPTSecurity周报](https://mp.weixin.qq.com/s/u-fQgEMhPWxAtw_cik5Zlg) - Microsoft Security Blog - [ ] [How Storm-2949 turned a compromised identity into a cloud-wide breach](https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/) - [ ] [How to better protect your growing business in an AI-powered world](https://www.microsoft.com/en-us/security/blog/2026/05/18/how-to-better-protect-your-growing-business-in-an-ai-powered-world/) - 安全客-有思想的安全新媒体 - [ ] [当攻击开始“自主决策”,安全体系如何应战?](https://www.anquanke.com/post/id/315518) - Recent Commits to cve:main - [ ] [Update Mon May 18 11:32:50 UTC 2026](https://github.com/trickest/cve/commit/923972c8a78023694889f67fdc78b1bd8ff35a4c) - ElcomSoft blog - [ ] [YellowKey: An Unexpected Backdoor into BitLocker, and Why You Should Be Paying Attention](https://blog.elcomsoft.com/2026/05/yellowkey-an-unexpected-backdoor-into-bitlocker-and-why-you-should-be-paying-attention/) - Sucuri Blog - [ ] [What to Do When a Third-Party Data Breach Puts Your Website at Risk](https://blog.sucuri.net/2026/05/what-to-do-when-a-third-party-data-breach-puts-your-website-at-risk.html) - Private Feed for M09Ic - [ ] [kpcyrd contributed to kpcyrd/debian-repro-status](https://github.com/kpcyrd/debian-repro-status/pull/28) - [ ] [bolucat released 202605182152 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202605182152) - [ ] [kpcyrd contributed to kpcyrd/rebuilderd](https://github.com/kpcyrd/rebuilderd/pull/238) - [ ] [mgeeky starred iamsopotatoe-coder/TinyLoad](https://github.com/iamsopotatoe-coder/TinyLoad) - [ ] [Teach2Breach forked Teach2Breach/ATO-Via-Password-Reset from wadgamaraldeen/ATO-Via-Password-Reset](https://github.com/Teach2Breach/ATO-Via-Password-Reset) - [ ] [Teach2Breach starred wadgamaraldeen/ATO-Via-Password-Reset](https://github.com/wadgamaraldeen/ATO-Via-Password-Reset) - [ ] [kpcyrd contributed to kpcyrd/repro-threshold](https://github.com/kpcyrd/repro-threshold/pull/6) - [ ] [mgeeky starred scrt/KexecDDPlus](https://github.com/scrt/KexecDDPlus) - [ ] [gh0stkey starred Zoo-Code-Org/Zoo-Code](https://github.com/Zoo-Code-Org/Zoo-Code) - [ ] [0xbug starred HacktronAI/skills](https://github.com/HacktronAI/skills) - [ ] [future-architect released v0.39.1 at future-architect/vuls](https://github.com/future-architect/vuls/releases/tag/v0.39.1) - [ ] [PrefectHQ released 3.7.2.dev1 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.2.dev1) - [ ] [Ridter forked Ridter/CVE-2026-46333 from 0xBlackash/CVE-2026-46333](https://github.com/Ridter/CVE-2026-46333) - [ ] [Ridter starred 0xBlackash/CVE-2026-46333](https://github.com/0xBlackash/CVE-2026-46333) - [ ] [liamg contributed to infracost/lsp](https://github.com/infracost/lsp/pull/44) - [ ] [liamg contributed to infracost/cli](https://github.com/infracost/cli/pull/94) - [ ] [lz520520 starred orinimron123/CVE-2026-40369-EXPLOIT](https://github.com/orinimron123/CVE-2026-40369-EXPLOIT) - [ ] [panjf2000 starred msitarzewski/agency-agents](https://github.com/msitarzewski/agency-agents) - [ ] [gh0stkey starred waybarrios/vllm-mlx](https://github.com/waybarrios/vllm-mlx) - [ ] [whwlsfb starred aprillz/MewUI](https://github.com/aprillz/MewUI) - [ ] [Rvn0xsy starred anthropics/financial-services](https://github.com/anthropics/financial-services) - [ ] [CHYbeta starred deusyu/harness-engineering](https://github.com/deusyu/harness-engineering) - [ ] [WAY29 starred Evol-ai/SkillCompass](https://github.com/Evol-ai/SkillCompass) - gynvael.coldwind//vx.log (en) - [ ] [Practical Deep Dive into