# 每日安全资讯(2026-07-08) - Doonsec's feed - [ ] [一款实用且免费的域名安全检测OSINT工具](https://mp.weixin.qq.com/s/veP-MuUxAKUVM8x5FjOD-A) - [ ] [报告!第5000位关注者已锁定,会员已就位。](https://mp.weixin.qq.com/s/H-SywjQRQpzVQyThqZ2TAw) - [ ] [数据泄露情报2026.7.7 - 炒冷饭美国T-mobile 3700万用户泄露](https://mp.weixin.qq.com/s/pTdU4AGvJgPWuDQfhqid5w) - [ ] [CertiK成为Hub71官方安全与合规供应商,助力ADGM数字资产生态发展](https://mp.weixin.qq.com/s/vE0iDg9H0FFU2fR2Sv4QcA) - [ ] [源码泄露——江苏省第四届数据安全技术应用职业技能竞赛初赛](https://mp.weixin.qq.com/s/ZJxc9u4hoR13JhlN8sRAAw) - [ ] [我的PDF分析助手成了内网跳板:WorkBuddy插件SSRF漏洞复盘,顺便送10套企业版给兄弟们](https://mp.weixin.qq.com/s/jPnioOdeII6xTJkpkXwImQ) - [ ] [hermes 渗透骗子网站](https://mp.weixin.qq.com/s/kfSGWYy4iKxmhYw-KGDzvA) - [ ] [游戏逆向— C135O_FPS—第三部分:模块 2 外部作弊完整 概念](https://mp.weixin.qq.com/s/y313f39gAiRoPPLeFGHpcw) - [ ] [有想法的AI公司都已经开始研发AI芯片了](https://mp.weixin.qq.com/s/Uq1Z6HNfjfsMe0I1s2zjdA) - [ ] [AI会扼杀漏洞赏金产业吗?](https://mp.weixin.qq.com/s/laspFRAYA4OmgojN86YGkQ) - [ ] [T3MP3ST——ai安全元工具(agent自动化找漏洞)](https://mp.weixin.qq.com/s/schLREA8vWhc3deI7Pa2Fg) - [ ] [保命群安稳运行3个多月了](https://mp.weixin.qq.com/s/aD5j5uaWwctOsc7aDV6m1w) - [ ] [ARL灯塔重构版:支持APP/小程序/公众号资产同步扫描](https://mp.weixin.qq.com/s/czTYVst8KJlS-2_ZSRWodw) - [ ] [【AI安全】AI安全左移爆雷!ML-SBOM把模型供应链拉进流水线](https://mp.weixin.qq.com/s/gfcA-9EeYfBxZV--H4KSnA) - [ ] [Harness 工程实战第3篇:上下文工程与记忆](https://mp.weixin.qq.com/s/w2uauQ_apgVwBg_yv-xuLw) - [ ] [【船舶网络安全系列】一文读懂中国船级社船舶网络安全指南(二)](https://mp.weixin.qq.com/s/7YcHTWfSs-AzFPqAPEUppw) - [ ] [4个AI工具搞定PPT、会议纪要、表格、做图,一分钱没花](https://mp.weixin.qq.com/s/0UUFi8M1WcaqLBxTsYXkEA) - [ ] [如果是能选择保留一个,你会选择哪个IDE?](https://mp.weixin.qq.com/s/7-h6HwVHoBPRcSQjK0-AIQ) - [ ] [【已复现】Linux FUSE page cache 本地权限提升漏洞(CVE-2026-31694)安全风险通告](https://mp.weixin.qq.com/s/uPtv1Tz2__9fB9P4-xjzYg) - [ ] [【代码审计】客户端漏洞之未授权文件上传+dll劫持实现命令执行rce](https://mp.weixin.qq.com/s/D2m2ZOz9MNtRLIB35DMb7Q) - [ ] [【重要提醒】东西向流量已成企业数据失窃致命通道!](https://mp.weixin.qq.com/s/xxgrEPKUyeP-0RGirHxKPw) - [ ] [AI Coding 产品演进:从续写补全到人机对等协作](https://mp.weixin.qq.com/s/1g0o8FHAmbm-ry3GxxVYRQ) - [ ] [浙江公安推动基层善治走深走实](https://mp.weixin.qq.com/s/ZsnNcJbRRnlm9DelRjbatQ) - [ ] [搞懂了 AI 渗透测试,你的网站拿什么防?盾甲 WAF Pro 来了!](https://mp.weixin.qq.com/s/98tQ8R2aUXRYQYAf7gjAuA) - [ ] [Gartner观点:从两条技术成熟度曲线,看清AI落地的现实与长期机遇](https://mp.weixin.qq.com/s/Ohm_ipKS4hXdw2cleYPjFA) - [ ] [今日小暑!](https://mp.weixin.qq.com/s/OWoFaxJPgUN6YfLV3o5EvA) - [ ] [第五章 常用基于低代码平台的智能体搭建](https://mp.weixin.qq.com/s/c2iDC5eHI6om5H5sGWiA1g) - [ ] [中国法律效力层级与标准化文件体系:从业者需要厘清的基本框架](https://mp.weixin.qq.com/s/xbW59xhDVXdO7VAorAyrbQ) - [ ] [这个数据分级分类系统太好用了,关键免费](https://mp.weixin.qq.com/s/RRp06UIv8VAaD72S16bzJg) - [ ] [微软推出执行容器,以保护 Windows 上的 AI 代理](https://mp.weixin.qq.com/s/uhAQHqrS1Lwq5zypm260BQ) - [ ] [CTFPlus逆向每周练习-冲刺!偷摸零!、only_flower、CTF+Binary练习题-Re-Day7、CTF+Binary练习题-Re-Day11、CTF+Binary练习题-Re-Day5](https://mp.weixin.qq.com/s/gj2ggdGuPVTXklhXWtKT_g) - [ ] [云南临沧:守牢西南边境防线 探索毒品治理新路径](https://mp.weixin.qq.com/s/kMGzRiaQZCvXEbWeu2zguA) - [ ] [AI 安全的“分层防御”范式:Meta PurpleLlama 项目深度技术拆解落地指南](https://mp.weixin.qq.com/s/SrqMCH0jvz7Xwx4SWKgygQ) - [ ] [UCoder效能实测丨一键复刻Palantir风格UI,高效生成复杂系统原型](https://mp.weixin.qq.com/s/oVuLQc2ArCci4tZsu7pbIQ) - [ ] [BeyondTrust 修复了远程支持和 PRA 中的关键身份验证绕过漏洞](https://mp.weixin.qq.com/s/h__oS3_urFF3uKcCpj-W4Q) - [ ] [AI安全市场创新研报](https://mp.weixin.qq.com/s/NlhspwIHICd1UCQ0XMGhQA) - [ ] [马来西亚稀土产业集群正在加速成型](https://mp.weixin.qq.com/s/zQ836g5KDy0xxUz2ArIDRg) - [ ] [央视新闻 | 