# 每日安全资讯(2026-05-29) - SecWiki News - [ ] [SecWiki News 2026-05-28 Review](http://www.sec-wiki.com/?2026-05-28) - Tenable Blog - [ ] [Download pumping: New npm deception technique for supply chain attacks](https://www.tenable.com/blog/how-cyberattackers-inflate-malicious-package-npm-download-counts) - Microsoft Security Blog - [ ] [The Gentlemen ransomware: Dissecting a self-propagating Go encryptor](https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor/) - 安全客-有思想的安全新媒体 - [ ] [AI安全网关:企业统一接入、安全防护与数据安全的必要性与实践路径](https://www.anquanke.com/post/id/315578) - [ ] [借一个简单AI靶场初步了解提示词注入](https://www.anquanke.com/post/id/315584) - Private Feed for M09Ic - [ ] [bolucat released 202605282231 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202605282231) - [ ] [usestrix released v1.0.2 at usestrix/strix](https://github.com/usestrix/strix/releases/tag/v1.0.2) - [ ] [b1nhack forked b1nhack/cscope_maps.nvim from dhananjaylatkar/cscope_maps.nvim](https://github.com/b1nhack/cscope_maps.nvim) - [ ] [anthropics released v2.1.154 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.154) - [ ] [github released v0.8.17 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.8.17) - [ ] [liamg contributed to infracost/proto](https://github.com/infracost/proto/pull/60) - [ ] [esrrhs contributed to esrrhs/fakelua](https://github.com/esrrhs/fakelua/pull/128) - [ ] [pmiaowu starred mukul975/Anthropic-Cybersecurity-Skills](https://github.com/mukul975/Anthropic-Cybersecurity-Skills) - [ ] [ManassehZhou starred git-ai-project/git-ai](https://github.com/git-ai-project/git-ai) - [ ] [0xbug starred NVIDIA-NeMo/Guardrails](https://github.com/NVIDIA-NeMo/Guardrails) - [ ] [killeven starred liaohch3/claude-tap](https://github.com/liaohch3/claude-tap) - [ ] [Ridter forked Ridter/ctrsploit from ctrsploit/ctrsploit](https://github.com/Ridter/ctrsploit) - [ ] [Ridter starred ctrsploit/ctrsploit](https://github.com/ctrsploit/ctrsploit) - [ ] [Wh0ale starred Yeti-791/Tsec-Hackathon](https://github.com/Yeti-791/Tsec-Hackathon) - [ ] [PrefectHQ released 3.7.3.dev5 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.3.dev5) - [ ] [Rvn0xsy starred rtk-ai/rtk](https://github.com/rtk-ai/rtk) - Cerbero Blog - [ ] [FDT Format Package](https://blog.cerbero.io/fdt-format-package/) - Recent Commits to cve:main - [ ] [Update Thu May 28 11:46:22 UTC 2026](https://github.com/trickest/cve/commit/5f56dc298e2ce5b1df2c482917e1e80a356c4ba7) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [“Bug Bounty Bootcamp #40: XXE — Reading Server Files and Pivoting to Internal Networks Through XML”](https://infosecwriteups.com/bug-bounty-bootcamp-40-xxe-reading-server-files-and-pivoting-to-internal-networks-through-xml-17708cf6029b?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data…](https://infosecwriteups.com/bug-bounty-bootcamp-39-pdf-ssrf-and-blind-exfiltration-when-headless-browsers-become-your-data-507d6543d167?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [How a GraphQL Invitation Flow Exposed Users at Scale](https://infosecwriteups.com/how-a-graphql-invitation-flow-exposed-users-at-scale-0dfb2bf3cc59?source=rss----7b722bfd1b8d--bug_bounty) - Securelist - [ ] [Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years](https://securelist.com/video-books-pirates-miners-rat/119943/) - Intigriti - [ ] [Introducing Insights: self-serve reporting for security teams](https://www.intigriti.com/blog/product-updates/introducing-insights-self-serve-reporting-for-security-teams) - Malwarebytes - [ ] [Carnival confirms data breach impacting nearly 6 