# 每日安全资讯(2026-05-20) - SecWiki News - [ ] [SecWiki News 2026-05-19 Review](http://www.sec-wiki.com/?2026-05-19) - 安全客-有思想的安全新媒体 - [ ] [科技云报到:“联通星罗”Token服务平台正式发布,为OPC创业提供“最佳助攻”](https://www.anquanke.com/post/id/315529) - No Headback - [ ] [coinbase 事故相关](http://xargin.com/coinbase-outage/) - Hacking Articles - [ ] [NetExec for OSCP: AD Pentesting](https://www.hackingarticles.in/netexec-for-oscp-ad-pentesting/) - CXSECURITY Database RSS Feed - CXSecurity.com - [ ] [Apache HertzBeat 1.8.0 Remote Code Execution](https://cxsecurity.com/issue/WLB-2026050015) - [ ] [JuzaWeb CMS 3.4.2 Authenticated Remote Code Execution](https://cxsecurity.com/issue/WLB-2026050014) - [ ] [NiceGUI 3.6.1 Path Traversal](https://cxsecurity.com/issue/WLB-2026050013) - [ ] [GUnet OpenEclass E-learning platform < 4.2 Remote Code Execution (RCE)](https://cxsecurity.com/issue/WLB-2026050012) - [ ] [Windows Snipping Tool NTLMv2 Hash Hijack](https://cxsecurity.com/issue/WLB-2026050011) - Tenable Blog - [ ] [Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation](https://www.tenable.com/blog/key-findings-from-the-verizon-dbir-2026) - Recent Commits to cve:main - [ ] [Update Tue May 19 11:48:32 UTC 2026](https://github.com/trickest/cve/commit/4667f4787ad984a9b258b8f74de51ca0e79ab3af) - Verne in GitHub - [ ] [试遍所有 Navidrome 客户端,我最终选择了 Narjo](https://blog.einverne.info/post/2026/05/narjo-music-player-review.html) - Private Feed for M09Ic - [ ] [kpcyrd contributed to kpcyrd/repro-threshold](https://github.com/kpcyrd/repro-threshold/pull/7) - [ ] [kpcyrd contributed to kpcyrd/what-the-src](https://github.com/kpcyrd/what-the-src/pull/53) - [ ] [anthropics released v2.1.145 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.145) - [ ] [bolucat released 202605192158 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202605192158) - [ ] [joaoviictorti starred microsoft/azurelinux](https://github.com/microsoft/azurelinux) - [ ] [mgeeky starred reddelexc/hackerone-reports](https://github.com/reddelexc/hackerone-reports) - [ ] [spf13 starred zakirullin/files.md](https://github.com/zakirullin/files.md) - [ ] [niudaii starred nextai-translator/bob-plugin-openai-translator](https://github.com/nextai-translator/bob-plugin-openai-translator) - [ ] [INotGreen starred Dimillian/CodexMonitor](https://github.com/Dimillian/CodexMonitor) - [ ] [PrefectHQ released 3.7.2.dev2 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.2.dev2) - [ ] [safedv starred Hamid-K/nginx-rift-private-lab](https://github.com/Hamid-K/nginx-rift-private-lab) - [ ] [Ridter forked Ridter/VMkatz from nikaiw/VMkatz](https://github.com/Ridter/VMkatz) - [ ] [Ridter starred nikaiw/VMkatz](https://github.com/nikaiw/VMkatz) - [ ] [LoRexxar contributed to LoRexxar/Kunlun-M](https://github.com/LoRexxar/Kunlun-M/pull/327) - [ ] [liamg contributed to infracost/proto](https://github.com/infracost/proto/pull/54) - [ ] [LoRexxar starred nexu-io/html-anything](https://github.com/nexu-io/html-anything) - [ ] [OpenAEV-Platform released 2.4.0 at OpenAEV-Platform/openaev](https://github.com/OpenAEV-Platform/openaev/releases/tag/2.4.0) - [ ] [mgeeky starred evilsocket/audit](https://github.com/evilsocket/audit) - [ ] [pydantic released v1.98.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.98.0) - [ ] [anthropics released v2.1.144 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.144) - Microsoft Security Blog - [ ] [Exposing Fox Tempest: A malware-signing service operation](https://www.microsoft.com/en-us/security/blog/2026/05/19/exposing-fox-tempest-a-malware-signing-service-operation/) - Doonsec's feed - [ ] [Android Pixel 10 零点击漏洞利用链](https://mp.weixin.qq.com/s/BIQ7soODCMNk8og7roM0iA) - [ ] [从“概率回答”到“证据解题”:一种面向生物题的可追溯 AI 解题系统](https://mp.weixin.qq.com/s/BTbcRQ0_kJanO_q4cmJt8g) - [ ] [ShiroExploit:一款Shiro反序列化漏洞一站式综合测试工具](https://mp.weixin.qq.com/s/H_IorauDWKypM7Ec_QLRIA) - [ ] [别测主站了!2026年SRC捡漏刷分实战:把别人漏掉的资产变成你的赏金](https://mp.weixin.qq.com/s/2-zaZFJs-iIZSiYrcy412A) - [ ] [聊真东西的地方,今天终于敢开门了](https://mp.weixin.qq.com/s/LU9BR3rA1rc4ODp69JvCLQ) - [ ] [又一BYOVD驱动问世,可终结任意进程](https://mp.weixin.qq.com/s/IbolDd0Llcfa2kffjlhRkg) - [ ] [【AI安全】直面越狱风险!大模型安全防御体系综述](https://mp.weixin.qq.com/s/jYcuZGIkRGZqH_E_Sz8PfA) - [ ] [【提权漏洞】MiniPlasma-SYSTEM](https://mp.weixin.qq.com/s/AOji2g77ggCyiZC6lG1WBQ) - [ ] [答读者来信](https://mp.weixin.qq.com/s/rh4q0ZDlkzRFouyOUnh9sg) - [ ] [给阿嬷(mà)还是阿嬷(mó)的情书?