奇安信专家揭秘公共二维码变涉黄码、诈骗码 该如何防范和管理](https://mp.weixin.qq.com/s/eb5jTaBnq1fujsA2W6dRmA) - [ ] [银狐Ghost分发商再出特种木马、针对特定目标投递,天擎EDR率先拦截](https://mp.weixin.qq.com/s/VAtFRKuXHjOGJfIUuHpDkQ) - [ ] [齐向东出席吉林大学校友服务吉林高质量发展大会并致辞](https://mp.weixin.qq.com/s/gaEBUmrK9w0hkVJnuU3OEg) - [ ] [后渗透管理工具 LeoAI](https://mp.weixin.qq.com/s/OKCFIH1pqYixUgFi8g5dqQ) - [ ] [Frida学习笔记(二十五):签名校验绕过](https://mp.weixin.qq.com/s/wt4ReiXl3JXsCNaB6RkUDQ) - [ ] [面试官:扫码登录时手机是如何把登录态“传”给电脑的?](https://mp.weixin.qq.com/s/XpgLYcpD4JMwa0UOJtFiDg) - [ ] [泽鹿安全受邀参加“铸盾车联”专题培训会,分享主机厂威胁情报与主动防御体系建设实践](https://mp.weixin.qq.com/s/Gb4uQ6gnTKJryr4QYUJmmw) - [ ] [未然解读 | 勒索软件依然是全球头号威胁,科技史上最狠泄密!代工厂被黑,众多机密泄露](https://mp.weixin.qq.com/s/D5rXPFZNdNNPj0K8or9eig) - [ ] [Sonnet 5 生成的 PPT 质量如何?Copilot技能更上一层楼](https://mp.weixin.qq.com/s/Mzp8iolHPuDDqOQeSiv_qA) - [ ] [投研必备|Copilot分析助手深度财报拆解,数字背后的企业真相一目了然](https://mp.weixin.qq.com/s/uPi9jXMyWmfqCkRsIIY_Ow) - [ ] [从“平台对抗”到“体系对抗”:美军多域技术体系实战全解析](https://mp.weixin.qq.com/s/kZE60b6ZTdoG3ZPpRrqtGA) - [ ] [让数据流得动、用得好、更安全——美创可信数据空间解决方案正式发布](https://mp.weixin.qq.com/s/WUPof1CVUQiXJ6IY5uIjHw) - [ ] [期刊发表丨俄罗斯应对量子时代密码安全的布局、进展及面临挑战](https://mp.weixin.qq.com/s/fTUpzVrPHv6btbsIdbOLTw) - [ ] [美国防承包商提出AI时代网络防御须从四方面主动破局](https://mp.weixin.qq.com/s/DKEHx4dWJFTdcI17UD4KJQ) - [ ] [意大利国家民航局数据泄露:近9000条用户记录及后台数据库曝光](https://mp.weixin.qq.com/s/tagUj9Noq-B72pxjhEkFRA) - [ ] [网安同路人请就位,你的专属兴趣小组来啦](https://mp.weixin.qq.com/s/TLD1Oqscxruy_bCtSq9MKQ) - [ ] [用 AI Native 方式看清霍尔木兹海峡通航「罗生门」](https://mp.weixin.qq.com/s/G-7fuRD4O3k5SAkEkUbNpA) - [ ] [微软Edge漏洞可致攻击者远程执行任意代码](https://mp.weixin.qq.com/s/H0VcYf0mY6mgf7-C0Fuorw) - [ ] [AI 可在数分钟内伪造文件,“看起来没问题”已不再可靠](https://mp.weixin.qq.com/s/UswxFz40l-raOyo-cHP0qg) - [ ] [SilverFox黑客利用Go语言RAT+内核Rootkit发起多阶段渗透攻击](https://mp.weixin.qq.com/s/BCtolZMOGDAFZq0hw5q_Bw) - [ ] [知道创宇AiPy亮相TGO成都AI大模型应用生态大会 以\"外挂智能\"破解企业信息化困局](https://mp.weixin.qq.com/s/2chtAt4UE5uhlRbk4st92A) - [ ] [苹果史上最严重供应链泄露事件始末:630GB机密文件是如何被“顺手摘走”的?](https://mp.weixin.qq.com/s/cTnwco6fRuSrofMXYPKx7g) - [ ] [擂鼓催征 智战AI时代|亚信安全2026合作伙伴技术大比武震撼启幕](https://mp.weixin.qq.com/s/srPw1E91E4nTxjbo6FPbcw) - [ ] [吐槽帖变泄密雷区:社交平台上的无心之失,正在成为企业最大的安全黑洞](https://mp.weixin.qq.com/s/C2K47n7r9oYVpWZ-30ArbQ) - [ ] [守内安 x ASRC 2026第二季度电子邮件安全观察报告](https://mp.weixin.qq.com/s/cEd1Cf9xWGVTli99OpuzzQ) - [ ] [活动报道 | 2026“工赋砺网”工业领域企业出海数据安全与跨境合规专场培训成功举办](https://mp.weixin.qq.com/s/nefCoqQUd-ukWnH1k7fQfA) - [ ] [【网安闲话】中级500一天,要求有PTE](https://mp.weixin.qq.com/s/A4GoIr_Dm_wMMCCu92cdGA) - [ ] [AI 在渗透测试中的能力排行:从夯到拉](https://mp.weixin.qq.com/s/ElMtHjf6HwXF13qL_0eL7g) - [ ] [从Vibe Coding到Harness—— 一套大仓AI工程化实战](https://mp.weixin.qq.com/s/LGo7daiYYRf1r_YY3r-cXw) - [ ] [黑客](https://mp.weixin.qq.com/s/ljuaS1IhnltpIxAfWG1bxg) - [ ] [吴倩琳:云安全责任系列标准解读——从公有云到专有云](https://mp.weixin.qq.com/s/gygx_bNY5Xs4K24xAt3PNQ) - [ ] [暑期安全提示|玩转无人机安全第一课(小学生版)](https://mp.weixin.qq.com/s/Z6_p2rKVz6dsugcZx3y-Ow) - [ ] [6月必修漏洞清单:涵盖Gogs、Vite等多组件高危漏洞,务必速查](https://mp.weixin.qq.com/s/XQhgWbZyhgpkKulRm6owzQ) - [ ] [你醒啦?