Kubernetes Security (Workshop)](https://gynvael.coldwind.pl/?id=807) - obaby 𝐢𝐧⃝ void - [ ] [闺蜜圈 [v 5.1.88]](https://zhongxiaojie.cn/2026/05/1275/) - Horizon3.ai - [ ] [From Point-in-Time Testing to Continuous Security Validation](https://horizon3.ai/customer-story/continuous-security-validation-public-sector/) - [ ] [Strengthen Supply Chain Security for CMMC](https://horizon3.ai/downloads/whitepapers/strengthen-supply-chain-security-cmmc/) - [ ] [You’re Only as Secure as Your Last Evaluation](https://horizon3.ai/intelligence/blogs/cmmc-supply-chain-risk-validation/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [ICMP Walkthrough — OffSec Lab (Privilege Escalation via hping3)](https://infosecwriteups.com/icmp-walkthrough-offsec-lab-privilege-escalation-via-hping3-50ebb4589cae?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Broken Authentication: How Attackers Gain Unauthorized Access to Your Application.](https://infosecwriteups.com/broken-authentication-how-attackers-gain-unauthorized-access-to-your-application-88f7e72439db?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [The Trojan PR: Achieving Code Execution in GitHub Actions via Pipeline Poisoning](https://infosecwriteups.com/the-trojan-pr-achieving-code-execution-in-github-actions-via-pipeline-poisoning-a3494bde3f70?source=rss----7b722bfd1b8d--bug_bounty) - Securelist - [ ] [IT threat evolution in Q1 2026. Mobile statistics](https://securelist.com/malware-report-q1-2026-mobile-statistics/119819/) - [ ] [IT threat evolution in Q1 2026. Non-mobile statistics](https://securelist.com/malware-report-q1-2026-pc-iot-statistics/119828/) - SentinelOne - [ ] [SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain](https://www.sentinelone.com/blog/shub-reaper-macos-stealer-spoofs-apple-google-and-microsoft-in-a-single-attack-chain/) - [ ] [Breaking the Black Box: A Case Study in Red-Teaming a Government Education AI](https://www.sentinelone.com/blog/red-teaming-a-government-edubot/) - Malwarebytes - [ ] [Microsoft is changing Edge’s plaintext password behavior](https://www.malwarebytes.com/blog/news/2026/05/microsoft-is-changing-edges-plaintext-password-behavior) - [ ] [A week in security (May 11 – May 17)](https://www.malwarebytes.com/blog/news/2026/05/a-week-in-security-may-11-may-17-2) - [ ] [AI is distorting the Holocaust (Lock and Code S07E10)](https://www.malwarebytes.com/blog/podcast/2026/05/ai-is-distorting-the-holocaust-lock-and-code-s07e10) - Intigriti - [ ] [CEO insights: beyond the AI model card](https://www.intigriti.com/blog/business-insights/ceo-insights-beyond-the-ai-model-card) - shubs - [ ] [The down fall of bug bounties](https://shubs.io/the-down-fall-of-bug-bounties/) - Wallarm - [ ] [What Your Board Gets Wrong About AI Security](https://lab.wallarm.com/what-your-board-gets-wrong-about-ai-security/) - 绿盟科技技术博客 - [ ] [东北师范大学携手绿盟科技 共筑产学研深度融合示范高地](https://blog.nsfocus.net/%e4%b8%9c%e5%8c%97%e5%b8%88%e8%8c%83%e5%a4%a7%e5%ad%a6%e6%90%ba%e6%89%8b%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80-%e5%85%b1%e7%ad%91%e4%ba%a7%e5%ad%a6%e7%a0%94%e6%b7%b1%e5%ba%a6%e8%9e%8d%e5%90%88%e7%a4%ba/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [欧盟拟强制企业向非中国供应商采购零部件](https://blog.upx8.com/%E6%AC%A7%E7%9B%9F%E6%8B%9F%E5%BC%BA%E5%88%B6%E4%BC%81%E4%B8%9A%E5%90%91%E9%9D%9E%E4%B8%AD%E5%9B%BD%E4%BE%9B%E5%BA%94%E5%95%86%E9%87%87%E8%B4%AD%E9%9B%B6%E9%83%A8%E4%BB%B6) - [ ] [豆包App上线“博物馆讲解”功能 可边走边听](https://blog.upx8.com/%E8%B1%86%E5%8C%85App%E4%B8%8A%E7%BA%BF-%E5%8D%9A%E7%89%A9%E9%A6%86%E8%AE%B2%E8%A7%A3-%E5%8A%9F%E8%83%BD-%E5%8F%AF%E8%BE%B9%E8%B5%B0%E8%BE%B9%E5%90%AC) - [ ] [特朗普称当初应该索要“更多”的英特尔股份](https://blog.upx8.com/%E7%89%B9%E6%9C%97%E6%99%AE%E7%A7%B0%E5%BD%93%E5%88%9D%E5%BA%94%E8%AF%A5%E7%B4%A2%E8%A6%81-%E6%9B%B4%E5%A4%9A-%E7%9A%84%E8%8B%B1%E7%89%B9%E5%B0%94%E8%82%A1%E4%BB%BD) - [ ] [腾讯音乐完成并购喜马拉雅:明确不得排他、保障创作者权益及维护价格稳定等要求](https://blog.upx8.com/%E8%85%BE%E8%AE%AF%E9%9F%B3%E4%B9%90%E5%AE%8C%E6%88%90%E5%B9%B6%E8%B4%AD%E5%96%9C%E9%A9%AC%E6%8B%89%E9%9B%85-%E6%98%8E%E7%A1%AE%E4%B8%8D%E5%BE%97%E6%8E%92%E4%BB%96-%E4%BF%9D%E9%9A%9C%E5%88%9B%E4%BD%9C%E8%80%85%E6%9D%83%E7%9B%8A%E5%8F%8A%E7%BB%B4%E6%8A%A4%E4%BB%B7%E6%A0%BC%E7%A8%B3%E5%AE%9A%E7%AD%89%E8%A6%81%E6%B1%82) - [ ] [加州拟征收云端软件税以增加数十亿新收入](https://blog.upx8.com/%E5%8A%A0%E5%B7%9E%E6%8B%9F%E5%BE%81%E6%94%B6%E4%BA%91%E7%AB%AF%E8%BD%AF%E4%BB%B6%E7%A8%8E%E4%BB%A5%E5%A2%9E%E5%8A%A0%E6%95%B0%E5%8D%81%E4%BA%BF%E6%96%B0%E6%94%B6%E5%85%A5) - [ ] [谷歌更新垃圾内容政策打击“AI投毒”行为](https://blog.upx8.com/%E8%B0%B7%E6%AD%8C%E6%9B%B4%E6%96%B0%E5%9E%83%E5%9C%BE%E5%86%85%E5%AE%B9%E6%94%BF%E7%AD%96%E6%89%93%E5%87%BB-AI%E6%8A%95%E6%AF%92-%E8%A1%8C%E4%B8%BA) - [ ] [希音收购美国服装品牌Everlane](https://blog.upx8.com/%E5%B8%8C%E9%9F%B3%E6%94%B6%E8%B4%AD%E7%BE%8E%E5%9B%BD%E6%9C%8D%E8%A3%85%E5%93%81%E7%89%8CEverlane) - [ ] [调查显示47%年长女性选择向AI咨询人际烦恼](https://blog.upx8.com/%E8%B0%83%E6%9F%A5%E6%98%BE%E7%A4%BA47-%E5%B9%B4%E9%95%BF%E5%A5%B3%E6%80%A7%E9%80%89%E6%8B%A9%E5%90%91AI%E5%92%A8%E8%AF%A2%E4%BA%BA%E9%99%85%E7%83%A6%E6%81%BC) - [ ] [俄副总理:俄中应继续相互转让技术](https://blog.upx8.com/%E4%BF%84%E5%89%AF%E6%80%BB%E7%90%86-%E4%BF%84%E4%B8%AD%E5%BA%94%E7%BB%A7%E7%BB%AD%E7%9B%B8%E4%BA%92%E8%BD%AC%E8%AE%A9%E6%8A%80%E6%9C%AF) - [ ] [阿联酋核电站遭到无人机袭击 无人员伤亡](https://blog.upx8.com/%E9%98%BF%E8%81%94%E9%85%8B%E6%A0%B8%E7%94%B5%E7%AB%99%E9%81%AD%E5%88%B0%E6%97%A0%E4%BA%BA%E6%9C%BA%E8%A2%AD%E5%87%BB-%E6%97%A0%E4%BA%BA%E5%91%98%E4%BC%A4%E4%BA%A1) - 奇客Solidot–传递最新科技情报 - [ ] [你生活的地点与你衰老的速度相关](https://www.solidot.org/story?sid=84333) - [ ] [伊朗要求通过霍尔木兹海峡的海底光缆付费](https://www.solidot.org/story?sid=84332) - [ ] [微软将修改 Edge 加载密码的方式](https://www.solidot.org/story?sid=84331) - [ ] [《Terraria》 15 年售出 7000 万份拷贝](https://www.solidot.org/story?sid=84330) - [ ] [三星电子工会威胁总罢工](https://www.solidot.org/story?sid=84329) - [ ] [NASA 维护旅行者号代码的工程师日益稀少](https://www.solidot.org/story?sid=84328) - [ ] [美国青少年睡眠时间比以往任何时候都少](https://www.solidot.org/story?sid=84327) - [ ] [北极野火释放封存的古老碳汇](https://www.solidot.org/story?sid=84326) - [ ] [Linus Torvalds 称 AI 发现的 Bug 报告让安全邮件列表几乎无法管理](https://www.solidot.org/story?sid=84325) - [ ] [Windows 11 KB5089549 会导致部分 PC 安装失败](https://www.solidot.org/story?sid=84324) - [ ] [Fisker Ocean 车主将其变成一个开源汽车项目](https://www.solidot.org/story?sid=84323) - [ ] [AMD Mesa 驱动主开发正为 Valve 工作](https://www.solidot.org/story?sid=84322) - 黑鸟 - [ ] [XS语言:2.9MB 单二进制集成全套开发工具链](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186751&idx=1&sn=37bdbf035792fe332a5e436b6bcac6ac) - 雷神众测 - [ ] [雷神众测漏洞周报2026.5.11-2026.5.17](https://mp.weixin.qq.com/s?__biz=MzI0NzEwOTM0MA==&mid=2652503790&idx=1&sn=86a9d3e59a69769a7f866e5e2fcacfc5) - 代码卫士 - [ ] [2026 Pwn2Own 柏林大赛落下帷幕,Master of Pwn 诞生](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526043&idx=1&sn=545b77791e1a540783b28cef97eea127) - [ ] [Grafana 令牌被盗,GitHub 环境可遭访问且代码库被下载](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526043&idx=2&sn=ef8599cf70e02716369d0205be9be468) - 安全内参 - [ ] [OpenAI又被黑了!