mirror of
https://github.com/Hxnxe/CyberSentinel-AI.git
synced 2025-11-04 17:13:53 +00:00
更新
This commit is contained in:
ubuntu-master
parent
720f8fe88c
commit
0f693c7a15
@ -1,8 +1,236 @@
|
||||
# 每日安全资讯 (2025-10-31)
|
||||
|
||||
今日未发现新的安全文章,以下是 AI 分析结果:
|
||||
# 安全资讯日报 2025-10-31
|
||||
|
||||
# AI 安全分析日报 (2025-10-31)
|
||||
> 本文由AI自动生成,基于对安全相关仓库、CVE和最新安全研究成果的自动化分析。
|
||||
>
|
||||
> 更新时间:2025-10-31 13:21:08
|
||||
|
||||
<!-- more -->
|
||||
|
||||
## 今日资讯
|
||||
|
||||
### 🔍 漏洞分析
|
||||
|
||||
* [2025-10-31 最新安全漏洞情报和技术资讯头条](https://mp.weixin.qq.com/s?__biz=MzA5OTA0MTU4Mg==&mid=2247486352&idx=1&sn=219236dafa1f45f3530f4ee0f8cedf2b)
|
||||
* [死灰复燃!昔日 “黑客军火商” 换壳归来,用 Chrome 零日漏洞猎杀俄政府目标](https://mp.weixin.qq.com/s?__biz=Mzg3OTYxODQxNg==&mid=2247487060&idx=1&sn=19b15fe51cf3e93a3f2a30997fab73d7)
|
||||
* [SRC漏洞思路分享:一次普通的弱口令测试,为什么改了个 accountType 就能登录内部账号?](https://mp.weixin.qq.com/s?__biz=Mzk4ODk4NDEyOA==&mid=2247484496&idx=1&sn=c82e610d2ab1cfab489a6b411ba26c73)
|
||||
* [美特CRM getFile 任意文件读取漏洞](https://mp.weixin.qq.com/s?__biz=MzkzMTcwMTg1Mg==&mid=2247493146&idx=1&sn=51f0b022a0d229dfaa080708aee707fc)
|
||||
* [CVE-2025-49844:Redis Lua 脚本中的释放后使用漏洞](https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247533362&idx=1&sn=696fe473c7b6a1d00faae7d250bfac93)
|
||||
* [Done-RCE进阶学习](https://mp.weixin.qq.com/s?__biz=MzkyMDcyODYwNw==&mid=2247487498&idx=1&sn=fc0548c026aa2a77a5a0050344725e8e)
|
||||
* [某新版AI客服系统前台反序列化RCE漏洞](https://mp.weixin.qq.com/s?__biz=MzU0MTc2NTExNg==&mid=2247493033&idx=1&sn=a7f94b3cb242fd9dbb7f63234a18de5c)
|
||||
* [jeecg-boot getDictItemsByTable接口存在SQL注入漏洞CVE-2024-48307 附POC](https://mp.weixin.qq.com/s?__biz=Mzk2NDkwMDg3Nw==&mid=2247483769&idx=1&sn=01553e3daf3ee85114e43ab4fd19f425)
|
||||
* [AI越狱?利用CFA提示词来进行对话绕过AI的道德限制](https://mp.weixin.qq.com/s?__biz=MzkwMTc2MDE3OA==&mid=2247487302&idx=1&sn=af148d1bfef1cb85fd5b2ee774a1888e)
|
||||
* [外网打点不靠0day组合拳拿下目标系统](https://mp.weixin.qq.com/s?__biz=MzU2NzY5MzI5Ng==&mid=2247508100&idx=1&sn=d1b09d4fe12bd15e5858fc108372ed7a)
|
||||
* [Progress 修复了 MOVEit Transfer AS2 模块中的高危漏洞 CVE-2025-10932](https://mp.weixin.qq.com/s?__biz=Mzk0NzQ0MjA1OA==&mid=2247485651&idx=1&sn=4da870e7fc99b71f8039c4c0743ac981)
|
||||
* [Trinity of Chaos黑客团伙利用Salesforce漏洞攻击39家企业 暗网上线数据泄露站](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612997&idx=2&sn=d8cfe3b3ea7529ac3dce2046277ebf17)
|
||||
* [水漏洞](https://mp.weixin.qq.com/s?__biz=MzIxNTIzNTExMQ==&mid=2247492351&idx=1&sn=3565c0f65540b34b3c6e95a506ddbe3a)
|
||||
* [UNC6384利用ZDI-CAN-25373漏洞,对欧洲外交机构部署PlugX恶意软件](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796735&idx=1&sn=486a7c464abe87202a1a94d3e1859bd5)
|
||||
* [美国前国防承包商高管承认向俄罗斯出售漏洞利用程序](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796735&idx=2&sn=9bc231f22dbe85a938ebc65f363e48fa)
|
||||
* [RediShell 远程代码执行 RCE 漏洞严重威胁全球 8500 多个 Redis 部署](https://mp.weixin.qq.com/s?__biz=MzI2NzAwOTg4NQ==&mid=2649796735&idx=3&sn=3ec651d715f7185ebb1678509a260b13)
|
||||
* [帆软反序列化漏洞利用工具](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247484923&idx=1&sn=82437eab7e32359b428afff693d39597)
|
||||
* [已复现泛微e-cology 前台SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247527754&idx=1&sn=dea936b01ececab91e406e9adf12e27d)
|
||||
* [漏洞组合拳与JS攻击面的博弈](https://mp.weixin.qq.com/s?__biz=MzkwMzMwODg2Mw==&mid=2247514457&idx=1&sn=10145932052c816254f6f716be707df1)
|
||||
* [漏洞预警 | Docker Desktop DLL劫持漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494824&idx=1&sn=a47e2b3b63e140f8d5024f4bf6c16c07)
|
||||
* [漏洞预警 | 博硕BGM SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494824&idx=2&sn=e95e01833095e68d603246ac1ea5e86f)
|
||||
* [漏洞预警 | 金和OA SQL注入漏洞](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494824&idx=3&sn=056276917321c4a1172ac255659328eb)
|
||||
* [2025最新AWVS/Acunetix-v25.8.25高级版更新漏洞扫描器下载](https://mp.weixin.qq.com/s?__biz=Mzg3ODE2MjkxMQ==&mid=2247495464&idx=1&sn=581444e1c7cdd68c46f760488d987cc4)
|
||||
* [超过 75,000 台 WatchGuard 安全设备存在严重 RCE 漏洞](https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247493969&idx=1&sn=b527eb841d2070cdcaf27aa307be49bd)
|
||||
* [Ubuntu内核曝严重UAF漏洞,可致攻击者获取Root权限](https://mp.weixin.qq.com/s?__biz=MzU2NDY2OTU4Nw==&mid=2247524648&idx=1&sn=f2c24b20f296fdf69bcc67a56d82cd87)
|
||||