现在是1998年](https://mp.weixin.qq.com/s/EsbOATdyHCbadubv_r_kBQ) - [ ] [恶意WebDAV载荷中转站深度研判报告](https://mp.weixin.qq.com/s/4DRVILN0vVTA9iKS0KeiwA) - [ ] [匿名WebDAV载荷服务器关联Windows窃密远控工具全链路研判分析](https://mp.weixin.qq.com/s/CGSUqDjqpmj4gDYUYF0UnA) - [ ] [原创—看到这一幕泪目了,何时除人间疾苦](https://mp.weixin.qq.com/s/Xv4dPYxoxZYMlWGamHBGbQ) - [ ] [全生命周期视角下可信数据空间的构建逻辑与路径](https://mp.weixin.qq.com/s/eYMw1giniudxfgWvqygbow) - [ ] [一键生成“伪原创”骗取平台补贴 揭秘“AI洗稿”产业链→](https://mp.weixin.qq.com/s/koikSb8D6mUtzYdvv-bSCw) - [ ] [【已复现】漏洞通告 | phpBB认证绕过漏洞(CVE-2026-48611)](https://mp.weixin.qq.com/s/fyLZ3buRopnXxKLcxV1Aag) - [ ] [某电网电表数据遭大规模非法篡改,损失逾7000万元](https://mp.weixin.qq.com/s/0E3oLdVyIzuVX3M16LYqyw) - [ ] [违反数据安全管理等规定,中行又一分行被罚436万元](https://mp.weixin.qq.com/s/6_NrR3nqR6lN86yUbqgbvQ) - [ ] [【已复现】Linux FUSE page cache 越界写本地提权漏洞](https://mp.weixin.qq.com/s/8z3EhwgnTyTj6Hkq8dDNCQ) - [ ] [进程强杀最新版火绒6](https://mp.weixin.qq.com/s/awpEQU3PqiEggSr8qtBREg) - [ ] [安全简讯(2026.07.07)](https://mp.weixin.qq.com/s/HO1XLgDqdDBR2b-Rhe2pFg) - [ ] [BugHunter-AI:智能自动化渗透测试助手](https://mp.weixin.qq.com/s/LQ_Cig0jY3kRu1FEwhJvUg) - Private Feed for M09Ic - [ ] [mgeeky starred MaximeRivest/riddle](https://github.com/MaximeRivest/riddle) - [ ] [anthropics released v2.1.203 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.203) - [ ] [strands-agents released python/v1.46.0 at strands-agents/harness-sdk](https://github.com/strands-agents/harness-sdk/releases/tag/python/v1.46.0) - [ ] [bolucat released 202607072204 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202607072204) - [ ] [ZeddYu starred anthropics/jacobian-lens](https://github.com/anthropics/jacobian-lens) - [ ] [mgeeky starred earendil-works/pi](https://github.com/earendil-works/pi) - [ ] [liamg contributed to liamg/grabber](https://github.com/liamg/grabber/pull/26) - [ ] [agentscope-ai released v2.0.4 at agentscope-ai/agentscope](https://github.com/agentscope-ai/agentscope/releases/tag/v2.0.4) - [ ] [liamg contributed to infracost/proto](https://github.com/infracost/proto/pull/79) - [ ] [niudaii starred mattpocock/skills](https://github.com/mattpocock/skills) - [ ] [Mr-xn forked Mr-xn/cn-check from palemoky/cn-check](https://github.com/Mr-xn/cn-check) - [ ] [LoRexxar starred simulationcraft/simc](https://github.com/simulationcraft/simc) - [ ] [pydantic released v2.5.1 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v2.5.1) - [ ] [RuoJi6 released fork-v0.5.48-audit.1 at RuoJi6/dbx-audit](https://github.com/RuoJi6/dbx-audit/releases/tag/fork-v0.5.48-audit.1) - Tenable Blog - [ ] [OMB M-26-14: Why federal agencies must fix asset visibility first](https://www.tenable.com/blog/omb-m-26-14-asset-visibility-logging-maturity-model-compliance) - 安全客-有思想的安全新媒体 - [ ] [【FDE前沿部署工程师】全国百城上岗计划二期来啦!](https://www.anquanke.com/post/id/315682) - [ ] [RedAmon:串联侦察、漏洞利用与后渗透的 AI 安全工具](https://www.anquanke.com/post/id/315747) - [ ] [SecSuite—— 搭载人工智能的开源情报、Web 与 API 安全综合测试工具](https://www.anquanke.com/post/id/315743) - [ ] [恶意Skills利用扫描规避技术攻击Claude Code和Codex](https://www.anquanke.com/post/id/315737) - [ ] [T3MP3ST 安全框架:集成 35 款工具,将 AI 代码智能体转化为零日漏洞挖掘器](https://www.anquanke.com/post/id/315732) - [ ] [首个AI全流程勒索攻击来了:JADEPUFFER证明,勒索不再需要人类操盘手](https://www.anquanke.com/post/id/315724) - Recent Commits to cve:main - [ ] [Update Tue Jul 7 12:02:03 UTC 2026](https://github.com/trickest/cve/commit/52d3aba7527ac84b035de65f677ea4fd391cf7cc) - SecWiki News - [ ] [SecWiki News 2026-07-07 Review](http://www.sec-wiki.com/?2026-07-07) - Paper - 知道创宇404实验室 - [ ] [拒绝背后:通过行为监控确定护栏激活](https://paper.seebug.org/3496) - Horizon3.ai - [ ] [CVE-2026-48283 / CVE-2026-48313 | Adobe ColdFusion Pre-Authentication Unrestricted File Upload and Path Traversal Vulnerabilities](https://horizon3.ai/attack-research/vulnerabilities/cve-2026-48283-cve-2026-48313/) - [ ] [Horizon3.ai