# 每日安全资讯(2026-06-06) - SecWiki News - [ ] [SecWiki News 2026-06-05 Review](http://www.sec-wiki.com/?2026-06-05) - Private Feed for M09Ic - [ ] [bolucat released 202606052202 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202606052202) - [ ] [wh0amitz starred Pizz33/AI-Bolascan](https://github.com/Pizz33/AI-Bolascan) - [ ] [killeven starred jsdelivr/jsdelivr](https://github.com/jsdelivr/jsdelivr) - [ ] [github released v0.9.5 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.9.5) - [ ] [PrefectHQ released 3.7.4 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.4) - [ ] [b1nhack starred farazsth98/exploit-CVE-2025-39946](https://github.com/farazsth98/exploit-CVE-2025-39946) - [ ] [esrrhs contributed to esrrhs/fakelua](https://github.com/esrrhs/fakelua/pull/156) - [ ] [wuhan005 contributed to gogs/gogs](https://github.com/gogs/gogs/pull/8225) - [ ] [agentscope-ai released v2.0.1 at agentscope-ai/agentscope](https://github.com/agentscope-ai/agentscope/releases/tag/v2.0.1) - [ ] [niudaii starred ADScanPro/adscan](https://github.com/ADScanPro/adscan) - [ ] [timwhitez starred anthropics/defending-code-reference-harness](https://github.com/anthropics/defending-code-reference-harness) - [ ] [0xbug starred wudipjq/my_vuln](https://github.com/wudipjq/my_vuln) - [ ] [safedv starred mhaskar/DNSStager](https://github.com/mhaskar/DNSStager) - [ ] [PrefectHQ released 3.7.4.dev4 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.4.dev4) - [ ] [CHYbeta starred colbymchenry/codegraph](https://github.com/colbymchenry/codegraph) - [ ] [Ridter starred Chuyu-Team/YY-Thunks](https://github.com/Chuyu-Team/YY-Thunks) - [ ] [0xbug starred expo/expo](https://github.com/expo/expo) - [ ] [LoRexxar contributed to LoRexxar/Kunlun-M](https://github.com/LoRexxar/Kunlun-M/pull/341) - [ ] [Ridter starred ReverseApple/inject_aarch64](https://github.com/ReverseApple/inject_aarch64) - [ ] [anthropics released v2.1.165 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.165) - [ ] [gh0stkey starred refactoringhq/tolaria](https://github.com/refactoringhq/tolaria) - [ ] [FunnyWolf starred xxlllq/system_architect](https://github.com/xxlllq/system_architect) - Microsoft Security Blog - [ ] [Securing CI/CD in an agentic world: Claude Code Github action case](https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/) - 先知安全技术社区 - [ ] [AI Agent 的信任边界:从中转 API 到 Agent Tool Call 的供应链劫持](https://xz.aliyun.com/news/92255) - [ ] [更隐蔽的白利用:基于执行追踪的可注入点与代码空洞自动化挖掘](https://xz.aliyun.com/news/92254) - [ ] [AGENT-MINER:攻击通用 AI 智能体与自动化风险挖掘](https://xz.aliyun.com/news/92253) - [ ] [协同作战:甲方视角的体系化 AI 渗透实践](https://xz.aliyun.com/news/92252) - [ ] [LLMDYara:面向恶意文件检测的可解释 YARA 规则自动生成系统](https://xz.aliyun.com/news/92251) - Recent Commits to cve:main - [ ] [Update Fri Jun 5 11:46:18 UTC 2026](https://github.com/trickest/cve/commit/757808fb00edeaaed7f730385558c3fe0620f3f8) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [“Bug Bounty Bootcamp #44: No Login?](https://infosecwriteups.com/bug-bounty-bootcamp-44-no-login-c3302844a47e?source=rss----7b722bfd1b8d--bug_bounty) - GuidePoint Security - [ ] [OMB M-26-14: Why Federal Logging Just Got Cheaper, Faster, and Harder to Ignore](https://www.guidepointsecurity.com/blog/ombm-26-14/) - Horizon3.ai - [ ] [CVE-2026-0257 | Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass Vulnerability | Active Exploitation](https://horizon3.ai/attack-research/vulnerabilities/cve-2026-0257/) - Reverse Engineering - [ ] [Reverse Engineering Crazy Taxi, Part 3](https://www.reddit.com/r/ReverseEngineering/comments/1txt9pi/reverse_engineering_crazy_taxi_part_3/) - [ ] [I've been reverse engineering a lost 2010 horse MMO and I need contributors](https://www.reddit.com/r/ReverseEngineering/comments/1txkm8z/ive_been_reverse_engineering_a_lost_2010_horse/) - [ ] [Ghidra 12.1.2 has been released!](https://www.reddit.com/r/ReverseEngineering/comments/1txt7o9/ghidra_1212_has_been_released/) - [ ] [Extending a map tool for