敏感密钥和证书泄露,供应链攻击防不胜防](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515949&idx=1&sn=78d661fa7ba853472af5092c5bc78009) - [ ] [美国网络司令部加速推进联合网络作战架构的集成与创新](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515949&idx=2&sn=4a303c2ca56f2bac578cfab1264e5c3a) - 绿盟科技研究通讯 - [ ] [复现Copy Fail漏洞(CVE-2026-31431)没环境?云攻防靶场一键开启,深度还原容器逃逸攻击链](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247499913&idx=1&sn=986f30c79aee4d990ca1feacd729705c) - 漕河泾小黑屋 - [ ] [崩溃后的重生-用概率博胜率](https://mp.weixin.qq.com/s?__biz=MzA4NzQwNzY3OQ==&mid=2247484107&idx=1&sn=ac65749a9928a688d5d46a9a29837ca3) - 威努特安全网络 - [ ] [WinClaw 2.3.5重磅发布!业界首个打通搜索-推理-交付全流程](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141691&idx=1&sn=a8ebbd59c9a6e6a9b220f4a0198c78f2) - 中国信息安全 - [ ] [专题·个人信息保护 | 人工智能赋能国际贸易中个人信息保护实践思考](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262711&idx=1&sn=560189433efffe64f2f451492ff9096f) - [ ] [专家解读|余晓晖:统筹高质量发展与高水平安全:从《智能体规范应用与创新发展实施意见》看AI产业新图景](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262711&idx=2&sn=b443b9ec738c0be1dda96f74d9b0ba24) - [ ] [注意 | 人社部、中央网信办等五部门联合发布警惕“招转培”“培训贷”等风险提示](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262711&idx=3&sn=dcc4ef1570a7eb1588d636d40477e7e2) - [ ] [行业 | AI重塑攻防边界:盛邦安全联合发布2025测绘与反测绘报告,点亮星地立体防御“活地图”](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262711&idx=4&sn=c990ccb9f107e8d426e09ec909f6d962) - [ ] [观点 | 给智能体应用装上“制度护栏”](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262711&idx=5&sn=30ea3244338ad636a2f99c869b797fc0) - 看雪学苑 - [ ] [“无痕”驱动的检测与分析:重映射驱动靶场构造、扫描与特征剥离,附源码](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615215&idx=1&sn=8ce76c362659b689776966f45324a215) - [ ] [微软3年前补丁形同虚设,MiniPlasma漏洞可一秒提权至SYSTEM](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615215&idx=2&sn=b23cac49b2b1df3cf65ff41e031c4987) - [ ] [天才程序员上线:AI 逆向与安全开发全栈实战](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615215&idx=3&sn=eb211eb06e343f9c4ebc45464c189689) - 奇安信威胁情报中心 - [ ] [紧急!微软Exchange Server新高危XSS漏洞(CVE-2026-42897)已被利用执行攻击](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247518833&idx=1&sn=2a77ea8001191d2debe33540842c66e4) - 安全圈 - [ ] [【安全圈】AI 假图“仅退款”成风:商家叫苦不迭,国家反诈中心“AI 鉴定师”进入实战阶段](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076600&idx=1&sn=5f0d7c79ae42699fbb0ec016f771766f) - [ ] [【安全圈】针对电话诈骗 谷歌要推新识别功能了](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076600&idx=2&sn=a4e4ebbe86a96776fe1280a31b7957c5) - [ ] [【安全圈】警惕 AI 造谣传谣!“张家界大峡谷玻璃桥断裂垮塌”视频系伪造](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076600&idx=3&sn=809eaf0c5db9e906819b690e4fae1676) - 安全牛 - [ ] [莲花Wiper:委内瑞拉能源领域遭遇的新型破坏性恶意软件,美国干预前的网络幽灵](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141371&idx=1&sn=44a0bbf6bb3bd9884f4daab64d1ff186) - [ ] [三六零、奇安信、深信服 AI 安全布局及核心项目盘点;美国芯片暗藏后门,欧洲主权云“自主”名存实亡| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141371&idx=2&sn=fcd0ad713c28bd31e8f159a90dd48324) - 极客公园 - [ ] [垄断已成!AI 创业公司 800 亿美元 ARR,九成被 2 家公司拿走](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106807&idx=1&sn=660d3a8ca1a3ee97c0670056fbfda47c) - [ ] [本周四,Google I/O大会后,聊聊你的新观察](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106807&idx=2&sn=2f93abcb456b582619fdd4eafe5f60cb) - [ ] [吴恩达、Karpathy 天使轮,微软、SpaceX抢购,这家初创公司到底什么来头?](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106793&idx=1&sn=ce33d757c393ce5e6f35b90f95124b47) - 数世咨询 - [ ] [Mythos漏洞发现能力强,但验证能力弱](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542893&idx=1&sn=206275bade8718a268a7ae6c53d78c69) - [ ] [CACTER反钓鱼演练系统升级上线|只需四步,即开即用!](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542893&idx=2&sn=8e5c9e6297c2e41ff6fd6c4e2aa25ed3) - OPPO安全中心 - [ ] [活动二段60%额外奖励已启动!