# 每日安全资讯(2026-06-11) - SecWiki News - [ ] [SecWiki News 2026-06-10 Review](http://www.sec-wiki.com/?2026-06-10) - Armin Ronacher's Thoughts and Writings - [ ] [Gaslighting Openness](https://lucumr.pocoo.org/2026/6/10/gaslighting/) - Private Feed for M09Ic - [ ] [bolucat released 202606102238 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202606102238) - [ ] [anthropics released v2.1.172 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.172) - [ ] [xnl-h4ck3r released v8.8 at xnl-h4ck3r/waymore](https://github.com/xnl-h4ck3r/waymore/releases/tag/v8.8) - [ ] [wh0amitz starred MSNightmare/RoguePlanet](https://github.com/MSNightmare/RoguePlanet) - [ ] [pydantic released v2.0.0b7 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v2.0.0b7) - [ ] [Mr-xn starred Y4tacker/Waymark](https://github.com/Y4tacker/Waymark) - [ ] [CHYbeta starred Y4tacker/Waymark](https://github.com/Y4tacker/Waymark) - [ ] [liamg contributed to infracost/go-proto](https://github.com/infracost/go-proto/pull/69) - [ ] [liamg contributed to infracost/proto](https://github.com/infracost/proto/pull/64) - [ ] [uknowsec starred NoOne-hub/JSReverser-MCP](https://github.com/NoOne-hub/JSReverser-MCP) - [ ] [gh0stkey starred sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap) - [ ] [esrrhs contributed to esrrhs/fakelua](https://github.com/esrrhs/fakelua/pull/182) - [ ] [LoRexxar contributed to LoRexxar/Kunlun-M](https://github.com/LoRexxar/Kunlun-M/pull/345) - [ ] [gh0stkey starred apple/container](https://github.com/apple/container) - [ ] [DVKunion starred riba2534/happyclaw](https://github.com/riba2534/happyclaw) - Recent Commits to cve:main - [ ] [Update Wed Jun 10 11:42:54 UTC 2026](https://github.com/trickest/cve/commit/8bff7b4e7ef25eb508dcd8a1cc28df83ae44c899) - Microsoft Security Blog - [ ] [Turn specs into evals for any agent with ASSERT](https://commandline.microsoft.com/assert-written-intent-executable-evals/) - Payatu - [ ] [Agentic AI Security: The Hidden Attack Surface Beyond Prompt Injection](https://payatu.com/blog/agentic-ai-security-the-hidden-attack-surface-beyond-prompt-injection/) - [ ] [Binwalk Path Traversal Vulnerability: Turning Firmware Analysis into Code Execution](https://payatu.com/blog/binwalk-path-traversal-vulnerability-turning-firmware-analysis-into-code-execution/) - GuidePoint Security - [ ] [AI is a Stress Test of Your Data Security Fundamentals. Data Trust Will Help You Pass.](https://www.guidepointsecurity.com/blog/ai-stress-test-data-security-fundamentals/) - Horizon3.ai - [ ] [Patch Tuesday to Pentest Wednesday: How a Global Investment Firm Reduced Security Surprises](https://horizon3.ai/intelligence/blogs/patch-tuesday-to-pentest-wednesday-reducing-security-surprises/) - [ ] [Claude Mythos & Enterprise Security: Your Questions Answered](https://horizon3.ai/intelligence/blogs/claude-mythos-enterprise-security/) - [ ] [The First AI State-Sponsored Attack: What It Means for Defenders](https://horizon3.ai/intelligence/blogs/first-ai-state-sponsored-attack-threat-model/) - VMRay - [ ] [May 2026 Detection Highlights: New Config Extractors, a Phishkit Behavior Detection Set, and 30+ New YARA Rules](https://www.vmray.com/may-2026-detection-highlights-new-config-extractors-a-phishkit-behavior-detection-set-and-30-new-yara-rules/) - CCC Event Blog - [ ] [Call for Congress Designers](https://events.ccc.de/2026/06/10/call-for-designers/) - Malwarebytes - [ ] [Free