Cataclismo](https://www.reddit.com/r/ReverseEngineering/comments/1txnk3c/extending_a_map_tool_for_cataclismo/) - [ ] [HookNt: A Windows x64 tool to trace NT APIs by injecting an import-free DLL, installing ntdll trampolines, and streaming events over named pipes](https://www.reddit.com/r/ReverseEngineering/comments/1txcpy7/hooknt_a_windows_x64_tool_to_trace_nt_apis_by/) - [ ] [Multi-layer sandbox for native code execution on Linux with no external deps.](https://www.reddit.com/r/ReverseEngineering/comments/1tx7c11/multilayer_sandbox_for_native_code_execution_on/) - SentinelOne - [ ] [The Good, the Bad and the Ugly in Cybersecurity – Week 23](https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-23-7/) - Malwarebytes - [ ] [AI: Threat, tool, or both?](https://www.malwarebytes.com/blog/ai/2026/06/ai-threat-tool-or-both) - VMRay - [ ] [YARA Rules: A Complete Guide with Best Practices and Use Cases](https://www.vmray.com/yara-rules-guide/) - rtl-sdr.com - [ ] [Receiving US Nuclear Detection Satellite Signals with RTL-SDR, Discovery Dish and Discovery Drive](https://www.rtl-sdr.com/receiving-us-nuclear-detection-satellite-signals-with-rtl-sdr-discovery-dish-and-discovery-drive/) - [ ] [SkyLight Ceiling: Projecting Live ADS-B Aircraft Positions Onto your Ceiling](https://www.rtl-sdr.com/skylight-ceiling-projecting-live-ads-b-aircraft-positions-onto-your-ceiling/) - [ ] [Dump1090 For Android Updated to V2](https://www.rtl-sdr.com/dump1090-for-android-updated-to-v2/) - [ ] [ITCMON: Interoperable Train Control Monitoring Software Released](https://www.rtl-sdr.com/itcmon-interoperable-train-control-monitoring-software-released/) - bishopfox.com - [ ] [Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & Analysis](https://bishopfox.com/blog/popping-root-on-unifi-os-server-unauthenticated-rce-chain-detection-analysis) - 绿盟科技技术博客 - [ ] [云端Wireshark](https://blog.nsfocus.net/%e4%ba%91%e7%ab%afwireshark/) - [ ] [AI攻防视界:从Mythos破局看漏洞挖掘的工程化跃迁](https://blog.nsfocus.net/ai%e6%94%bb%e9%98%b2%e8%a7%86%e7%95%8c%ef%bc%9a%e4%bb%8emythos%e7%a0%b4%e5%b1%80%e7%9c%8b%e6%bc%8f%e6%b4%9e%e6%8c%96%e6%8e%98%e7%9a%84%e5%b7%a5%e7%a8%8b%e5%8c%96%e8%b7%83%e8%bf%81/) - Exploit-DB.com RSS Feed - [ ] [[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection](https://www.exploit-db.com/exploits/52609) - 奇客Solidot–传递最新科技情报 - [ ] [因空气泄露国际空间站宇航员被告知准备紧急撤离](https://www.solidot.org/story?sid=84501) - [ ] [Brave 以 60 美元出售精简版本](https://www.solidot.org/story?sid=84500) - [ ] [超加工食品的加工过程可能与健康风险相关](https://www.solidot.org/story?sid=84499) - [ ] [大黄蜂能利用工具解决问题](https://www.solidot.org/story?sid=84498) - [ ] [机器人的 HTTP 请求超过人类](https://www.solidot.org/story?sid=84497) - [ ] [苹果称 App Store 生态系统规模突破 1.4 万亿美元](https://www.solidot.org/story?sid=84496) - [ ] [Google 寻求在加州和佛州释放数千万只无生育能力的雄蚊](https://www.solidot.org/story?sid=84495) - [ ] [日本计划 2049 年前重建 2-5 个核电机组](https://www.solidot.org/story?sid=84494) - [ ] [rsync 项目争议 AI 辅助编程](https://www.solidot.org/story?sid=84493) - [ ] [苹果在美国德州引入年龄验证](https://www.solidot.org/story?sid=84492) - [ ] [AI 没有意识](https://www.solidot.org/story?sid=84491) - HackerNews - [ ] [Gamaredon 利用 WinRAR 漏洞对乌克兰目标发起模块化间谍攻击](http://0.0.0.0:8080/post/64305) - [ ] [黑客在间谍行动中瞄准全球证券交易所](http://0.0.0.0:8080/post/64304) - [ ] [信用卡窃取活动滥用 Stripe 托管被盗支付信息](http://0.0.0.0:8080/post/64303) - [ ] [DentaQuest 数据泄露事件暴露 260 万账户信息](http://0.0.0.0:8080/post/64302) - [ ] [Hola Windows 版浏览器遭入侵,被用于分发加密货币矿机](http://0.0.0.0:8080/post/64301) - [ ] [思科在漏洞利用代码公开后发布 Unified CM 的 CVE-2026-20230 补丁](http://0.0.0.0:8080/post/64300) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [国际空间站又现“漏气”事态 NASA一度下令宇航员紧急避险](https://blog.upx8.com/%E5%9B%BD%E9%99%85%E7%A9%BA%E9%97%B4%E7%AB%99%E5%8F%88%E7%8E%B0-%E6%BC%8F%E6%B0%94-%E4%BA%8B%E6%80%81-NASA%E4%B8%80%E5%BA%A6%E4%B8%8B%E4%BB%A4%E5%AE%87%E8%88%AA%E5%91%98%E7%B4%A7%E6%80%A5%E9%81%BF%E9%99%A9) - [ ] [孙正义:AI正在设计OpenAI下一个模型](https://blog.upx8.com/%E5%AD%99%E6%AD%A3%E4%B9%89-AI%E6%AD%A3%E5%9C%A8%E8%AE%BE%E8%AE%A1OpenAI%E4%B8%8B%E4%B8%80%E4%B8%AA%E6%A8%A1%E5%9E%8B) - [ ] [华为芯片优化DeepSeek模型,中国AI自主研发取得重大突破](https://blog.upx8.com/%E5%8D%8E%E4%B8%BA%E8%8A%AF%E7%89%87%E4%BC%98%E5%8C%96DeepSeek%E6%A8%A1%E5%9E%8B-%E4%B8%AD%E5%9B%BDAI%E8%87%AA%E4%B8%BB%E7%A0%94%E5%8F%91%E5%8F%96%E5%BE%97%E9%87%8D%E5%A4%A7%E7%AA%81%E7%A0%B4) - [ ] [中国投入11亿开发AI智能体以推广习近平思想](https://blog.upx8.com/%E4%B8%AD%E5%9B%BD%E6%8A%95%E5%85%A511%E4%BA%BF%E5%BC%80%E5%8F%91AI%E6%99%BA%E8%83%BD%E4%BD%93%E4%BB%A5%E6%8E%A8%E5%B9%BF%E4%B9%A0%E8%BF%91%E5%B9%B3%E6%80%9D%E6%83%B3) - [ ] [纽约州通过法案禁建数据中心为期一年](https://blog.upx8.com/%E7%BA%BD%E7%BA%A6%E5%B7%9E%E9%80%9A%E8%BF%87%E6%B3%95%E6%A1%88%E7%A6%81%E5%BB%BA%E6%95%B0%E6%8D%AE%E4%B8%AD%E5%BF%83%E4%B8%BA%E6%9C%9F%E4%B8%80%E5%B9%B4) - [ ] [香港和内地投资者被禁止参与SpaceX的IPO](https://blog.upx8.com/%E9%A6%99%E6%B8%AF%E5%92%8C%E5%86%85%E5%9C%B0%E6%8A%95%E8%B5%84%E8%80%85%E8%A2%AB%E7%A6%81%E6%AD%A2%E5%8F%82%E4%B8%8ESpaceX%E7%9A%84IPO) - [ ] [中国和香港投资者被禁止参与SpaceX的IPO](https://blog.upx8.com/%E4%B8%AD%E5%9B%BD%E5%92%8C%E9%A6%99%E6%B8%AF%E6%8A%95%E8%B5%84%E8%80%85%E8%A2%AB%E7%A6%81%E6%AD%A2%E5%8F%82%E4%B8%8ESpaceX%E7%9A%84IPO) - [ ] [美国国家安全局使用Anthropic的Mythos开展进攻性网络行](https://blog.upx8.com/%E7%BE%8E%E5%9B%BD%E5%9B%BD%E5%AE%B6%E5%AE%89%E5%85%A8%E5%B1%80%E4%BD%BF%E7%94%A8Anthropic%E7%9A%84Mythos%E5%BC%80%E5%B1%95%E8%BF%9B%E6%94%BB%E6%80%A7%E7%BD%91%E7%BB%9C%E8%A1%8C) - [ ] [抖音回应豆包误判蘑菇致用户中毒:AI还在发展阶段会不断提升识别准确性](https://blog.upx8.com/%E6%8A%96%E9%9F%B3%E5%9B%9E%E5%BA%94%E8%B1%86%E5%8C%85%E8%AF%AF%E5%88%A4%E8%98%91%E8%8F%87%E8%87%B4%E7%94%A8%E6%88%B7%E4%B8%AD%E6%AF%92-AI%E8%BF%98%E5%9C%A8%E5%8F%91%E5%B1%95%E9%98%B6%E6%AE%B5%E4%BC%9A%E4%B8%8D%E6%96%AD%E6%8F%90%E5%8D%87%E8%AF%86%E5%88%AB%E5%87%86%E7%A1%AE%E6%80%A7) - 黑鸟 - [ ] [AI智能体驱动的自适应计算机蠕虫](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186947&idx=1&sn=4409ae4d0cea5239037eaa44099b38df) - 威努特安全网络 - [ ] [四部门:促进人工智能与能源双向赋能](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142105&idx=1&sn=0e4ac2b52d471d2ad60540c1bccb8765) - [ ] [WinClaw限时全免!注册即享AI大模型免费额度](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142105&idx=2&sn=3af0ae4c94f13dae5293724f9fc6abea) - CT Stack 安全社区 - [ ] [主流大模型全场7折!畅享一站式AI服务!](https://mp.weixin.qq.com/s?__biz=MzIzOTE1ODczMg==&mid=2247500249&idx=1&sn=2061851f65e43f9ee4cc13338a1fe17a) - 安全内参 - [ ] [Anthropic年度报告:AI如何改变网络攻击?安全防御该如何改进?](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516052&idx=1&sn=d61741bde52bfc84690e39e0e931695b) - [ ] [美国专家组报告提议成立规模约3万人的独立网络部队](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516052&idx=2&sn=d13cb513bac553b316431a87f39ea5a9) - 绿盟科技研究通讯 - [ ] [【公益译文】2026年AI指数报告(三)](https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247499992&idx=1&sn=d363d225bd5ce100c50df8565244c2a2) - 代码卫士 - [ ] [思科:注意无补丁但已遭利用的 SD-WAN 高危 0day](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526228&idx=1&sn=aa8606b21d2d15f6de0e55d784eef216) - [ ] [思科:Unified CM 严重漏洞的 PoC 已发布](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526228&idx=2&sn=cbc3a57a98b3117c33dc6847aa4c4e14) - [ ] [BCS 2026 | AI安全论坛在京举行:安全是打出来的、练出来的](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526228&idx=3&sn=d91fbe95f813835f5f1ed757640180df) - 中国信息安全 - [ ] [中国信息安全测评中心主任彭涛:走好智能体发展与安全的双赢路](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263278&idx=1&sn=5fac889ee9010077df88da64b5d70750) - [ ] [《中国信息安全》杂志2026年第5期目录](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263278&idx=2&sn=d1460845dda12c4b5efb252e82311a28) - 奇安信威胁情报中心 - [ ] [赛博暗影:从暴露的CobaltStrike基础设施还原Qilin勒索团伙攻击链](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247519040&idx=1&sn=f9371d35485af7aad0ca4af21591c855) - 同程旅行安全应急响应中心 - [ ] [【活动公告】端午安康|LYSRC双倍积分活动正式开启](https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&mid=2247485432&idx=1&sn=c4ccfba6c886a509ce74915c4860d648) - 安全圈 - [ ] [【安全圈】WeedHack 恶意木马曝光,专针对《我的世界》玩家发起攻击](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077261&idx=1&sn=8411ab957afc2b4e41af24e6da821584) - [ ] [【安全圈】谷歌云又裁员,安全团队也中招](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077261&idx=2&sn=e9d4366f0b41cbaa4e931f3f78e8e626) - [ ] [【安全圈】Gamaredon 利用 WinRAR 漏洞对乌克兰目标发起模块化间谍攻击](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077261&idx=3&sn=0fdc29a5bdd38321cae81a6ef447631e) - XCTF联赛 - [ ] [报名开启|2026第二届湾区杯网络安全大赛等你来战!](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516423&idx=1&sn=6ffe2166551cd415fe7441d9fd5494bb) - 长亭科技 - [ ] [主流大模型全场7折!