* [吃瓜502敏感信息泄露漏洞](https://mp.weixin.qq.com/s?__biz=Mzg4NDg2NTM3NQ==&mid=2247485412&idx=1&sn=2feb86e05999a975172c05aa24a83d88)
|
||||
* [前情报机构员工与俄罗斯漏洞经纪人交易8个0day漏洞获得数百万美元](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451183237&idx=1&sn=c92702256a591c5076ee8d2e9f867e5d)
|
||||
* [安卓应用安全:WebView漏洞挖掘教程](https://mp.weixin.qq.com/s?__biz=MzkwMTU2NzMwOQ==&mid=2247485365&idx=1&sn=e4a83ed87069ebb80ead6e9ca4475936)
|
||||
* [通过未经请求的应答记录进行 BIND 9 缓存投毒攻击 CVE-2025-40778](https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247533361&idx=1&sn=68b067e9e11ddfa7d14550ea22f40fd1)
|
||||
* [高危漏洞预警Docker Compose OCI路径遍历漏洞CVE-2025-62725](https://mp.weixin.qq.com/s?__biz=MzI3NzMzNzE5Ng==&mid=2247490924&idx=1&sn=c7ad5dcb261fdc41308a414e2aa64031)
|
||||
* [内核漏洞提权已过时?当黑客连上Tro0ll3靶场SSH,却发现整个世界只有一个端口开放……](https://mp.weixin.qq.com/s?__biz=Mzk3NTEyMzQzOA==&mid=2247488514&idx=1&sn=954e9f3ff75d34eb54a57391a3f445c6)
|
||||
* [Google开源js代码域名检查绕过](https://mp.weixin.qq.com/s?__biz=MzkzNzM1MTcwMA==&mid=2247490328&idx=1&sn=a19d7c15ba1f53c46babab0ba8483675)
|
||||
* [实战攻防技巧 | Everything后渗透利用](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247521016&idx=1&sn=25b0644c0e68c51c8c492bb1d9508e3a)
|
||||
|
||||
### 🔬 安全研究
|
||||
|
||||
* [三未信安深耕抗量子密码技术研究,重塑信息安全未来防线](https://mp.weixin.qq.com/s?__biz=MzA5ODk0ODM5Nw==&mid=2650332533&idx=1&sn=f0cd9d5d4855e9fc3db3a7a9fc606928)
|
||||
* [一篇文章教大家如何正确防止手机信息泄露方法](https://mp.weixin.qq.com/s?__biz=MzI2OTk4MTA3Ng==&mid=2247497311&idx=2&sn=e9b414e74f9bfe2d58ba627d4c7a0d5d)
|
||||
* [美日稀土供应链协议对我影响及应对策略分析](https://mp.weixin.qq.com/s?__biz=MzkwNzM0NzA5MA==&mid=2247511945&idx=1&sn=09241f3ab77601add48e718d2997fa45)
|
||||
* [“十四五”硬核成果丨低于3微秒!加密关键技术自主可控](https://mp.weixin.qq.com/s?__biz=MzAwNTAxMjUwNw==&mid=2650279241&idx=1&sn=556a163727db496b4c8f70b2fb14ea6e)
|
||||
* [Writeup | 2025年第22届信息安全与对抗技术竞赛“博弈对抗赛”](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494874&idx=5&sn=08d0136818eac8e98ec52d708f4e7951)
|
||||
* [Crawlee v3.15.2 — 新一代智能网络爬虫框架](https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485598&idx=1&sn=061ce4cdfcaa5544b7a091e9881cbd16)
|
||||
* [技术深度分析:CVE‑2025‑41244 — VMware VMware Tools 本地权限提升](https://mp.weixin.qq.com/s?__biz=MzU1NzczNTM1MQ==&mid=2247485598&idx=2&sn=44f2464fd9824bb5b9f3dce86d9a1aca)
|
||||
* [某大学生常用APP抓包数据加密流程分析](https://mp.weixin.qq.com/s?__biz=MzIwMzIyMjYzNA==&mid=2247520372&idx=1&sn=a4c00afbfae306d5b3b83d2d3b2721be)
|
||||
* [《个人信息保护法》四周年,《个人信息保护治理体系及技术应用》新书限时赠](https://mp.weixin.qq.com/s?__biz=MzA3OTMxNTcxNA==&mid=2650977012&idx=1&sn=6bff9f46e11f7eed2a9464050941577b)
|
||||
* [监控视频取证实践与分析](https://mp.weixin.qq.com/s?__biz=Mzg3NTU3NTY0Nw==&mid=2247490348&idx=1&sn=eabb8b0e938cacbca808ba3a41dc91eb)
|
||||
* [2025年APP安全状况统计分析报告](https://mp.weixin.qq.com/s?__biz=Mzg5OTg5OTI1NQ==&mid=2247492138&idx=1&sn=2cde18b18f84e2b7d93501334e5e9a6b)
|
||||
* [聚智北京,创享未来!2025年智能机器人大赛——让技术梦想照进产业现实](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649255631&idx=1&sn=c483bf529163f65a9a1ce796c055a6d0)
|
||||
|
||||
### 🎯 威胁情报
|
||||
|
||||
* [黑客克星!OpenAI的最强AI白客“土豚”登场](https://mp.weixin.qq.com/s?__biz=MzkzMTY0MDgzNg==&mid=2247485120&idx=1&sn=89c6c6f1681abebdc25b1b80544f1a2f)
|
||||
* [AI技术情报 - 每日导读试运行)](https://mp.weixin.qq.com/s?__biz=MzU5NzQ3NzIwMA==&mid=2247487256&idx=1&sn=92892a02725dd1978478f89575d065d1)
|
||||
* [国家级黑客潜伏近一年,入侵美国国防部供应商系统](https://mp.weixin.qq.com/s?__biz=Mzk2ODExMjEyNA==&mid=2247486731&idx=1&sn=1060974ca829def7104275dc0037f367)
|
||||
* [网络安全美国APT组织针对中国关键信息基础设施持续进行黑客攻击](https://mp.weixin.qq.com/s?__biz=MzU1Mjk3MDY1OA==&mid=2247521147&idx=1&sn=f49bdf43ee6833b70e9a32a07ae3a653)
|
||||
* [每周高级威胁情报解读2025.10.24~10.30](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247516502&idx=1&sn=aadc73e9c3ea330c9943c51aa7cad5dd)
|
||||
* [知名运营商遭遇网络攻击,一把手将引咎辞职](https://mp.weixin.qq.com/s?__biz=MzI1OTA1MzQzNA==&mid=2651248555&idx=1&sn=eb8c8359b5aadf7dc4394bfa9d8508d5)
|
||||
* [韩国背景APT-C-60组织部署更新版SpyGlace恶意软件展开攻击活动—每周威胁情报动态第244期(10.24-10.30)](https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492816&idx=1&sn=a5d9bf84cd8a4b306fc66e8d8dccfca3)
|
||||
* [银狐黑产组织针对跨境电商从业人员进行钓鱼攻击活动](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247494012&idx=1&sn=d97de58a512ea5875f5a2644670b2e9c)
|
||||
* [无惧勒索威胁!威努特为燃气工控系统构筑铜墙铁壁](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651136939&idx=1&sn=dbc1390cf834498f72efe93b959a7ab0)
|