|第四届白帽赏金挑战赛正式开启!诚邀全网顶尖白帽,共探安全边界](https://mp.weixin.qq.com/s?__biz=MzUyNzc4Mzk3MQ==&mid=2247494910&idx=1&sn=1f23655ee058d726a0b2911ca1bf8ed5) - 火绒安全 - [ ] [火绒安全提醒:老旧版本软件成Sorry勒索病毒入侵重灾区](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532801&idx=1&sn=22ebd12f2d06bc3ae450798a08f7cc86) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532801&idx=2&sn=8e973682d1075cd4d34f0709d8e6c0fc) - 陌陌安全 - [ ] [陌陌白帽赏金赛正式开赛!](https://mp.weixin.qq.com/s?__biz=MzI2OTYzOTQzNw==&mid=2247489590&idx=1&sn=ee8730d408ac11854bfd5600b79a57dd) - 吴鲁加 - [ ] [稍后读的 Cli 玩法](https://mp.weixin.qq.com/s?__biz=Mzg5NDY4ODM1MA==&mid=2247486094&idx=1&sn=0c50e8ea091c005241396ddb5c7749ec) - 字节跳动技术团队 - [ ] [火山引擎联合中科院声学所在 ICASSP 首届低资源音频编解码器挑战赛中取得佳绩](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247519820&idx=1&sn=5077b3def6dc3ab363d7f3c9b0a97462) - 情报分析师 - [ ] [【社交情报】Telegram OSINT工具精选(情报分析师私藏版)](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567890&idx=1&sn=99ef530ebddcf7ff3975ada32465083b) - [ ] [从一份保密招标说起——卫星如何成为河内与东京战略接近的真正锁扣](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567890&idx=2&sn=f27d849fe8febbc43284260e1e5d74e9) - [ ] [解读美军加勒比情报布局与古巴危机的深层逻辑,委内瑞拉之后是伊朗,伊朗之后是...同一款飞机,出现在同一个地方](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567890&idx=3&sn=66c8251cc22c88ca451cceec94587a3e) - 表图 - [ ] [基础模型公司下场做实施,中转站也不能只卖 token](https://mp.weixin.qq.com/s?__biz=MzUzOTI4NDQ3NA==&mid=2247485025&idx=1&sn=82c430b71739517572a89d2cd4b967a6) - 迪哥讲事 - [ ] [通过redirect_uri来获取用户oauth令牌](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499451&idx=1&sn=e0ee806ec98616e0a9c270589d828a08) - 深信服千里目安全技术中心 - [ ] [【漏洞通告】Linux Kernel ptrace 权限提升漏洞](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525672&idx=1&sn=c337c05c9659b626d9c452f9d72c3e1b) - 安全行者老霍 - [ ] [深度解析:GitHub 智能自主工作流安全架构](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486710&idx=1&sn=ee2ece21e3d7764a2c39e4102e6ff9e9) - NISL实验室 - [ ] [【学术报告】低轨卫星网络测量研究](https://mp.weixin.qq.com/s?__biz=MzUxMTEwOTA3OA==&mid=2247485718&idx=1&sn=17345039468c979b3600f9fd7c0f9860) - NETRESEC Network Security Blog - [ ] [PolarProxy 2.0 Released](https://www.netresec.com/?page=Blog&month=2026-05&post=PolarProxy-2-0-Released) - 360数字安全 - [ ] [360数字安全集团与泰达数科达成战略合作 共筑AI创新与数字安全新生态](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585988&idx=1&sn=baf191f113e037c0367d31ec36727c0f) - Forensic Focus - [ ] [Digital Forensics Jobs Round-Up, May 18 2026](https://www.forensicfocus.com/jobs/digital-forensics-jobs-round-up-may-18-2026/) - [ ] [Finding Previous Locations Without Geolocation Data](https://www.forensicfocus.com/articles/finding-previous-locations-without-geolocation-data/) - Over Security - [ ] [INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers](https://www.bleepingcomputer.com/news/security/interpol-operation-ramz-seizes-53-malware-phishing-servers/) - [ ] [Experts warn of privacy risks as AI firms looks to connect to financial accounts](https://therecord.media/experts-warn-of-privacy-cyer-risks-ai-finance) - [ ] [SHub macOS infostealer variant spoofs Apple security updates](https://www.bleepingcomputer.com/news/security/shub-macos-infostealer-variant-spoofs-apple-security-updates/) - [ ] [Addi - 34,532,941 breached accounts](https://haveibeenpwned.com/Breach/ADDI) - [ ] [What to Do When a Third-Party Data Breach Puts Your Website at Risk](https://blog.sucuri.net/2026/05/what-to-do-when-a-third-party-data-breach-puts-your-website-at-risk.html) - [ ] [More than 200 arrested in cyber raids aimed at Middle East scam