畅享一站式AI服务!](https://mp.weixin.qq.com/s?__biz=MzIwNDA2NDk5OQ==&mid=2651390474&idx=1&sn=61e85a259726131b6a883a54e146fa0e) - 数世咨询 - [ ] [最新议程 | 第六届数字安全大会等您来](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543126&idx=1&sn=36f9d3d31bc23b93d5d3a9f8283bf88d) - 安全牛 - [ ] [再不行动就要落伍——安全牛《抗量子安全应用迁移与落地实践研究(2026版)》 正式发布](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141589&idx=1&sn=a1f1e137605780197313c392073abc4d) - [ ] [Google发布Gemma 4 12B:16GB内存即可运行的开源多模态AI模型;美国企业转向DeepSeek:AI成本压力重塑模型选型| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141589&idx=2&sn=c1476b8f22613c277881b1bb45c747aa) - M01N Team - [ ] [每周蓝军技术推送(2026.5.30-6.5)](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247495125&idx=1&sn=7ad029e48cf6f3d21beadb2e5807397b) - 极客公园 - [ ] [除了 AI Siri 和库克「谢幕演讲」,今年 WWDC 还有什么?](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108246&idx=1&sn=059702b7821729a56dfeb353537e0df0) - [ ] [罗永浩卸任锤子软件「执行董事」;iOS 27 升级名单曝光;网友热议苹果输入法离谱错误 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108207&idx=1&sn=0b0ca160aed35fa18656e2c9c719b147) - 补天平台 - [ ] [关于提交AI生成漏洞报告的行为规范及违规处置通告](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510812&idx=1&sn=1d4dfd70fd94c720aa66f487118d224d) - 腾讯安全威胁情报中心 - [ ] [毒占首页|智能体搜索投毒与域名仿冒攻击分析报告](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247511982&idx=1&sn=6b980971470c9081d7225b55dfdc0be8) - 奇安信病毒响应中心 - [ ] [每周勒索威胁摘要](https://mp.weixin.qq.com/s?__biz=MzI5Mzg5MDM3NQ==&mid=2247498610&idx=1&sn=900eee3e60a34eca2ffc7d55c3144607) - 丁爸 情报分析师的工具箱 - [ ] [【课程】开源情报反电诈实战培训课程-2](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156176&idx=1&sn=8e3118c1f54f6775637439164956fc00) - [ ] [【培训】打击治理电信网络诈骗犯罪培训班6月12日-18日遵义开班](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156176&idx=2&sn=61b7052621fba7db5b5c84ebf49d4115) - 字节跳动安全中心 - [ ] [共建开源生态安全!ByteSRC开源项目漏洞专测开启](https://mp.weixin.qq.com/s?__biz=MzUzMzcyMDYzMw==&mid=2247496271&idx=1&sn=a630bd22ae3422d027df864aca82d7a9) - 斗象智能安全 - [ ] [漏洞实际价值“大众点评”,微信社群与小程序同步上线](https://mp.weixin.qq.com/s?__biz=MzIwMjcyNzA5Mw==&mid=2247495446&idx=1&sn=67b20253fbab14532ca67ee8a4b1d468) - 美团技术团队 - [ ] [美团LongCat大模型人才校招全球启动](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782776&idx=1&sn=7d8d86a3f682ddefdaef2e28de4c0041) - [ ] [美团2027届北斗计划全球启动](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782776&idx=2&sn=311538426bad314df172f14b522b1138) - [ ] [报名|ACL'26 美团中稿精选:从能力评测到推理优化,构建生成新范式](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782776&idx=3&sn=77c72b469a871b499a46fe06be73225f) - 京东安全应急响应中心 - [ ] [第四届京麒CTF开赛 倒计时一天!](https://mp.weixin.qq.com/s?__biz=MjM5OTk2MTMxOQ==&mid=2727850915&idx=1&sn=431428a50976cd1dfa986ac8864da149) - 中通安全应急响应中心 - [ ] [3倍积分相伴,共赴ZSRC十日之约~](https://mp.weixin.qq.com/s?__biz=MzUyMTcwNTY3Mg==&mid=2247486661&idx=1&sn=2e22128c3a64d7d18bfc309ea4712862) - 看雪学苑 - [ ] [Intel 酷睿 CPU Management Engine 固件研究与分析逆向:前置准备与解包](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616264&idx=1&sn=694e1420b968e1fea0b7b7a68b90dcbc) - [ ] [月薪60-70K!吉利/滴滴等大厂:智驾、IoT 渗透、大模型安全急招](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616264&idx=2&sn=ee6c45fd3eb02ef258a5363fede2dc0c) - [ ] [点个链接就能偷光你的GitHub仓库,VS Code零日漏洞遭研究员直接公开](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616264&idx=3&sn=f4c250c9a1b1dd408dd66d17b01787e6) - [ ] [2026夏季班火热报名 | 系统0day安全-IOT设备漏洞挖掘(第6期)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616264&idx=4&sn=1c6504123c6124e74d59f043a6aa73fe) - 枇杷熟了 - [ ] [办比赛你给我办好的啊!](https://mp.weixin.qq.com/s?