# 每日安全资讯(2026-06-05) - SecWiki News - [ ] [SecWiki News 2026-06-04 Review](http://www.sec-wiki.com/?2026-06-04) - Microsoft Security Blog - [ ] [Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us](https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/) - Tenable Blog - [ ] [The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help](https://www.tenable.com/blog/summary-june-2026-ai-executive-order-requirements) - [ ] [Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense](https://www.tenable.com/blog/anthropic-claude-mythos-tenable-joins-project-glasswing) - 博客园 - potatso - [ ] [Docker启动Chrome桌面 - potatso](https://www.cnblogs.com/potatso/p/20300460) - Private Feed for M09Ic - [ ] [FunnyWolf made this repository public](https://github.com/FunnyWolf/asp_auto) - [ ] [anthropics released v2.1.163 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.163) - [ ] [bolucat released 202606042211 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202606042211) - [ ] [github released v0.9.4 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.9.4) - [ ] [Mr-xn starred kookoo1sabzy/BaleVPN](https://github.com/kookoo1sabzy/BaleVPN) - [ ] [WAY29 starred CopilotKit/CopilotKit](https://github.com/CopilotKit/CopilotKit) - [ ] [liamg contributed to infracost/go-proto](https://github.com/infracost/go-proto/pull/67) - [ ] [esrrhs contributed to esrrhs/fakelua](https://github.com/esrrhs/fakelua/pull/152) - [ ] [OpenAEV-Platform released 2.260604.0 at OpenAEV-Platform/openaev](https://github.com/OpenAEV-Platform/openaev/releases/tag/2.260604.0) - [ ] [0xbug starred Zcentury/Venom](https://github.com/Zcentury/Venom) - [ ] [PrefectHQ released 3.7.4.dev3 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.4.dev3) - [ ] [gh0stkey starred terrastruct/d2](https://github.com/terrastruct/d2) - [ ] [ZeddYu starred llm-attacks/llm-attacks](https://github.com/llm-attacks/llm-attacks) - obaby 𝐢𝐧⃝ void - [ ] [你来啦! — 半正式上线](https://zhongxiaojie.cn/2026/06/1379/) - Recent Commits to cve:main - [ ] [Update Thu Jun 4 11:51:51 UTC 2026](https://github.com/trickest/cve/commit/a5d36bf1ea3ef22610bb5147e678134bbb30c42c) - :: Orange Cyberdefense :: on Orange Cyberdefense - [ ] [Mobile device interception with MikroTik](https://sensepost.com/blog/2026/mobile-device-interception-with-mikrotik/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [“Bug Bounty Bootcamp #43: Login Page?](https://infosecwriteups.com/bug-bounty-bootcamp-43-login-page-9b1a401051ba?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [I Bought a ₹1,599 Government Book for ₹1. The Server Approved It.](https://infosecwriteups.com/i-bought-a-1-599-government-book-for-1-the-server-approved-it-8a832499b1fb?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [I Typed 000000 and the App Thought MFA Was Already On](https://infosecwriteups.com/i-typed-000000-and-the-app-thought-mfa-was-already-on-8c21968e117a?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [“Bug Bounty Bootcamp #42: JWT Attacks — How a Stolen Token or a Weak Secret Can Grant You Admin…](https://infosecwriteups.com/bug-bounty-bootcamp-42-jwt-attacks-how-a-stolen-token-or-a-weak-secret-can-grant-you-admin-095cab895a0b?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Frontend Security & Bug Hunting: The .env File Crisis and Real-World Exploitation](https://infosecwriteups.com/frontend-security-bug-hunting-the-env-file-crisis-and-real-world-exploitation-60c4fd28ab4b?source=rss----7b722bfd1b8d--bug_bounty) - GuidePoint Security - [ ] [Cyber Risk Has Earned a Boardroom Seat: Takeaways from the 2026 FAIR Report](https://www.guidepointsecurity.com/blog/cyber-risk-has-earned-a-boardroom-seat-takeaways-from-the-2026-fair-report/) - NVISO Labs - [ ] [The Detection & Response Chronicles: Covert Operations Through