一个字的读音里,藏着你回不去的故乡](https://mp.weixin.qq.com/s/7uSOBVytR_pVWlCvBi6lAQ) - [ ] [【课程】图片拍摄地点分析方法与技术1-3(含视频)](https://mp.weixin.qq.com/s/rcYZVPDatf_2rBtHyggNNw) - [ ] [【重磅推荐】AI + Webpack 全自动挖洞:外部 JS 扒干净,隐藏接口一键现形](https://mp.weixin.qq.com/s/HNYjWtAQ1q14hLMMY0mr_A) - [ ] [个人微信接入 CyberStrikeAI(扫码绑定)](https://mp.weixin.qq.com/s/YZh9-K--pMKUW4IIrW5_cA) - [ ] [邮件钓鱼免杀完全指南(2026 实战版)五、ClickFix 与 HTML Smuggling](https://mp.weixin.qq.com/s/Ki_F3Dxy1iPSVHBRxoekJg) - [ ] [2026HW薪资大跳水,网安人真的被“惯坏”了?](https://mp.weixin.qq.com/s/H9y8A1eE6qoXTClW39E0qw) - [ ] [2026“工赋砺网” | 专项领域安全赋能培训正式启动](https://mp.weixin.qq.com/s/9lrF5F-ud0BmAh20yM3osQ) - [ ] [2026“工赋砺网”xa0|xa0AI驱动,安全先行——工业数字化转型的AI安全风险与防护体系建设专场培训启动报名](https://mp.weixin.qq.com/s/ie1PpVpSdb3TZc6UOmXkwQ) - [ ] [2026“工赋砺网”xa0|xa0AI赋能常态化安全运营技术实践专场培训启动报名](https://mp.weixin.qq.com/s/uQUxE-l8K_vcghsYhZRjxA) - [ ] [CNNVD | 人工智能重要漏洞通报(2026年第七期)](https://mp.weixin.qq.com/s/VYZ_p9EW9uq45kxVaPg6ug) - [ ] [CNNVD | 最新OpenClaw多个安全漏洞通报](https://mp.weixin.qq.com/s/qWBz42_US3OBn5gHP41cTg) - [ ] [强迫症狂喜:日志审计采集转发客户端 WinLogAgent 升级至 1.0.3:目录只有1个exe啦!](https://mp.weixin.qq.com/s/ICUKSjNP0E6C6EF5LQpkXQ) - [ ] [2026年中国网络文明大会在南宁举行](https://mp.weixin.qq.com/s/TgJBOuk122htevgszx_CoQ) - [ ] [我自制的8位电脑的PCB板](https://mp.weixin.qq.com/s/HGMnGKPj9YaJkuEMfcFGLA) - [ ] [AI时代,人类的核心竞争力是什么](https://mp.weixin.qq.com/s/jKdJLn8M_G12qDRUW9D_lw) - [ ] [用豆包P假收据,上海交大一学生私吞5000元竞赛奖金!校方通报来了](https://mp.weixin.qq.com/s/xgmBueFnbIRKFGBqYNzH2w) - [ ] [G.O.S.S.I.P 阅读推荐 2026-05-19 NvidiaASLR](https://mp.weixin.qq.com/s/nnfG5AVrDmfwY_jr1fpV9A) - [ ] [DeepSeek 被营销号逼得下场辟谣了](https://mp.weixin.qq.com/s/YTS7vzbREQwqiEcGVB-FNQ) - [ ] [Windows服务器如何免费防篡改](https://mp.weixin.qq.com/s/lAB-llMo7k8MKrKh3RrYbw) - [ ] [正版 5 月惠来了!桌面神器 + 效率工具 5 折起,不用苦等 618](https://mp.weixin.qq.com/s/Uh0hNqeKrqfZ_drScuMubg) - [ ] [随波逐流学AI:Claude Code 常用命令](https://mp.weixin.qq.com/s/3nJ1qA_TftfPdkdF90opew) - [ ] [ShellcodeLoader](https://mp.weixin.qq.com/s/zn9V-43sfihm5q6JPgzVsg) - [ ] [NGINX惊爆18年老洞,野外攻击已开始](https://mp.weixin.qq.com/s/f1Nny-9ii9pS3RKpmsoStA) - [ ] [2026“天枢杯”青少年人工智能安全创新大赛决赛圆满收官](https://mp.weixin.qq.com/s/8A_azZX4Q8qns1CrHRhclA) - [ ] [面向AI智能体的红队测试实战:基于OWASP ASI 2026的金融场景攻防实践](https://mp.weixin.qq.com/s/56pHw9qZPjDGYroYg1G9Iw) - [ ] [在B站默默耕耘,终于迎来了一千位粉丝的里程碑!](https://mp.weixin.qq.com/s/D2Yp5lIADnn31-mIMeC4bQ) - [ ] [isCC 非武部分Wp](https://mp.weixin.qq.com/s/AATBu3ijZJ6meWJasiGttg) - [ ] [Gentlemen勒索软件攻击Windows、Linux、NAS、BSD和ESXi系统](https://mp.weixin.qq.com/s/xLoBkG-XEr09C6PzAdq3PQ) - [ ] [给程序员送什么,会让他炫耀三天三夜?](https://mp.weixin.qq.com/s/dIO7APJrm3AzIIgwJUMf5Q) - [ ] [Kimsuky利用LNK和JSE的诱饵来锁定招聘人员、加密货币用户和国防官员](https://mp.weixin.qq.com/s/I0HWAJ9EuHeRaXLtXp4Bsg) - [ ] [GitHub 5.6万星,HackingTool V2.0:一站式渗透工具箱,185+神器一键配齐](https://mp.weixin.qq.com/s/uBHnnQ1iPYLoCh2XF6C0Sw) - [ ] [Linux 本地提权工具 支持多个Linux 内核和 Polkit 漏洞 | AnolisOS、openEuler、统信UOS、openKylin、Ubuntu、CentOS 7](https://mp.weixin.qq.com/s/vHLjBK2608i_L1wzS_U59Q) - [ ] [鲁比奥的“白宫生存哲学”](https://mp.weixin.qq.com/s/aYF5bmPsCCy8YSe9ZBhgmw) - [ ] [美国能源部投入9400万美元支持小型核反应堆,服务AI与数据中心电力需求](https://mp.weixin.qq.com/s/ZuEC3fUr00eEK3vcPiy3Eg) - [ ] [最新公开 | 利用RPC添加计划任务Bypass核晶(有时效性)](https://mp.weixin.qq.com/s/NX5gDMqR_XMLdMjajsoJWQ) - [ ] [人工智能重要漏洞通报(2026年第七期)](https://mp.weixin.qq.com/s/r0SFHbEEZ_H9uLpr_FgutQ) - [ ] [人工智能重要安全漏洞的通报-OpenClaw多个安全漏洞](https://mp.weixin.qq.com/s/-7uDx2VafYdGH78FtcHRRg) - [ ] [信息安全漏洞周报(2026年第20期)](https://mp.weixin.qq.com/s/zCdlbywODuqMWspBGBJoVQ) - [ ] [供应链安全 | 深入解析 npm 投毒机制、构建流劫持与跨会话持久化控制](https://mp.weixin.qq.com/s/g1AxykG7hM4VH19TmAO6aw) - [ ] [Windows“MiniPlasma”零日漏洞可使攻击者获得SYSTEM权限——概念验证代码已发布](https://mp.weixin.qq.com/s/GmINFY9tJ8IVVluqDqunpg) - [ ] [WordPress插件严重漏洞使网站面临身份验证绕过攻击风险](https://mp.weixin.qq.com/s/7aiu0QKC8mg1wo89Vjjx9A) - [ ] [CVE-2020-17103 显然未修复或补丁已被撤销,无论如何,这是 cldflt.sys 中 LPE 的 PoC](https://mp.weixin.qq.com/s/o95KZlzNTYn_6rQ9G5Yt4Q) - [ ] [针对 Nginx CVE-2026-42945 的 PoC](https://mp.weixin.qq.com/s/y_SnusnFpjiA9CzVkggI0Q) - [ ] [API接口渗透测试工具 ApiHunter](https://mp.weixin.qq.com/s/71noaDtLm-YkAMbUsGHZrQ) - [ ] [实力上榜!众安天下跻身工信部首批网络产品安全漏洞收集备案平台](https://mp.weixin.qq.com/s/aZ1nOJoi8X3zOyTTZGp_zQ) - [ ] [网安必知:防火墙里的“黑话”大全,搞懂这些才算真正入门网络安全!](https://mp.weixin.qq.com/s/BXX6L6o8_SXo4WJlkIvxSg) - [ ] [多地加油站监测系统遭入侵后数据被篡改,美官员称无法溯源攻击者](https://mp.weixin.qq.com/s/jgU_vQcLFYFvku-pxmVM5w) - [ ] [从有效载荷到硬目标:美国网络司令部持续推进进攻性网络能力建设](https://mp.weixin.qq.com/s/DOGe0rSheCRxVQ7_B8OnUw) - [ ] [FBI技术情报网升级:构建全美车辆轨迹识别体系](https://mp.weixin.qq.com/s/QmquhTDidJPsLKYOHfsy7w) - [ ] [亚数TrustAsia受邀参加Matter技术应用工程师培训沙龙,共探智能家居物联新发展](https://mp.weixin.qq.com/s/v5JRGC4zdhskv22I7ghD0g) - [ ] [实力认证!