# 每日安全资讯(2026-06-09) - SecWiki News - [ ] [SecWiki News 2026-06-08 Review](http://www.sec-wiki.com/?2026-06-08) - Paper - 知道创宇404实验室 - [ ] [大语言模型后训练中的顺序数据投毒](https://paper.seebug.org/3488) - Zgao's blog - [ ] [k8s KubeConfig泄露-黑客远程调用ApiServer创建特权容器获取Node节点权限应急排查](https://zgao.top/k8s-kubeconfig%e6%b3%84%e9%9c%b2-%e9%bb%91%e5%ae%a2%e8%bf%9c%e7%a8%8b%e8%b0%83%e7%94%a8apiserver%e5%88%9b%e5%bb%ba%e7%89%b9%e6%9d%83%e5%ae%b9%e5%99%a8%e8%8e%b7%e5%8f%96node%e8%8a%82%e7%82%b9%e6%9d%83/) - Private Feed for M09Ic - [ ] [anthropics released v2.1.169 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.169) - [ ] [bolucat released 202606082225 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202606082225) - [ ] [wuhan005 contributed to wuhan005/NekoBox](https://github.com/wuhan005/NekoBox/pull/86) - [ ] [Mr-xn forked Mr-xn/CLICD from MengMengCode/CLICD](https://github.com/Mr-xn/CLICD) - [ ] [esrrhs contributed to esrrhs/fakelua](https://github.com/esrrhs/fakelua/pull/168) - [ ] [Teach2Breach forked Teach2Breach/LdrShuffle from RWXstoned/LdrShuffle](https://github.com/Teach2Breach/LdrShuffle) - [ ] [Teach2Breach starred RWXstoned/LdrShuffle](https://github.com/RWXstoned/LdrShuffle) - [ ] [Mr-xn starred wbh604/UZI-Skill](https://github.com/wbh604/UZI-Skill) - [ ] [Mel0day starred areal-project/AReaL](https://github.com/areal-project/AReaL) - [ ] [timwhitez starred SanMuzZzZz/LuaN1aoAgent](https://github.com/SanMuzZzZz/LuaN1aoAgent) - [ ] [Rvn0xsy starred sansan0/TrendRadar](https://github.com/sansan0/TrendRadar) - [ ] [DVKunion starred agentscope-ai/QwenPaw](https://github.com/agentscope-ai/QwenPaw) - [ ] [Mel0day starred jingyaogong/minimind](https://github.com/jingyaogong/minimind) - Microsoft Security Blog - [ ] [AI brands as bait: How threat actors are using the AI hype in social engineering](https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/) - Recent Commits to cve:main - [ ] [Update Mon Jun 8 12:03:02 UTC 2026](https://github.com/trickest/cve/commit/53570b85767600a1159b367741c7c5fe307c7537) - obaby 𝐢𝐧⃝ void - [ ] [缘分](https://zhongxiaojie.cn/2026/06/1422/) - Der Flounder - [ ] [MDM-based Software Update management options no longer work on all Apple 27.0 operating systems](https://derflounder.wordpress.com/2026/06/08/mdm-based-software-update-management-options-no-longer-work-on-all-apple-27-0-operating-systems/) - [ ] [Showing or hiding the Self Service+ menubar icon](https://derflounder.wordpress.com/2026/06/08/showing-or-hiding-the-self-service-menubar-icon/) - Exodus Intelligence - [ ] [Off By !: Exploiting a Use-after-Free in the Linux Kernel](https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/) - Reverse Engineering - [ ] [/r/ReverseEngineering's Weekly Questions Thread](https://www.reddit.com/r/ReverseEngineering/comments/1u00et0/rreverseengineerings_weekly_questions_thread/) - [ ] [[Tool/Writeup] PureBasic FLIRT Signature for IDA Pro — demo + crackme](https://www.reddit.com/r/ReverseEngineering/comments/1u0c6qc/toolwriteup_purebasic_flirt_signature_for_ida_pro/) - [ ] [First Public Analysis of the BoldTealLayer Loader: A Custom Lua Script that Blinds Windows Security](https://www.reddit.com/r/ReverseEngineering/comments/1u09z3w/first_public_analysis_of_the_boldteallayer_loader/) - [ ] [EMBA firmware analysis