QEMU](https://blog.nviso.eu/2026/06/04/the-detection-response-chronicles-covert-operations-through-qemu/) - Malwarebytes - [ ] [Travel scams are everywhere. Here’s how to avoid them](https://www.malwarebytes.com/blog/scams/2026/06/travel-scams-are-everywhere-heres-how-to-avoid-them) - [ ] [Meta’s AI support bot happily handed Instagram accounts to hackers](https://www.malwarebytes.com/blog/ai/2026/06/metas-ai-support-bot-happily-handed-instagram-accounts-to-hackers) - Reverse Engineering - [ ] [void-sniff: A lightweight x64 Native API syscall monitor with a custom inline hook engine and zero dependencies](https://www.reddit.com/r/ReverseEngineering/comments/1twlvzd/voidsniff_a_lightweight_x64_native_api_syscall/) - [ ] [System Over Model, Tested: Reproducing Mythos’s FreeBSD Find on Local Open-Weight Models](https://www.reddit.com/r/ReverseEngineering/comments/1twvq1v/system_over_model_tested_reproducing_mythoss/) - Wallarm - [ ] [Introducing the Wallarm AI Control Platform: One closed loop for AI security and API security.](https://lab.wallarm.com/introducing-the-wallarm-ai-control-platform-one-closed-loop-for-ai-security-and-api-security/) - HackerNews - [ ] [谷歌修复一款在野利用安卓高危漏洞,数百万设备受影响](http://0.0.0.0:8080/post/64299) - [ ] [美国对勒索软件使用的伊朗加密货币交易所 Nobitex 实施制裁](http://0.0.0.0:8080/post/64298) - [ ] [俄联邦安全局称境外间谍利用恶意软件入侵俄官员手机](http://0.0.0.0:8080/post/64297) - [ ] [“HTTP/2 炸弹” 漏洞利用可数秒内瘫痪 Web 服务器](http://0.0.0.0:8080/post/64296) - [ ] [自主 AI 工具发现 Redis 中潜伏两年的远程代码执行漏洞](http://0.0.0.0:8080/post/64295) - [ ] [CISA 预警黑客针对油罐监测系统发起网络攻击](http://0.0.0.0:8080/post/64294) - Checkmarx - [ ] [Update: Ongoing Checkmarx Supply Chain Security Incident](https://checkmarx.com/blog/ongoing-security-updates/) - 奇客Solidot–传递最新科技情报 - [ ] [在失联半年后火星 MAVEN 任务宣告结束](https://www.solidot.org/story?sid=84490) - [ ] [Steam 用户中使用 Linux 比例降至 3.99%](https://www.solidot.org/story?sid=84489) - [ ] [微软创建 Rust Coreutils 分支 Coreutils for Windows](https://www.solidot.org/story?sid=84488) - [ ] [任何程度的饮酒都会增加健康风险](https://www.solidot.org/story?sid=84487) - [ ] [美国资本主义转向末日论](https://www.solidot.org/story?sid=84486) - [ ] [德国巴伐利亚州取消微软合同改用开源软件](https://www.solidot.org/story?sid=84483) - [ ] [欧盟公布减少依赖美国科技公司的计划](https://www.solidot.org/story?sid=84482) - [ ] [需求高涨苹果将 MacBook Neo 产能增加一倍](https://www.solidot.org/story?sid=84481) - [ ] [Google 发布能在笔记本上本地运行的开源模型 Gemma 4 12B](https://www.solidot.org/story?sid=84480) - [ ] [特朗普政府将拆除洋流观测系统](https://www.solidot.org/story?sid=84479) - Offensive Security Blog: Latest Trends in Hacking | Praetorian - [ ] [Enter the WasmForge: Compiling Sliver into WebAssembly](https://www.praetorian.com/blog/wasmforge-sliver-webassembly/) - rtl-sdr.com - [ ] [RTL-SDR Now Runs on iPad M-Series Devices Directly via USB Without Jailbreak](https://www.rtl-sdr.com/rtl-sdr-now-runs-on-ipad-m-series-devices-directly-via-usb-without-jailbreak/) - [ ] [iq_tool: A Command Line Tool for Resampling, Filtering, Shifting and Correcting IQ Data Streams](https://www.rtl-sdr.com/iq_tool-a-command-line-tool-for-resampling-filtering-shifting-and-correcting-iq-data-streams/) - [ ] [Further Tutorials on SatDump Map Projections](https://www.rtl-sdr.com/further-tutorials-on-satdump-map-projections/) - 奇安信 CERT - [ ] [【已复现】HTTP/2 Bomb 远程拒绝服务漏洞(CVE-2026-49975)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247506117&idx=1&sn=08b47237c20e3f91d6d564ab4fd72abe) - 黑鸟 - [ ] [关于黑客白嫖大模型token的手段](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186927&idx=1&sn=7e26b33379e1b1055e364975be8951f1) - 我的安全视界观 - [ ] [【AI复盘】Palo Alto防火墙漏洞攻击](https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247487527&idx=1&sn=351a7bfefe1aff7f4850140f97cdc824) - RedTeaming - [ ] [快速打造可手机控制的私有 C***X 助手](https://mp.weixin.qq.com/s?