Spotify Premium hacks on social media are spreading infostealers](https://www.malwarebytes.com/blog/news/2026/06/free-spotify-premium-hacks-on-social-media-are-spreading-infostealers) - [ ] [Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days](https://www.malwarebytes.com/blog/bugs/2026/06/microsofts-biggest-ever-patch-tuesday-fixes-206-bugs-including-3-zero-days) - [ ] [88% of people struggle to tell what’s real online](https://www.malwarebytes.com/blog/ai/2026/06/88-of-people-struggle-to-tell-whats-real-online) - daniel.haxx.se - [ ] [A human in control](https://daniel.haxx.se/blog/2026/06/10/a-human-in-control/) - text/plain - [ ] [Participatory Extensible Security](https://textslashplain.com/2026/06/10/participatory-extensible-security/) - HackerNews - [ ] [论文解读:软件工程的终结](http://0.0.0.0:8080/post/64324) - [ ] [Anthropic 发布 Claude Fable 5:配备网络安全护栏的 Mythos 级 AI](http://0.0.0.0:8080/post/64323) - [ ] [法国政府即时通讯服务遭入侵,发生账户劫持攻击](http://0.0.0.0:8080/post/64322) - [ ] [SAP 修复 NetWeaver 和 Commerce Cloud 中的严重漏洞](http://0.0.0.0:8080/post/64321) - [ ] [OpenClaw AI Agent 被发现会中钓鱼攻击,泄露用户数据](http://0.0.0.0:8080/post/64320) - [ ] [ServiceNow 披露泄露客户数据的安全事件](http://0.0.0.0:8080/post/64319) - [ ] [亲俄黑客组织利用 WinRAR 漏洞在乌克兰部署窃密木马](http://0.0.0.0:8080/post/64318) - 腾讯玄武实验室 - [ ] [每日安全动态推送(26/6/10)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960487&idx=1&sn=51d924b28918a97e6609accd789c60a1) - Black Hills Information Security, Inc. - [ ] [The Art of the Badge: A Hard Truth About Physical Security](https://www.blackhillsinfosec.com/the-art-of-the-badge/) - 威努特安全网络 - [ ] [最佳实践!半导体四大场景数据安全风险监测防护方案](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142203&idx=1&sn=f1f23e5238c0f81bb63f09a114c78488) - [ ] [WinClaw限时全免!注册即享AI大模型免费额度](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651142203&idx=2&sn=499f855fb1e2f5e64c654e33974273df) - 绿盟科技技术博客 - [ ] [【公益译文】2026年AI指数报告(四)](https://blog.nsfocus.net/%e3%80%90%e5%85%ac%e7%9b%8a%e8%af%91%e6%96%87%e3%80%912026%e5%b9%b4ai%e6%8c%87%e6%95%b0%e6%8a%a5%e5%91%8a%ef%bc%88%e5%9b%9b%ef%bc%89/) - [ ] [实力认证 | 绿盟科技荣登数世咨询《新质·中国数字安全百强(2026)》综合领域前列](https://blog.nsfocus.net/%e5%ae%9e%e5%8a%9b%e8%ae%a4%e8%af%81-%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e8%8d%a3%e7%99%bb%e6%95%b0%e4%b8%96%e5%92%a8%e8%af%a2%e3%80%8a%e6%96%b0%e8%b4%a8%c2%b7%e4%b8%ad%e5%9b%bd%e6%95%b0%e5%ad%97/) - 安全客 - [ ] [10万行空行就能骗过AI安检?顶尖安全团队实测:主流技能扫描器全部穿帮](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649790046&idx=1&sn=465bf3f2a4a264db6daa33030ec607cc) - 奇安信 CERT - [ ] [微软6月补丁日多个产品安全漏洞风险通告:35个紧急漏洞、11个重要漏洞](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247506194&idx=1&sn=c32f37ae2f3ba862b46c3a5db2c72946) - 黑鸟 - [ ] [北约俄式网络战模拟演习险胜:乌方复刻俄军战术,联盟防御短板凸显](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186994&idx=1&sn=ab23f30adc22f3c2436f14f90ccc625e) - 奇客Solidot–传递最新科技情报 - [ ] [人类习惯于左转逆时针行走](https://www.solidot.org/story?sid=84545) - [ ] [FCC 计划在美国推行手机实名制](https://www.solidot.org/story?sid=84544) - [ ] [npm v12 将不再自动执行依赖项](https://www.solidot.org/story?sid=84543) - [ ] [双星系统的化学构成差异揭示了行星被恒星吞噬的命运](https://www.solidot.org/story?sid=84542) - [ ] [半导体月销售额首次突破 1100 亿美元](https://www.solidot.org/story?sid=84541) - [ ] [德国法庭裁决 Google 要对 AI Overviews 内容承担责任](https://www.solidot.org/story?sid=84540) - [ ] [比亚迪一年 200 次 OTA,次数远超竞争对手](https://www.solidot.org/story?sid=84538) - [ ] [Starlink 硬件从一次性付费转向月租](https://www.solidot.org/story?sid=84537) - [ ] [Google Chrome 