__biz=MzU0MzkzOTYzOQ==&mid=2247490084&idx=1&sn=3f8b1d1b7cfcf7ae964d19648f5dedbe) - 云鼎实验室 - [ ] [CodeBuddy Security:AI 时代的代码安全新范式——从发现到确证闭环](https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497656&idx=1&sn=f8a390c552e03a298249cc0a23e3d1f1) - 火绒安全 - [ ] [芒种 | 有芒之种 无懈防护](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534384&idx=1&sn=baf788024ddc469506d20618e1e84bdf) - [ ] [火绒小问答——「企业版」API接口如何使用](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534384&idx=2&sn=bae42b238f0b3115005a3b3a6b96f068) - [ ] [【火绒安全周报】黑客滥用ChatGPT投毒/18项网络安全国家标准获批发布](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534384&idx=3&sn=7a4231d740121fc65deb6e557e9f5280) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534384&idx=4&sn=436f35ad704b51dbe360332fb81d917d) - OPPO安全中心 - [ ] [【营销代理商业务专项众测】端午礼盒免费送!新手级的严重高危冲击赛!](https://mp.weixin.qq.com/s?__biz=MzUyNzc4Mzk3MQ==&mid=2247494953&idx=1&sn=fa39b8699bf967b27ed00381b1ce5bde) - [ ] [0积分兑礼盒,OSRC祝您端午安康!](https://mp.weixin.qq.com/s?__biz=MzUyNzc4Mzk3MQ==&mid=2247494953&idx=2&sn=3d5a7274bcf042616a8a66bbb7c9a3cf) - NETRESEC Network Security Blog - [ ] [PolarProxy 2.0.1 Released](https://www.netresec.com/?page=Blog&month=2026-06&post=PolarProxy-2-0-1-Released) - Qualys Security Blog - [ ] [Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing](https://blog.qualys.com/category/product-tech) - 纽创信安 - [ ] [PANDA出海合规专场:CRA、FIPS、PSA和其他](https://mp.weixin.qq.com/s?__biz=MzAwNTczMjAzMg==&mid=2650241463&idx=1&sn=f1ffce56d4f3b80b8e1dde6c5a74da38) - 迪哥讲事 - [ ] [某医院小程序逆向签名加解密之泄露百万数据](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499531&idx=1&sn=bf97c33ddf12b142cc1140a0a9570e3d) - 网安国际 - [ ] [CCF-INFORSEC网络空间安全前沿创新论坛在京举办](https://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&mid=2652318238&idx=1&sn=6e32ca673a3cbcef5f94f08877bc572c) - 白泽安全实验室 - [ ] [疑似巴基斯坦关联的APT36组织针对Linux平台展开攻击活动](https://mp.weixin.qq.com/s?__biz=MzI0MTE4ODY3Nw==&mid=2247492942&idx=1&sn=88d028f565c8fd80b3f58090db47f48e) - Over Security - [ ] [Suspicious Polyfill login prompts pop up on Toshiba, Muji websites](https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/) - [ ] [Former cyber executive turned whistleblower accuses IBM of covering up several data breaches](https://techcrunch.com/2026/06/05/former-cyber-executive-turned-whistleblower-accuses-ibm-of-covering-up-several-data-breaches/) - [ ] [CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers](https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/) - [ ] [Chinese APT deploys new malware to keep access to hacked networks](https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/) - [ ] [Dark web Nemesis Market vendor gets 26 years for selling drugs](https://www.bleepingcomputer.com/news/security/dark-web-nemesis-market-vendor-gets-26-years-for-selling-drugs/) - [ ] [Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM](https://flashpoint.io/blog/connecting-vulnerability-intelligence-to-real-world-exposure-with-flashpoint-easm/) - [ ] [Singing River Health System: Between Ransomware, Legal Disputes, and Recurring Vulnerabilities](https://www.suspectfile.com/singing-river-health-system-between-ransomware-legal-disputes-and-recurring-vulnerabilities/) - [ ] [Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person](https://techcrunch.com/2026/06/05/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person/) - [ ] [Fuoco invisibile | La difesa inizia da ciò che sai vedere](https://www.certego.net/blog/certego-fuoco-invisibile/) - [ ] [Sintesi riepilogativa delle campagne malevole nella settimana del 30 maggio – 5 giugno](https://cert-agid.gov.it/news/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-del-30-maggio-5-giugno/) - [ ] [Over 900 US gas station tank gauge systems exposed to attacks](https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/) - [ ] [What 2026 DBIR Confirms: Attacks Are Living in the Browser](https://www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/) - [ ] [La linea di Trump sull’AI: perché negli USA la sicurezza nazionale batte diritti ed etica](https://www.cybersecurity360.it/legal/la-linea-di-trump-sullai-perche-negli-usa-la-sicurezza-nazionale-batte-diritti-ed-etica/) - [ ] [eSIM Saily: effetto Mondiali 2026, 10% di sconto sul primo acquisto per navigare all’estero in