||||
* [深入剖析GhostCall:从“假Zoom”到8重攻击链,看黑客如何玩转Go、Rust、Nim!](https://mp.weixin.qq.com/s?__biz=MzA4NTY4MjAyMQ==&mid=2447901560&idx=1&sn=fa612e8e14ed892e055d5f9e322608ac)
|
||||
* [技术内幕:揭秘 Herodotus 木马如何“扮演”真人,攻破银行防线](https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485258&idx=1&sn=c49651e34177d276516ad0f322f0000d)
|
||||
* [一场伊朗黑客发起的鱼叉攻击](https://mp.weixin.qq.com/s?__biz=Mzg4NzgyODEzNQ==&mid=2247489827&idx=1&sn=db25c7b40febb6dcc373157103e72f36)
|
||||
* [某财务咨询公司第三方财务管理软件被植入网络木马xa0被处罚!](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499402&idx=1&sn=47b51a1ad06de64349543de42afc1f37)
|
||||
* [3分钟破解英特尔、AMD和英伟达:TEE.fail攻击粉碎硬件可信神话](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247515319&idx=1&sn=afac4683ee1872f95feedea9ff520420)
|
||||
* [比利时和匈牙利外交机构遭高级网络间谍活动攻击](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247515319&idx=2&sn=5f8b9a10de9d69e69329cf05c4d91bee)
|
||||
* [Web攻防针对供应链安全的攻击路径与防御体系](https://mp.weixin.qq.com/s?__biz=MzkyNDUzNjk4MQ==&mid=2247484996&idx=1&sn=bee90aca746db5ee1d7222e834091810)
|
||||
|
||||
### 🛠️ 安全工具
|
||||
|
||||
* [网络安全人士必备的十款OSINT工具](https://mp.weixin.qq.com/s?__biz=MzkxNTI2MTI1NA==&mid=2247504329&idx=2&sn=974c800731e5253c771c3a454adf8d52)
|
||||
* [安全服务集成化工具集-Slack工具箱](https://mp.weixin.qq.com/s?__biz=Mzk0Mzc1MTI2Nw==&mid=2247498480&idx=1&sn=9b0c8a9fe02b6f86b58932726d3ca7a9)
|
||||
* [渗透测试AI神器 -- FastAIE(10月31日)](https://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247517527&idx=1&sn=a58307b06792f808a3beb30255ad1a6d)
|
||||
* [机器学习在DLL劫持检测中的实际应用](https://mp.weixin.qq.com/s?__biz=MzIyNDg2MDQ4Ng==&mid=2247487619&idx=1&sn=46dbfcc568e7addb270b84c5f93bfd41)
|
||||
* [记一次某SRC上某APP的测试](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612997&idx=3&sn=a114126bb91247e9415038e0bbbf8b70)
|
||||
* [一款基于 PHP 的轻量级Webshell管理工具](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612997&idx=4&sn=5a8d467b4573363c70f176b0acef163f)
|
||||
* [渗透测试辅助工具mSS-GUI v0.1.4更新:关于小老妹为更新插件怒提两个PR这回事](https://mp.weixin.qq.com/s?__biz=MzIxOTQ1OTY4OQ==&mid=2247487392&idx=1&sn=0eb56f2122e61251e1f7bb34afb29d80)
|
||||
* [渗透测试数据库提权命令清单](https://mp.weixin.qq.com/s?__biz=Mzk0ODY1NzEwMA==&mid=2247492905&idx=1&sn=cc651b5a012052ad68248b3d56e1bb76)
|
||||
* [Wireshark 显示过滤器备忘单:网络工程师的必备工具](https://mp.weixin.qq.com/s?__biz=MzIyMzIwNzAxMQ==&mid=2649471775&idx=1&sn=541b093de86db21285fab963d40a62db)
|
||||
* [还在用多款 Web 信息收集工具?你 OUT 了!](https://mp.weixin.qq.com/s?__biz=MzkxNzY5MTg1Ng==&mid=2247493494&idx=1&sn=44f109c79deb0b055149f8d16dd05ca7)
|
||||
* [红队工具VShell v4.9.3 高级版,国产C2工具下载及使用](https://mp.weixin.qq.com/s?__biz=Mzg2Nzk0NjA4Mg==&mid=2247508656&idx=1&sn=7fed7b1aa5a8b0592d1238f0dad14ac8)
|
||||
* [一次渗透测试中的任意文件上传+任意密码重置](https://mp.weixin.qq.com/s?__biz=MzkxNjMwNDUxNg==&mid=2247489084&idx=1&sn=1cf481bd294cc0eeceb9afb6a478693e)
|
||||
* [工具 | CodeAuditAssistant](https://mp.weixin.qq.com/s?__biz=MzkwMTQ0NDA1NQ==&mid=2247494824&idx=4&sn=e5d730e0952c913b28a1d03de8bdb5b4)
|
||||
* [Burp Suite 代理切换插件](https://mp.weixin.qq.com/s?__biz=Mzk0ODM0NDIxNQ==&mid=2247495554&idx=1&sn=31e4e9f41127917a7df011e3ef202eee)
|
||||
* [EasyTools渗透测试工具箱v1.9.3版本更新(优化小程序反编译,支持提取敏感信息以及导入开发者工具运行)](https://mp.weixin.qq.com/s?__biz=MzkxNDYxMTc0Mg==&mid=2247484591&idx=1&sn=c6f27cf26f68892942c469405a44026a)
|
||||
* [什么是数据检测和响应 DDR?](https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247502516&idx=2&sn=29f86a4be3119278f2af5678b99c1f1d)
|
||||
* [MITRE发布ATT&CK v18,更新了检测、移动和工业控制系统(ICS)功能](https://mp.weixin.qq.com/s?__biz=MzA5MzU5MzQzMA==&mid=2652119219&idx=2&sn=5e6330935ef7c102bb512259d6cfb548)
|
||||
* [工具推荐 | TestNet资产管理信息收集系统](https://mp.weixin.qq.com/s?__biz=MzkwNjczOTQwOA==&mid=2247496126&idx=1&sn=e4b9c384c030daebee6e4e3aab737e22)
|
||||
* [公示关于国家机器人检验检测公共服务平台中试验证矩阵—机器人典型场景中试验证基地(筹)(第一批)名单的公示](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649255631&idx=2&sn=b1c09a681b3b5c69cfb19e95018f929a)
|
||||
* [HeavenlyBypassAV免杀工具更新!](https://mp.weixin.qq.com/s?__biz=Mzk0MDczMzYxNw==&mid=2247484691&idx=1&sn=4255416edd22d447b2f6e8023fd27864)
|
||||
|
||||
### 📚 最佳实践
|
||||
|
||||
* [PHP 党福音!这款轻量级 Webshell 管理工具,运维效率直接拉满](https://mp.weixin.qq.com/s?__biz=MzkyNDcwMTAwNw==&mid=2247537333&idx=3&sn=eab855e2fc3cf5ee22242f5e816ee265)
|
||||
* [国家电力调度控制中心解读《国家能源局关于加强用户侧涉网安全管理的通知](https://mp.weixin.qq.com/s?__biz=MzIwNDYzNTYxNQ==&mid=2247504482&idx=1&sn=e4159ddd0ce31049d258e42e4ba27f30)