million](https://www.malwarebytes.com/blog/data-breaches/2026/05/carnival-confirms-data-breach-impacting-nearly-6-million) - [ ] [Your Windows PC has a security deadline in June 2026](https://www.malwarebytes.com/blog/how-to/2026/05/your-windows-pc-has-a-security-deadline-in-june-2026) - [ ] [Fake ChatGPT download site infects Windows and Mac users with malware](https://www.malwarebytes.com/blog/threat-intel/2026/05/fake-chatgpt-download-site-infects-windows-and-mac-users-with-malware) - daniel.haxx.se - [ ] [curl up 2026 summary](https://daniel.haxx.se/blog/2026/05/28/curl-up-2026-summary/) - Offensive Security Blog: Latest Trends in Hacking | Praetorian - [ ] [When Encryption Isn’t Really Encryption](https://www.praetorian.com/blog/canon-printer-credential-leak/) - [ ] [Adversarial Oracles: LLM-Guided EDR Signature Reduction](https://www.praetorian.com/blog/llm-edr-signature-reduction/) - Shostack & Friends Blog - [ ] [Focus on high priority threats(?)](https://shostack.org/blog/focus-on-high-priority-problems/) - 奇客Solidot–传递最新科技情报 - [ ] [Temu 因违反 DSA 被欧盟罚款 2 亿欧元](https://www.solidot.org/story?sid=84428) - [ ] [网站能通过分析 SSD 活动监视用户](https://www.solidot.org/story?sid=84427) - [ ] [Last.fm 独立运营](https://www.solidot.org/story?sid=84426) - [ ] [黄仁勋将成为最新一位加入清华经管顾问委员会的美国企业高管](https://www.solidot.org/story?sid=84425) - [ ] [Valve 大幅提高 Steam Deck 掌机的售价](https://www.solidot.org/story?sid=84424) - [ ] [Google 员工被控利用内部消息在 Polymarket 投注获利 120 万美元](https://www.solidot.org/story?sid=84423) - [ ] [袭击石油设施释放的污染相当于一次火山喷发](https://www.solidot.org/story?sid=84422) - [ ] [一亿年前的鸟就用华丽羽毛吸引配偶](https://www.solidot.org/story?sid=84421) - [ ] [YouTube 将自动标记 AI 生成视频](https://www.solidot.org/story?sid=84420) - [ ] [女性也认为女性的脸更有吸引力](https://www.solidot.org/story?sid=84419) - rtl-sdr.com - [ ] [Receiving ADS-B With a Semtech LR2021 LoRa Chip](https://www.rtl-sdr.com/receiving-ads-b-with-a-semtech-lr2021-lora-chip/) - 赵武的自留地 - [ ] [认知升级也不代表成功](https://mp.weixin.qq.com/s?__biz=MjM5NDQ5NjM5NQ==&mid=2651626483&idx=1&sn=e6abbf10e79f49b5ed33c40c7da84914) - HackerNews - [ ] [FBI 警告勒索团伙发起线下数据窃取攻击](http://0.0.0.0:8080/post/64278) - [ ] [Grandoreiro 恶意软件与 BTMOB RAT 活动针对 Windows 和 Android 用户](http://0.0.0.0:8080/post/64277) - [ ] [Gitea 漏洞无需身份验证即可暴露私有容器镜像](http://0.0.0.0:8080/post/64276) - [ ] [CISA 要求联邦机构在 4 天内修补被主动利用的 cPanel 插件漏洞](http://0.0.0.0:8080/post/64275) - [ ] [LA Metro 网络攻击与伊朗国家支持的黑客有关](http://0.0.0.0:8080/post/64274) - [ ] [热门会议软件漏洞让攻击者实现 100% 录用率](http://0.0.0.0:8080/post/64273) - 威努特安全网络 - [ ] [6月1日正式实施《网络安全等级保护数据安全基本要求》](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141854&idx=1&sn=ebefce816e60988bc7b1d77bee7135e0) - 代码卫士 - [ ] [奇安信代码安全实验室研究成果入选国际顶会IEEE SP 2026](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526121&idx=1&sn=23b879a81e514ee56917519b11f383d1) - 黑鸟 - [ ] [白宫疑似秘密搭建第二套联邦数字系统](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186857&idx=1&sn=b4dd941fcb01f1ebf2c1da7e3602d2c3) - 看雪学苑 - [ ] [和爱豆更近一步——爱豆聊天App反调试绕过](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615842&idx=1&sn=7b5b0613c5bfc6a821f9a0b2907dae5b) - [ ] [立即更新!Notepad++ 高危漏洞曝光,可直接执行恶意代码](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615842&idx=2&sn=ddbb5a83b03f8d6a6589d2251d0218f8) - [ ] [如何在 AI 时代,像高产出的天才程序员一样工作](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458615842&idx=3&sn=0d2046588c2b994b99a0e9f70ed5ac51) - 奇安信 CERT - [ ] [【已复现】Apache PyFory 反序列化策略绕过漏洞(CVE-2026-48207)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247506035&idx=1&sn=444122b3c72f3107dc00512bcab53a62) - 安全研究GoSSIP - [ ] [G.O.S.S.I.P 阅读推荐 2026-05-28 TAEMU](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501726&idx=1&sn=529e97ab3f3a43b185aeb10be7ab88b4) - 安全圈 - [ ] [【安全圈】百余个政务平台、企业官网遭黑:点开竟跳转涉黄网站!