准备移除对 Manifest V2 的支持,杀死 uBlock Origin](https://www.solidot.org/story?sid=84536) - [ ] [NASA 公布了 Artemis III 任务宇航员名单](https://www.solidot.org/story?sid=84535) - 青衣十三楼飞花堂 - [ ] [初一下学期的“新定义”越来越可怕](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489605&idx=1&sn=10f4298fa5592d42567091d8104d670e) - 代码卫士 - [ ] [微软六月补丁星期二值得关注的漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526255&idx=1&sn=b5c19c4120582e72f64c7e7a6e4c4ae4) - [ ] [Veeam 新漏洞导致Backup 服务器易受 RCE 攻击](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247526255&idx=2&sn=e65c7331cf40704380d18555dad266f7) - 安全学术圈 - [ ] [PacketPatch:面向基于字节特征的加密流量分类的对抗性数据包实用化生成与部署](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495466&idx=1&sn=fe8aed3e6a3894b1fb67de73886ac261) - 奇安信威胁情报中心 - [ ] [Hades 活动:针对PyPI的大规模供应链攻击分析](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247519059&idx=1&sn=cdda54daa91eb35d129f2775b3063833) - 看雪学苑 - [ ] [10月23日上海・SDC2026议题火热征集中(文末赠门票)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616439&idx=1&sn=ed63972eed0764f9dc562e899e512e05) - [ ] [基于eBPF的Android ART运行时DEX采集与方法字节码回填](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616439&idx=2&sn=e8a62d68b71c9745e1ad3a2df672dfb8) - [ ] [Anthropic发布Claude Fable 5:能力越强,安全越狠](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458616439&idx=3&sn=9aee3d8adfaf65e06601ce8f5193c9a0) - 中国信息安全 - [ ] [专题·智能体安全 | 政务领域AI智能体应用与安全治理](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=1&sn=2a068419f3e63e20b8c26376973461f7) - [ ] [CNNVD | 关于Google Chrome安全漏洞的通报](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=2&sn=25d527a40d4c123d239cdf2876d16b92) - [ ] [关注 | 市场监管总局、国家发展改革委联合印发《人工智能计量体系和能力建设指引》 系统布局人工智能计量能力建设](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=3&sn=d1a21316dd513e2244fca7d4d19ee4bf) - [ ] [行业 | 中国移动发布《人工智能+新型工业化融合应用安全解决方案》(附下载)](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=4&sn=69ea3249148c7d8b8e6499fb88c7e1b6) - [ ] [CNCERT:关于部分智能体技能包(Skills)存在越狱和挖矿风险的安全公告](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=5&sn=d411240aeb503f80b8e272736413644c) - [ ] [通知 | 网安标委就《人工智能应用安全指引 教育行业(征求意见稿)》等2项网络安全标准实践指南公开征求意见](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664263429&idx=6&sn=4df5d8281a97f25de54a38bf8d18724c) - 安全内参 - [ ] [知名券商香港公司发生数据泄露:供应商遭入侵,提醒客户谨防诈骗](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516068&idx=1&sn=2ab5a5992778216fe71309bb321ad213) - [ ] [CNCERT:关于部分智能体技能包(Skills)存在越狱和挖矿风险的安全公告](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247516068&idx=2&sn=1e7f0709fd98845682ee00b9418b9577) - 数世咨询 - [ ] [人工智能啥时能盈利?](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247543195&idx=1&sn=e18eb8120582db8328374d2755a1e397) - 信息安全国家工程研究中心 - [ ] [本刊策划 |数智时代网络安全风险新特征及治理体系构建](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247504144&idx=1&sn=df8bac40a63cc05ef89e5a8c8b7ddd74) - 安全圈 - [ ] [【安全圈】苹果 iOS 27 测试版 Siri AI 系统提示词泄露,超 1300 行核心指令曝光](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077328&idx=1&sn=193fa99912fa567a8d25077ddc0966b1) - [ ] [【安全圈】Instagram 再曝严重安全漏洞:扎克伯格、姆巴佩等身份信息泄露](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077328&idx=2&sn=7249ec24c28a5c743bdaa486b737ba93) - [ ] [【安全圈】员工设备遭入侵!Humanity 跨链被盗超 3600 万美元 H 代币](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652077328&idx=3&sn=39fb366440063ffba0f5de33fcc86a05) - 安全牛 - [ ] [OpenClaw、Hermes背后:智能体时代的攻防规则正在改变](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141637&idx=1&sn=a34f121ebbf9aca3ecca31444ecf2964) - [ ] [NIST发布数学证明:AI固定护栏无法抵御所有对抗性提示,持续监测成安全新方向;工信部开展专项整治,严管APP违规窗口与诱导跳转行为|牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141637&idx=2&sn=1eaa501a31df6dbd2a32f4031cdce488) - 安全研究GoSSIP - [ ] [G.O.S.S.I.P 阅读推荐 2026-06-10 “坏”内存攻击!](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501792&idx=1&sn=091d29c63a337477755a5e58fda4064e) - 软件安全与逆向分析 - [ ] [横跨近半年的高通8Gen5漏洞利用时间线](https://mp.weixin.qq.com/s?