|
||||
* [《关于在国家数据基础设施建设先行先试中加强场景应用的实施方案》中的网络安全保障](https://mp.weixin.qq.com/s?__biz=MzUyNjk2MDU4MQ==&mid=2247487331&idx=1&sn=10e8850f85e14b8d60ce19da2b66166a)
|
||||
* [Exploiting path mapping for web cache deception 解题教程](https://mp.weixin.qq.com/s?__biz=MzkyMjI3MzU3MA==&mid=2247484948&idx=1&sn=6d1284cd15d14ff6345a84b7771f5e20)
|
||||
|
||||
### 🍉 吃瓜新闻
|
||||
|
||||
* [金融业的“安全焦虑”:保险与资管公司集体上调网络安全预算](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247540676&idx=1&sn=fee04ac93a196473b6265088710cccbb)
|
||||
* [汇丰美国客户数据库遭黑客入侵 !Everest 勒索泄露 AT&T、航空等多家巨头数据](https://mp.weixin.qq.com/s?__biz=MzkyNDcwMTAwNw==&mid=2247537333&idx=1&sn=fb6c893169b62b578ea232f5e8c41c71)
|
||||
* [数万亿数据泄露 + YouTube 恶意视频,双重网络风险来袭](https://mp.weixin.qq.com/s?__biz=MzkyNDcwMTAwNw==&mid=2247537333&idx=2&sn=fb4038f03df2c5c46c167170037e6064)
|
||||
* [国家安全部提示:警惕网购中的“数据刺客”暗中窃密](https://mp.weixin.qq.com/s?__biz=MzkyNDUyNzU1MQ==&mid=2247488906&idx=1&sn=193da169ab63c1575e642342da0c0f96)
|
||||
* [捷报 | 边界无限成功中标某头部保险公司RASP项目](https://mp.weixin.qq.com/s?__biz=MzAwNzk0NTkxNw==&mid=2247487362&idx=1&sn=8f5a0ec6768dabb31b65ecbcf727064c)
|
||||
* [信誉管理网站 Reputation.com 数据泄露:1.2 亿条记录遭曝光](https://mp.weixin.qq.com/s?__biz=Mzg3NTY0MjIwNg==&mid=2247486324&idx=1&sn=bc48d70d95923db71af3a3b1fea651eb)
|
||||
* [黑客声称入侵汇丰美国客户数据库,涉个人及财务信息|Everest勒索软件泄露AT&T、都柏林机场与阿拉伯航空数据](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650612997&idx=1&sn=5749c5359731b115e530f3b2a20f7acc)
|
||||
* [网安行业“老渔夫”的困境:一封“绩效邮件”为何能攻陷一家公司](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650636237&idx=1&sn=f73835d5d64c6e34861e030a8c0d740b)
|
||||
* [关于2025年“数据要素×”大赛全国总决赛获奖项目名单的公示](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494874&idx=3&sn=85dfffacec770419ca0b7b32442617fb)
|
||||
* [数据安全事件的合规处理步骤](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247549398&idx=3&sn=d9f41ad9c5a7f4d7b83a449c7e2030a0)
|
||||
* [我的AWS账户被黑后的完整事件复盘](https://mp.weixin.qq.com/s?__biz=MzIyMzM2MzE1OQ==&mid=2247484619&idx=1&sn=2fc5f4b9b7e75176bf8327c93a2198b2)
|
||||
* [电商平台“不设防”,旅客票务数据遭批量爬取!合肥网安部门出手整治](https://mp.weixin.qq.com/s?__biz=MzIwMTQ2MzU5Nw==&mid=2652462113&idx=1&sn=80dc86021be9984d3517777d4c422911)
|
||||
* [五根天线的奥秘:拆掉任何一根,你的企业路由器性能会暴跌多少?](https://mp.weixin.qq.com/s?__biz=MzI4NjAzMTk3MA==&mid=2458862142&idx=1&sn=88e9c27594dfd934765626cf77618c14)
|
||||
* [香港保护关键基础设施条例明年实施u3000投资署:吸引网络安全公司进驻](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499402&idx=2&sn=a7e283a5b7630b7ae1da115d0dd35926)
|
||||
* [韩国KT因非法基站导致个人信息泄露向受害顾客提供免费通信费用](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499402&idx=3&sn=65fa116133a4e9987b4dcb57757bcc96)
|
||||
* [护网—2025|别让侥幸变不幸:某公司因未履行网络安全保护义务被罚](https://mp.weixin.qq.com/s?__biz=MzA5MzU5MzQzMA==&mid=2652119219&idx=1&sn=c9b5c4cb574e12c38bb9d5b2b55c4d1f)
|
||||
* [快递与门牌号:网络通信数据传输的秘密](https://mp.weixin.qq.com/s?__biz=Mzg3NTUzOTg3NA==&mid=2247516602&idx=1&sn=b806367161404b73601d2f9a9399745f)
|
||||
* [数字政府优秀案例联播贵州省:深化系统融通和数据共享 赋能“高效办成一件事”](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649255631&idx=3&sn=b2db9035437c42761cd837e4bce576ac)
|
||||
|
||||
### 📌 其他
|
||||
|
||||
* [四维空间的你我](https://mp.weixin.qq.com/s?__biz=MjM5NDcxMDQzNA==&mid=2247490073&idx=1&sn=3e03486c0cad78a7bd928c42261c71db)
|
||||
* [深入解析现代 Windows 结构化异常处理(SEH)(x64)](https://mp.weixin.qq.com/s?__biz=MzkyMjM0ODAwNg==&mid=2247488662&idx=1&sn=3e7909dc121c76d896c6a90c2dfc3573)
|
||||
* [相约香港|慢雾将亮相香港金融科技周及多场 Web3 行业盛会](https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247503582&idx=1&sn=b421c5d3a5c292f8d1e9ffe75e8582a9)
|
||||
* [RIVAL:面向机器翻译的迭代对抗强化学习](https://mp.weixin.qq.com/s?__biz=Mzg3Njc0NTgwMg==&mid=2247503686&idx=1&sn=fb40d52cc0b3be6fee309aa932a1f4fa)
|
||||
* [关于举办网络安全实战化人才培养师资培训的通知](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247540676&idx=2&sn=0be07ae07d9636db6a4f9e2c81af85cc)
|
||||
* [《网络安全法》最新修正版全文!](https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247494387&idx=1&sn=5f721dba8cd28fdc40382a161b08e4be)
|
||||
* [中华人民共和国主席令(第六十一号)](https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247494387&idx=2&sn=385744997b77c9054a666ca57c31d1c0)
|
||||
* [全国人民代表大会常务委员会关于修改《中华人民共和国网络安全法》的决定](https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247494387&idx=3&sn=36d5aabaa6749ad02a45ad4fd1470ae7)