framework v2.0.2 available - Party the big 2k](https://www.reddit.com/r/ReverseEngineering/comments/1u06tdo/emba_firmware_analysis_framework_v202_available/) - Malwarebytes - [ ] [Americans lost nearly $900 million to AI-powered scams, FBI says](https://www.malwarebytes.com/blog/scams/2026/06/americans-lost-nearly-900-million-to-ai-powered-scams-fbi-says) - [ ] [Pirated PC games are delivering password-stealing malware](https://www.malwarebytes.com/blog/threat-intel/2026/06/pirated-pc-games-are-delivering-password-stealing-malware) - [ ] [A week in security (June 1 – June 7)](https://www.malwarebytes.com/blog/news/2026/06/a-week-in-security-june-1-june-7-2) - HackerNews - [ ] [可疑的 Polyfill 登录提示出现在东芝和无印良品网站上](http://0.0.0.0:8080/post/64311) - [ ] [关键 Everest Forms Pro 漏洞被利用,可接管 WordPress 网站](http://0.0.0.0:8080/post/64310) - [ ] [Silent Ransom Group 通过虚假 IT 支持电话攻击律师事务所](http://0.0.0.0:8080/post/64309) - [ ] [思科预警 2026 年第 7 个 SD-WAN 零日漏洞已被利用](http://0.0.0.0:8080/post/64308) - [ ] [Meta 称约 2 万个 Instagram 账户因 AI 工具遭滥用而被黑](http://0.0.0.0:8080/post/64307) - [ ] [CISA 将正在被利用的 SolarWinds Serv-U DoS 漏洞加入 KEV 目录](http://0.0.0.0:8080/post/64306) - Exploit-DB.com RSS Feed - [ ] [[webapps] OpenEMR 7.0.2 - Arbitrary File Read](https://www.exploit-db.com/exploits/52610) - 奇客Solidot–传递最新科技情报 - [ ] [肥胖会影响精子质量改变表观遗传标记](https://www.solidot.org/story?sid=84523) - [ ] [韦伯首次测量早期宇宙休眠黑洞质量](https://www.solidot.org/story?sid=84522) - [ ] [平台算法给民主带来风险](https://www.solidot.org/story?sid=84521) - [ ] [GLP-1 减肥药与更低的乳腺癌风险相关](https://www.solidot.org/story?sid=84520) - [ ] [微软再次加强 Xbox 内容独占](https://www.solidot.org/story?sid=84519) - [ ] [免费领取价值30/90美金的NVIDIA DLI自学课程并测试获得证书](https://www.solidot.org/story?sid=84518) - [ ] [2025 年国际 C语言混乱代码大赛公布获奖结果](https://www.solidot.org/story?sid=84513) - [ ] [新药功能性治愈部分乙肝患者](https://www.solidot.org/story?sid=84512) - [ ] [AI 威胁数十亿人的自然资源](https://www.solidot.org/story?sid=84511) - [ ] [科学家精准编辑人类胚胎基因](https://www.solidot.org/story?sid=84510) - 杨龙 - [ ] [PHPDoc 语法大全](https://www.yanglong.pro/phpdoc-%e8%af%ad%e6%b3%95%e5%a4%a7%e5%85%a8/) - 黑鸟 - [ ] [智能电视正在成为全球AI数据爬虫的住宅代理节点](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186970&idx=1&sn=5a9a38c2019f2ad8e62d38d1e0c46bbe) - 威努特安全网络 - [ ] [7月1日新规施行:能源企业数据安全合规建设方案](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142161&idx=1&sn=ccf433d1c061e7b42fa8c24ffbb22338) - [ ] [WinClaw限时全免!注册即享AI大模型免费额度](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142161&idx=2&sn=45eab553e435e1b1484e7bd8fa65229c) - 腾讯安全应急响应中心 - [ ] [测出隐患,守护真金|「FIT金融专项」众测开启](https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651208450&idx=1&sn=7885f906fe1c87dc2fd7fa85e1333ba1) - 安全内参 - [ ] [AI刺激网络安全需求增长,多家网安巨头业绩超预期](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516057&idx=1&sn=3881e90226c264431f2b44e674174f29) - [ ] [美国家安全局被曝正使用Mythos模型开展进攻性网络行动](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516057&idx=2&sn=ae227d9842a9268af2db33fa65e36467) - 安全学术圈 - [ ] [关于联合开展“大模型驱动的网络攻防课程改革”开源项目的邀请函](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495391&idx=1&sn=ec3538dd2c4f17584c96a6d05b42a7b0) - 代码卫士 - [ ] [CISA:SolarWinds Serv-U 高危漏洞已遭利用](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526239&idx=1&sn=b82af1b66a48bb2e151a8dbfe889d0b8) - [ ] [IronWorm 和 Miasma 蠕虫新变体瞄准 