networks](https://therecord.media/more-than-200-arrested-interpol-middle-east-scams) - [ ] [CISA Admin Leaked AWS GovCloud Keys on Github](https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/) - [ ] [5 Steps to Managing Shadow AI Tools Without Slowing Down Employees](https://www.bleepingcomputer.com/news/security/5-steps-to-managing-shadow-ai-tools-without-slowing-down-employees/) - [ ] [Grafana refuses to pay ransom after codebase theft](https://therecord.media/grafana-refuses-to-pay-ransom-codebase-theft) - [ ] [Leaked Shai-Hulud malware fuels new npm infostealer campaign](https://www.bleepingcomputer.com/news/security/leaked-shai-hulud-malware-fuels-new-npm-infostealer-campaign/) - [ ] [Mythos e il bug scovato in macOS: con l’AI il patch management deve cambiare passo](https://www.cybersecurity360.it/nuove-minacce/mythos-e-il-bug-scovato-in-macos-con-lai-il-patch-management-deve-cambiare-passo/) - [ ] [Le nuove infrastrutture per l’AI partono da un approccio “security first”](https://www.cybersecurity360.it/soluzioni-aziendali/le-nuove-infrastrutture-per-lai-partono-da-un-approccio-security-first/) - [ ] [Grafana says stolen GitHub token let hackers steal codebase](https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/) - [ ] [Keatrix: un nuovo approccio di Security Awareness](https://www.cybersecurity360.it/soluzioni-aziendali/keatrix-un-nuovo-approccio-di-security-awareness/) - [ ] [VPN gratis senza rischi: come sfruttare i periodi di prova di 4 provider leader](https://www.cybersecurity360.it/cybersecurity-nazionale/vpn-gratis-senza-rischi-come-sfruttare-i-periodi-di-prova/) - [ ] [IT threat evolution in Q1 2026. Non-mobile statistics](https://securelist.com/malware-report-q1-2026-pc-iot-statistics/119828/) - [ ] [IT threat evolution in Q1 2026. Mobile statistics](https://securelist.com/malware-report-q1-2026-mobile-statistics/119819/) - [ ] [Microsoft testing adjustable taskbar, Start menu in Windows 11](https://www.bleepingcomputer.com/news/microsoft/windows-11-finally-gets-a-resizable-taskbar-and-start-menu/) - [ ] [ANY.RUN Turns 10: Special Offers for Stronger Security Operations](https://any.run/cybersecurity-blog/anyrun-10th-anniversary-offers/) - [ ] [NFC Relay Goes Local: How AI Is Accelerating a New Wave of Independent Malware Developers](https://www.cleafy.com/cleafy-labs/nfc-relay-goes-local-how-ai-is-accelerating-a-new-wave-of-independent-malware-developers) - [ ] [L’IA che combatte l’IA: quando la guerra cibernetica smette di avere un volto umano](https://www.cybersecurity360.it/nuove-minacce/lia-che-combatte-lia-quando-la-guerra-cibernetica-smette-di-avere-un-volto-umano/) - [ ] [MiniPlasma: la patch del 2020 su Windows che non c’è mai stata o è sparita](https://www.cybersecurity360.it/news/miniplasma-la-patch-del-2020-su-windows-che-non-ce-mai-stata-o-e-sparita/) - [ ] [Dubai Police Warns Against Viral Energy Drink Videos Targeting Children on Social Media](https://thecyberexpress.com/energy-drink-videos-dubai-police-warns/) - [ ] [Introducing Group-IB Prevyn AI](https://www.group-ib.com/blog/prevyn-ai-introduction/) - [ ] [Microsoft confirms Windows 11 security update install issues](https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-kb5089549-windows-11-security-update-install-issues/) - [ ] [Exploit available for new DirtyDecrypt Linux root escalation flaw](https://www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/) - [ ] [NCSC Calls for Tight Security and Human Oversight as Agentic AI Use