|
||||
* [关于开展“清朗·整治网络直播打赏乱象”专项行动的通知](https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247494387&idx=4&sn=38b2ddccb6073707de81532dc3cecbe1)
|
||||
* [你是如何被诈骗团伙盯上的?](https://mp.weixin.qq.com/s?__biz=MzI4MDQ1MzQ0NA==&mid=2247494387&idx=5&sn=3f88f69043a112c5d3b257ee44f832f4)
|
||||
* [赛博安全协会第五次换届大会](https://mp.weixin.qq.com/s?__biz=MzkyNDIyNTE0OQ==&mid=2247485067&idx=1&sn=3d1a9f3744395d4491ef40fff69708dd)
|
||||
* [红队视角:内网是如何被一步步打穿的?(评论区送书3本)](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247545741&idx=1&sn=cb343acecb0381ab19de6e2010c5b81f)
|
||||
* [浦发银行总行招聘网络安全岗](https://mp.weixin.qq.com/s?__biz=Mzg2NDYwMDA1NA==&mid=2247545741&idx=2&sn=0f40335da3feac32baff8873dd6ba7bc)
|
||||
* [服务器CPU飙升到100%怎么处理](https://mp.weixin.qq.com/s?__biz=MzkwOTg4NDk5NQ==&mid=2247485005&idx=1&sn=91b02ba3306f0049c470df41cda42d3c)
|
||||
* [净网—2025|警惕!网络背后的 “侮辱利刃” 损人害己](https://mp.weixin.qq.com/s?__biz=MzU0MTA3OTU5Ng==&mid=2247568478&idx=1&sn=1854ce1d3dd96b2612d53b662093b222)
|
||||
* [2025年10月网络安全态势感知月报](https://mp.weixin.qq.com/s?__biz=MzUyMjAyODU1NA==&mid=2247492700&idx=1&sn=d660f1dc2e11b85e54f35cf46a1bf525)
|
||||
* [速下载!200页PPT图解《网络安全法》2025修订版](https://mp.weixin.qq.com/s?__biz=MzkyNzE5MDUzMw==&mid=2247580476&idx=1&sn=067738d47b09d71c0daeb645906ca48e)
|
||||
* [网络安全的13个致命谎言](https://mp.weixin.qq.com/s?__biz=MzkxNTI2MTI1NA==&mid=2247504329&idx=1&sn=5d76299ec95a0bff414714ec693408fa)
|
||||
* [AAAI 2025|深度聚焦VLM安全:MMJ-Bench——多模态大模型越狱攻防的统一基准](https://mp.weixin.qq.com/s?__biz=MzkyNzQ1NzI4MA==&mid=2247485870&idx=1&sn=a0b606db83d6b110ac4159efad94a406)
|
||||
* [如何清理支付宝不必要的第三方授权,保护个人信息安全,避免不必要的麻烦](https://mp.weixin.qq.com/s?__biz=MzI2OTk4MTA3Ng==&mid=2247497311&idx=1&sn=81b26268038366bd3d9a7622e1defe69)
|
||||
* [嘉韦思网络安全合规服务:紧跟等保脉络](https://mp.weixin.qq.com/s?__biz=MzIxNTA4OTI5Mg==&mid=2647713241&idx=1&sn=677b28b5b4aaa44eb789d8592a01ed45)
|
||||
* [2025 年人工智能现状报告](https://mp.weixin.qq.com/s?__biz=MzkzMjcxOTk4Mg==&mid=2247486206&idx=1&sn=5679f59120efaf0df0743c3d1a40d15a)
|
||||
* [404星链计划 | 新项目收录&版本更新](https://mp.weixin.qq.com/s?__biz=MzAxNDY2MTQ2OQ==&mid=2650991026&idx=1&sn=fcc184c60c4ec1160bee52a7eaec1021)
|
||||
* [微软 Azure 全球宕机超 8 小时,Xbox 与 Microsoft 365 服务全面中断](https://mp.weixin.qq.com/s?__biz=MzIzNDIxODkyMg==&mid=2650087317&idx=1&sn=4966a6e30c91c91285b57b49bddfe8db)
|
||||
* [网络安全动态 - 2025.10.31](https://mp.weixin.qq.com/s?__biz=MzU1MzEzMzAxMA==&mid=2247500188&idx=1&sn=342a7f24676c58804b8408e2c9767664)
|
||||
* [在“GPP:本地用户和组”中滥用 sAMAccountName 劫持](https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247533362&idx=2&sn=7cb42210e99fb8703182569b12858e84)
|
||||
* [2025智驾芯片专题报告:行业现状、发展趋势、竞争格局](https://mp.weixin.qq.com/s?__biz=MzkyOTMwMDQ5MQ==&mid=2247521208&idx=1&sn=3c8ddcc61118616d1c7f2e7e0373c36c)
|
||||
* [安卓逆向 -- 某记账app破解](https://mp.weixin.qq.com/s?__biz=MzA4MzgzNTU5MA==&mid=2652040665&idx=1&sn=001bc68c2b94df43d727a234f9a04162)
|
||||
* [最新公告 | 深信服产业教育业务全面升级,即日起迁移至深信服官方网站](https://mp.weixin.qq.com/s?__biz=MzkzMDE3NDE0Ng==&mid=2247539894&idx=1&sn=9698d5997ef0a57b37f0d3fe80537c95)
|
||||
* [开学不打CTF比赛,那你大学算是白读了!](https://mp.weixin.qq.com/s?__biz=MzU3MjczNzA1Ng==&mid=2247500232&idx=1&sn=507bae0e866e06de8772cdea8a323845)
|
||||
* [每日免费资源更新(10月31日更新)](https://mp.weixin.qq.com/s?__biz=MzU3NzY3MzYzMw==&mid=2247500245&idx=1&sn=6569fab753a266147b150a3c72f3d131)
|
||||
* [手机里的\"隐形炸弹\":个人如何防范恶意APP窃取信息](https://mp.weixin.qq.com/s?__biz=MzkyNzc0MzcwMA==&mid=2247484285&idx=1&sn=d719d9968978737f03318c86979fa483)
|
||||
* [2025年Solar应急响应公益月赛-10月](https://mp.weixin.qq.com/s?__biz=MzkzNjk0NDYzMw==&mid=2247484189&idx=1&sn=ed276651cc49e1abec00e776a3304af1)
|
||||
* [超全!CISP全类别详细介绍,后面有福利](https://mp.weixin.qq.com/s?__biz=MzU4OTg4Nzc4MQ==&mid=2247507184&idx=1&sn=8b8851a5cb746362784fee0ab82ef881)
|
||||
* [净网-2025|编造“有人跳桥失踪”虚假信息,网警依法查处!](https://mp.weixin.qq.com/s?__biz=MzAxOTU4ODM2Nw==&mid=2651179939&idx=1&sn=ed9ba8d292af39d24c9bc524f7f78507)
|
||||
* [净网-2025 | 警惕“小利”换“大罪”!网警侦破侵犯公民个人信息案](https://mp.weixin.qq.com/s?__biz=MzA4NTk5NzgxOA==&mid=2657569080&idx=1&sn=c612a199a227166655e0c347764de335)
|
||||
* [Acunetix-v25.8.250820089-Windows](https://mp.weixin.qq.com/s?__biz=MzkxMzQzMDY3MQ==&mid=2247484157&idx=1&sn=f2e52eff593978642c477c44b638a999)
|
||||
* [中孚信息发布《中孚信息2025年10月网络安全月报》](https://mp.weixin.qq.com/s?__biz=MzAxMjE1MDY0NA==&mid=2247512491&idx=1&sn=11cfd5882f9851f7a68597cfa879cb14)