官方披露:黑客仅初中学历](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076993&idx=1&sn=59c756a867900c807218ab2a2507706f) - [ ] [【安全圈】新浏览器侧信道攻击 FROST 曝光:分析 SSD 固态硬盘活动监视访客](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076993&idx=2&sn=8036c37a5fd24564f92ab1ed3bf02ec5) - [ ] [【安全圈】Gitea 漏洞无需身份验证即可暴露私有容器镜像](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076993&idx=3&sn=36b9169ea87d92b89d36eae6b3f2528e) - 安全内参 - [ ] [超六成AI供应商未告知客户,偷偷将甲方数据发给未授权模型](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516011&idx=1&sn=5745bceda035ecaeff6231875684abbc) - [ ] [2026年上半年全球常规被利用漏洞全景分析](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516011&idx=2&sn=98612c24ec1be4d53ba785c37d1332f3) - 安全牛 - [ ] [别只盯漏洞!开源软件已是关键基础设施,企业必须重新审视风险](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141476&idx=1&sn=c286b17576292779c7e4f92d0757d743) - [ ] [FIFA世界杯成诈骗温床:4300个假冒域名发起“Ghost Stadium”攻击;国家安全部警示:警惕二维码陷阱,严防信息泄露与窃密风险| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141476&idx=2&sn=2d119eab94acb67d7bc3d009f7ae6b96) - 奇安信威胁情报中心 - [ ] [AI开发工具链遭SEO精准围猎:针对Claude/Gemini开发者的供应链投毒](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247518903&idx=1&sn=6a8ef8ccdfa55eefe7e901d05c8f041d) - 中国信息安全 - [ ] [孙学玉:总体国家安全观视角的人才发展战略](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263043&idx=1&sn=d2f096819a5efb791432dc818c6e9473) - [ ] [私设气象站24小时采集军事禁区数据传至境外 国家安全部披露详情](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263043&idx=2&sn=d8bcebd515fedf166c0b8a86c724ef32) - [ ] [关注 | 18项网络安全国家标准获批发布](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263043&idx=3&sn=d15bd514e21947d85837d4a07cbd6164) - [ ] [专家观点 | 推动完善全球网络生态治理新格局](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263043&idx=4&sn=6f55859f60e939fde4f7de456124fa16) - [ ] [评论 | 应标尽标守好短视频真实底线](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263043&idx=5&sn=139981a8b10e6ed2b71378b328e9af49) - 斗象智能安全 - [ ] [那个AI白帽,蛙池AI D2.5来了!](https://mp.weixin.qq.com/s?__biz=MzIwMjcyNzA5Mw==&mid=2247495424&idx=1&sn=0fe98677e226805d36af74ed78dfd467) - 微步在线 - [ ] [顺丰科技梁博:安全运营、威胁情报&狩猎的AI重构与进化](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186624&idx=1&sn=da7745439304709a061ae5213455bc5a) - 补天平台 - [ ] [欢迎「智元」入驻补天专属SRC!](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510785&idx=1&sn=767e4fd7ad24b5878d48710063c76ca6) - 极客公园 - [ ] [国内同行羡慕硅谷有钱,硅谷在羡慕宇树有副好身体](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653107511&idx=1&sn=1ceba01ef8ee7e126d202a4be37fe636) - [ ] [物理 AI 的早期答案,可能先出现在工厂里](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653107500&idx=1&sn=fecb6d7e4d7d7e2e55ccecf9897c4240) - [ ] [让机器人学会番茄炒蛋爆红网络的 Genesis AI,开源了自己的机器人「训练场」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653107500&idx=2&sn=178e51111ce49dab0829521fd7e689ee) - [ ] [雷军幽默回应武契奇「买不起小米汽车」;2.99 美元起,Meta 推出 AI 聊天机器人订阅服务;段永平增持泡泡玛特,成第二大股东| 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653107413&idx=1&sn=f379e434d974d49fc8c9b8941575fd42) - 美团技术团队 - [ ] [美团&顶会论文分享 | 5大专场,32篇论文解读](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782733&idx=1&sn=75ccf4eb614bed1ef66d7e34dfcd7121) - [ ] [美团无人机低空航网正式投入运营,M-Drone 4L索降版发布](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782733&idx=2&sn=722d1d7c705a3595be8b768ab810370b) - 网络空间安全科学学报 - [ ] [“新型威胁智能防御”专题征稿](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247507556&idx=1&sn=5cf7aed087b59c11ee37ea3874bbbcd8) - 安全学术圈 - [ ] [IEEE Transactions 主编亲授:如何撰写高水平论文](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495361&idx=1&sn=192554720f434433bda2d83786f1e16e) - 数世咨询 - [ ] [思科用AI写安全事件报告 结果……](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543016&idx=1&sn=5cb53a64f73086973272653493dcabb3) - 迪哥讲事 - [ ] [权限绕过思路](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499499&idx=1&sn=8bd30b2f22bb2a61846d42d6175786c8) - 字节跳动安全中心 - [ ] [ByteSRC 端午福利|0 积分兑换「风光好」限定礼盒](https://mp.weixin.qq.com/s?