Names Matthew Schaner VP of Americas Sales](https://horizon3.ai/news/press-release/horizon3-ai-names-matthew-schaner-vp-of-americas-sales/) - Securelist - [ ] [Threat landscape for industrial automation systems. Q1 2026](https://securelist.com/industrial-threat-report-q1-2026/120643/) - Hacking Dream - [ ] [Advanced DNS Penetration Testing: ADIDNS & Relay Attacks](https://www.hackingdream.net/2026/07/advanced-dns-pentesting-adidns-poisoning.html) - 🔐Blog of Osanda - [ ] [Inside a TradingView Phishing Kill Chain: Dissecting a Self-Hosted ScreenConnect Phishing Campaign](https://osandamalith.com/2026/07/07/a-phishing-email-a-fake-trial-and-a-real-backdoor/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [Chaining a DOM XSS Sink, WAF Bypass, Cross-Origin Smuggling, and SDK Abuse into One Click Account…](https://infosecwriteups.com/chaining-a-dom-xss-sink-waf-bypass-cross-origin-smuggling-and-sdk-abuse-into-one-click-account-6c1a7095f8e1?source=rss----7b722bfd1b8d--bug_bounty) - Malwarebytes - [ ] [How the Reddit and Discord false report scam steals accounts](https://www.malwarebytes.com/blog/threat-intel/2026/07/how-the-reddit-and-discord-false-report-scam-steals-accounts) - [ ] [Fake Netflix, Coca-Cola, and FIFA job scams target marketers](https://www.malwarebytes.com/blog/scams/2026/07/fake-netflix-coca-cola-and-fifa-job-scams-target-marketers) - [ ] [Claude Code’s hidden tracker was an “experiment,” says Anthropic](https://www.malwarebytes.com/blog/news/2026/07/claude-codes-hidden-tracker-was-an-experiment-says-anthropic) - [ ] [Scammers are using AI to sell impossible flowers](https://www.malwarebytes.com/blog/scams/2026/07/scammers-are-using-ai-to-sell-impossible-flowers) - NVISO Labs - [ ] [Reducing Microsoft Sentinel Costs Without Compromising Detection – Part 2: The Firewall Quest](https://blog.nviso.eu/2026/07/07/reducing-microsoft-sentinel-costs-without-compromising-detection-part-2-the-firewall-quest/) - Reverse Engineering - [ ] [Reverse Engineered Garry Kitchen's GameMaker (C64) - VM, file formats, instruction set, and reimplemented for the browser](https://www.reddit.com/r/ReverseEngineering/comments/1uq5xff/reverse_engineered_garry_kitchens_gamemaker_c64/) - [ ] [Nemesis — Native CLR Monitor for In-Memory .NET Payload (Crypters) Analysis](https://www.reddit.com/r/ReverseEngineering/comments/1uqcbv3/nemesis_native_clr_monitor_for_inmemory_net/) - [ ] [Reverse engineering TR-830 battery](https://www.reddit.com/r/ReverseEngineering/comments/1uplf2y/reverse_engineering_tr830_battery/) - [ ] [Binvariants: Register-Level Invaraint-Guided Fuzzing for Binaries](https://www.reddit.com/r/ReverseEngineering/comments/1upfcgt/binvariants_registerlevel_invaraintguided_fuzzing/) - [ ] [Reverse Engineered and whitelabeled Claude Code. Have fun!](https://www.reddit.com/r/ReverseEngineering/comments/1upu0yq/reverse_engineered_and_whitelabeled_claude_code/) - Exploit-DB.com RSS Feed - [ ] [[webapps] MCPJam Inspector - Remote Code Execution](https://www.exploit-db.com/exploits/52625) - [ ] [[local] ProtonVPN v4.4.1 - Unquoted Service Path](https://www.exploit-db.com/exploits/52624) - [ ] [[webapps] Flowise 3.1.3 - arbitrary code execution](https://www.exploit-db.com/exploits/52623) - [ ] [[remote] Hydra - Stack Buffer Overflow](https://www.exploit-db.com/exploits/52622) - [ ] [[webapps] Discuz! X5.0 - Authentication Bypass](https://www.exploit-db.com/exploits/52621) - [ ] [[webapps] Tenable Nessus 10.12.1 - SQL Injection](https://www.exploit-db.com/exploits/52620) - [ ] [[webapps] WordPress Bricks Builder Theme - RCE](https://www.exploit-db.com/exploits/52619) - [ ] [[remote] iOS Bluetooth PAN Exploit - Ethernet Gateway without Adapter](https://www.exploit-db.com/exploits/52618) - rtl-sdr.com - [ ] [Adding HD Radio Support to FM DX Webservers with an RTL-SDR](https://www.rtl-sdr.com/adding-hd-radio-support-to-fm-dx-webservers-with-an-rtl-sdr/) - 绿盟科技技术博客 - [ ] [企业文档安全最佳实践(三):人员密级匹配与审批流程控制](https://blog.nsfocus.net/%e4%bc%81%e4%b8%9a%e6%96%87%e6%a1%a3%e5%ae%89%e5%85%a8%e6%9c%80%e4%bd%b3%e5%ae%9e%e8%b7%b5%ef%bc%88%e4%b8%89%ef%bc%89%ef%bc%9a%e4%ba%ba%e5%91%98%e5%af%86%e7%ba%a7%e5%8c%b9%e9%85%8d%e4%b8%8e%e5%ae%a1/) - [ ] [【公益译文】2026年AI指数报告(七)](https://blog.nsfocus.net/%e3%80%90%e5%85%ac%e7%9b%8a%e8%af%91%e6%96%87%e3%80%912026%e5%b9%b4ai%e6%8c%87%e6%95%b0%e6%8a%a5%e5%91%8a%ef%bc%88%e4%b8%83%ef%bc%89/) - 奇客Solidot–传递最新科技情报 - [ ] [学习多种语言能延缓大脑衰老最长 13 年](https://www.solidot.org/story?sid=84778) - [ ] [LineageOS 项目谈 Google 的开发者认证计划](https://www.solidot.org/story?sid=84777) - [ ] [内存成本占到了低端智能手机总成本的六成](https://www.solidot.org/story?sid=84776) - [ ] [连续数周缺觉会导致体重增加](https://www.solidot.org/story?sid=84775) - [ ] [空气污染通过干扰冲动控制导致儿童肥胖](https://www.solidot.org/story?sid=84774) - [ ] [美国人的每天社交时间比 20 年前少 10 分钟](https://www.solidot.org/story?sid=84773) - [ ] [微软裁员 4800 人,游戏业务深受影响](https://www.solidot.org/story?sid=84772) - [ ] [美国最高法院允许德州要求移动应用验证用户年龄](https://www.solidot.org/story?sid=84771) - [ ] [美国研究型大学招收的博士生人数减少 15%](https://www.solidot.org/story?sid=84770) - 腾讯玄武实验室 - [ ] [每日安全动态推送(26/7/7)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960518&idx=1&sn=95df4d36a8e513154865819123842d7a) - HackerNews - [ ] [FatFs 中的七个漏洞使 IoT 和嵌入式设备面临风险](http://0.0.0.0:8080/post/64435) - [ ] [JadePuffer 勒索软件使用 AI 智能体自动化整个攻击过程](http://0.0.0.0:8080/post/64434) - [ ] [最高严重级别的 Adobe ColdFusion 漏洞现已在攻击中被利用](http://0.0.0.0:8080/post/64433) - [ ] [Microsoft Teams 上的虚假 IT 支持电话推送 EtherRAT 恶意软件](http://0.0.0.0:8080/post/64432) - [ ] [钓鱼攻击伪装成大品牌求职面试以窃取 Google 账户](http://0.0.0.0:8080/post/64431) - [ ] [伊朗关联黑客使用新型 Cavern C2 框架攻击以色列组织](http://0.0.0.0:8080/post/64430) - 代码卫士 - [ ] [已存在16年的 Linux KVM 漏洞可导致从客户虚拟机逃逸至宿主机](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526532&idx=1&sn=cadb21f6556d420bb88549f455cfa643) - [ ] [BeyondTrust 修复多个严重的认证绕过漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526532&idx=2&sn=4f737299033d13d7cabebbe6acee6b34) - 腾讯安全应急响应中心 - [ ] [仲夏有约|加测!百万奖池+4倍积分持续燃夏](https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651208511&idx=1&sn=db299253b1e16980a83c73ead777864b) - 黑鸟 - [ ] [一款实用且免费的域名安全检测OSINT工具](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451187576&idx=1&sn=505a7adc39b8364e51f353dcf6cb5265) - 安全客 - [ ] [T3MP3ST 安全框架:集成 35 款工具,将 AI 代码智能体转化为零日漏洞挖掘器](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649790196&idx=1&sn=3f00c235b885725bac7aae84b3f9860e) - [ ] [恶意Skills利用扫描规避技术攻击Claude Code和Codex](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649790196&idx=2&sn=175ac36300649ae8ff72b5bc14af145a) - 我的安全视界观 - [ ] [国家安全部供应链投毒警示](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247487773&idx=1&sn=1b265c53b4d359de029a344d11dc93df) - 绿盟科技研究通讯 - [ ] [【公益译文】2026年AI指数报告(六)](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247500049&idx=1&sn=fd6a39c0289197aa68ac496a727ee223) - 奇安信威胁情报中心 - [ ] [一封邮件、零点击、零门槛:拆解 2026 年最让企业 IT 头疼的 Exchange XSS 攻击链(CVE-2026-42897 )](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247519409&idx=1&sn=dcc6363e9057f950e57e15f52e0efa1b) - 安全内参 - [ ] [某电网电表数据遭大规模非法篡改,损失逾7000万元](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516222&idx=1&sn=1ba8470675ce0f6fe343f0b9a3bec2f0) - [ ] [违反数据安全管理等规定,中行又一分行被罚436万元](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516222&idx=2&sn=7054c5c6924f19e837ee995384993feb) - 威努特安全网络 - [ ] [AI勒索攻击态势加剧 制造企业怎么防](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142894&idx=1&sn=3a389ccaaf04a833edf6534131220ca4) - [ ] [WinClaw新版本即将发布 10000个超级VIP限时开抢!](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142894&idx=2&sn=cc7a1cc7ccb475b99078cf5f164a4de6) - [ ] [Agnes AI 值得尝试吗:注册、配置与实测体验。](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142894&idx=3&sn=1e660e2926ddf8b587a4b46378f08d8f) - 中国信息安全 - [ ] [论坛·原创 | 关键信息基础设施后量子密码迁移安全风险与责任重构研究](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664264359&idx=1&sn=82848e8deef3dd9212ff44b0c417b15a) - [ ] [专家解读 | 王志勤:夯实互联网信息服务治理法治根基 护航网络生态健康发展](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664264359&idx=2&sn=38c029221874744d982f6a66bc074d44) - [ ] [专家观点 | 筑牢金融信息服务数据安全屏障](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664264359&idx=3&sn=6b52d2942d9262e31ac3f9a4b3aada74) - [ ] [关注 | 紧盯世界杯赛事窗口期 斩断网络赌球链条 守住群众钱袋子](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664264359&idx=4&sn=d63106e06905d9b4dcec28128af8dae5) - [ ] [评论 | 人工智能安全要从娃娃抓起](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664264359&idx=5&sn=49aaec54e8dcd0254a476b7c1b75ec5e) - 微步在线 - [ ] [微步AI智能体安全治理方案入选《2026 AI安全产业研究报告》](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650187028&idx=1&sn=c7649834d6d264beb299aefcb3b41fbb) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [日本2025年度个人信息泄露事件数量减少8%](https://blog.upx8.com/%E6%97%A5%E6%9C%AC2025%E5%B9%B4%E5%BA%A6%E4%B8%AA%E4%BA%BA%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E4%BA%8B%E4%BB%B6%E6%95%B0%E9%87%8F%E5%87%8F%E5%B0%918) - [ ] [谷歌投资欧洲核聚变“独角兽” 以期在2030年代建成商业聚变电站](https://blog.upx8.com/%E8%B0%B7%E6%AD%8C%E6%8A%95%E8%B5%84%E6%AC%A7%E6%B4%B2%E6%A0%B8%E8%81%9A%E5%8F%98-%E7%8B%AC%E8%A7%92%E5%85%BD-%E4%BB%A5%E6%9C%9F%E5%9C%A82030%E5%B9%B4%E4%BB%A3%E5%BB%BA%E6%88%90%E5%95%86%E4%B8%9A%E8%81%9A%E5%8F%98%E7%94%B5%E7%AB%99) - 安全牛 - [ ] [80% AI Agent 技能暗藏风险!第三方工具已成企业数据内鬼](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141868&idx=1&sn=7f05d1912aea42fd427f0646fadbf474) - [ ] [AI 大幅拉低漏洞挖掘门槛,开源安全守夜人该如何突围?](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141868&idx=2&sn=8dd0815ebc49a17b1feecb02dd6321cf) - 极客公园 - [ ] [289 美元的 AI 语音戒指「火」了:能不能成为下一个 Plaud](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653109937&idx=1&sn=266ca1fc20369667774b77ec02bc864f) - [ ] [马斯克xAI正式更名为SpaceXAI;字节申请「咕咕嘎嘎」等热梗著作权;三星今年利润超过去 40 年总和 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653109928&idx=1&sn=f8803e4cdfbe32abfbb60f14ce5e40f1) - 信息安全国家工程研究中心 - [ ] [2026年数智医学大会(CHINC)| 工程中心以安全赋能医疗数智化建设](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247504399&idx=1&sn=fbbdf4bb348c618c596cea8b0b6ec56d) - 看雪学苑 - [ ] [安卓逆向完整学习路线图公开!