|
||||
* [网络安全校招:笔试高频 20 题,附解题思路](https://mp.weixin.qq.com/s?__biz=MzE5MTAzMzY5NA==&mid=2247488235&idx=1&sn=fc28f59bc002aa0c96641e553c08282c)
|
||||
* [DeepSeek,永别了!!](https://mp.weixin.qq.com/s?__biz=MjM5OTA4MzA0MA==&mid=2454941024&idx=1&sn=f3c21a5ec815e9eb9f8dcac991bf461d)
|
||||
* [安恒国际受邀参加印尼最大规模隐私与网络安全峰会GRACS x IPSS 2025](https://mp.weixin.qq.com/s?__biz=MjM5NTE0MjQyMg==&mid=2650636237&idx=2&sn=05169661ed45c5194054429caf081b90)
|
||||
* [赛事中标丨马鞍山市第四届网络和信息安全专业技能比武竞赛服务](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494874&idx=1&sn=e47b4dd49e9e26c8a27f38ff582c0ab9)
|
||||
* [第五届“宁盾杯”网络安全大赛公告](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494874&idx=2&sn=c870f580011704694f685b26da13598a)
|
||||
* [喜报:中南空管局在“羊城杯”网络安全大赛斩获佳绩](https://mp.weixin.qq.com/s?__biz=Mzk0NTU0ODc0Nw==&mid=2247494874&idx=4&sn=c1359f49927fb18154c4f6a7b78253ec)
|
||||
* [三季度度报告:奇安信 2025年第三季度营收10.96亿,前三季度累计营收28.39亿](https://mp.weixin.qq.com/s?__biz=MzUzNjkxODE5MA==&mid=2247495259&idx=1&sn=1dc3dd51a12d5a9b2bdb2162fa66fc9c)
|
||||
* [AI安全的病根:OODA循环](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247549398&idx=1&sn=d61c88c8ff8255304b748cd49afd1b35)
|
||||
* [微软最新报告: “AI对抗AI”已成为网络安全主战场](https://mp.weixin.qq.com/s?__biz=Mzg2MDg0ODg1NQ==&mid=2247549398&idx=2&sn=39852351285be227e7d2e67f0d8f1f60)
|
||||
* [一周热点速览](https://mp.weixin.qq.com/s?__biz=MzkxMzI3MzMwMQ==&mid=2247531575&idx=1&sn=fff9fd0b4f43ffc6562573bc0ce012f1)
|
||||
* [跨平台后门、反向 shell](https://mp.weixin.qq.com/s?__biz=Mzg2NTk4MTE1MQ==&mid=2247488283&idx=1&sn=9608db192444bdddecb6337e40660e84)
|
||||
* [别说了别说了](https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247502078&idx=1&sn=e0d15c70c2f4ad6af03283f6adc72232)
|
||||
* [SCI论文发表!保姆级投稿套餐来了!润色、选刊、投稿、返修,直至中刊!](https://mp.weixin.qq.com/s?__biz=MzAwMjQ2NTQ4Mg==&mid=2247502078&idx=2&sn=3fe1457214be8cb5f6e4d1acbc769ee6)
|
||||
* [密码学基于模拟的证明](https://mp.weixin.qq.com/s?__biz=MzUwOTc3MTQyNg==&mid=2247493071&idx=1&sn=929db0793f9cd86395ebe4061bbcad73)
|
||||
* [积分悬赏哦豁,一个很难的应急响应靶场](https://mp.weixin.qq.com/s?__biz=Mzg4MDg5NzAxMQ==&mid=2247486587&idx=1&sn=e11a488ddbb89fd2ffb3568879ded2fc)
|
||||
* [好靶场322日榜:看看是谁在卷你](https://mp.weixin.qq.com/s?__biz=Mzg4MDg5NzAxMQ==&mid=2247486587&idx=2&sn=ca08973dda7d20c247286db8cc67099a)
|
||||
* [突发!曾经的“苹果安全独角兽”,如今被私募基金 159 亿打包带走](https://mp.weixin.qq.com/s?__biz=MzkzNjE5NjQ4Mw==&mid=2247545562&idx=1&sn=c90f6e75baf1e4314ac3e2d814d0cda4)
|
||||
* [别再瞎装软件了!PDFgear v2.1.13中文便携版,一个顶十个的效率神器!](https://mp.weixin.qq.com/s?__biz=MzIzMzI1Njg3Mw==&mid=2651930299&idx=1&sn=27be126ad5823a38797122aedf84a0a4)
|
||||
* [Prisma AIRS人工智能安全平台介绍](https://mp.weixin.qq.com/s?__biz=MzIyMjYzNDgzMg==&mid=2247487691&idx=1&sn=a5d8caf9a0c25f53ac0cf1566bbf65b0)
|
||||
* [来了!!!摩托车正式纳入UN R155](https://mp.weixin.qq.com/s?__biz=Mzk0MzQzNzMxOA==&mid=2247488180&idx=1&sn=75a2407fb0e2bc7159f2f75cefcc0fa6)
|
||||
* [天才攻略 | 下次这种比赛别投降,这样打!!](https://mp.weixin.qq.com/s?__biz=Mzk0MzQzNzMxOA==&mid=2247488180&idx=2&sn=d7993a520fd5d51cba36a4c2ea4208f2)
|
||||
* [一文了解:网络安全法最新修订内容](https://mp.weixin.qq.com/s?__biz=MzA4MzQyNDU3Mg==&mid=2247485974&idx=1&sn=af377b902338695e907a6b469a8c748c)
|
||||
* [免费游戏加速器OpenSpeedy v1.7.6更新,据说还能加速网盘下载!](https://mp.weixin.qq.com/s?__biz=MzA4MjkzMTcxMg==&mid=2449048149&idx=1&sn=aaf8469f8f319b144207b2aa72b6f275)
|
||||
* [xctf攻防世界 GFSJ0177 misc CTF santa-walks-into-a-barxa0writeup](https://mp.weixin.qq.com/s?__biz=MzU2NzIzNzU4Mg==&mid=2247491226&idx=1&sn=0038fc6559456fb7fc51504c54ab70dc)
|
||||
* [每天一个网络知识:什么是端口?](https://mp.weixin.qq.com/s?__biz=MzUyNTExOTY1Nw==&mid=2247532071&idx=1&sn=b05d4866f764316cb3eba7a7aaa1adf9)
|
||||
* [划重点!新修改的《网络安全法》将带来这些新变化](https://mp.weixin.qq.com/s?__biz=MzA3NDUzMjc5Ng==&mid=2650204204&idx=1&sn=d49bf5b1e55f249ea64764757db3300b)
|
||||
* [解析2025强网拟态BabyStack](https://mp.weixin.qq.com/s?__biz=MzYzNzA5MzQ3Nw==&mid=2247484356&idx=1&sn=9bb5fb55110473384c83a7f11a2356d3)
|
||||
* [Windows进程间通信:RPC深入探索(第六部分)](https://mp.weixin.qq.com/s?__biz=Mzk2NDg3NTc1Mg==&mid=2247485067&idx=1&sn=e2d98a31b3e05fd37759c1ca79dced36)
|
||||
* [实战挖EDUSRC之全过程](https://mp.weixin.qq.com/s?__biz=MzIxNTg1MjYzOQ==&mid=2247484032&idx=1&sn=511c5fd3fa155e536b222e1bd76fd34c)
|
||||