__biz=MzUyMDgzMDMyMg==&mid=2247484722&idx=1&sn=6739628ef085005b274c75a24691d92d) - 代码卫士 - [ ] [宏碁:注意 Wave 7 路由器中的这两个CVSS满分 0day](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526217&idx=1&sn=2d18f49cad2a86d32715224cece54a62) - [ ] [五个 OpenClaw 0day 可导致攻击者劫持可信 AI 代理访问权限](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526217&idx=2&sn=c37bf440448f6e7dd008eef5ab1c1ac5) - [ ] [BCS 2026 | 齐向东演讲全文:AI 时代,攻防先行](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526217&idx=3&sn=11fa28bcc9648db599ad749696fbdf27) - 奇安信威胁情报中心 - [ ] [操作安全失误暴露与Qilin相关组织的手法:通过VPN设备发起攻击](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247519000&idx=1&sn=606d64d6943933cba72ab1a77b984663) - 漏洞推送 - [ ] [KKfileview<4.4.0-beta 目录穿越漏洞无损测试Poc](https://mp.weixin.qq.com/s?__biz=MzU5MTExMjYwMA==&mid=2247485849&idx=1&sn=50102137f1e718e45c486234e51725be) - XCTF联赛 - [ ] [第二届“湾区杯”网络安全大赛青少年组报名已开启](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516421&idx=1&sn=b82b35423451528086d71026551b88fd) - 安全内参 - [ ] [网络安全新王诞生?这家公司创办仅5年 估值超810亿元](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516043&idx=1&sn=a43611104dd26fafa93d9b0e663c9c7d) - [ ] [特朗普政府正式发布关于人工智能监管的行政命令](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516043&idx=2&sn=1e91dc8d8116f0de18a480ec8478bf26) - 安全牛 - [ ] [硅谷AI淘金热下的众生相:当AI重写财富密码,那些人正在经历什么?](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141577&idx=1&sn=911950a7b4228143250786ce98558106) - [ ] [Trump签署AI行政令:前沿模型发布前可接受30天自愿网络安全审查 ;面对Anthropic Mythos威胁,Cisco推动企业部署AI安全代理| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141577&idx=2&sn=fe82dc0e2aee94fe42cde6a72bf26313) - 青藤云安全 - [ ] [最高级认证!青藤 WorkClaw 通过信通院“智能体内生安全”专项测评](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851402&idx=1&sn=d333901e1e09af072f3267f045af26fa) - 信息安全国家工程研究中心 - [ ] [地理信息安全保障体系构建](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247504133&idx=1&sn=f50e4bee578062a572f35501b307d4cb) - 数世咨询 - [ ] [黑客利用人工智能实现EDR规避测试自动化](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543110&idx=1&sn=fbc499ba57d5167bba94053e8acd85fd) - [ ] [以 AI 治理 AI!悬镜原创“AI智能体疫苗技术”硬核守护智能体运行时安全](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543110&idx=2&sn=c0286ed7881d1661dd05b2fcac4db7d5) - 威努特安全网络 - [ ] [手搓WinClaw工作流:让AI真正替你“干活”](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142099&idx=1&sn=ae95879e7f1bb1c599d6f4c022e3ddb2) - [ ] [WinClaw限时全免!注册即享AI大模型免费额度](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142099&idx=2&sn=ff1a7f7720e7b7fa641c736adcb9a401) - 安全圈 - [ ] [【安全圈】新“炸弹”拒绝服务攻击曝光:单机拖垮服务器,约 10 秒耗尽 32GB 内存](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077248&idx=1&sn=6f206c8bce1eb8061c28d7f5490480c1) - [ ] [【安全圈】谷歌修复一款在野利用安卓高危漏洞,数百万设备受影响](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077248&idx=2&sn=9ca01538ec319d31197477dd6b17ccb8) - [ ] [【安全圈】美国对勒索软件使用的伊朗加密货币交易所 Nobitex 实施制裁](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077248&idx=3&sn=c79948028724d7d9c5c1ce44cc96306a) - 丁爸 情报分析师的工具箱 - [ ] [【课程】开源情报反电诈实战培训课程-1](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156170&idx=1&sn=f2cbb06f94f0296cc0e60ae3ed5dd55f) - [ ] [【培训】打击治理电信网络诈骗犯罪培训班6月12日-18日遵义开班](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156170&idx=2&sn=93fddd1f39d93cdca1cddfb41bb8c34f) - 网络空间安全科学学报 - [ ] [行业动态 | 特朗普签署总统行政令《推动先进人工智能创新与安全》(附全文)](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247507674&idx=1&sn=fc7063d380d42dd8952fe7afbc06c1f5) - 看雪学苑 - [ ] [Frida源码分析之Java Hook原理篇](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616188&idx=1&sn=2ef8bb98871cc9ed2bf3b1b5ad6931c0) - [ ] [双满分10.0漏洞暴击!宏碁路由器紧急升级:黑客可远程接管,用户请速打补丁](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616188&idx=2&sn=6d008b0a8f911bf5e3753c2e5d358ea5) - [ ] [招生!