亚数TrustAsia入选《嘶吼2026网络安全产业图谱》](https://mp.weixin.qq.com/s/lC43Yp4ZFEIE10XCtsSm5g) - [ ] [盛邦安全实力入选嘶吼《2026网络安全产业图谱》5大领域24个细分领域](https://mp.weixin.qq.com/s/YbjNpmPyLv4JYO0UiV4Tbg) - [ ] [调了十年酒,却调不出自己的\"止盈配方](https://mp.weixin.qq.com/s/R8Va31Xt3kMGyDF7CBgvHw) - [ ] [聚焦 | 2026年中国网络文明大会在南宁举行](https://mp.weixin.qq.com/s/lAFqHMh5V_V7k4WCmBYUuQ) - [ ] [国安部提醒:低空安全,不容忽视!](https://mp.weixin.qq.com/s/bhAbUAxlnyJVWIlh_j9XFA) - [ ] [发布 | 网安标委发布《人工智能应用伦理安全指引 1.0》(附全文)](https://mp.weixin.qq.com/s/f2VUDTIW3uZ1iAlokz8uLg) - [ ] [专家解读 | 刘博:推动人工智能创新发展行稳致远筑牢伦理安全治理屏障](https://mp.weixin.qq.com/s/lqWtjNfD8Z6-k-gWfqOYmw) - [ ] [关注 | 网聚文明力量 共筑清朗家园——我国网络文明建设取得积极成效](https://mp.weixin.qq.com/s/OD96Oab37OQ__cEh3TvBYw) - [ ] [计算机专业高含金量的三种证书](https://mp.weixin.qq.com/s/FQFQiGS75KGmSBMUiiZobQ) - [ ] [没规划真不建议学网络安全!](https://mp.weixin.qq.com/s/TN3CzrHBsGZLKXXqm3Y7NA) - [ ] [真相来了丨警惕AI谣言!“张家界大峡谷玻璃桥断裂垮塌”视频系伪造](https://mp.weixin.qq.com/s/7F4qMsf6j5M_kR3fIi2twA) - [ ] [一张表看懂:AI for Security vs Security for AI](https://mp.weixin.qq.com/s/FK4ZgyXDjpr6P_V2E2P6sQ) - [ ] [当AI替你“打工”,谁在替黑客“开门”?](https://mp.weixin.qq.com/s/w5cR-fzBUDTwIX_R20fNww) - [ ] [新手必看,激活、汉化,BP启动](https://mp.weixin.qq.com/s/PVaHh6IIwssrWpJyPqL81w) - [ ] [【免费领】智能设备安全技术干货:路由器0day漏洞挖掘指南](https://mp.weixin.qq.com/s/pVBvm545PMvDAmHTI8DhCA) - [ ] [一图读懂 | 数据产权制度](https://mp.weixin.qq.com/s/zjMrPUDqtNPqppz6KC2rfA) - [ ] [TC260-005《人工智能应用伦理安全指引 1.0》发布](https://mp.weixin.qq.com/s/KfbtcYzbSQZRnzA5mnNIGg) - Insinuator.net - [ ] [ERNW White Paper 76: Linux Client Hardening Guide](https://insinuator.net/2026/05/ernw-white-paper-76-linux-client-hardening-guide/) - gynvael.coldwind//vx.log (pl) - [ ] [Practical Deep Dive into Kubernetes Security (Szkolenie)](https://gynvael.coldwind.pl/?id=808) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [SQL & NoSQL Injection in APIs-The Vulnerability That Still Puts YOUR Data at Risk](https://infosecwriteups.com/sql-nosql-injection-in-apis-the-vulnerability-that-still-puts-your-data-at-risk-98ed14eebd23?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Secrets That Survive Everything](https://infosecwriteups.com/secrets-that-survive-everything-28b0c6aa1aa4?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [The Sleeper Agent Bug: How One HTML Payload Lay Hidden for Months to Attack My Inbox ⏳](https://infosecwriteups.com/the-sleeper-agent-bug-how-one-html-payload-lay-hidden-for-months-to-attack-my-inbox-9d3f1e9df60e?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [A Pentester’s Methodology for Toxic Vulnerability Combinations](https://infosecwriteups.com/a-pentesters-methodology-for-toxic-vulnerability-combinations-993cd63ba2cf?source=rss----7b722bfd1b8d--bug_bounty) - Malwarebytes - [ ] [Biometrics, diagnoses, and bank details exposed in major healthcare breach](https://www.malwarebytes.com/blog/news/2026/05/biometrics-diagnoses-and-bank-details-exposed-in-major-healthcare-breach) - [ ] [Facebook scam promises cheap Aldi meat boxes, steals payment info instead](https://www.malwarebytes.com/blog/scams/2026/05/facebook-scam-promises-cheap-aldi-meat-boxes-steals-payment-info-instead) - [ ] [YouTube wants your face to fight deepfakes](https://www.malwarebytes.com/blog/ai/2026/05/youtube-wants-your-face-to-fight-deepfakes) - Cerbero Blog - [ ] [VDEX Format Package](https://blog.cerbero.io/vdex-format-package/) - SentinelOne - [ ] [Turn Blind Trust into Verified Control with Prompt Security for Agentic AI](https://www.sentinelone.com/blog/prompt-security-for-agentic-ai/) - rtl-sdr.com - [ ] [Spectrum SDR Android App Ported to iOS](https://www.rtl-sdr.com/spectrum-sdr-android-app-ported-to-ios/) - [ ] [SDR ProTrack RTL-SDR Radio Direction Finding Android App Updated](https://www.rtl-sdr.com/sdr-protrack-rtl-sdr-radio-direction-finding-android-app-updated/) - [ ] [GopherTrunk: A New Pure-Go Trunked Radio Scanner Supporting P25, DMR, TETRA, NXDN and More](https://www.rtl-sdr.com/gophertrunk-a-new-pure-go-trunked-radio-scanner-supporting-p25-dmr-tetra-nxdn-and-more/) - 绿盟科技技术博客 - [ ] [深耕数据安全标准,绿盟科技参与全国数标委2026年第一次标准周](https://blog.nsfocus.net/%e6%b7%b1%e8%80%95%e6%95%b0%e6%8d%ae%e5%ae%89%e5%85%a8%e6%a0%87%e5%87%86%ef%bc%8c%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e5%8f%82%e4%b8%8e%e5%85%a8%e5%9b%bd%e6%95%b0%e6%a0%87%e5%a7%942026%e5%b9%b4/) - [ ] [智启未来 AI赋能 | 绿盟科技受邀参加2026年中国网络文明大会](https://blog.nsfocus.net/%e6%99%ba%e5%90%af%e6%9c%aa%e6%9d%a5-ai%e8%b5%8b%e8%83%bd-%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e5%8f%97%e9%82%80%e5%8f%82%e5%8a%a02026%e5%b9%b4%e4%b8%ad%e5%9b%bd%e7%bd%91%e7%bb%9c%e6%96%87%e6%98%8e/) - Shostack & Friends Blog - [ ] [HIPAA Updates and Threat