npm,发动供应链攻击](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526239&idx=2&sn=f7915bdbcd30d770976ec7341c293a87) - 青衣十三楼飞花堂 - [ ] [潘汉年的三本传记](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489596&idx=1&sn=9fb82b8248ac6a56ba72c28930a79456) - 中国信息安全 - [ ] [CNNVD | 重要安全漏洞通报(2026年第三期)](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263332&idx=1&sn=77303f15aa352379a96f8227e6e296e3) - [ ] [关注 | 国家网信办、市场监管总局联合印发《网络测评活动规范》(附全文)](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263332&idx=2&sn=1bd18a7f6aeca7caf7c7ce50f44e750d) - 信息安全国家工程研究中心 - [ ] [一图读懂 | 公共安全行业标准 GA/T 2347—2025《信息安全技术 网络安全等级保护云计算测评指引》](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247504142&idx=1&sn=4ff9051309d17879861c344626dcaf50) - 安全圈 - [ ] [【安全圈】微软让步,撤回对白帽黑客的法律威胁](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077297&idx=1&sn=8c41ee5fcceffbbc8fff19ef064bb094) - [ ] [【安全圈】关键 Everest Forms Pro 漏洞被利用,可接管 WordPress 网站](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077297&idx=2&sn=61e797a708a9e147ce97abc80cca35b7) - [ ] [【安全圈】可疑的 Polyfill 登录提示出现在东芝和无印良品网站上](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077297&idx=3&sn=391d896d06618890fbe8a4b39f410dd1) - XCTF联赛 - [ ] [【赛事招募】霄元杯 · 星域之盾2026](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516427&idx=1&sn=eecc7f8e71e93fa8f384cc28f1e4c7a8) - 君哥的体历 - [ ] [开源邮件安全检测与内部邮箱盗用防护:小模型方案评估及群发拦截策略|总第313周](https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&mid=2247492411&idx=1&sn=a7d1d2ddeb527e8020333a0ea2eea1f7) - NOVASEC - [ ] [【工具】ipinfo - 支持多数据库类型的开源IPdb解析库](https://mp.weixin.qq.com/s?__biz=MzUzODU3ODA0MA==&mid=2247490895&idx=1&sn=3eda10f4c03a08d4e272a7178070b612) - 唯品会安全应急响应中心 - [ ] [FUN粽一下,乐享时光 - VSRC端午活动来袭](https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652281759&idx=1&sn=35b32e1401d6769bffa97e4b81e0acd7) - 奇安信威胁情报中心 - [ ] [前威胁情报VP举报:IBM与AT&T被控VPN日志缺失令入侵成静默攻击](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247519047&idx=1&sn=995d2900f3172b61c867025b0501d5ef) - M01N Team - [ ] [AI安全案例分析 | Meta AI客服权限失控导致账号接管](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247495139&idx=1&sn=b5c8fb3bd5d55c7981ba1ab23abf00d5) - 安全牛 - [ ] [浏览器存密码=裸奔?2026年密码管理器选型指南:10款产品一次说清](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141595&idx=1&sn=aa7c6eea8d25919ec719f3ecfc129d89) - [ ] [《AI与系统原生双轮驱动下的移动全栈安全洞察》研究启动](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141595&idx=2&sn=8695c369cf84b3dac6b828a01361e413) - 数世咨询 - [ ] [AI代码安全:从发现到确证](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543167&idx=1&sn=88991cb6c378c1820d143a200a564838) - 看雪学苑 - [ ] [AI逆向视频签名算法X-Medusa全过程](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616276&idx=1&sn=48d8aefcb236aee1c86e4c785a41d84b) - [ ] [新型勒索团伙“Pink”专攻微软云,一通电话就能让企业数据瞬间蒸发](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616276&idx=2&sn=53224101257093ab7357ee31727468f0) - [ ] [真机解锁难、调试受限?CVD 云手机定制及风控对抗全解](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616276&idx=3&sn=5fa0a0623e30c97596a4d364f5add781) - 极客公园 - [ ] [Token「免费」时代来了?对话 Agnes AI 创始人,全模态免费的生意与野心](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108342&idx=1&sn=791e8651b8bd11d9fda4d3f9e9c5becd) - [ ] [集成 Coding 和 Agent 工具,ChatGPT 打造超级应用;两部门出台《规范》整治网络测评活动;京东、腾讯围绕 AI Agent 合作 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108330&idx=1&sn=05e52468c38ae5d3ed42baa5450f153c) - 百度安全应急响应中心 - [ ] [度享端阳|BSRC端午限定礼盒等你来拿!](https://mp.weixin.qq.com/s?