__biz=MzU3MTY5MzQxMA==&mid=2247485242&idx=1&sn=f04c9172f016a16174e7b9f6cca6c4b1) - 情报分析师 - [ ] [一名摩萨德副局长因伊朗行动失败被解职,如何用开源情报系统地追踪和分析这类情报机构人事变动事件](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650568142&idx=1&sn=e0b3a3631205dae943fde0eee5d1b4e5) - 丁爸 情报分析师的工具箱 - [ ] [【情报】美军网络部队名称汇总表](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651156219&idx=1&sn=148fe725eb8e784612d97949a3ad8950) - 火绒安全 - [ ] [2026-06微软漏洞通告](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534485&idx=1&sn=2eb977e6e73afacbf1fc0dfad6ff8d1a) - [ ] [火绒小问答--「个人版」近期top问题解答](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534485&idx=2&sn=f794c41b3dbe4b8788a3f5dc0ed2fd83) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247534485&idx=3&sn=17a452ca18252e192d055509ecc1f4ad) - 极客公园 - [ ] [当行业还在卷模型,腾讯在谈怎么让 Agent 上班](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108537&idx=1&sn=5ee3d0a5e3ae9e19c4a823106bee1415) - [ ] [Claude 最强模型 Fable 5 发布;微信朋友圈搜索功能全面开放;小米 NAS 页面曝光|极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653108489&idx=1&sn=ce556f52f63b2b46171a8953fc342d6d) - 360数字安全 - [ ] [独家!360漏洞挖掘智能体发现Flowise平台13个0day漏洞](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247586157&idx=1&sn=0e8eaaa3381969e2c8c8bd7c5de06e31) - [ ] [实战导向、认证赋能:360与重庆青年职业技术学院揭牌人工智能产业学院](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247586157&idx=2&sn=9673710063d0fb3b8fda5fe3a0bceb64) - 云鼎实验室 - [ ] [应用AI对ActiveMQ补丁深度审计后,又挖出两个新高危漏洞](https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497730&idx=1&sn=e2ebde5c4e706cd621031db1a3b7d792) - 墨菲安全 - [ ] [你装的 Skill 真的能用,但也真的会把你的隐私数据带走](https://mp.weixin.qq.com/s?__biz=MzkwOTM0MjI5NQ==&mid=2247488453&idx=1&sn=32205e1349abde5b5ecf6e083bca4fc2) - NOVASEC - [ ] [【工具】cdninfo - 开源cdn信息分析工具](https://mp.weixin.qq.com/s?__biz=MzUzODU3ODA0MA==&mid=2247490896&idx=1&sn=7a426ba17df556251996b5421caf5463) - 国家互联网应急中心CNCERT - [ ] [网络安全信息与动态周报2026年第23期(6月1日-6月7日)](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247501774&idx=1&sn=0fb2a8f33471d80572071df5cb3601a5) - 安全行者老霍 - [ ] [OWASP Agent Memory Guard:防范 AI Agent 利用自身内存被恶意利用](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486777&idx=1&sn=8d61656f4df175baeab0dd892b68caa7) - 阿里安全响应中心 - [ ] [阿里云先知团队招聘AI攻防安全专家](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652998960&idx=1&sn=81ce1881ae69fe5849124308a381a8b7) - 安全419 - [ ] [安全419|一周国际网安资讯:供应链攻击肆虐 AI驱动威胁持续升级](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553663&idx=1&sn=5f3c0a781778cb20350c109abcc8b731) - OnionSec - [ ] [以前研究工具,后来研究工作](https://mp.weixin.qq.com/s?__biz=MzUyMTUwMzI3Ng==&mid=2247485815&idx=1&sn=a98968ff7118a7b663992f7c30b02015) - [ ] [以前研究攻击者,后来研究命名者](https://mp.weixin.qq.com/s?