Models](https://shostack.org/blog/hipaa-nprm-threat-modeling/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [苏姿丰:从未像今天这样为AI感到兴奋](https://blog.upx8.com/%E8%8B%8F%E5%A7%BF%E4%B8%B0-%E4%BB%8E%E6%9C%AA%E5%83%8F%E4%BB%8A%E5%A4%A9%E8%BF%99%E6%A0%B7%E4%B8%BAAI%E6%84%9F%E5%88%B0%E5%85%B4%E5%A5%8B) - [ ] [索尼正在提高PlayStation Plus订阅价格](https://blog.upx8.com/%E7%B4%A2%E5%B0%BC%E6%AD%A3%E5%9C%A8%E6%8F%90%E9%AB%98PlayStation-Plus%E8%AE%A2%E9%98%85%E4%BB%B7%E6%A0%BC) - [ ] [外交部:中美同意开展人工智能政府间对话](https://blog.upx8.com/%E5%A4%96%E4%BA%A4%E9%83%A8-%E4%B8%AD%E7%BE%8E%E5%90%8C%E6%84%8F%E5%BC%80%E5%B1%95%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD%E6%94%BF%E5%BA%9C%E9%97%B4%E5%AF%B9%E8%AF%9D) - [ ] [日立与Anthropic达成合作 摸索应用物理AI](https://blog.upx8.com/%E6%97%A5%E7%AB%8B%E4%B8%8EAnthropic%E8%BE%BE%E6%88%90%E5%90%88%E4%BD%9C-%E6%91%B8%E7%B4%A2%E5%BA%94%E7%94%A8%E7%89%A9%E7%90%86AI) - [ ] [索尼PlayStation独占游戏不再登陆PC了](https://blog.upx8.com/%E7%B4%A2%E5%B0%BCPlayStation%E7%8B%AC%E5%8D%A0%E6%B8%B8%E6%88%8F%E4%B8%8D%E5%86%8D%E7%99%BB%E9%99%86PC%E4%BA%86) - 奇安信 CERT - [ ] [【已复现】Next.js 服务器端请求伪造漏洞(CVE-2026-44578)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247505907&idx=1&sn=fa84a90f4eb664f50485b423f8db03cd) - [ ] [【已复现】PostgreSQL pgcrypto 堆缓冲区溢出漏洞(CVE-2026-2005)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247505907&idx=2&sn=205c4c3a6ab07259e746d3f430f9c72e) - 安全客 - [ ] [NGINX惊爆18年老洞,野外攻击已开始](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649789915&idx=1&sn=207fcf79be0490e903b1bcf63d7b7247) - 黑鸟 - [ ] [Android Pixel 10 零点击漏洞利用链](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186756&idx=1&sn=df5398f285f6d4714f9fde8c4fad8d8b) - 威努特安全网络 - [ ] [凌晨三点收到一千条漏洞告警,AI 替我看完了](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141692&idx=1&sn=98cdfb983eb21c11dc54f4a4ba586cf4) - 安全内参 - [ ] [多地加油站监测系统遭入侵后数据被篡改,美官员称无法溯源攻击者](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515953&idx=1&sn=4a79b2fc607f0f571417aa2579bc096e) - [ ] [从有效载荷到硬目标:美国网络司令部持续推进进攻性网络能力建设](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515953&idx=2&sn=310d48bd44ddedcf604d3a068127a56f) - 微步在线研究响应中心 - [ ] [Shai-Hulud投毒竞赛开场,npm 639个版本被黑](https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247508740&idx=1&sn=297371719e2a98f5e6ded257f2757a95) - 奇安信威胁情报中心 - [ ] [n8n 自动化平台惊现三重漏洞链:低权限即可引爆完整 RCE,攻击面已蔓延至供应链核心节点](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247518838&idx=1&sn=a33e7f05cd5a946c51b0ff0fe8caa3eb) - 代码卫士 - [ ] [奇安信Qcode Agents重磅升级,正式解锁操作系统级漏洞挖掘能力](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526048&idx=1&sn=0cc70737a4725595d2a468599e295579) - 奇客Solidot–传递最新科技情报 - [ ] [pgBackRest 作者宣布继续维护该项目](https://www.solidot.org/story?sid=84343) - [ ] [索尼取消将 PS 独占单人游戏移植到 PC 的计划](https://www.solidot.org/story?sid=84342) - [ ] [人类为什么惯用右手](https://www.solidot.org/story?sid=84341) - [ ] [Firefox 151 释出](https://www.solidot.org/story?sid=84340) - [ ] [少数湖泊拥有三分之二的湖泊淡水储量](https://www.solidot.org/story?sid=84339) - [ ] [微软发布了首个通用 Linux 发行版 Azure Linux 4.0](https://www.solidot.org/story?sid=84338) - [ ] [Meta 重分配七千员工专注于 AI](https://www.solidot.org/story?sid=84337) - [ ] [陪审团以诉讼时效为由判马斯克败诉](https://www.solidot.org/story?sid=84336) - [ ] [人体不同器官的衰老不同步](https://www.solidot.org/story?sid=84335) - 丁爸 情报分析师的工具箱 - [ ] [【课程】图片拍摄地点分析方法与技术1-3(含视频)](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651155823&idx=1&sn=a0b799a2d0ba50fe413d8496cc4f4a4e) - 看雪学苑 - [ ] [2026腾讯游戏安全技术竞赛-安卓决赛VM分析与还原](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615341&idx=1&sn=d0b17757daca91bb53c55ff62f8422dd) - [ ] [AntV生态npm包遭投毒,百万级组件沦为窃密木马载体](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615341&idx=2&sn=42593e25d84048a1ed6d7e3244b1afb5) - [ ] [本周更新3节!冰与火的战歌:Windows内核攻防实战](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615341&idx=3&sn=53570b3da178d29b39052a4b5e06cb72) - 安全牛 - [ ] [微软AI安全新突破:MDASH多模型智能体扫描系统,以AI速度重塑漏洞防御格局](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141382&idx=1&sn=47da5ef47e9e139e5ce6f6c83270df6c) - [ ] [AI金矿分化加剧:高额股权 vs 技能贬值,安全从业者面临新挑战;CNVD漏洞周报2026年第19期| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141382&idx=2&sn=0f2196553effffefe1816429bd1a7aed) - 补天平台 - [ ] [补天端午活动第一弹 | “粽”测有礼](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510738&idx=1&sn=5314d386efb545763a00205d0928d9cc) - 微步在线 - [ ] [这个边界还要咋整,才能安全?](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186565&idx=1&sn=b4b2bda4508cb1d75f5d74fd1955282b) - 青藤云安全 - [ ] [一张表看懂:AI for Security vs Security for AI](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851338&idx=1&sn=e114a4cf804e7cba5dbbbd660b18fb22) - 极客公园 - [ ] [Google I/O 2026:模型不再是主角,智能体撑起 AI 