__biz=MzA4ODc0MTIwMw==&mid=2652544089&idx=1&sn=e8e4f5e69ef8525c498f2e3c487f44af) - 电子物证 - [ ] [【如何查找网站的真实IP地址】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651049010&idx=1&sn=8a3e4f33c8dc6ae5d9f9851f53f9e835) - [ ] [【华为手机取证中你不知道的秘密】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651049010&idx=2&sn=4644e6fb17c6c32ffe43d88dd9b0dbc5) - 腾讯安全威胁情报中心 - [ ] [技中有计|千万级 Skill 调用中的安全暗战](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247512027&idx=1&sn=d2bc3c3efeb2a3ea2008bf64189c3388) - 字节跳动技术团队 - [ ] [你的 Agent 每次都“失忆”?这个工具彻底治好了我的前端开发焦虑](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247520252&idx=1&sn=965325b6e00360e3d3bd90f561598f17) - 微步在线 - [ ] [这届大甲方,搞定安全防护全是套路](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186714&idx=1&sn=b888a26487f6bc991587fe8a68bdb10b) - OnionSec - [ ] [从研究攻击者到研究组织真正害怕失去什么](https://mp.weixin.qq.com/s?__biz=MzUyMTUwMzI3Ng==&mid=2247485803&idx=1&sn=89c4d9b6c889ff17f08bc8d1f468a587) - 安全行者老霍 - [ ] [Agentic AI赋能的 ARM Metis 系统,推动软件安全漏洞检测技术升级](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486767&idx=1&sn=0a2e19fb822c3ea77423c1e284e9d6f6) - NETRESEC Network Security Blog - [ ] [Maximizing IOC Impact](https://www.netresec.com/?page=Blog&month=2026-06&post=Maximizing-IOC-Impact) - 威胁猎人Threat Hunter - [ ] [ThreatHunter 企业黑灰产情报 AI Agent开放试用,让情报获取更简单](https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247504032&idx=1&sn=0c0b69bc0ec38a9cb11146771d8c4533) - Over Security - [ ] [NFCShare Android malware spreads via fake banking app updates on GitHub](https://www.bleepingcomputer.com/news/security/nfcshare-android-malware-spreads-via-fake-banking-app-updates-on-github/) - [ ] [SoFi confirms third-party data breach at Hong Kong subsidiary](https://www.bleepingcomputer.com/news/security/sofi-confirms-third-party-data-breach-at-hong-kong-subsidiary/) - [ ] [UK gives big tech 3 months to create device controls to block nude images of kids](https://therecord.media/uk-gives-big-tech-3-months-to-create-device-controls-kid-images) - [ ] [New Shai-Hulud attack trojanizes 19 science-focused PyPI packages](https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/) - [ ] [New Apple feature automatically changes your compromised passwords](https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/) - [ ] [Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure](https://flashpoint.io/blog/understanding-illicit-ecosystems-mainstream-apps-social-infrastructure/) - [ ] [WhatsApp says it disrupted new NSO spyware phishing attacks](https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/) - [ ] [Armenia’s pro-Europe party wins election despite Russia-linked disinformation](https://therecord.media/armenia-pro-europe-party-wins-election-despite-russia-disinformation) - [ ] [Cloud compliance: requisiti, framework e strategie](https://www.cybersecurity360.it/soluzioni-aziendali/cloud-compliance-requisiti-framework-e-strategie/) - [ ] [WhatsApp says NSO targeted users with spearfishing attacks in violation of court order](https://therecord.media/whatsapp-says-nso-targeted-users-with-attacks-against-court-order) - [ ] [Gogs patches critical zero-day enabling remote code execution](https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/) - [ ] [WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order](https://techcrunch.com/2026/06/08/whatsapp-says-it-caught-new-spyware-attacks-linked-to-nso-group-in-violation-of-court-order/) - [ ] [Critical UniFi OS bug lets hackers gain root without authentication](https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/) - [ ] [Cyber attacco all’eCommerce di Eataly: ecco i dati a rischio e come proteggersi](https://www.cybersecurity360.it/news/cyber-attacco-allecommerce-di-eataly-ecco-i-dati-a-rischio-e-come-proteggersi/) - [ ] [Russia upgrades rules for its digital spy system to better track citizens online](https://therecord.media/russia-upgrades-rules-for-digital-spy-system-sorm) - [ ] [Reducing security operations complexity with Wazuh Cloud](https://www.bleepingcomputer.com/news/security/reducing-security-operations-complexity-with-wazuh-cloud/) - [ ] [La cyber security entra dentro bilanci, governance e business continuity: i costi degli attacchi](https://www.cybersecurity360.it/soluzioni-aziendali/cyber-security-2026-cyber-attacchi-perimetro/) - [ ] [Check Point links VPN zero-day attacks to Qilin ransomware gang](https://www.bleepingcomputer.com/news/security/check-point-links-vpn-zero-day-attacks-to-qilin-ransomware-gang/) - [ ] [NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign](https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/) - [ ] [Creare siti web a 2,99 Euro al mese incluso dominio gratuito: l’offerta di Hostinger spacca tutto](https://www.cybersecurity360.it/cultura-cyber/creare-siti-web-hostinger/) - [ ] [Oxford University discloses data breach after careers platform hack](https://www.bleepingcomputer.com/news/security/oxford-university-discloses-data-breach-after-careerconnect-platform-hack/) - [ ] [Abuse-Management-as-a-Service: When Domain Takedowns Become a Weapon for Hire](https://bfore.ai/blog/abuse-management-as-a-service-domain-takedowns/) - [ ] [Is OpenAI’s New Lockdown Mode an Admission That Default ChatGPT Was Never Safe Enough?](https://thecyberexpress.com/lockdown-mode-means-default-chatgpt-wasnt-safe/) - [ ] [CMMC Final Assessment: What I Did Right, What I’d Change, and How You Can Prepare](https://secjuice.com/cmmc-lessons-learned-2/) - [ ] [SecjuiceCON 2026](https://secjuice.com/secjuicecon2026-2/) - [ ] [AI Vendor Vetting: An OK Practice Guide](https://secjuice.com/ai-vendor-vetting-an-ok-practice-guide-2/) - [ ] [California Just Built a Data Deletion Tool That Actually Works (And Data Brokers Are Sweating)](https://secjuice.com/california-drop-2/) - [ ] [SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution](https://secjuice.com/scant-framework-for-ethical-deepfake-creation-distribution-2/) - [ ] [Security Governance & Leadership](https://secjuice.com/security-governance-leadership-2/) - [ ] [CTFs aren't Designed to Train Investigators. Hashclue is.](https://secjuice.com/hashclue-2/) - [ ] [People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security](https://secjuice.com/people-policies-and-purpose-framing-acceptable-use-and-human-behavior-in-information-security-2/) - [ ] [The CTF Ecosystem Is Stagnant and Has Been for Twenty Years](https://secjuice.com/the-ctf-ecosystem-is-stagnant-2/) - [ ] [Your OSINT Is Only as Good as Your