__biz=MzUyMTUwMzI3Ng==&mid=2247485813&idx=1&sn=849f4cffa1293bc8c8b3e6f0c2f3e724) - 微步在线 - [ ] [AI攻防专家淚笑:AI自动化渗透测试的技术发展与工程实践](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186724&idx=1&sn=d00b6a8c4c524d0ca87a974cd17efde1) - Over Security - [ ] [University of Nottingham - 454,635 breached accounts](https://haveibeenpwned.com/Breach/UniversityOfNottingham) - [ ] [Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations](https://techcrunch.com/2026/06/10/cybercriminals-claim-breach-of-oracle-peoplesoft-servers-at-100-plus-organizations/) - [ ] [Path traversal flaw in AI dev platform Langflow exploited in attacks](https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/) - [ ] [The ‘Miasma’ worm source code briefly leaked on GitHub](https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/) - [ ] [CISA to require federal agencies to patch some cyber vulnerabilities within 3 days](https://therecord.media/cisa-to-require-federal-agencies-to-patch-3-days) - [ ] [GitHub announces npm security changes to tackle supply-chain attacks](https://www.bleepingcomputer.com/news/security/github-announces-npm-security-changes-to-tackle-supply-chain-attacks/) - [ ] [Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks](https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/) - [ ] [Cybersecurity researchers aren’t happy about the guardrails on Anthropic’s Fable](https://techcrunch.com/2026/06/10/cybersecurity-researchers-arent-happy-about-the-guardrails-on-anthropics-fable/) - [ ] [Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws](https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-6-zero-days-200-flaws/) - [ ] [Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws](https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-5-zero-days-200-flaws/) - [ ] [Aggiornamenti Microsoft giugno 2026: tre zero-day e il ritorno di Nightmare Eclipse](https://www.cybersecurity360.it/news/aggiornamenti-microsoft-giugno-2026-tre-zero-day-e-il-ritorno-di-nightmare-eclipse/) - [ ] [Cyberattack shuts down major Australian sugar mills, disrupting harvest](https://therecord.media/cyberattack-shuts-down-major-australian-sugar-producer) - [ ] [China-linked JDY botnet expands targeting of U.S. military networks](https://www.bleepingcomputer.com/news/security/china-linked-jdy-botnet-expands-targeting-of-us-military-networks/) - [ ] [The 5 Best Practices for Secure Identity Verification](https://www.bleepingcomputer.com/news/security/the-5-best-practices-for-secure-identity-verification/) - [ ] [Who Runs the Ransomware Group ‘The Gentlemen?’](https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/) - [ ] [Claude Fable 5 e Mythos 5: i nuovi rischi cyber dell’AI avanzata](https://www.cybersecurity360.it/nuove-minacce/claude-fable-5-e-mythos-5-i-nuovi-rischi-cyber-dellai-avanzata/) - [ ] [Microsoft patches Exchange Server zero-day exploited in attacks](https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-exchange-server-zero-day-exploited-in-attacks/) - [ ] [Microsoft ships largest Patch Tuesday on record, with one bug under active attack](https://therecord.media/microsoft-ships-largest-patch-tuesday-on-record) - [ ] [Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss](https://any.run/cybersecurity-blog/threat-hunting-practical-usecases/) - [ ] [FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe](https://cyble.com/blog/fifa-world-cup-2026-scams/) - [ ] [Microsoft: Some Windows PCs fail to install latest monthly updates](https://www.bleepingcomputer.com/news/microsoft/microsoft-some-upgraded-windows-pcs-fail-to-install-monthly-updates/) - [ ] [IT Procurement e sicurezza: come scegliere i vendor giusti](https://www.cybersecurity360.it/soluzioni-aziendali/it-procurement-e-sicurezza-come-scegliere-i-vendor-giusti/) - [ ] [Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days](https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/) - [ ] [AI Act, il Governo accelera: più poteri ad ACN, nuove regole su biometria, lavoro e formazione](https://www.cybersecurity360.it/news/ai-act-il-governo-accelera-piu-poteri-ad-acn-nuove-regole-su-biometria-lavoro-e-formazione/) - [ ] [French Government’s Tchap Messaging Platform Breached via Compromised Account](https://thecyberexpress.com/tchap-breach-french-government/) - [ ] [Guerre di Rete continua, in memoria di Carola Frediani](https://www.guerredirete.it/guerre-di-rete-continua/) - [ ] [Proton VPN: sconto del 50% sul piano mensile e 30 giorni di prova senza rischi](https://www.cybersecurity360.it/cultura-cyber/sconto-vpn-proton/) - [ ] [Mondiali 2026, i cyber criminali non aspettano il fischio d’inizio: ecco come proteggersi](https://www.cybersecurity360.it/news/mondiali-2026-i-cyber-criminali-non-aspettano-il-fischio-dinizio-ecco-come-proteggersi/) - [ ] [SilabRAT, What’s Your Power?](https://www.group-ib.com/blog/silabrat-hijackloader-trojan-malware/) - [ ] [Microsoft Patches Record 200 Vulnerabilities in June 2026 Patch Tuesday](https://thecyberexpress.com/june-2026-patch-tuesday-200-microsoft/) - [ ] [Difendere le identità digitali dagli attacchi AI è una sfida strategica](https://www.cybersecurity360.it/outlook/difendere-le-identita-digitali-dagli-attacchi-ai-e-una-sfida-strategica/) - [ ] [UK Cybercrime Journal: Arup Group Breached by FulcrumSec](https://blog.bushidotoken.net/2026/06/uk-cybercrime-journal-arup-group.html) - [ ] [UK weakens proposed telecoms defenses against Chinese hackers after industry pushback](https://therecord.media/uk-weakens-telecoms-defenses-after-industry-lobbying) - [ ] [Ivanti: Max severity Sentry flaw allows code execution as root](https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/) - [ ] [Anthropic rolls out Claude Fable 5, but it's available for a limited time](https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-rolls-out-claude-fable-5-but-its-available-for-a-limited-time/) - 嘶吼专业版 - [ ] [以智筑盾·以安促融||嘶吼《 2026 AI+网络安全产业图谱》重磅发布](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587737&idx=1&sn=045a638727b4d306fb5d5119692ac7dd) - 深信服千里目安全技术中心 - [ ] [微软补丁日安全通告|6月份](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525915&idx=1&sn=5ee7226043633affccc435636835cac4) - [ ] [关于部分智能体技能包(Skills)存在越狱和挖矿风险的安全公告](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525915&idx=2&sn=64f6cfd610d5dbd37e27becdad203fd5) - ICT Security Magazine - [ ] [Crittografia post-quantistica: il primo segreto senza custode](https://www.ictsecuritymagazine.com/notizie/crittografia-post-quantistica-segreto-senza-custode/) - [ ] [Vulnerabilità Veeam Backup: una RCE critica espone l’ultima linea anti-ransomware](https://www.ictsecuritymagazine.com/notizie/vulnerabilita-veeam-backup-cve-2026-44963-rce/) - [ ] [Migrazione post-quantum cryptography (PQC): guida per le imprese alla transizione post-quantum](https://www.ictsecuritymagazine.com/cyber-security/migrazione-post-quantum-cryptography/) - [ ] [Zero-day nelle VPN Check Point: CISA impone la patch in tre giorni mentre Qilin sfrutta la falla](https://www.ictsecuritymagazine.com/notizie/zero-day-check-point-vpn-qilin/) - [ ] [Il worm Miasma colpisce Microsoft: quando il malware si esegue aprendo il repository nell’IDE con