__biz=MzUzMzcyMDYzMw==&mid=2247496263&idx=1&sn=f1fb1fe86fd352ec9006c08a015329db) - 深信服千里目安全技术中心 - [ ] [最新发布 | 4大安全技术趋势报告,洞悉网络安全威胁全貌](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525837&idx=1&sn=34fb0f77f1358d9176cc973343ec42d4) - [ ] [网络安全信息与动态周报2026年第21期(5月18日-5月24日)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525837&idx=2&sn=2799eb6de986f6393bcdc40aef5098a5) - Over Security - [ ] [GreyVibe hackers use ChatGPT, Gemini to power cyberattacks](https://www.bleepingcomputer.com/news/security/greyvibe-hackers-use-chatgpt-gemini-to-power-cyberattacks/) - [ ] [BTMOB Android malware service generates custom phishing payloads](https://www.bleepingcomputer.com/news/security/btmob-android-malware-service-generates-custom-phishing-payloads/) - [ ] [Charter - 4,851,517 breached accounts](https://haveibeenpwned.com/Breach/Charter) - [ ] [The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation](https://flashpoint.io/blog/mini-shai-hulud-worm-new-era-ci-cd-exploitation/) - [ ] [Hackers are trying to steal Signal users’ backups in new wave of phishing attacks](https://techcrunch.com/2026/05/28/hackers-are-trying-to-steal-signal-users-backups-in-new-wave-of-phishing-attacks/) - [ ] [FBI warns of fake FIFA websites running World Cup fraud schemes](https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-fifa-websites-running-world-cup-fraud-schemes/) - [ ] [Less panic patching, more precision](https://blog.talosintelligence.com/less-panic-patching-more-precision/) - [ ] [Hackers exploit FortiClient EMS flaw to push infostealer malware](https://www.bleepingcomputer.com/news/security/hackers-exploit-forticlient-ems-flaw-to-push-infostealer-malware/) - [ ] [Oltre le direttive CERT-In: come gestire la connettività sicura in India con le VPN](https://www.cybersecurity360.it/cultura-cyber/oltre-le-direttive-cert-in-come-gestire-la-connettivita-sicura-in-india-con-le-vpn/) - [ ] [Interview #11 NoName057(16)](https://deepdarkcti.com/interview-11-noname05716/) - [ ] [Il 78% delle aziende ha già subito o sospetta incidenti legati all’IA](https://www.securityinfo.it/2026/05/28/il-78-delle-aziende-ha-gia-subito-o-sospetta-incidenti-legati-allia/) - [ ] [Cruise giant Carnival confirms data breach affecting nearly 6 million people](https://therecord.media/cruise-giant-carnival-confirms-data-breach-affecting-6-million) - [ ] [New Gogs zero-day flaw lets hackers get remote code execution](https://www.bleepingcomputer.com/news/security/new-gogs-zero-day-flaw-lets-hackers-get-remote-code-execution/) - [ ] [How SIEM helps MSPs reduce noise and stop threats faster](https://www.bleepingcomputer.com/news/security/how-siem-helps-msps-reduce-noise-and-stop-threats-faster/) - [ ] [NIS2, adottati i modelli comuni per la notifica di incidenti cyber: cosa cambia per le aziende](https://www.cybersecurity360.it/news/nis2-adottati-i-modelli-comuni-per-la-notifica-di-incidenti-cyber-cosa-cambia-per-le-aziende/) - [ ] [Canadian man gets 33 years for using social media to coerce US children into sending sexual content](https://therecord.media/canadian-man-gets-33-years-social-media-luring-kids) - [ ] [Russia conducting daily attacks on UK 'from seabed to cyberspace,' spy