商业化](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106891&idx=1&sn=96b3ba5ff1528cebe89971a9770bcef3) - [ ] [670 亿美元!AI 崛起,促成美国最大能源并购案](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106840&idx=1&sn=3fbe7ce145eff5d8dcac137e6563644e) - [ ] [6 年骂战,2 小时裁决,马斯克 VS Altman 第一战失败](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106834&idx=1&sn=c25d2eaae336e51413c3d5b61e59da0f) - [ ] [与 Altman 官司出结果,马斯克败诉;群核携手影石,让人人都能创作 3D 内容;英伟达 Q1 营收或超预期 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106828&idx=1&sn=4fc4e52f44ef2ee34b2e74be3730fc7b) - 数世咨询 - [ ] [4月全球数据泄露态势月报来了:全球数百亿行数据流出,这些行业最危险](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542912&idx=1&sn=1d8f517c8cafee1d4963665676835063) - [ ] [山石网科2026:双A引擎驱动下的价值重估与高质量增长](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542912&idx=2&sn=7bfe6766ae551a214720ca57f8088179) - [ ] [智领安全・云启新境|锐捷安全云办公 4.0 焕新升级,重塑企业数字办公基石](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542912&idx=3&sn=453c351fcdcadd464000421ef7e09d93) - 中国信息安全 - [ ] [聚焦 | 2026年中国网络文明大会在南宁举行](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262758&idx=1&sn=dc2a02d7d94f6ce527931bebf1901bbb) - [ ] [国安部提醒:低空安全,不容忽视!](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262758&idx=2&sn=45e4f33b3bb10d94ac23d5e947495099) - [ ] [发布 | 网安标委发布《人工智能应用伦理安全指引 1.0》(附全文)](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262758&idx=3&sn=61962e0664516390eaac9dcf8098ba24) - [ ] [专家解读 | 刘博:推动人工智能创新发展行稳致远筑牢伦理安全治理屏障](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262758&idx=4&sn=05c78f8c59fd2722f3e2e3717a6e075a) - [ ] [关注 | 网聚文明力量 共筑清朗家园——我国网络文明建设取得积极成效](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262758&idx=5&sn=e619abd9aec4d7fedf2e5eb9f9ba6744) - 安全研究GoSSIP - [ ] [G.O.S.S.I.P 阅读推荐 2026-05-19 NvidiaASLR](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501683&idx=1&sn=42eeb9964f75f1dbc59c9b93aa2771a9) - 字节跳动安全中心 - [ ] [火山引擎安全专测上线!漏洞多倍积分、情报特殊奖励奉上](https://mp.weixin.qq.com/s?__biz=MzUzMzcyMDYzMw==&mid=2247496216&idx=1&sn=aca419e15554c51a85d2afcf3163a0b6) - 恒脑与AI - [ ] [苹果5年砸数十亿打造的“最强安全防线被破解!”,被3个人+AI用5天干穿了](https://mp.weixin.qq.com/s?__biz=MzI1MDU5NjYwNg==&mid=2247497468&idx=1&sn=e1b314582e8c76241a53a79963d28dba) - 火绒安全 - [ ] [火绒为您避坑:微软5月安全更新重要提醒](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532810&idx=1&sn=03817237e808134851757eb568db6040) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532810&idx=2&sn=4d5e2c35126f87720b0e3081fe160bbe) - 字节跳动技术团队 - [ ] [veRL 推出开源 Uni-Agent:为通用 Agent 训练打造统一框架](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247519822&idx=1&sn=593c83efeaade641f9ab13166dbce953) - XCTF联赛 - [ ] [一文看懂|XCTF百城千赛・高校人才选拔赛办赛指南](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516401&idx=1&sn=b3160a4f64fb28167a22f0a9d014b797) - 安全圈 - [ ] [【安全圈】2025 年城镇非私营单位 IT 行业年均工资近 25 万元领跑全国,名义增长率 4.1%](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076648&idx=1&sn=b423ad85339afd96b6f635c7dc2e2e0a) - [ ] [【安全圈】AI 替代人工,渣打银行计划四年内裁员 7000 余人](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076648&idx=2&sn=fac58547a5c133e32d91dc16fdfcb09d) - [ ] [【安全圈】谷歌推进部署渐变版 Workspace 图标,网页端和手机端已陆续上线](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076648&idx=3&sn=72a77c61ea730a6e00456ed08c9455aa) - 国家互联网应急中心CNCERT - [ ] [CNVD漏洞周报2026年第19期](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247501599&idx=1&sn=6e909b7b963fad1d8cb6d2787d68eb08) - 情报分析师 - [ ] [解密情报分析师的一天,这份工作没有你想象的那么酷,也远比你想象的更重要 !](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567917&idx=1&sn=e1954cbc2572ebac91e33b4e54cef399) - [ ] [【深度研判】俄罗斯鲍曼大学秘密培养GRU黑客与情报人员,国家化网络人才培养模式对我网络安全生态的外溢威胁](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567917&idx=2&sn=113fe7e30e8220a6837e25d395558857) - [ ] [朝鲜官员赴俄远东参观无人机训练设施背后的战略信号](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567917&idx=3&sn=81dc803d27716c7d85b27424bd17fd02) - 安全行者老霍 - [ ] [首款由AI研发的零日漏洞利用程序](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486726&idx=1&sn=bcc2154395b67dddb7a99e7f3510e625) - Qualys Security Blog - [ ] [Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation](https://blog.qualys.com/category/vulnerabilities-threat-research) - Over Security - [ ] [Max-severity flaw in ChromaDB for AI apps allows server hijacking](https://www.bleepingcomputer.com/news/security/max-severity-flaw-in-chromadb-for-ai-apps-allows-server-hijacking/) - [ ] [Cybercrime service disrupted for abusing Microsoft platform to sign malware](https://www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/) - [ ] [AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities](https://flashpoint.io/blog/ai-threat-report-monthly/) - [ ] [Discord rolls out end-to-end encryption on voice, video calls](https://www.bleepingcomputer.com/news/security/discord-rolls-out-end-to-end-encryption-on-voice-video-calls/) - [ ] [Posizione dei dati: la lezione dell’11 settembre e la regola 3-2-1 per un corretto backup](https://www.cybersecurity360.it/soluzioni-aziendali/posizione-dei-dati-la-lezione-dell11-settembre-e-la-regola-3-2-1-per-un-corretto-backup/) - [ ] [FBI: Americans lost over $388 million to scams using crypto ATMs in 2025](https://www.bleepingcomputer.com/news/security/fbi-americans-lost-over-388-million-to-scams-using-crypto-atms-in-2025/) - [ ] [Microsoft Self-Service Password Reset abused in Azure data theft attacks](https://www.bleepingcomputer.com/news/security/microsoft-self-service-password-reset-abused-in-azure-data-theft-attacks/) - [ ] [Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network](https://therecord.media/huawei-zero-day-behind-last-year-luxembourg-telecom-outage) - [ ] [Massive npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised](https://thecyberexpress.com/hundreds-of-antv-packages-compromised/) - [ ] [UK regulator to require tech firms to tackle deepfakes, non-consensual intimate images](https://therecord.media/uk-regulator-to-require-tech-firms-to-tackle-deepfakes-nudification-ai) - [ ] [Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs](https://therecord.media/microsoft-disrupts-fox-tempest-malware-signing-service) - [ ] [Microsoft plans to improve Windows 11 driver quality in 2026](https://www.bleepingcomputer.com/news/microsoft/microsoft-plans-to-improve-windows-11-driver-quality-in-2026/) - [ ] [Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack](https://techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/) - [ ] [OpenAI co-founder Andrej Karpathy joins Anthropic’s pre-training team](https://techcrunch.com/2026/05/19/openai-co-founder-andrej-karpathy-joins-anthropics-pre-training-team/) - [ ] [Microsoft blames undismissible Teams location prompts on macOS update](https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-undismissible-teams-location-prompts-on-macos-update/) - [ ] [TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities](https://blog.talosintelligence.com/tp-link-photoshop-openvpn-norton-vpn-vulnerabilities/) - [ ] [JobStealer colpisce macOS e Windows e ruba dati personali con falsi colloqui di lavoro online](https://www.cybersecurity360.it/news/jobstealer-colpisce-macos-e-windows-e-ruba-dati-personali-con-falsi-colloqui-di-lavoro-online/) - [ ] [Ecco come Microsoft ha smantellato il gruppo Fox Tempest](https://www.cybersecurity360.it/news/microsoft-fox-tempest/) - [ ] [New Shai-Hulud malware wave compromises 600 npm packages](https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/) - [ ] [Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation](https://www.bleepingcomputer.com/news/security/critical-microsoft-vulnerabilities-doubled-from-exposure-to-escalation/) - [ ] [7-Eleven confirms data breach claimed by the ShinyHunters gang](https://www.bleepingcomputer.com/news/security/7-eleven-confirms-data-breach-claimed-by-the-shinyhunters-gang/) - [ ] [Guida ai migliori browser con VPN 2026: soluzioni integrate Vs. estensioni Premium](https://www.cybersecurity360.it/cultura-cyber/guida-ai-migliori-browser-con-vpn/) - [ ] [Guida ai browser con VPN 2026: soluzioni integrate Vs. estensioni Premium](https://www.cybersecurity360.it/cultura-cyber/guida-ai-browser-con-vpn-2/) - [ ] [Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies](https://cyble.com/blog/cyble-challenger-in-2026-gartner-magic-quadrant-for-cyberthreat-intelligence-technologies/) - [ ] [Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows](https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows) - [ ] [Webinar: The hidden bottlenecks in network incident response](https://www.bleepingcomputer.com/news/security/webinar-the-hidden-bottlenecks-in-network-incident-response/) - [ ] [Microsoft confirms patching issues in restricted Windows networks](https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-patching-issues-in-restricted-windows-networks/) - [ ] [Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026](https://any.run/cybersecurity-blog/social-engineering-attacks-2026/) - [ ] [When Filenames Become Attack Surfaces: Weaponizing NASA's CFITSIO Extended Filename Syntax](https://blog.doyensec.com/2026/05/19/cfitsio-weaponized-filenames.html) - [ ] [From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat](https://blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/) - [ ] [L’Iran minaccia dazi sui cavi sottomarini: a rischio la connettività digitale mondiale](https://www.cybersecurity360.it/nuove-minacce/liran-minaccia-dazi-sui-cavi-sottomarini-a-rischio-la-connettivita-digitale-mondiale/) - [ ] [Is Fraud Distorting Your iGaming Growth Numbers?](https://www.group-ib.com/blog/igaming-fraud-growth/) - [ ] [Austria Blocks Eurovision Cyberattack During Contest Week](https://thecyberexpress.com/austria-blocks-eurovision-cyberattack-attempts/) - [ ] [Global Banks Scramble After AI Tool Exposes Cyber Weaknesses](https://thecyberexpress.com/ai-driven-cyber-risks-put-banks-on-alert/) - [ ] [Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack](https://thecyberexpress.com/nginx-rift-cve-2026-42945-active-exploitation/) - [ ] [FAQ ACN NIS2 sui fornitori rilevanti: cosa cambia con le nuove FRN.8 e FRN.9](https://www.cybersecurity360.it/legal/nis2-e-fornitori-rilevanti-cosa-cambia-con-le-nuove-faq-di-acn/) - [ ] [7-Eleven Confirms Hack After Appearing on ShinyHunters Leak List](https://thecyberexpress.com/7-eleven-data-breach-exposes-information/) - [ ] [Dal vincolo alla discrezionalità: come procedure e linee guida indirizzano l’azione aziendale](https://www.cybersecurity360.it/cultura-cyber/dal-vincolo-alla-discrezionalita-come-procedure-e-linee-guida-indirizzano-lazione-aziendale/) - [ ] [Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365](https://thecyberexpress.com/microsoft-storm-2949-azure-m365-cloud-breach/) - [ ] [INTERPOL Busts Massive Cybercrime Network Across MENA, 201 Arrested](https://thecyberexpress.com/operation-ramz-targets-mena-networks/) - [ ] [CTT - 468,124 breached accounts](https://haveibeenpwned.com/Breach/CTT) - DEF CON Announcements! - [ ] [DEF CON Middle East Update](https://www.bna.bh/en/NationalCyberSecurityCentresignsagreementtohostDEFCONMiddleEast.aspx) - OnionSec - [ ] [答读者来信](https://mp.weixin.qq.com/s?__biz=MzUyMTUwMzI3Ng==&mid=2247485769&idx=1&sn=ac142265132a8f39ddee460931973226) - 迪哥讲事 - [ ] [【src实战】| 业务逻辑漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499455&idx=1&sn=87c2a66ec757c4c28ee6dd3411bca40b) - Schneier on Security - [ ] [Laurie Anderson Is Quoting Me](https://www.schneier.com/blog/archives/2026/05/laurie-anderson-is-quoting-me.html) - Krypt3ia - [ ] [Threat Intelligence Report: DPRK Activity Evolution Through Campaign Linkage](https://krypt3ia.wordpress.com/2026/05/19/threat-intelligence-report-dprk-activity-evolution-through-campaign-linkage/) - SANS Internet Storm Center, InfoCON: green - [ ] [ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)](https://isc.sans.edu/diary/rss/32996) - Have I Been Pwned latest breaches - [ ] [CTT - 468,124 breached accounts](https://haveibeenpwned.com/Breach/CTT) - 360数字安全 - [ ] [当AI替你“打工”,谁在替黑客“开门”?](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585990&idx=1&sn=d52b59b5e8bc4f8d23f5c0a96e30e6c8) - Deeplinks - [ ] [Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!](https://www.eff.org/deeplinks/2026/05/microsoft-took-step-toward-human-rights-accountability-google-and-amazon-and) - [ ] [Your Privacy Shouldn't Be A Corporate Decision](https://www.eff.org/deeplinks/2026/05/your-privacy-shouldnt-be-corporate-decision) - ICT Security Magazine - [ ] [Sicurezza delle reti 5G private: opportunità industriali e rischi sottovalutati](https://www.ictsecuritymagazine.com/articoli/reti-5g-private/) - [ ] [La geopolitica dell’acquisizione della prova elettronica: la cooperazione internazionale richiede più del solo diritto](https://www.ictsecuritymagazine.com/articoli/prova-elettronica-geopolitica/) - [ ] [6.000 campagne phishing contro lo “Stato”: cosa abbiamo imparato](https://www.ictsecuritymagazine.com/articoli/campagne-phishing-pagopa/) - [ ] [Adempimenti DORA 2026: guida completa per il settore finanziario](https://www.ictsecuritymagazine.com/articoli/adempimenti-dora/) - www.theregister.com - Articles - [ ] [Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware](https://www.theregister.com/security/2026/05/19/microsoft-disrupts-alleged-malware-signing-operation-used-by-ransomware-gangs/5243013) - [ ] [America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames](https://www.theregister.com/security/2026/05/19/americas-top-cyber-defense-agency-left-a-github-repo-open-with-with-passwords-keys-tokens-and-incredibly-obvious-filenames/5242915) - [ ] [Clear your calendar, Drupal user: You have a critically urgent patch to install](https://www.theregister.com/security/2026/05/19/drupal-warns-admins-to-brace-for-highly-critical-core-patch/5242728) - TrustedSec - [ ] [Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows](https://trustedsec.com/blog/coverage-driven-sustained-testing-cdst-agentic-workflows) - Trend Micro Research, News and Perspectives - [ ] [Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud](https://www.trendmicro.com/en_us/research/26/e/banana-rat.html) - Lenny Zeltser - [ ] [Six Signals for Threat Attribution](https://zeltser.com/six-signals-for-threat-attribution) - 0x727开源安全团队 - [ ] [Cloudflare战略方向分析](https://mp.weixin.qq.com/s?