* [《网络安全法》2025修订版与2016版新旧对比](https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655293691&idx=1&sn=69bd6ebdbb015f81d9ce3bbf3748b18b)
|
||||
* [《十五五规划建议》学习脑图](https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655293691&idx=2&sn=4f333f82bca783908d8139489362e3aa)
|
||||
* [查扣手机 26000 余部!砀山公安捣毁 13 处 “网络水军” 窝点,涉案超 900 万元](https://mp.weixin.qq.com/s?__biz=MzIxOTM2MDYwNg==&mid=2247519798&idx=1&sn=c1b124828af904a9d4cc0e386db75562)
|
||||
* [净网-2025| 警惕“小利”换“大罪”!网警侦破侵犯公民个人信息案](https://mp.weixin.qq.com/s?__biz=MzU0MTA3OTU5Ng==&mid=2247568471&idx=1&sn=b825665e642e77d0087ede069b902d8c)
|
||||
* [北京市人民检察院发布《关于打击治理金融黑灰产的联合倡议书》](https://mp.weixin.qq.com/s?__biz=MzkxNTI2NTQxOA==&mid=2247499402&idx=4&sn=c2e5b84fc03a53d9c8efcc1ae4892a82)
|
||||
* [5th域安全微讯早报20251031261期](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247515319&idx=3&sn=a1d25342fafe3d99df79f2c9d364a3fc)
|
||||
* [暗网快讯20251031期](https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247515319&idx=4&sn=8c324361e25ebc6de10a6d1723ed0638)
|
||||
* [TCP重置报文在网络攻防中的应用](https://mp.weixin.qq.com/s?__biz=Mzk0MTI4NTIzNQ==&mid=2247495428&idx=1&sn=ce337ef622ec09af085d2f5380802835)
|
||||
* [秦安:两岸统一加速的又一重大信号,新华社署名文章阐释五大利好](https://mp.weixin.qq.com/s?__biz=MzA5MDg1MDUyMA==&mid=2650481817&idx=1&sn=a700e0b18239bb1ade5e9db66e6cbffc)
|
||||
* [cheat比man更好用么](https://mp.weixin.qq.com/s?__biz=MzI2NDI0MjA1MQ==&mid=2247485042&idx=1&sn=3655c564576336c62b93baeb7f2dc6e9)
|
||||
* [PVE实战进阶:如何通过VNC/RDP/云桌面等多种方式访问虚拟机](https://mp.weixin.qq.com/s?__biz=MzU2MjU2MzI3MA==&mid=2247486278&idx=1&sn=dc813c58ede34137a173e243c0d9a174)
|
||||
* [从Windows换到MacOS系统,需要经历什么?不断切换都快错乱了……](https://mp.weixin.qq.com/s?__biz=MzU2MjU2MzI3MA==&mid=2247486278&idx=2&sn=850bbf53adba53925d6c55503c4e07bb)
|
||||
* [最后的银幕巨星:莱昂纳多·迪卡普里奥](https://mp.weixin.qq.com/s?__biz=MzU2MjU2MzI3MA==&mid=2247486278&idx=3&sn=c17c4352a4020e4972d179e50883bbfc)
|
||||
* [内网渗透四:隧道搭建](https://mp.weixin.qq.com/s?__biz=MzkyMjUzNTM1Mw==&mid=2247487932&idx=1&sn=2450bf4ee5c2c98595ae4e954e90c0cd)
|
||||
* [网络安全不再仅仅是IT问题](https://mp.weixin.qq.com/s?__biz=Mzg2NjY2MTI3Mg==&mid=2247502516&idx=1&sn=afd8ea48c287623cc63e9a0765392262)
|
||||
* [三季度报告:信安世纪 2025年第三季度营收1.20亿,前三季度累计营收3.18亿](https://mp.weixin.qq.com/s?__biz=MzUzNjkxODE5MA==&mid=2247495216&idx=1&sn=fbd8b703a75c0bdd6b0f9cc927eb169f)
|
||||
* [03 宇宙的十二种假说:信息即存在](https://mp.weixin.qq.com/s?__biz=Mzk5MDgzMDExMg==&mid=2247484568&idx=1&sn=17d3db8ef97c3819afa0184ac13807d5)
|
||||
* [基于《x86汇编语言从实模式到保护模式》分享](https://mp.weixin.qq.com/s?__biz=Mzk0MzY5MzI3Mg==&mid=2247484012&idx=1&sn=d831dfc2ab00c0a23e1cd5e2cf7406f2)
|
||||
* [成文实验室|知识星球正式上线](https://mp.weixin.qq.com/s?__biz=Mzg2Mzg2NDM0NA==&mid=2247486589&idx=1&sn=e0fa57dfc979ba73e9e248682dec06cb)
|
||||
* [-8.7%!网络安全行业三季度营收连续九个季度同比萎缩](https://mp.weixin.qq.com/s?__biz=MzUzOTI4NDQ3NA==&mid=2247484874&idx=1&sn=27ee5ec5df601dc7813460197024e0ea)
|
||||
* [招聘鑫飞智能招人啦~](https://mp.weixin.qq.com/s?__biz=Mzg5MjkwODc4MA==&mid=2247487277&idx=1&sn=910c68ebc4e4f615d89cbe036f1d6710)
|
||||
* [一名合格红队的成长之路](https://mp.weixin.qq.com/s?__biz=Mzg2ODYxMzY3OQ==&mid=2247521016&idx=2&sn=e2d53728f0e5662021ccf993b273a966)
|
||||
* [工信动态一图速览!“十五五”规划建议61条](https://mp.weixin.qq.com/s?__biz=MjM5NzYwNDU0Mg==&mid=2649255631&idx=4&sn=20dd76983a0a34ef6d97c3d8bb91cecc)
|
||||
* [G.O.S.S.I.P 阅读推荐 2025-10-30 开始的开始,是谁在唱歌](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247500918&idx=1&sn=a20d161fc591d983599f5da80742d42c)
|
||||
* [APK逆向实战:加固 APK 不脱壳,照样拿flag!](https://mp.weixin.qq.com/s?__biz=MzI5NDg0ODkwMQ==&mid=2247486827&idx=1&sn=440d303eb175e6121a2fba8337ee26fb)
|
||||
* [Python满屏飘字代码(独属于计算机的浪漫)](https://mp.weixin.qq.com/s?__biz=MzkwMzY5MTUyNA==&mid=2247484368&idx=1&sn=3211356c86ec8bbe9c721db8c3ec668b)
|
||||
* [vulnhub靶场之DC-4](https://mp.weixin.qq.com/s?__biz=Mzg3MjgxMzkzMg==&mid=2247484878&idx=1&sn=cf6e65a49879c506107b91ef7cbeae13)
|
||||
* [24数证初赛 U盘部分](https://mp.weixin.qq.com/s?__biz=MzYyNTgyMjY2NQ==&mid=2247484005&idx=1&sn=3764a38053fb91ddf51cf22ee6653675)
|
||||
* [星球日常25.10.30](https://mp.weixin.qq.com/s?__biz=Mzg4Njc1MTIzMw==&mid=2247485904&idx=1&sn=05246cc6c07a969dc50788a3de7dc7ab)
|
||||
|
||||
## 安全分析
|
||||
(2025-10-31)
|
||||
|
||||
本文档包含 AI 对安全相关内容的自动化分析结果。[概览](https://blog.897010.xyz/c/today)
|
||||
|
||||
@ -396,3 +624,147 @@ CVE-2025-49844为0day漏洞,且漏洞允许执行任意shellcode,危害严
|
||||
</details>
|
