[每日信息流] 2026-06-12

[chainreactorbot]

每日安全资讯（2026-06-12）

• Private Feed for M09Ic
  • bolucat released 202606112229 at bolucat/Archive
  • liamg starred owenrumney/watchtower
  • liamg contributed to infracost/go-proto
  • CHYbeta starred robzilla1738/supergoal
  • safedv starred S3cur3Th1sSh1t/NimSyscallPacker
  • github released v0.10.2 at github/spec-kit
  • CHYbeta starred BishopFox/CVE-2026-34908-check
  • kpcyrd contributed to kpcyrd/debian-repro-status
  • xnl-h4ck3r released v8.9 at xnl-h4ck3r/waymore
  • niudaii starred MyuriKanao/src-hunter-skill
  • LoRexxar starred jwangkun/claude-for-financial-services-cn
  • liamg contributed to infracost/proto
  • chainreactors released v0.3.0 at chainreactors/malefic
• Tenable Blog
  • CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive
• SecWiki News
  • SecWiki News 2026-06-11 Review
• Recent Commits to cve:main
  • Update Thu Jun 11 11:33:54 UTC 2026
• Bug Bounty in InfoSec Write-ups on Medium
  • AI Security: explanation to Exploitation || Part 1
  • How I Built a Burp Extension Efficiently with Claude
  • Hacking a Fortune 500 Finance Company via Envoy Proxy Misconfiguration
• Horizon3.ai
  • CVE-2026-10520 | Ivanti Sentry Pre-Authenticated OS Command Injection Vulnerability |
  • Autonomous Penetration Testing: The Buyer’s Decision Guide
• Malwarebytes
  • Google can be liable for false AI Overviews, court rules
  • VRChat says reported data breach never happened
  • Children’s phones must block nude images by September, UK says
• Intigriti
  • Securing the uncharted territories of AI systems. A discussion with Leo Racanelli
• HackerNews
  • 信息窃取木马将数百万设备变成凭证盗窃机器
  • HVAC 和 UPS 关键漏洞可致黑客破坏数据中心
  • Oracle PeopleSoft 服务器遭 ShinyHunters 数据窃取攻击
  • AI 开发平台 Langflow 的路径遍历漏洞遭攻击利用
  • Ivanti、Fortinet 和 SAP 发布多个严重漏洞补丁
  • 未修复的 Langflow 漏洞 CVE-2026-5027 遭利用，可实现未授权 RCE
  • CISA 将 Cisco、Chrome 和 Arista 漏洞纳入 KEV 目录，漏洞已遭活跃利用
• 奇客Solidot–传递最新科技情报
  • 东亚最高的树
  • 科技巨头大举借债
  • 游荡在 Fedora 项目的可疑 AI 智能体
  • OpenAI 称中国关联账户试图煽动美国反数据中心情绪
  • 酷澎因用户信息泄露被罚逾 6 千亿韩元
  • 科学家发现最大鲸类墓地
  • Meta 放宽言论限制后对政客的威胁增加了两倍
  • Visa 支付网络集成 ChatGPT
  • 美国太阳能发电量首次超过煤炭
• Checkmarx
  • 99% Unpatched: What Mythos, Gartner, and a Nine-Second Disaster Tell Us About the Future of AppSec
• 锦行科技
  • 喜报｜锦行科技联合攻关项目斩获2026年度八桂人工智能技术发明一等奖
• rtl-sdr.com
  • NRSC5 Studio: A New Feature-Rich Windows GUI for the nrsc5 HD Radio Decoder
  • AirPulse Desktop: Turn an RTL-SDR into an Amateur Radio Repeater Activity Reporting Station
• 黑鸟
  • 《宝可梦 GO》的扫描数据悄悄训练出的导航技术，如今正被用于军用无人机
• 威努特安全网络
  • 威努特超融合赋能医共体：让医疗服务更高效更便捷