赠开学礼包-2026看雪·安卓高级研修班(2w/3w计划-夏季班)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616188&idx=3&sn=90c2965f1c57d791f7d3c24adbaf7ce0) - 情报分析师 - [ ] [美国情报发展历程](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650568090&idx=1&sn=726d6c55951a8145de8da948219c235c) - 极客公园 - [ ] [卖到 190 国、全球第一,这家深圳公司却在为摄影配件的「死亡」做准备](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108161&idx=1&sn=0b06a1c976a79e60ac135c5d38ffbede) - [ ] [GitHub,被 AI 打穿了](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108152&idx=1&sn=d83b384d1237d865dee9898b0c5370a8) - [ ] [DeepSeek 融资 500 亿,估值 4000 亿;「豆包专业版」确认,免费版不会降智;瑞幸、蜜雪冰城 Agent 接入阿里千问 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108124&idx=1&sn=09c80d94b852b1d8e9997021b3a38ec1) - 安全行者老霍 - [ ] [构建企业级智能体工作流之前,你需要理解的7个层次](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486760&idx=1&sn=7b4ffdcf2dbcd557e7282ad8eaf0bd17) - ChaMd5安全团队 - [ ] [RedTail挖矿木马分析](https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247514276&idx=1&sn=ac335f28c544fce16d71b6c7de27165b) - Qualys Security Blog - [ ] [From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation](https://blog.qualys.com/category/qualys-insights) - 字节跳动技术团队 - [ ] [ContextBucket:Agent 的"无限"记忆与工作区底座](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247520208&idx=1&sn=0c527726a2225f56a39b512347e26c58) - 迪哥讲事 - [ ] [有些漏洞不需要技巧,只需要开发相信用户](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499527&idx=1&sn=d9236dd2f4efe441b0b0b6539038b18f) - 安全419 - [ ] [Canvas平台网络攻击事件复盘:第三方供应链安全与危机沟通成焦点](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553607&idx=1&sn=914d4a754cd161fa71f8d160adc1ddde) - [ ] [以 AI 治理 AI!悬镜原创“AI智能体疫苗技术”硬核守护智能体运行时安全](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553607&idx=2&sn=3080ccbcbafb602d96c4ec26a9747384) - IT Service Management News - [ ] [Il furto di credenziali Instagram con Meta AI (e l'IA agentica)](http://blog.cesaregallotti.it/2026/06/il-furto-di-credenziali-instagram-con.html) - [ ] [Nuova ISO 19011 sulla conduzione degli audit](http://blog.cesaregallotti.it/2026/06/nuova-iso-19011-sulla-conduzione-degli.html) - [ ] [Carola Frediani](http://blog.cesaregallotti.it/2026/06/carola-frediani.html) - TrustedSec - [ ] [The Privileged Roles Nobody Talks About](https://trustedsec.com/blog/the-privileged-roles-nobody-talks-about) - ICT Security Magazine - [ ] [Miasma: worm nei pacchetti npm di Red Hat, sviluppatori nel mirino](https://www.ictsecuritymagazine.com/notizie/attacco-supply-chain-miasma/) - [ ] [Forensics by design e art. 220 c.p.p.: come si processa un agente AI in un tribunale italiano](https://www.ictsecuritymagazine.com/notizie/forensics-by-design-art-220-c-p-p-agente-ai-in-un-tribunale-italiano/) - 中国信息安全 - [ ] [前沿 | 中美可信通信国家标准的比较研究](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=1&sn=c0cdc234865b40411ba5987e3acacc50) - [ ] [发布 | 国家密码管理局公布《电子认证服务使用密码管理办法》(附全文)](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=2&sn=1008b7df345c862015e6be6153b0a90c) - [ ] [专家解读 | 秉持以人为本 统筹发展与安全](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=3&sn=0080c25b0fee99625cb0d2c18df69e53) - [ ] [专家观点 | 推动低空经济健康有序发展](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=4&sn=d9dbaf288a62e3deb9c2d119018864a9) - [ ] [关注 | 广电总局出手!整治微短剧低俗内容及侵权盗版乱象](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=5&sn=9c0035387e18e873ea19e4556ea8d7ab) - [ ] [评论 | 提升网络安全保障能力 全方位筑牢网络安全防线](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263265&idx=6&sn=a215cdc079498dfdb8a5ee2fb4cbd681) - SANS Internet Storm Center, InfoCON: green - [ ] [Microsoft's Coreutils for Windows, (Thu, Jun 4th)](https://isc.sans.edu/diary/rss/33048) - [ ] [ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)](https://isc.sans.edu/diary/rss/33046) - Tails - News - [ ] [Tails 7.8.1](https://tails.net/news/version_7.8.1/) - 悬镜安全 - [ ] [以 AI 治理 AI!悬镜原创“AI智能体疫苗技术”硬核守护智能体运行时安全](https://mp.weixin.qq.com/s?