Expands](https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/) - [ ] [Shadow AI Is Growing in Silence While Enterprise Security Falls Behind](https://thecyberexpress.com/shadow-ai-is-reshaping-attack-surfaces/) - [ ] [Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026](https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/) - [ ] [Since When Did Asking for Evidence Become “Defending Criminals”?](https://www.suspectfile.com/since-when-did-asking-for-evidence-become-defending-criminals/) - 安全419 - [ ] [悬镜安全:穿越周期 在 AI 浪潮中定义数字供应链安全新范式](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553412&idx=1&sn=20d99c5a4437c09bd299d294ce1e7700) - CNVD漏洞平台 - [ ] [CNVD漏洞周报2026年第19期](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247496945&idx=1&sn=9cc7d733d3a25ee42b4046331ef2bb81) - [ ] [上周关注度较高的产品安全漏洞(20260511-20260517)](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247496945&idx=2&sn=1abf49fbb97682b3d478368ae12be45a) - SANS Internet Storm Center, InfoCON: green - [ ] [TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)](https://isc.sans.edu/diary/rss/32994) - Have I Been Pwned latest breaches - [ ] [Addi - 34,532,941 breached accounts](https://haveibeenpwned.com/Breach/ADDI) - 悬镜安全 - [ ] [安全419专访悬镜安全 | 穿越周期在 AI 浪潮中定义数字供应链安全新范式](https://mp.weixin.qq.com/s?__biz=MzA3NzE2ODk1Mg==&mid=2647799510&idx=1&sn=17b63ea2a67b4bbee8dd62c5e34e5271) - Schneier on Security - [ ] [Zero-Day Exploit Against Windows BitLocker](https://www.schneier.com/blog/archives/2026/05/zero-day-exploit-against-windows-bitlocker.html) - ICT Security Magazine - [ ] [Hacktivism in Italia: perché il nostro Paese è un’anomalia globale](https://www.ictsecuritymagazine.com/articoli/hacktivism-in-italia/) - [ ] [Sovranità digitale e resilienza operativa: come gestire il rischio cyber nell’Europa del 2026](https://www.ictsecuritymagazine.com/articoli/sovranita-digitale-cyberoo/) - [ ] [GPS Spoofing: la minaccia invisibile a trasporti e logistica](https://www.ictsecuritymagazine.com/articoli/gps-spoofing/) - Troy Hunt's Blog - [ ] [Weekly Update 504](https://www.troyhunt.com/weekly-update-504/) - Tor Project blog - [ ] [Preserving evidence: How OpenArchive fosters accountability and media sovereignty](https://blog.torproject.org/preserving-evidence-openarchive-fosters-accountability-media-sovereignty/) - LockBoxx - [ ] [Lockboxx Infosec Newsletter!](http://blog.lockboxx.org/2026/05/lockboxx-infosec-newsletter.html) - Trend Micro Research, News and Perspectives - [ ] [Agentic Governance: Why It Matters Now](https://www.trendmicro.com/en_us/research/26/e/agentic-governance-why-it-matters-now.html) - Krebs on Security - [ ] [CISA Admin Leaked AWS GovCloud Keys on Github](https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/) - Deeplinks - [ ] [We Updated Our Privacy Policy. Here's What Changed and Why.](https://www.eff.org/deeplinks/2026/05/we-updated-our-privacy-policy-heres-what-changed-and-why) - [ ] [We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.](https://www.eff.org/deeplinks/2026/05/we-must-not-normalize-digital-surveillance-abuses-effs-new-guide-underlines) - www.theregister.com - Articles - [ ] [Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them](https://www.theregister.com/security/2026/05/19/do-fear-the-reaper-stealer-swipes-macos-users-passwords-wallets-then-backdoors-them/5242258) - [ ] [Shai-Hulud copycat worm infects yet another npm package](https://www.theregister.com/cyber-crime/2026/05/18/shai-hulud-copycat-hits-another-npm-package/5242180) - [ ] [Linux