l’AI](https://www.ictsecuritymagazine.com/notizie/worm-miasma-microsoft-github-agenti-ai-coding/) - [ ] [Riforma ENISA: l’agenzia europea diventa il braccio operativo della cyber UE](https://www.ictsecuritymagazine.com/notizie/riforma-enisa-pacchetto-cyber-ue-cybersecurity-act-nis2/) - [ ] [Securing the Engine: vulnerabilità emergenti nelle architetture AI aziendali](https://www.ictsecuritymagazine.com/notizie/architetture-ai-aziendali/) - Have I Been Pwned latest breaches - [ ] [University of Nottingham - 454,635 breached accounts](https://haveibeenpwned.com/Breach/UniversityOfNottingham) - SANS Internet Storm Center, InfoCON: green - [ ] [How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)](https://isc.sans.edu/diary/rss/33068) - [ ] [ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)](https://isc.sans.edu/diary/rss/33066) - Schneier on Security - [ ] [NSO Group Hacking WhatsApp Despite Court Order](https://www.schneier.com/blog/archives/2026/06/nso-group-hacking-whatsapp-despite-court-order.html) - Troy Hunt's Blog - [ ] [Weekly Update 507](https://www.troyhunt.com/weekly-update-507/) - 360威胁情报中心 - [ ] [APT-C-08(蔓灵花)近期钓鱼网站攻击活动分析](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508668&idx=1&sn=1ec03eafb27735e2f5e3b7ea02e77d42) - Qualys Security Blog - [ ] [How Federal Agencies Can Activate a Risk Operations Center (ROC) to Meet CISA BOD 26-04](https://blog.qualys.com/category/qualys-insights) - [ ] [Turning Millions of Risks Into One Actionable List](https://blog.qualys.com/category/product-tech) - Deeplinks - [ ] [Congress Just Rushed Through a Disastrous Copyright Office Overhaul](https://www.eff.org/deeplinks/2026/06/congress-just-rushed-through-disastrous-copyright-office-overhaul) - [ ] [The 702 Ultimatum: Warrant Requirement or Bust](https://www.eff.org/deeplinks/2026/06/702-ultimatum-warrant-requirement-or-bust) - [ ] [Enshittification Merch That Actually Fights Enshittification](https://www.eff.org/deeplinks/2026/06/enshittification-merch-actually-fights-enshittification) - [ ] [🔊 Mass Surveillance for… Loud Music? | EFFector 38.11](https://www.eff.org/deeplinks/2026/06/mass-surveillance-loud-music-effector-3811) - Security Affairs - [ ] [Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088](https://securityaffairs.com/193476/apt/russian-apts-still-exploiting-patched-winrar-flaw-cve-2025-8088.html) - [ ] [U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/193464/security/u-s-cisa-adds-cisco-catalyst-sd-wan-arista-extensible-operating-system-eos-and-google-chromium-v8-flaws-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows](https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html) - [ ] [“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device](https://securityaffairs.com/193405/malware/ai-worms-researchers-demonstrate-autonomous-malware-capable-of-adapting-to-any-online-device.html) - [ ] [France’s Government Messaging App Tchap Got Breached](https://securityaffairs.com/193393/security/frances-government-messaging-app-tchap-got-breached.html) - Krebs on Security - [ ] [Who Runs the Ransomware Group ‘The Gentlemen?’](https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/) - Trend Micro Research, News and Perspectives - [ ] [GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026](https://www.trendmicro.com/en_us/research/26/f/pwn2own-genai.html) - Tor Project blog - [ ] [Paskoocheh: When you need a tool to reach the