__biz=MzA3NzE2ODk1Mg==&mid=2647799604&idx=1&sn=5e2ab47388ec94be83fa7744f114b162) - Schneier on Security - [ ] [Hacking Meta’s AI Chatbot](https://www.schneier.com/blog/archives/2026/06/hacking-metas-ai-chatbot.html) - Over Security - [ ] [Hola Browser for Windows compromised to deliver cryptominer](https://www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/) - [ ] [Brave Software releases Origin for a paid, bloat-free browsing experience](https://www.bleepingcomputer.com/news/software/brave-software-releases-origin-for-a-paid-bloat-free-browsing-experience/) - [ ] [In memoria di Carola Frediani](https://www.hacklabg.net/uncategorized/in-memoria-di-carola-frediani/) - [ ] [Trump considers Palantir exec to lead CISA](https://therecord.media/trump-considers-palantir-exec-to-lead-cisa) - [ ] [Credit card theft campaign abuses Stripe to host stolen payment info](https://www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/) - [ ] [FTC considers setting aside or modifying $150 million privacy penalty against X](https://therecord.media/ftc-considers-modifying-150-million-twitter-privacy-fine) - [ ] [DentaQuest data breach exposed info of 2.6 million accounts](https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/) - [ ] [New Threat Actor Targets Crypto Firms’ Development Infrastructure](https://thecyberexpress.com/new-threat-actor-targets-crypto-firms-infra/) - [ ] [Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’](https://therecord.media/russia-seeks-extremist-label-for-hacker-groups) - [ ] [Reporting from Vegas: Networking, AI, and good boys](https://blog.talosintelligence.com/reporting-from-vegas-networking-ai-and-good-boys/) - [ ] [Pink Extortion Group Emerges Targeting Microsoft 365 Data](https://thecyberexpress.com/pink-extortion-group-emerges/) - [ ] [Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal](https://therecord.media/supreme-court-rules-fcc-fines-telecom-location-data-legal) - [ ] [UN food agency discloses breach affecting 600,000 Gaza households](https://www.bleepingcomputer.com/news/security/un-world-food-programme-breach-affects-600-000-gaza-households/) - [ ] [Neuroscienze digitali e hacking della mente: come la tecnologia riscrive il nostro cervello](https://www.cybersecurity360.it/cultura-cyber/neuroscienze-digitali-e-hacking-della-mente-come-la-tecnologia-riscrive-il-nostro-cervello/) - [ ] [Attacco a Carnival: cosa sappiamo sull’incidente che ha esposto 6 milioni di persone](https://www.cybersecurity360.it/news/attacco-a-carnival-cosa-sappiamo-sullincidente-che-ha-esposto-6-milioni-di-persone/) - [ ] [New IronWorm malware hits 36 packages in npm supply-chain attack](https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/) - [ ] [Machines Triage. Humans Decide.](https://binarydefense.com/resources/blog/machines-triage-humans-decide) - [ ] [Campagna LLMShare: come il malvertising abusa di ChatGPT e Claude](https://www.cybersecurity360.it/news/campagna-llmshare-come-il-malvertising-abusa-di-chatgpt-e-claude/) - [ ] [Crisis Management: piani di comunicazione post-breach](https://www.cybersecurity360.it/soluzioni-aziendali/crisis-management-piani-di-comunicazione-post-breach/) - [ ] [Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook](https://www.bleepingcomputer.com/news/security/hackers-are-after-the-gaps-in-your-vulnerability-program-heres-their-playbook/) - [ ] [Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations](https://any.run/cybersecurity-blog/cyber-risk-report-q1-2026/) - [ ] [UN food agency investigates breach exposing data of Gaza aid recipients](https://therecord.media/un-food-agency-investigates-gaza-aid-breach) - [ ] [Microsoft blames unexpected Windows driver updates on caching issue](https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-unexpected-windows-driver-updates-on-caching-issue/) - [ ] [Five Eyes warn Chinese spies are using job sites to recruit insiders](https://therecord.media/five-eyes-warns-chinese-spies-are-using-job-sites-to-recruit-insiders) - [ ] [Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process](https://therecord.media/researcher-publishes-github-token-stealing-exploit-microsoft) - [ ] [Police dismantles fake ID marketplace used by migrant smugglers](https://www.bleepingcomputer.com/news/security/police-dismantles-fake-id-marketplace-used-by-migrant-smugglers/) - [ ] [The NHS Was Lucky. The Next Victim Might Not Be.](https://thecyberexpress.com/software-supply-chain-attacks-guidance/) - [ ] [AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats](https://thecyberexpress.com/ai-powered-bots-create-governance-challenges/) - [ ] [Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting](https://blog.talosintelligence.com/hypotheses-telemetry-and-human-judgment-inside-cisco-talos-threat-hunting/) - [ ] [Winning the cyber marathon with Tony Giandomenico](https://blog.talosintelligence.com/winning-the-cyber-marathon-with-tony-giandomenico/) - [ ] [Cisco warns of critical Unified CM flaw with PoC exploit code](https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-unified-cm-flaw-with-poc-exploit-code/) - [ ] [Whistleblowing: ecco cosa accade quando chi segnala o è segnalato non lavora più](https://www.cybersecurity360.it/legal/whistleblowing-ecco-cosa-accade-quando-chi-segnala-o-e-segnalato-non-lavora-piu/) - [ ] [Own Goal? Piracy as an Attack Vector to Target Football Fans](https://www.threatfabric.com/blogs/own-goal-piracy-as-an-attack-vector-to-target-football-fans) - The Hacker News - [ ] [Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public](https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html) - [ ] [Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories](https://thehackernews.com/2026/06/claude-code-github-action-flaw-let-one.html) - [ ] [Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It](https://thehackernews.com/2026/06/agentic-ai-is-transforming-defense-but.html) - [ ] [ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories](https://thehackernews.com/2026/06/threatsday-bulletin-ai-agents-gone.html) - [ ] [China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa](https://thehackernews.com/2026/06/china-linked-ta4922-expands-phishing.html) - [ ] [FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads](https://thehackernews.com/2026/06/fluttershell-backdoor-spreads-to-macos.html) - [ ] [Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS](https://thehackernews.com/2026/06/fake-sites-mimicking-open-source-tools.html) - [ ] [Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months](https://thehackernews.com/2026/06/hackers-spied-on-stock-exchange.html) - [ ] [DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets](https://thehackernews.com/2026/06/doj-disrupts-southeast-asia-crypto.html) - GRAHAM CLULEY - [ ] [Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds](https://www.fortra.com/blog/metas-own-ai-chatbot-blame-instagram-accounts-being-stolen-seconds) - www.theregister.com - Articles - [ ] [Pink is the latest goon squad to use fake helpdesk calls to steal creds](https://www.theregister.com/cyber-crime/2026/06/04/pink-is-the-latest-goon-squad-to-use-fake-helpdesk-calls-to-steal-creds/5251434) - [ ] [OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds](https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377) - [ ] [Five Eyes: Watch out for odd LinkedIn connection requests, China's back on the hunt for state secrets](https://www.theregister.com/security/2026/06/04/five-eyes-china-expanding-state-secret-recruitment-campaign/5250978) - [ ] [Duo who sold car crash victims' data must repay £118k](https://www.theregister.com/cyber-crime/2026/06/04/duo-who-sold-car-crash-victims-data-must-repay-118k/5251075) - [ ] [Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine](https://www.theregister.com/research/2026/06/04/free-ai-model-powers-self-spreading-worm-in-enterprise-test-network/5250918) - [ ] [All the passwords were stored in Active Directory description fields](https://www.theregister.com/security/2026/06/04/all-the-passwords-were-stored-in-active-directory-description-fields/5250820) - Your Open Hacker Community - [ ] [How Do Instagram Accounts Get Hacked?](https://www.reddit.com/r/HowToHack/comments/1twpjvr/how_do_instagram_accounts_get_hacked/) - [ ] [What am I missing? Android phone](https://www.reddit.com/r/HowToHack/comments/1twdbrq/what_am_i_missing_android_phone/) - [ ] [HELP](https://www.reddit.com/r/HowToHack/comments/1twy9u4/help/) - [ ] [[CTF] Struggling to extract RTSP stream from generic Chinese IP Cams (Altobeam SoC) via ONVIF](https://www.reddit.com/r/HowToHack/comments/1twdoi7/ctf_struggling_to_extract_rtsp_stream_from/) - [ ] [Alguien sabe cómo "liberar" o hackear una terminal Point Ultra? He visto videos de gente que va por ahí usándolas como teléfono personal 😅](https://www.reddit.com/r/HowToHack/comments/1twfcqb/alguien_sabe_cómo_liberar_o_hackear_una_terminal/) - [ ] [How to download another person’s profile photo of gmail?](https://www.reddit.com/r/HowToHack/comments/1twi3kz/how_to_download_another_persons_profile_photo_of/) - Information Security - [ ] [Most teams secure the tunnel but miss what happens inside it.](https://www.reddit.com/r/Information_Security/comments/1twms5n/most_teams_secure_the_tunnel_but_miss_what/) - [ ] [Which cyber security course with placement assistance is best for beginners in the USA?](https://www.reddit.com/r/Information_Security/comments/1twlbdi/which_cyber_security_course_with_placement/) - 墨菲安全 - [ ] [近期投毒事件频发,关基行业如何降低供应链投毒风险?](https://mp.weixin.qq.com/s?__biz=MzkwOTM0MjI5NQ==&mid=2247488440&idx=1&sn=26457c85ee7315286afb4c758a32679d) - Tor Project blog - [ ] [Supporting those who speak out](https://blog.torproject.org/supporting-those-who-speak-out/) - [ ] [New Release: Tails 7.8.1](https://blog.torproject.org/new-release-tails-7_8_1/) - Security Affairs - [ ] [U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/193156/security/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges](https://securityaffairs.com/193142/hacking/critical-cisco-unified-cm-bug-patched-as-public-exploit-code-emerges.html) - [ ] [Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets](https://securityaffairs.com/193112/intelligence/gamaredon-uses-winrar-vulnerability-to-launch-modular-spy-campaign-on-ukrainian-targets.html) - [ ] [Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process](https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html) - [ ] [29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming](https://securityaffairs.com/193099/cyber-crime/29-arrests-nine-crime-groups-dismantled-another-blow-to-illegal-streaming.html) - Security Weekly Podcast Network (Audio) - [ ] [Security Researchers Are Threat Actors - PSW #929](http://sites.libsyn.com/18678/security-researchers-are-threat-actors-psw-929) - Securityinfo.it - [ ] [Il gruppo criminale cinese TA4922 adesso punta anche all’Europa](https://www.securityinfo.it/2026/06/04/il-gruppo-criminale-cinese-ta4922-adesso-punta-anche-alleuropa/?utm_source=rss&utm_medium=rss&utm_campaign=il-gruppo-criminale-cinese-ta4922-adesso-punta-anche-alleuropa) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [Beginner looking for study partners!](https://www.reddit.com/r/netsecstudents/comments/1twepri/beginner_looking_for_study_partners/) - [ ] [Looking for OSCP mentor (Spanish/English)](https://www.reddit.com/r/netsecstudents/comments/1twk28z/looking_for_oscp_mentor_spanishenglish/) - [ ] [Final Year Cybersecurity Student Looking for Project Ideas or Collaboration](https://www.reddit.com/r/netsecstudents/comments/1twd0hp/final_year_cybersecurity_student_looking_for/) - Instapaper: Unread - [ ] [Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.](https://securityaffairs.com/192865/security/microsoft-calls-the-zero-day-dumps-irresponsible-the-researcher-says-microsoft-started-it.html) - [ ] [Why Write Blockers Matter in Forensic Work](https://sumuri.com/why-write-blockers-matter-in-forensic-work/) - [ ] [Vulnerability Disclosure in the Age of AI](https://www.schneier.com/blog/archives/2026/06/vulnerability-disclosure-in-the-age-of-ai.html) - [ ] [Procioni & Elefanti cosa sono i Prediction Market e perché l’Europa li mette alla berlina (e gli USA no)](https://mgpf.it/2026/05/30/procioni-elefanti-prediction-market.html) - [ ] [Recovery scam, l’architettura della re-vittimizzazione](https://www.cybersecurity360.it/nuove-minacce/recovery-scam-re-vittimizzazione/) - [ ] [Processo penale e prova digitale il rischio della fonte perduta](https://www.agendadigitale.eu/documenti/processo-penale-e-prova-digitale-il-rischio-della-fonte-perduta/) - [ ] [Windows Jump Lists Forensic Analysis](https://digitalinvestigator.blogspot.com/2026/06/windows-jump-lists-forensic-analysis.html) - [ ] [Crisis Management piani di comunicazione post-breach](https://www.cybersecurity360.it/soluzioni-aziendali/crisis-management-piani-di-comunicazione-post-breach/) - Computer Forensics - [ ] [Research Notes from Building a Windows Event Log Hunting Workflow](https://www.reddit.com/r/computerforensics/comments/1twhzq9/research_notes_from_building_a_windows_event_log/) - Blackhat Library: Hacking techniques and research - [ ] [[Serious] Major cyberattack vector used by criminals to attack businesses on Google Maps](https://www.reddit.com/r/blackhat/comments/1twkbgp/serious_major_cyberattack_vector_used_by/) - Social Engineering - [ ] [I've built a social network where posts only exist if you're physically there. I seek brutal feedback.](https://www.reddit.com/r/SocialEngineering/comments/1tx4e96/ive_built_a_social_network_where_posts_only_exist/) - [ ] [Anyone thinks Meta has too much power now? What can we do about it?](https://www.reddit.com/r/SocialEngineering/comments/1twer8u/anyone_thinks_meta_has_too_much_power_now_what/) - Technical Information Security Content & Discussion - [ ] [System Over Model, Tested: Reproducing Mythos’s FreeBSD Find on Local Open-Weight Models](https://www.reddit.com/r/netsec/comments/1twvplu/system_over_model_tested_reproducing_mythoss/) - [ ] [Enter the WasmForge: Compiling Sliver into WebAssembly](https://www.reddit.com/r/netsec/comments/1two9pa/enter_the_wasmforge_compiling_sliver_into/) - [ ] [Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js](https://www.reddit.com/r/netsec/comments/1twpx2a/recache_excessive_reflection_type_confusion_and/) - TorrentFreak - [ ] [Streaming Piracy Crackdown ‘KRATOS 2’ Leads to 29 Arrests, Targets Remain Unknown](https://torrentfreak.com/streaming-piracy-crackdown-kratos-2-leads-to-29-arrests-targets-remain-unknown/) - Deeplinks - [ ] [California’s AB 412 Still Demands Developers Do The Impossible](https://www.eff.org/deeplinks/2026/06/californias-ab-412-still-demands-developers-do-impossible) - [ ] [Pulte Appointment Underscores Need to Reform Section 702 Spying](https://www.eff.org/deeplinks/2026/06/pulte-appointment-underscores-need-reform-section-702-spying) - [ ] [EFF Testifies to Congress on Protecting Americans’ Rights from Government AI](https://www.eff.org/deeplinks/2026/06/eff-testifies-congress-protecting-americans-rights-government-ai) - [ ] [Move Fast, Surveil Things](https://www.eff.org/deeplinks/2026/06/move-fast-surveil-things) - bellingcat - [ ] [Tracing Digital Links Between Viory and Ruptly](https://www.bellingcat.com/news/2026/06/04/viory-ruptly-rt-russia-uae-propaganda-video-news/)
每日安全资讯(2026-06-05)