kernel flaw opens root-only files to unprivileged users](https://www.theregister.com/security/2026/05/18/linux-kernel-flaw-opens-root-only-files-to-unprivileged-users/5241950) - [ ] [TanStack weighs invitation-only pull requests after supply chain attack](https://www.theregister.com/security/2026/05/18/tanstack-weighs-invitation-only-pull-requests-after-supply-chain-attack/5241899) - [ ] [NGINX Rift attackers waste no time targeting exposed servers](https://www.theregister.com/security/2026/05/18/nginx-rift-attackers-waste-no-time-targeting-exposed-servers/5241851) - [ ] [Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative](https://www.theregister.com/security/2026/05/18/poland-builds-its-own-signal-amid-security-concerns/5241824) - [ ] [F-35 software delays leave UK buying time with US glide bombs](https://www.theregister.com/security/2026/05/18/f-35-software-delays-leave-uk-buying-time-with-us-glide-bombs/5241737) - [ ] [Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess](https://www.theregister.com/security/2026/05/18/mozilla-warns-uk-breaking-vpns-will-not-magically-fix-britains-age-check-mess/5241770) - [ ] [Grafana Labs admits all its codebase are belong to someone who popped its GitHub account](https://www.theregister.com/cyber-crime/2026/05/18/grafana-labs-admits-attackers-downloaded-its-codebase-from-github/5241686) - Security Affairs - [ ] [Grafana confirms GitHub token breach cybercrime group claims the attack](https://securityaffairs.com/192347/breaking-news/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html) - [ ] [ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html) - [ ] [Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq](https://securityaffairs.com/192302/data-breach/public-amazon-bucket-leaks-sensitive-guest-data-from-japanese-hotel-platform-tabiq.html) - [ ] [Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix](https://securityaffairs.com/192325/hacking/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix.html) - [ ] [Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945](https://securityaffairs.com/192289/hacking/experts-warn-of-active-exploitation-of-critical-nginx-flaw-cve-2026-42945.html) - The Hacker News - [ ] [INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests](https://thehackernews.com/2026/05/interpol-operation-ramz-disrupts-mena.html) - [ ] [⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More](https://thehackernews.com/2026/05/weekly-recap-exchange-0-day-npm-worm.html) - [ ] [How to Reduce Phishing Exposure Before It Turns into Business Disruption](https://thehackernews.com/2026/05/how-to-reduce-phishing-exposure-before.html) - [ ] [Developer Workstations Are Now Part of the Software Supply Chain](https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html) - [ ] [Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws](https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html) - [ ] [MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems](https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html) - [ ] [Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware](https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html) - [ ] [Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations](https://thehackernews.com/2026/05/pre-stuxnet-fast16-malware-tampered.html) - 网安寻路人 - [ ] [以“可控性”为中心的智能体个人信息保护体系——基于行动型处理的运行时合规(学术专论)](https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508536&idx=1&sn=84bbf3e85382094802d0be4e478f6014)
每日安全资讯(2026-05-19)