tool](https://blog.torproject.org/when-you-need-a-tool-to-reach-the-tool-Paskoocheh/) - Instapaper: Unread - [ ] [Collect digital evidence in one place.Disk, RAM, and Android acquisition.](https://www.reddit.com/r/computerforensics/comments/1u11vc1/collect_digital_evidence_in_one_placedisk_ram_and/) - [ ] [New Software Perceptor](https://forensic4cast.com/2026/06/new-software-perceptor/) - [ ] [Evidence of Execution UserAssist Forensics](https://digitalinvestigator.blogspot.com/2026/06/evidence-of-execution-userassist.html) - [ ] [BitLocker Decryption Today YellowKey Explained And Where Passware Steps In](https://www.forensicfocus.com/news/bitlocker-decryption-today-yellowkey-explained-and-where-passware-steps-in/) - GRAHAM CLULEY - [ ] [Smashing Security podcast #471: This AI worm just rewrote its own rules](https://grahamcluley.com/smashing-security-podcast-471/) - [ ] [Why schools remain one of cybercriminals’ favourite targets](https://www.bitdefender.com/en-us/blog/hotforsecurity/why-schools-remain-one-of-cybercriminals-favourite-targets) - 迪哥讲事 - [ ] [一个典型的sqli](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499547&idx=1&sn=1a9dd1b5e9ce6e51d09477dc5637d771) - www.theregister.com - Articles - [ ] [Angry bug hunter with Microsoft beef drops new Windows 0-day](https://www.theregister.com/security/2026/06/10/nightmare-eclipse-publishes-new-windows-defender-zero-day/5253725) - [ ] [GitHub pulls pin on npm's auto-run scripts](https://www.theregister.com/devops/2026/06/10/github-pulls-pin-on-npms-auto-run-scripts/5253453) - [ ] [Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9](https://www.theregister.com/patches/2026/06/10/ivanti-urges-sentry-users-to-patch-two-critical-bugs/5253428) - 青藤云安全 - [ ] [以AI对抗AI——应对金融攻防演练新挑战](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851447&idx=1&sn=068007b3b9c35fcdfe71524b130da7bd) - The Hacker News - [ ] [China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance](https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html) - [ ] [Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities](https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html) - [ ] [Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE](https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html) - [ ] [CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation](https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html) - [ ] [Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar](https://thehackernews.com/2026/06/your-automated-pentest-looks-clean-see.html) - [ ] [Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs](https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html) - [ ] [Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards](https://thehackernews.com/2026/06/anthropic-releases-claude-fable-5-its.html) - [ ] [ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances](https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html) - [ ] [Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows](https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html) - [ ] [Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS](https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html) - Security Weekly Podcast Network (Audio) - [ ] [Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451](http://sites.libsyn.com/18678/innovation-without-data-security-risk-as-ai-unlocks-budgets-and-identity-challenges-tony-kelly-bsw-451)
每日安全资讯(2026-06-11)