__biz=MzkwNTI3MjIyOQ==&mid=2247484310&idx=1&sn=1e02e0d220a1aef09181baad2feb378c) - Tor Project blog - [ ] [A new way to fund internet freedom](https://blog.torproject.org/fund-internet-freedom/) - [ ] [New Release: Tor Browser 15.0.14](https://blog.torproject.org/new-release-tor-browser-15014/) - The Hacker News - [ ] [Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps](https://thehackernews.com/2026/05/trapdoor-android-ad-fraud-scheme-hit.html) - [ ] [DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability](https://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html) - [ ] [The New Phishing Click: How OAuth Consent Bypasses MFA](https://thehackernews.com/2026/05/the-new-phishing-click-how-oauth.html) - [ ] [Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare](https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html) - [ ] [SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access](https://thehackernews.com/2026/05/seppmail-secure-e-mail-gateway.html) - [ ] [Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer](https://thehackernews.com/2026/05/compromised-nx-console-18950-targeted.html) - [ ] [Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials](https://thehackernews.com/2026/05/github-actions-supply-chain-attack.html) - [ ] [Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account](https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html) - Security Affairs - [ ] [Drupal is rolling out an emergency security update on May 20. You cannot miss it](https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html) - [ ] [Microsoft dismantled malware-signing network Fox Tempest](https://securityaffairs.com/192391/cyber-crime/microsoft-dismantled-malware-signing-network-fox-tempest.html) - [ ] [Poland shifts away from Signal following cyberattacks on officials’ accounts](https://securityaffairs.com/192381/intelligence/poland-shifts-away-from-signal-following-cyberattacks-on-officials-accounts.html) - [ ] [Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects](https://securityaffairs.com/192357/cyber-crime/massive-mena-cybercrime-operation-ramz-disrupts-infrastructure-and-arrests-201-suspects.html) - [ ] [Shai-Hulud worm copycats emerge after source code leak](https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html) - Instapaper: Unread - [ ] [Beyond the C — SEGB and Biome Forensics with crush](https://bebinary4n6.blogspot.com/2026/05/beyond-c-segb-and-biome-forensics-with.html) - [ ] [Osquery e analisi forense come individuare malware sugli endpoint](https://www.agendadigitale.eu/sicurezza/osquery-e-analisi-forense-come-individuare-malware-sugli-endpoint/) - [ ] [L'IA può estrarre le impronte digitali da foto ad alta definizione](http://www.zeusnews.it/n.php?c=32080) - [ ] [YellowKey An Unexpected Backdoor into BitLocker, and Why You Should Be Paying Attention](https://blog.elcomsoft.com/2026/05/yellowkey-an-unexpected-backdoor-into-bitlocker-and-why-you-should-be-paying-attention/) - TorrentFreak - [ ] [Sky Sends Cease-and-Desist Letters to 200 Irish IPTV Subscribers Exposed via Revolut](https://torrentfreak.com/sky-sends-cease-and-desist-letters-to-200-irish-iptv-subscribers-exposed-via-revolut/) - [ ] [ACE Subpoena Targets French Private Tracker, Chinese Pirate Forum, and Vietnamese APIs](https://torrentfreak.com/ace-subpoena-targets-french-private-tracker-chinese-pirate-forum-and-vietnamese-apis/) - Security Weekly Podcast Network (Audio) - [ ] [My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland... - SWN #582](http://sites.libsyn.com/18678/my-mother-the-car-ai-slop-nginx-polyscope-drupal-github-aaran-leyland-swn-582) - [ ] [The State of AI & AppSec - Keith Hoodlet - ASW #383](http://sites.libsyn.com/18678/the-state-of-ai-appsec-keith-hoodlet-asw-383) - 网安寻路人 - [ ] [诉讼时效一剑封喉:马斯克诉OpenAI案的终局,与万亿资本合围战的开端(DPO社群成员观点)](https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508541&idx=1&sn=ffae5a3ea0e4894aa8b7fce9417386c4)
每日安全资讯(2026-05-20)