sicurezza](https://www.cybersecurity360.it/news/esim-saily/) - [ ] [Incogni cancella i dati online: come funziona il servizio per proteggere la privacy digitale](https://www.cybersecurity360.it/news/cancella-dati-incogni/) - [ ] [Apple removes Russia’s state-backed messaging app Max from its store](https://therecord.media/apple-removes-russian-app-max-from-app-store) - [ ] [EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers](https://therecord.media/eu-unveils-tech-sovereignty-package-cut-reliance-us-china) - [ ] [C-Suite Impersonation in the Gulf: How Threat Actors Are Targeting UAE & Saudi Executives in 2026](https://cyble.com/blog/ceo-fraud-executive-impersonation-gulf-firms/) - [ ] [The Cyber Express Weekly Roundup: Cloud Extortion, Long-Term Espionage, Android Zero-Days, and Public Sector Security Reviews](https://thecyberexpress.com/tce-weekly-roundup-extortion-android-cloud/) - [ ] [Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards](https://any.run/cybersecurity-blog/g2-summer-awards-2026/) - [ ] [Truffe WhatsApp: ecco gli schemi più diffusi e le tecniche usate](https://www.cybersecurity360.it/nuove-minacce/truffe-whatsapp-ecco-gli-schemi-piu-diffusi-e-le-tecniche-usate/) - [ ] [Se l’impresa è vittima di truffa informatica, non è il DPO a doverne rispondere](https://www.cybersecurity360.it/news/se-limpresa-e-vittima-di-truffa-informatica-non-e-il-dpo-a-doverne-rispondere/) - [ ] [Governance by design, per evitare la trappola del “partiamo e poi vediamo”](https://www.cybersecurity360.it/legal/governance-by-design-per-evitare-la-trappola-del-partiamo-e-poi-vediamo/) - [ ] [DPDP and Cybersecurity: Why the Safest Data May Be the Data You Delete](https://thecyberexpress.com/dpdp-and-cybersecurity-rethinking-data-risk/) - [ ] [Normative, cloud e supply chain: come sta cambiando la cyber security nelle aziende](https://www.cybersecurity360.it/soluzioni-aziendali/normative-cloud-e-supply-chain-come-sta-cambiando-la-cyber-security-nelle-aziende/) - [ ] [BCD Travel - 396,313 breached accounts](https://haveibeenpwned.com/Breach/BCDTravel) - [ ] [China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network](https://thecyberexpress.com/china-verdantbamboo-18-month-campaign/) - [ ] [Cisco warns of unpatched SD-WAN zero-day exploited in attacks](https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/) - [ ] [Study of AI-Assisted Cyberattacks May Reshape How Security Industry Measures Risk](https://thecyberexpress.com/study-of-ai-assisted-cyberattacks/) - [ ] [Armenia: Bashe Claims to Have Purchased a Database of More Than 30,000 Voters from a Pro-Turkish Group](https://www.suspectfile.com/armenia-bashe-claims-to-have-purchased-a-database-of-more-than-30000-voters-from-a-pro-turkish-group/) - [ ] [Il gruppo criminale cinese TA4922 adesso punta anche all’Europa](https://www.securityinfo.it/2026/06/04/il-gruppo-criminale-cinese-ta4922-adesso-punta-anche-alleuropa/) - Arturo Di Corinto - [ ] [Guerra profonda, le presentazioni a Milano](https://dicorinto.it/tipologia/presentazioni/guerra-profonda-le-presentazioni-a-milano/) - ICT Security Magazine - [ ] [Cisco SD-WAN zero-day: sfruttata senza patch la CVE-2026-20245, root sul Manager](https://www.ictsecuritymagazine.com/notizie/cisco-sd-wan-zero-day/) - [ ] [Minacce informatiche settimana 1-5 giugno: NetScaler e Netlogon sotto attacco, Gamaredon sfrutta WinRAR](https://www.ictsecuritymagazine.com/notizie/minacce-informatiche-settimana/) - [ ] [AI agentici e sicurezza delle identità: perché il vero rischio è l’eccesso di privilegi](https://www.ictsecuritymagazine.com/notizie/ai-agentici-identity-security/) - [ ] [AI agentica e prova penale: come acquisire i log dai provider esteri](https://www.ictsecuritymagazine.com/notizie/ai-agentica-processo-penale/) - Javvad Malik - [ ] [Breach of Confidence: 05 June 2026](https://javvadmalik.com/2026/06/05/breach-of-confidence-05-june-2026/) - Have I Been Pwned latest breaches - [ ] [BCD Travel - 396,313 breached accounts](https://haveibeenpwned.com/Breach/BCDTravel) - Schneier