||||
|
||||
---
|
||||
|
||||
### PyRIT - PyRIT框架更新,增强AI安全
|
||||
|
||||
#### 📌 仓库信息
|
||||
|
||||
| 属性 | 详情 |
|
||||
|------|------|
|
||||
| 仓库名称 | [PyRIT](https://github.com/Azure/PyRIT) |
|
||||
| 风险等级 | `LOW` |
|
||||
| 安全类型 | `安全工具` |
|
||||
| 更新类型 | `GENERAL_UPDATE` |
|
||||
|
||||
#### 📊 代码统计
|
||||
|
||||
- 分析提交数: **5**
|
||||
- 变更文件数: **26**
|
||||
|
||||
#### 💡 分析概述
|
||||
|
||||
PyRIT是一个用于识别生成式AI系统中风险的开源框架。本次更新主要集中在功能增强和代码质量改进,包括数据库功能的完善,修复了测试警告,优化了代码结构,并增强了对Azure SQL数据库的支持。此外,还新增了对于Azure Sora端点的支持。整体更新提升了框架的稳定性和功能完整性,有助于安全专业人员更好地评估和应对AI系统的安全风险。
|
||||
|
||||
#### 🔍 关键发现
|
||||
|
||||
| 序号 | 发现内容 |
|
||||
|------|----------|
|
||||
| 1 | 新增了对Azure Sora端点的支持,扩展了框架的适用范围。 |
|
||||
| 2 | 完善了数据库功能,增强了数据存储和管理能力。 |
|
||||
| 3 | 修复了测试警告,提高了代码质量和稳定性。 |
|
||||
| 4 | 代码结构优化,提升了代码可维护性和可读性。 |
|
||||
|
||||
#### 🛠️ 技术细节
|
||||
|
||||
> 新增了ScenarioResult到数据库,完善了数据存储模型。
|
||||
|
||||
> 改进了Azure SQL Memory的实现,增强了数据库交互功能。
|
||||
|
||||
> 修复了测试用例中的警告,提高了代码质量。
|
||||
|
||||
> 优化了prompt_converter,提升了代码的效率。
|
||||
|
||||
> 新增Azure Sora Endpoint Regex Pattern,增强对Azure Sora Endpoint的支持
|
||||
|
||||
|
||||
#### 🎯 受影响组件
|
||||
|
||||
```
|
||||
• pyrit/memory/azure_sql_memory.py
|
||||
• pyrit/memory/memory_interface.py
|
||||
• pyrit/memory/memory_models.py
|
||||
• pyrit/memory/sqlite_memory.py
|
||||
• pyrit/models/__init__.py
|
||||
• pyrit/models/scenario_result.py
|
||||
• pyrit/scenarios/__init__.py
|
||||
• pyrit/scenarios/printer/console_printer.py
|
||||
• pyrit/scenarios/printer/scenario_result_printer.py
|
||||
• pyrit/scenarios/scenario.py
|
||||
• tests/integration/memory/test_azure_sql_memory_integration.py
|
||||
• tests/unit/cli/test_initializer_registry.py
|
||||
• tests/unit/executor/attack/multi_turn/test_tree_of_attacks.py
|
||||
• tests/unit/memory/memory_interface/test_interface_scenario_results.py
|
||||
• tests/unit/score/test_scorer.py
|
||||
• tests/unit/target/test_huggingface_chat_target.py
|
||||
• tests/unit/test_azure_storage_auth.py
|
||||
• tests/unit/test_hf_model_downloads.py
|
||||
• tests/unit/test_prompt_normalizer.py
|
||||
• pyrit/prompt_converter/transparency_attack_converter.py
|
||||
• tests/unit/converter/test_math_prompt_converter.py
|
||||
• tests/unit/score/test_self_ask_category.py
|
||||
• pyrit/executor/attack/printer/markdown_printer.py
|
||||
• pyrit/prompt_target/openai/openai_target.py
|
||||
```
|
||||
|
||||
#### ⚡ 价值评估
|
||||
|
||||
<details>
|
||||
<summary>展开查看详细评估</summary>
|
||||
|
||||
本次更新增强了PyRIT框架的功能和稳定性,特别是对数据库的支持和对Sora端点的适配,有助于安全研究人员更全面地评估AI系统的安全性。
|
||||
</details>
|
||||
|
||||
---
|
||||
|
||||
### astgrep - astgrep SQL注入增强
|
||||
|
||||
#### 📌 仓库信息
|
||||
|
||||
| 属性 | 详情 |
|
||||
|------|------|
|
||||
| 仓库名称 | [astgrep](https://github.com/c2j/astgrep) |
|
||||
| 风险等级 | `MEDIUM` |
|
||||
| 安全类型 | `代码安全分析` |
|
||||
| 更新类型 | `SECURITY_IMPROVEMENT` |
|
||||
|
||||
#### 📊 代码统计
|
||||
|
||||
- 分析提交数: **1**
|
||||
- 变更文件数: **9**
|
||||
|
||||
#### 💡 分析概述
|
||||
|
||||
该仓库是一个用于安全漏洞和代码质量检测的静态代码分析工具。本次更新主要集中在增强SQL注入检测能力,通过引入嵌入式SQL预处理器,使得astgrep能够从Java和MyBatis XML源文件中提取SQL语句,并对提取的SQL代码进行分析。这使得现有的SQL规则可以应用于嵌入在Java代码或XML中的SQL语句,提高了检测的全面性。更新还包括了API和用户指南的补充。此更新提升了SQL注入检测的覆盖范围和效率,对于提升代码安全具有实际价值。
|
||||
|
||||
#### 🔍 关键发现
|
||||
|
||||
| 序号 | 发现内容 |
|
||||
|------|----------|
|
||||
| 1 | 新增嵌入式SQL预处理器,支持从Java和XML提取SQL语句 |
|
||||
| 2 | 现有的SQL规则可以直接应用于Java和XML中的SQL代码 |
|
||||
| 3 | 提高了SQL注入检测的覆盖范围和效率 |
|
||||
| 4 | 更新了API文档和用户指南 |
|
||||
|
||||
#### 🛠️ 技术细节
|
||||
|
||||
> 引入嵌入式SQL预处理器,该预处理器能够从Java代码和MyBatis XML文件中提取SQL语句。
|
||||
|
||||
> SQL规则的metadata中通过'preprocess: embedded-sql'来启用预处理器,并指定提取的源文件类型'preprocess.from: "java,xml"'
|
||||
|
||||
> 预处理器会对提取的SQL语句进行归一化处理,然后使用现有的SQL语义匹配器进行分析。
|
||||
|
||||
> 分析结果会映射回原始的Java或XML文件中的位置。
|
||||
|
||||
|
||||
#### 🎯 受影响组件
|
||||
|
||||
```
|
||||
• astgrep-cli (命令行工具)
|
||||
• SQL规则引擎
|
||||
• 嵌入式SQL预处理器
|
||||
• scripts/extract_sql_and_analyze.py (提取SQL的Python脚本)
|
||||
```
|
||||
|
||||
#### ⚡ 价值评估
|
||||
|
||||
<details>
|
||||
<summary>展开查看详细评估</summary>
|
||||
|
||||
此次更新显著增强了astgrep对SQL注入的检测能力,通过提取和分析嵌入式SQL,扩展了检测范围,提高了代码安全防护的全面性。
|
||||
</details>
|
||||
|
||||
---
|
||||
|
||||
|
||||
## 免责声明
|
||||
本文内容由 AI 自动生成,仅供参考和学习交流。文章中的观点和建议不代表作者立场,使用本文信息需自行承担风险和责任。
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user