chief warns](https://therecord.media/russia-conducting-attacks-on-uk-gchq-briefing) - [ ] [Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans](https://therecord.media/chinese-speaking-fraud-gang-fifa-world-cup-scam) - [ ] [Romanian gets 5 years in prison for hacking Oregon govt network](https://www.bleepingcomputer.com/news/security/romanian-gets-5-years-in-prison-for-hacking-oregon-govt-network/) - [ ] [Webinar: Why network incidents take too long to resolve](https://www.bleepingcomputer.com/news/security/webinar-why-network-incidents-take-too-long-to-resolve/) - [ ] [La rivoluzione OT: la sfida dei sistemi legacy tra sanità, navi e industria](https://www.cybersecurity360.it/cybersecurity-nazionale/la-rivoluzione-ot-la-sfida-dei-sistemi-legacy-tra-sanita-navi-e-industria/) - [ ] [Carnival Cruise confirms data breach affecting nearly 6 million people](https://www.bleepingcomputer.com/news/security/carnival-cruise-confirms-data-breach-affecting-nearly-6-million-people/) - [ ] [B1ack’s Stash Releases 4.6 Million Payment Cards: Web Skimming Leak Analysis](https://www.d3lab.net/b1acks-stash-releases-4-6-million-payment-cards-web-skimming-leak-analysis/) - [ ] [Backflip into the stack](https://armoredcode.com/blog/backflip-into-the-stack/) - [ ] [How an excercise eventually becomes my first public exploit](https://armoredcode.com/blog/how-an-excercise-eventually-becomes-my-first-public-exploit/) - [ ] [Create your own telemetry system](https://armoredcode.com/blog/create-your-own-telemetry-system/) - [ ] [A tale of a restricted charset shellcode generation](https://armoredcode.com/blog/a-tale-of-a-restricted-charset-shellcode-generation/) - [ ] [Why most security tools are lying to you](https://armoredcode.com/blog/why-most-security-tools-are-lying-to-you/) - [ ] [Why Most Security Findings Are Misunderstood](https://armoredcode.com/blog/why-most-security-findings-are-misunderstood/) - [ ] [Aggregating Semgrep Results: Top Rules, Files, and Clusters (MVP Demo)](https://armoredcode.com/blog/aggregating-semgrep-results-mvp-demo/) - [ ] [Soak: Deep-Tissue Static Analysis as an Execution Layer](https://armoredcode.com/blog/soak-deep-tissue-static-analysis-as-an-execution-layer/) - [ ] [Signal Engine 0.3.0: From Raw Findings to Real Signal](https://armoredcode.com/blog/signal-engine-0.3.0-from-findings-to-signal/) - [ ] [NGINX PoolSlip & NGINX Rift: When the Internet’s Favorite Reverse Proxy Turns Against Itself](https://armoredcode.com/blog/nginx-poolslip-nginx-rift-reverse-proxy-rce/) - [ ] [DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap](https://blog.talosintelligence.com/dicom-pydicom-gdcm-and-orthanc-a-technical-tour-of-what-really-happens-in-the-heap/) - [ ] [Sextortionist sentenced to 33 years for targeting 145 children](https://www.bleepingcomputer.com/news/security/sextortionist-sentenced-to-33-years-for-targeting-145-children/) - [ ] [Fusion Fireside #19: From Twitter Threads to Fraud Insights with Becky Holmes](https://www.threatfabric.com/blogs/fusion-fireside-19-from-twitter-threads-to-fraud-insights-with-becky-holmes) - [ ] [NIS2 e Cyber Resilience Act: sinergie nelle azioni di adeguamento in ottica multicompliance](https://www.cybersecurity360.it/legal/nis2-e-cyber-resilience-act-sinergie-nelle-azioni-di-adeguamento-in-ottica-multicompliance/) - [ ] [Oltre la compliance: come l’AI Act trasforma la fiducia in vantaggio competitivo](https://www.cybersecurity360.it/legal/oltre-la-compliance-come-lai-act-trasforma-la-fiducia-in-vantaggio-competitivo/) - [ ] [Aruba Hosting e AI integrata: come