Thinking](https://secjuice.com/trivium-prime-osint-2/) - [ ] [Your AI Agents Are Creating Identity Chaos (And You Don't Even Know It)](https://secjuice.com/ai-identity-chaos-2/) - [ ] [Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up](https://secjuice.com/identity-is-the-new-perimeter-access-authentication-and-control-that-actually-hold-up-2/) - [ ] [For The Dogs](https://secjuice.com/for-the-dogs-2/) - [ ] [Malware Analysis: Is It About Tools or Mindset?](https://secjuice.com/malware-analysis-2/) - IT Service Management News - [ ] [D. Lgs. 96 del 2026: Trasparenza retributiva](http://blog.cesaregallotti.it/2026/06/d-lgs-96-del-2026-trasparenza.html) - 迪哥讲事 - [ ] [绕过waf的一个xss](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499536&idx=1&sn=5ab02f25c1a3436f298e2350f2d70044) - 深信服千里目安全技术中心 - [ ] [【漏洞通告】Apache Solr 硬编码凭据漏洞(CVE-2026-44825)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525873&idx=1&sn=68c4717d3f89c67bcc8a51edeee798c6) - [ ] [网络安全信息与动态周报2026年第22期(5月25日-5月31日)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525873&idx=2&sn=e7737202c27e94112df1fd2af1497679) - 丁爸 情报分析师的工具箱 - [ ] [【研究报告】美国侦察卫星发展研究:太空智能侦察星座、RG-XX与SG-XX系统全面解析](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156213&idx=1&sn=816cd3c75566e0ea4deb0f01301976a5) - 安全419 - [ ] [安全419 | 5月安全厂商动态:AI治理平台密集发布](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553632&idx=1&sn=ecae7d5f49a736e910f225b8ab0a4768) - [ ] [安全玻璃盒联合浙江网空协会发布报告 深度剖析AI赋能攻击新趋势](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553632&idx=2&sn=83ab0e9feb117026b23f1d010ef25a81) - ICT Security Magazine - [ ] [Oltre l’orizzonte visibile: Difesa, Carabinieri e la sfida al crimine cibernetico nell’era della Guerra Cognitiva](https://www.ictsecuritymagazine.com/articoli/difesa-guerra-cognitiva/) - [ ] [Protezione cavi sottomarini, dal Cable Security Toolbox a Baltic Sentry](https://www.ictsecuritymagazine.com/articoli/protezione-cavi-sottomarini/) - D3Lab - [ ] [NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign](https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/) - SANS Internet Storm Center, InfoCON: green - [ ] [TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)](https://isc.sans.edu/diary/rss/33060) - [ ] [ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)](https://isc.sans.edu/diary/rss/33058) - CNVD漏洞平台 - [ ] [CNVD漏洞周报2026年第22期](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247497001&idx=1&sn=1223fec580286cca1053f468d07327da) - [ ] [上周关注度较高的产品安全漏洞(20260601-20260607)](https://mp.weixin.qq.com/s?__biz=MzU3ODM2NTg2Mg==&mid=2247497001&idx=2&sn=828ccb1c060def926082f4d32dbd9937) - Yak Project - [ ] [【NCC会议议题】从三天到一夜:AI Agent 加速业务逻辑测试的工程实践](https://mp.weixin.qq.com/s?__biz=Mzk0MTM4NzIxMQ==&mid=2247529888&idx=1&sn=1e73133224ce4b4da5885da0ce7b4541) - Schneier on Security - [ ] [Critical Zcash Vulnerability Found and Fixed](https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html) - [ ] [Anthropic’s Project Glasswing Update](https://www.schneier.com/blog/archives/2026/06/anthropics-project-glasswing-update.html) - 熵减矩阵 - [ ] [Cairn 深度架构分析](https://mp.weixin.qq.com/s?