on Security - [ ] [AI Worm](https://www.schneier.com/blog/archives/2026/06/ai-worm.html) - Silent Signal Techblog - [ ] [Unauthenticated RCE as QSECOFR via IBM i Management Central](https://blog.silentsignal.eu/2026/06/05/unauthenticated-rce-as-qsecofr-via-ibm-i-management-central/) - Rasta Mouse - [ ] [BOF Cocktails in Cobalt Strike](https://rastamouse.me/bof-cocktails-in-cobalt-strike/) - Instapaper: Unread - [ ] [MacBook Water Damage What to Do in the First 24 Hours (and What Not to Do)](https://www.gillware.com/data-recovery-services/macbook-water-damage/) - [ ] [One Year On, Italy Is Still Waiting for Answers From Paragon Over Spyware Scandal](https://www.wired.it/article/italy-is-still-waiting-for-answers-from-paragon-over-spyware-scandal/) - [ ] [Welcoming OpenRelik to the OSDFIR Infrastructure family](https://osdfir.blogspot.com/2026/06/welcoming-openrelik-to-osdfir.html) - [ ] [BitLocker Bypassed Why Patching Windows 11 Isn't Enough](https://blog.sekurity.de/blog/bitlocker-bypass-winre/) - GRAHAM CLULEY - [ ] [Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5](https://www.bitdefender.com/en-us/blog/hotforsecurity/linkedin-recruiter-chinese-intelligence-fbi-mi5) - SANS Internet Storm Center, InfoCON: green - [ ] [The Evil MSI Background is Back!, (Fri, Jun 5th)](https://isc.sans.edu/diary/rss/33054) - [ ] [ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)](https://isc.sans.edu/diary/rss/33050) - TorrentFreak - [ ] [Vietnam’s Online Piracy Failures Trigger Section 301 Investigation, Tariffs on the Table](https://torrentfreak.com/vietnams-online-piracy-failures-trigger-section-301-investigation-tariffs-on-the-table/) - Yak Project - [ ] [SyntaxFlow 规则引擎能力迭代](https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247529835&idx=1&sn=764029ebdd06c3a4d6179ce961328c0a) - Full Disclosure - [ ] [[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities](https://seclists.org/fulldisclosure/2026/Jun/0) - Security Affairs - [ ] [Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure](https://securityaffairs.com/193215/cyber-crime/silent-ransom-group-srg-switching-to-dns-fast-flux-infrastructure.html) - [ ] [Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet](https://securityaffairs.com/193203/security/cisco-sd-wan-has-a-new-root-level-problem-and-theres-no-fix-yet.html) - [ ] [PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network](https://securityaffairs.com/193189/cyber-crime/pcpjack-exposed-researchers-uncover-230-node-cloud-email-relay-network.html) - [ ] [Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications](https://securityaffairs.com/193165/ai/fake-context-alignment-the-attack-that-made-gemini-obey-strangers-through-your-notifications.html) - 白帽子章华鹏 - [ ] [字节/滴滴/科大讯飞/安克等大厂的优质安全岗位直推负责人](https://mp.weixin.qq.com/s?__biz=MzIyOTAxOTYwMw==&mid=2650239079&idx=1&sn=a47c45c32cf3922fd61e25521f7e841e) - Deeplinks - [ ] [Internet Age-Gates Are a Growing Global Threat](https://www.eff.org/deeplinks/2026/06/internet-age-gates-are-growing-global-threat) - [ ] [LGBT Q&A Season 1 Recap: Staying Safer Online](https://www.eff.org/deeplinks/2026/06/lgbt-qa-season-1-recap-staying-safer-online) - LockBoxx - [ ] [Book Review: "How Spies Think"](http://blog.lockboxx.org/2026/06/book-review-how-spies-think.html) - The Hacker News - [ ] [IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks](https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html) - [ ] [Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps](https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html) - [ ] [New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework](https://thehackernews.com/2026/06/new-threat-cluster-op-512-targets.html) - [ ] [Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver](https://thehackernews.com/2026/06/only-10-of-socs-say-theyre-getting.html) - [ ] [Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites](https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html) - [ ] [FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins](https://thehackernews.com/2026/06/fifa-world-cup-2026-scams-are-already.html) - [ ] [PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network](https://thehackernews.com/2026/06/pcpjack-hijacks-230-aws-google-cloud.html) - www.theregister.com - Articles - [ ] [If you don't fall for these extortionists' calls, they'll show up with USB sticks](https://www.theregister.com/cyber-crime/2026/06/05/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks/5251891) - [ ] [Yet another Cisco SD-WAN 0-day under attack, and no patch in sight](https://www.theregister.com/security/2026/06/05/yet-another-cisco-sd-wan-0-day-under-attack-and-no-patch-in-sight/5251855) - [ ] [World Food Programme breach exposes data of 600k vulnerable Gazan families](https://www.theregister.com/security/2026/06/05/world-food-programme-breach-exposes-data-of-600k-vulnerable-gazan-families/5251605) - [ ] [Council in UK's City of York outs hundreds of disabled residents with a single email blunder](https://www.theregister.com/security/2026/06/05/council-in-uks-city-of-york-outs-hundreds-of-disabled-residents-with-a-single-email-blunder/5251214) - Your Open Hacker Community - [ ] [How to learn](https://www.reddit.com/r/HowToHack/comments/1txrz5k/how_to_learn/) - [ ] [How can I get my phone back??](https://www.reddit.com/r/HowToHack/comments/1txurfw/how_can_i_get_my_phone_back/) - [ ] [Need help i want instagram credentials of a person i don't know how to do it i want someone to help me like a brother i will also help him as he wants](https://www.reddit.com/r/HowToHack/comments/1txyrae/need_help_i_want_instagram_credentials_of_a/) - [ ] [Is practicing on metasploitable 3 enough to learn "point and blast" hacking?](https://www.reddit.com/r/HowToHack/comments/1tx8rj1/is_practicing_on_metasploitable_3_enough_to_learn/) - Information Security - [ ] [Security priority](https://www.reddit.com/r/Information_Security/comments/1txljhm/security_priority/) - [ ] [¿Cómo es posible que alguien acceda repetidamente a mi información privada a través de varios iPhones y Apple IDs?](https://www.reddit.com/r/Information_Security/comments/1tx7e4p/cómo_es_posible_que_alguien_acceda_repetidamente/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [Self-made tool for recursive directory enumeration and API probing](https://www.reddit.com/r/netsecstudents/comments/1txtytv/selfmade_tool_for_recursive_directory_enumeration/) - [ ] [Built an OSINT & Email Investigation Tool in Python – Looking for Feedback](https://www.reddit.com/r/netsecstudents/comments/1txbxg1/built_an_osint_email_investigation_tool_in_python/) - Social Engineering - [ ] [Is there some sort of invisible social game we are all playing?](https://www.reddit.com/r/SocialEngineering/comments/1ty02qw/is_there_some_sort_of_invisible_social_game_we/) - [ ] [I wanna reconnect with my old friends as we used to be](https://www.reddit.com/r/SocialEngineering/comments/1txha1g/i_wanna_reconnect_with_my_old_friends_as_we_used/) - Technical Information Security Content & Discussion - [ ] [Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption](https://www.reddit.com/r/netsec/comments/1txoy10/zeroclick_hfpa2dp_takeover_via_l2cap_session/) - [ ] [Keeping Secrets Out of Logs](https://www.reddit.com/r/netsec/comments/1txmr5f/keeping_secrets_out_of_logs/) - [ ] [Unauthenticated RCE as QSECOFR via IBM i Management Central — port 5555, client-controlled verify flag, no credentials required (V7R4 and earlier)](https://www.reddit.com/r/netsec/comments/1txidow/unauthenticated_rce_as_qsecofr_via_ibm_i/) - Security Weekly Podcast Network (Audio) - [ ] [Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587](http://sites.libsyn.com/18678/local-ai-salesforce-fluttershell-aspose-http2-cisco-used-tech-josh-marpet-swn-587) - 网安寻路人 - [ ] [越自主,越难流通?数据使用权外部化的结构张力](https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508589&idx=1&sn=4f0e330f7b953f2c96311e1c5579695f)
每日安全资讯(2026-06-06)