funziona l’offerta per creare un sito in pochi passaggi](https://www.cybersecurity360.it/news/creare-sito-con-ai-aruba-hosting/) - [ ] [Behind The Scenes: Yarix Approach to LLM Security](https://labs.yarix.com/2026/05/behind-the-scenes-yarix-approach-to-llm-security/) - [ ] [Kemper - 269,299 breached accounts](https://haveibeenpwned.com/Breach/Kemper) - [ ] [Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years](https://securelist.com/video-books-pirates-miners-rat/119943/) - [ ] [SEO poisoning e chatbot AI dirottati per un malware miner](https://www.securityinfo.it/2026/05/27/seo-poisoning-e-chatbot-ai-dirottati-per-un-malware-miner/) - 洞源实验室 - [ ] [代码全给AI就可以替代白盒工具吗?不一定](https://mp.weixin.qq.com/s?__biz=Mzg4Nzk3MTg3MA==&mid=2247488715&idx=1&sn=ee8e51cad7e214d8efd7b208f66fe9f5) - Qualys Security Blog - [ ] [Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads](https://blog.qualys.com/category/product-tech) - 360数字安全 - [ ] [AI安全不止一条路:海外热议360漏洞挖掘智能体](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247586067&idx=1&sn=524608965c10b006f474e2f5d48e8d46) - D3Lab - [ ] [B1ack’s Stash Releases 4.6 Million Payment Cards: Web Skimming Leak Analysis](https://www.d3lab.net/b1acks-stash-releases-4-6-million-payment-cards-web-skimming-leak-analysis/) - Armored Code - [ ] [NGINX PoolSlip & NGINX Rift: When the Internet’s Favorite Reverse Proxy Turns Against Itself](https://armoredcode.com/blog/nginx-poolslip-nginx-rift-reverse-proxy-rce/) - Lenny Zeltser - [ ] [The Past, Present, and Future of the Web's Trust Model](https://zeltser.com/past-present-future-web-trust-model) - 字节跳动技术团队 - [ ] [Viking AI 搜索 CLI 正式发布:会说话,就能做搜索推荐](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247520074&idx=1&sn=3eed7d763e69903e7c29cbe894a0f156) - Securityinfo.it - [ ] [Il 78% delle aziende ha già subito o sospetta incidenti legati all’IA](https://www.securityinfo.it/2026/05/28/il-78-delle-aziende-ha-gia-subito-o-sospetta-incidenti-legati-allia/?utm_source=rss&utm_medium=rss&utm_campaign=il-78-delle-aziende-ha-gia-subito-o-sospetta-incidenti-legati-allia) - GRAHAM CLULEY - [ ] [MyPillow listed on ransomware gang’s leak site, but denies it has been breached](https://www.bitdefender.com/en-us/blog/hotforsecurity/mypillow-ransomware-leak-site-denies-breach) - Security Affairs - [ ] [Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers](https://securityaffairs.com/192833/uncategorized/carnival-data-breach-exposes-personal-data-of-nearly-6-million-customers.html) - [ ] [CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks](https://securityaffairs.com/192817/malware/cve-2026-35616-forticlient-ems-flaw-actively-exploited-in-malware-attacks.html) - [ ] [Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem](https://securityaffairs.com/192818/security/resecurity-supports-microsoft-dcu-in-disrupting-fox-tempest-cybercriminal-code-signing-ecosystem.html) - [ ] [U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/192776/security/u-s-cisa-adds-daemon-tools-tanstack-and-nx-console-flaws-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [A Fake UK Visa Site Left 100,000 Passports Wide Open](https://securityaffairs.com/192809/security/a-fake-uk-visa-site-left-100000-passports-wide-open-then-sent-lawyers-instead-of-a-fix.html) - [ ] [U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/192795/hacking/u-s-cisa-adds-litespeed-cpanel-plugin-flaw-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [19.6 Billion Files Are Sitting Open on the Internet. No Password Required](https://securityaffairs.com/192787/security/19-6-billion-files-are-sitting-open-on-the-internet-no-password-required.html) - SANS