__biz=Mzg2MTc1NDAxMA==&mid=2247485369&idx=1&sn=7a1eae83c8a039a6f55b6bd2ea2fdca5) - Trend Micro Research, News and Perspectives - [ ] [Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open](https://www.trendmicro.com/en_us/research/26/f/old-winrar-flaw-fuels-attacks-on-ukraine.html) - [ ] [Governing Claude Enterprise in Environments Where Inline Controls Can't Go](https://www.trendmicro.com/en_us/research/26/f/governing-claude-enterprise.html) - www.theregister.com - Articles - [ ] [Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto](https://www.theregister.com/security/2026/06/08/suspected-norks-send-250-fake-dev-job-pitches-to-steal-crypto/5252526) - [ ] [Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix](https://www.theregister.com/cyber-crime/2026/06/08/attackers-had-month-long-head-start-on-patched-check-point-vpn-zero-day/5252438) - [ ] [Ransomware sends Illinois high school on an early summer vacation](https://www.theregister.com/cyber-crime/2026/06/08/ransomware-attack-shuts-illinois-high-school-until-wednesday/5252322) - [ ] [GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections](https://www.theregister.com/security/2026/06/08/github-nukes-70-microsoft-repos-amid-suspected-worm-attack/5252169) - [ ] [NSO Group back in Meta's crosshairs after alleged WhatsApp targeting](https://www.theregister.com/security/2026/06/08/nso-group-back-in-metas-crosshairs-after-alleged-whatsapp-targeting/5252105) - Computer Forensics - [ ] [The Duopoly in Digital Forensics](https://www.reddit.com/r/computerforensics/comments/1u0gp3m/the_duopoly_in_digital_forensics/) - TaoSecurity Blog - [ ] [Bill to Create Independent US Cyber Force Wants to Place It Under the US Army](https://taosecurity.blogspot.com/2026/06/bill-to-create-independent-us-cyber.html) - Security Affairs - [ ] [Meta Accuses NSO of Violating WhatsApp Court Injunction](https://securityaffairs.com/193333/security/meta-accuses-nso-of-violating-whatsapp-court-injunction.html) - [ ] [Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access](https://securityaffairs.com/193325/security/everest-forms-pro-wordpress-flaw-is-handing-attackers-admin-access.html) - [ ] [UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms](https://securityaffairs.com/193315/cyber-crime/unc3753-escalates-from-vishing-calls-to-physical-office-intrusions-at-us-legal-and-financial-firms.html) - [ ] [Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts](https://securityaffairs.com/193307/ai/meta-ai-recovery-tool-flaw-exposed-20000-instagram-accounts.html) - [ ] [IoT Botnet C0XMO Adds Competitor-Killing Capability](https://securityaffairs.com/193290/uncategorized/iot-botnet-c0xmo-adds-competitor-killing-capability.html) - Blackhat Library: Hacking techniques and research - [ ] [GitHub - Teycir/ApiHunter: Async API security scanner in Rust for CORS, CSP, GraphQL, JWT, OpenAPI, and active API posture checks.](https://www.reddit.com/r/blackhat/comments/1u0lnib/github_teycirapihunter_async_api_security_scanner/) - [ ] [EMBA firmware analysis framework v2.0.2 available - Party the big 2k](https://www.reddit.com/r/blackhat/comments/1u06rdb/emba_firmware_analysis_framework_v202_available/) - [ ] [My client lost 3 months of SEO progress because of a hack nobody caught for 6 weeks](https://www.reddit.com/r/blackhat/comments/1tzublt/my_client_lost_3_months_of_seo_progress_because/) - Social Engineering - [ ] [Why do people with kids seem to get preference everywhere? Is