体系课打包带走更划算](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458617378&idx=1&sn=44084683df5e0aab5e6f289f9a289d62) - [ ] [Android 逆向 Multi-Agent 系统设计](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458617378&idx=2&sn=944134e05c321c58adf12043ba1fc70f) - [ ] [潜伏16年!KVM 跨架构逃逸漏洞曝光,AWS、GCP 全线告急](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458617378&idx=3&sn=79c21f6f53344bd046ddfeac65446951) - 天黑说嘿话 - [ ] [暑期9.9元抢购全国通用980元电影卡|不限影厅|暑期畅影《玩具总动员5》经典系列续作](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247486206&idx=1&sn=77728692906918a326e780b810d42bbf) - 安全圈 - [ ] [【安全圈】必应搜索"收款码"被黑灰产刷量了](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077739&idx=1&sn=1ba5203e265cf9584e7ff221c4c889e0) - [ ] [【安全圈】Claude Cowork沙箱逃逸,虚拟机形同虚设](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077739&idx=2&sn=6138c74dbf436afd5f84f72449f26ffa) - [ ] [【安全圈】FatFs 中的漏洞使 IoT 和嵌入式设备面临风险](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077739&idx=3&sn=cf0cb509a64fb70946bc756edcf48216) - 火绒安全 - [ ] [小暑 | 倏忽暑风至 网安境自安](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534944&idx=1&sn=ccee4432f3486460c9cbcf4c6bcf5a30) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534944&idx=2&sn=877b4b30793b518712698dfab917b46d) - 慢雾科技 - [ ] [慢雾出品 | 2026 上半年区块链安全与反洗钱报告](https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247505351&idx=1&sn=2540746c2ff8a6f35ec26c11d7898736) - 安全行者老霍 - [ ] [自带智能体:劫持暴露的AI 后端以支撑攻击性行动](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486821&idx=1&sn=46f21f37debac5d7342de344076ec594) - 云鼎实验室 - [ ] [6月必修漏洞清单:涵盖Gogs、Vite等多组件高危漏洞,务必速查](https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497800&idx=1&sn=6157c390d7c8d692950917c03807bc77) - Qualys Security Blog - [ ] [Qualys Joins Cisco Cloud Control Studio as a Launch Partner to Bring Risk Intelligence to Agentic Operations](https://blog.qualys.com/category/product-tech) - IT Service Management News - [ ] [Nuova ISO/IEC 27000:2026](http://blog.cesaregallotti.it/2026/07/nuova-isoiec-270002026.html) - TrustedSec - [ ] [Welcoming ObfusGit](https://trustedsec.com/blog/welcoming-obfusgit) - 纽创信安 - [ ] [密码闯关「金钞大盗」+AI 硬件攻防黑客松!PANDA 2026 两大重磅现场挑战公布](https://mp.weixin.qq.com/s?__biz=MzAwNTczMjAzMg==&mid=2650241596&idx=1&sn=5d90496ebc339ebb99f0bec4645b8ee6) - ICT Security Magazine - [ ] [Ciclo di vita della threat intelligence: dai dati alle decisioni](https://www.ictsecuritymagazine.com/cyber-security/ciclo-di-vita-della-threat-intelligence/) - SANS Internet Storm Center, InfoCON: green - [ ] [More Odd DNS Records: NIMLOC, (Tue, Jul 7th)](https://isc.sans.edu/diary/rss/33128) - [ ] [ISC Stormcast For Tuesday, July 7th, 2026 https://isc.sans.edu/podcastdetail/9996, (Tue, Jul 7th)](https://isc.sans.edu/diary/rss/33126) - Schneier on Security - [ ] [Google Is Suing Chinese Scammers Who Are Using Gemini](https://www.schneier.com/blog/archives/2026/07/google-is-suing-chinese-scammers-who-are-using-gemini.html) - GRAHAM CLULEY - [ ] [Two arrested over credit card phishing – as the Netherlands is named Europe’s worst for payment fraud](https://www.bitdefender.com/en-us/blog/hotforsecurity/two-arrested-credit-card-phishing-netherlands-europe-payment-fraud) - Blackhat Library: Hacking techniques and research - [ ] [Why does your fingerprint look clean on every checker but still get banned?](https://www.reddit.com/r/blackhat/comments/1upqcez/why_does_your_fingerprint_look_clean_on_every/) - Security Affairs - [ ] [Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets](https://securityaffairs.com/194902/hacking/critical-gitea-docker-bug-under-active-exploitation-exposes-repositories-and-secrets.html) - [ ] [Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)](https://securityaffairs.com/194894/hacktivism/spanish-police-arrest-man-linked-to-carr-z-pentest-and-noname05716.html) - [ ] [Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available](https://securityaffairs.com/194878/security/hidden-tenda-router-backdoor-grants-admin-access-no-patch-available.html) - [ ] [AI-Generated Malware Powers New Armored Likho APT Campaign](https://securityaffairs.com/194854/apt/ai-generated-malware-powers-new-armored-likho-apt-campaign.html) - [ ] [Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks](https://securityaffairs.com/194868/security/januscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html) - The Hacker News - [ ] [RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service](https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html) - [ ] [Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots](https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html) - [ ] [DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts](https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html) - [ ] [Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data](https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html) - [ ] [Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker](https://thehackernews.com/2026/07/court-filing-reveals-windows-device-id.html) - [ ] [Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants](https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html) - [ ] [What Changes When Your Software Supply Chain Includes AI Writing Your Code?](https://thehackernews.com/2026/07/what-changes-when-your-software-supply.html) - [ ] [Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities](https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html) - [ ] [CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware](https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html) - [ ] [BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA](https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html) - TorrentFreak - [ ] [‘Tonga’ Suspends Popular Pirate Site Domains Following Indian Court Order](https://torrentfreak.com/tonga-suspends-popular-pirate-site-domains-following-indian-court-order/) - Full Disclosure - [ ] [OPNsense XPATH Injection (CVE-2026-53582)](https://seclists.org/fulldisclosure/2026/Jul/18) - [ ] [SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+](https://seclists.org/fulldisclosure/2026/Jul/17) - Deeplinks - [ ] [Automated Moderation Is Here to Stay](https://www.eff.org/deeplinks/2026/07/part-1-automated-moderation-here-stay) - [ ] [Help EFF Cut the AI Hype](https://www.eff.org/deeplinks/2026/07/help-eff-cut-ai-hype) - Security Weekly Podcast Network (Audio) - [ ] [Dune References, FAT, Claude, ZhiPu, PolinRider, RentaBot, Sony, Aaran Leyland & More - SWN #596](http://sites.libsyn.com/18678/dune-references-fat-claude-zhipu-polinrider-rentabot-sony-aaran-leyland-more-swn-596) - [ ] [Defense-in-depth strategies for securing mobile applications - Ryan Lloyd - ASW #390](http://sites.libsyn.com/18678/defense-in-depth-strategies-for-securing-mobile-applications-ryan-lloyd-asw-390)
每日安全资讯(2026-07-08)