Internet Storm Center, InfoCON: green - [ ] [Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)](https://isc.sans.edu/diary/rss/33026) - [ ] [ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)](https://isc.sans.edu/diary/rss/33028) - Have I Been Pwned latest breaches - [ ] [Charter - 4,851,517 breached accounts](https://haveibeenpwned.com/Breach/Charter) - [ ] [Kemper - 269,299 breached accounts](https://haveibeenpwned.com/Breach/Kemper) - www.theregister.com - Articles - [ ] [Troops’ phones gave away location data to foreign adversaries](https://www.theregister.com/security/2026/05/28/troops-phones-leaked-location-data-to-foreign-adversaries/5248108) - [ ] [Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops](https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085) - [ ] [Snowflake buys Natoma to help freeze out rogue agents](https://www.theregister.com/ai-ml/2026/05/28/snowflake-buys-natoma-to-help-freeze-out-rogue-agents/5248062) - [ ] [Microsoft tests the 15-character limit of Windows Server admins' patience](https://www.theregister.com/oses/2026/05/28/microsoft-tests-the-15-character-limit-of-windows-server-admins-patience/5247943) - [ ] [Carnival confirms ShinyHunters cruised off with 6M customer records after April breach](https://www.theregister.com/cyber-crime/2026/05/28/carnival-shinyhunters-cruised-off-with-6m-customer-records/5247808) - [ ] [Company CEO flooded file share with smut, called for help after he deleted it](https://www.theregister.com/security/2026/05/28/company-ceo-flooded-file-share-with-smut-called-for-help-after-he-deleted-it/5247502) - ICT Security Magazine - [ ] [Il nemico in casa: dentro gli attacchi alle infrastrutture critiche italiane](https://www.ictsecuritymagazine.com/articoli/attacchi-alle-infrastrutture-critiche-italiane/) - [ ] [Volt Typhoon e l’arte di scomparire: vivere di OT, log scarsi e tanta pazienza](https://www.ictsecuritymagazine.com/articoli/volt-typhoon-e-larte-di-scomparire-vivere-di-ot-log-scarsi-e-tanta-pazienza/) - [ ] [Zero Trust ransomware, come rendere la tua azienda un bersaglio difficile per i criminali informatici](https://www.ictsecuritymagazine.com/articoli/zero-trust-ransomware-infosec/) - Deeplinks - [ ] [Age Verification is a Privacy Nightmare](https://www.eff.org/deeplinks/2026/05/age-verification-privacy-nightmare) - The Hacker News - [ ] [Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code](https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html) - [ ] [Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer](https://thehackernews.com/2026/05/threat-actors-exploit-critical.html) - [ ] [Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal](https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html) - [ ] [ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More](https://thehackernews.com/2026/05/threatsday-bulletin-claude-security.html) - [ ] [New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"](https://thehackernews.com/2026/05/new-ai-usage-report-enterprise-ai-risk.html) - [ ] [JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware](https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html) - Instapaper: Unread - [ ] [Deepfake Forensics Workflow for Image Analysis](https://blog.ampedsoftware.com/2026/05/27/deepfake-forensics-workflow-for-image-analysis) - Security Weekly Podcast Network (Audio) - [ ] [Linux Supply Chain How-To - PSW #928](http://sites.libsyn.com/18678/linux-supply-chain-how-to-psw-928)
每日安全资讯(2026-05-29)