it some subtle nudge to have children?](https://www.reddit.com/r/SocialEngineering/comments/1tzzed1/why_do_people_with_kids_seem_to_get_preference/) - Daniel Miessler - [ ] [How to Rate the AI We're All Chasing](https://danielmiessler.com/blog/customization-beats-competence?utm_source=rss&utm_medium=feed&utm_campaign=website) - The Hacker News - [ ] [One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public](https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html) - [ ] [Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order](https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html) - [ ] [Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups](https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html) - [ ] [AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload](https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html) - [ ] [⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More](https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html) - [ ] [The Hardest Fork](https://thehackernews.com/2026/06/the-hardest-fork.html) - [ ] [VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances](https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html) - [ ] [UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign](https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html) - [ ] [VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks](https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html) - Information Security - [ ] [Where can I find good cyber security training with job placement support in the USA?](https://www.reddit.com/r/Information_Security/comments/1u06pk3/where_can_i_find_good_cyber_security_training/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [really need help with project ideas for MSc](https://www.reddit.com/r/netsecstudents/comments/1u0mz5x/really_need_help_with_project_ideas_for_msc/) - [ ] [Built a Python-based C2 framework with an MJPEG screen-streamer and Telegram interface. Looking for architectural feedback.](https://www.reddit.com/r/netsecstudents/comments/1u00s9r/built_a_pythonbased_c2_framework_with_an_mjpeg/) - [ ] [Building an OSINT automation + recon tool – is this actually useful?](https://www.reddit.com/r/netsecstudents/comments/1tzusyo/building_an_osint_automation_recon_tool_is_this/) - Deeplinks - [ ] [VICTORY: Meta Strips Facial Recognition Code From Smart Glasses App After Public Outcry](https://www.eff.org/deeplinks/2026/06/victory-meta-strips-facial-recognition-code-smart-glasses-app-after-public-outcry) - [ ] [Cheers to the Winners of EFF’s 18th Annual Cyberlaw Trivia Night!](https://www.eff.org/deeplinks/2026/06/cheers-winners-effs-17th-annual-cyberlaw-trivia-night) - TorrentFreak - [ ] [Z-Library Lets People Run White-Label, Login-Only Pirate Mirrors](https://torrentfreak.com/z-library-lets-people-run-white-label-login-only-pirate-mirrors/) - NetSPI - [ ] [Legacy Meets Modern: Breaking AD Through NIS & MFA Infrastructure](https://www.netspi.com/blog/technical-blog/network-pentesting/legacy-meets-modern-breaking-ad-through-nis-mfa-infrastructure/) - 网安寻路人 - [ ] [上游为何不愿对外经营数据?控制降级、衍生数据与不确定性下的经营决策](https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508594&idx=1&sn=db401d8e918726028d66f5f1a578903b)
每日安全资讯(2026-06-09)