  • WinClaw限时全免！注册即享AI大模型免费额度
• 安全内参
  • 制糖巨头遭网络攻击：两家大型工厂停产 蔗农被迫停止砍收
  • 补丁空窗期告急：Anthropic公司称N日漏洞利用已进入“小时级”时代
• 安全客
  • Mythos可数小时内把漏洞变成武器：Anthropic还是未开放使用
• 看雪学苑
  • 看雪618大促来啦！这份“投资自己”的快乐请查收
  • 把 .o 变成 .ko：一次 ELF 格式的奇妙之旅
  • Ivanti Sentry漏洞已遭大规模在野利用，暴露网关极可能已失陷
• 我的安全视界观
  • 【AI复盘】Claude 源码两次泄露事件
• 青衣十三楼飞花堂
  • 已知(x-a)^2+(y-b)^2=r^2，求cx+dy最大最小值
• 天御攻防实验室
  • 俄罗斯“中央电视台”：FSB破获外国情报机构针对俄罗斯高级官员的移动设备植入监听设备的行动
• 中国信息安全
  • 专题·智能体安全 | 智能体技能安全风险分析与治理对策研究
  • 通报 | 中央网信办通报30款App个人信息收集使用问题
  • 前沿 | 建设造福人民的法治化网络空间
  • 这份《2026版防范电信网络诈骗宣传手册》请查收！
  • 观点 | 通过精准分类未成年人网络信息保护身心健康
• XCTF联赛
  • SCTF 2026｜倒计时3天！
• 代码卫士
  • FortiSandbox 严重漏洞可导致未授权命令执行
  • GitHub 推出 npm 安全变更，对抗供应链攻击
• 安全牛
  • Mythos 对阵 360 智能体：全球 AI 漏洞挖掘分化成两大技术路线
  • 渗透 · 实战挑战赛 | 你能打穿几台靶机？
• 安全圈
  • 【安全圈】AI 开发平台 Langflow 的路径遍历漏洞遭攻击利用
  • 【安全圈】信息窃取木马将数百万设备变成凭证盗窃机器
  • 【安全圈】Ivanti、Fortinet 和 SAP 发布多个严重漏洞补丁
• 天黑说嘿话
  • 别走丢！公众号即将调整，来企业微信找我们领福利
• 数世咨询
  • AI赋能SOC测评：只有10%从AI中获得高价值
• 微步在线
  • 国内首个恶意样本“搜索引擎”，上线！
• 极客公园
  • 对话安克阳萌：AI 硬件的真门槛，是推翻计算机 80 年的「祖宗家法」
  • Tabbit 1.0 发布，9 块 9 国内模型免费用，首谈与美团合作细节
  • 一个拼多多足球装备商家，如何迈出中国制造在世界杯的新征程？
  • Claude Fable 5 拒绝回答基础生物问题；Altman 预估 OpenAI 明年上市；韩国首次查获 AI 智能眼镜考试作弊案｜极客早知道
• 云鼎实验室
  • 不止代码投毒：我们审计3万个Skill后发现了什么？
• 奇安盘古
  • 再获认可！奇安信旗下两家企业再次入选上海市“专精特新”中小企业
• 情报分析师
  • 曝光文件揭露了美中央情报局与不明飞行物和外星科技的惊人联系
• 360数字安全
  • Mythos来了，政企安全运营进入AI快车道
  • 同心筑赣 携手盛启——2026年360数字安全渠道大会在南昌成功召开
• 安全行者老霍
  • 探索 Agentic AI 的前沿领域
• 奇安信威胁情报中心
  • 致命组合拳：Ivanti Sentry 两个10分漏洞允许未认证拿下企业移动网关
• 美团技术团队
  • 从月球漫步到赛博都市，WBench测出了世界模型的边界
  • 报名｜ACL'26 论文分享会：美团履约团队前沿技术专场
• T00ls安全
  • 投毒事件：AKSK 利用工具存在后门投毒
• 字节跳动技术团队
  • 三篇论文入选 SIGMOD 2026：从真实业务深处长出的字节跳动数据库创新
• 迪哥讲事
  • 绕过权限
• 软件安全与逆向分析
  • gbl_root_canoe隐藏BL状态原理分析
• ICT Security Magazine
  • Agenti AI: non un vuoto di responsabilità, ma un eccesso di autori
  • Che tipo di AI decido di assumere? Quale AI scegliere in azienda: costi, limiti e sicurezza dei dati.
  • Crypto-agility: la migrazione crittografica che il post-quantum, da solo, non risolve
• 纽创信安
  • 从“被动防御”到“AI主动发现”：出海数据合规的下一代范式
• Krypt3ia
  • Threat Intelligence Report: APT10 / FUNKY FLAGPOLE / MenuPass / Stone Panda
• 网安国际
  • 重要通知｜第一届CCF网络与系统安全大会，定档杭州！
• Over Security
  • Japanese energy firm loses drive with data of 10.9 million clients
  • Maine breach portal abused to publish fake data breach disclosures
  • Oracle warns of security bug that hackers abused to breach 100+ companies
  • Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
  • A tale of two eras
  • Everest: Six Years of Evolution from Data Leak to Double Extortion – the interview
  • Cyber Force not included in Senate defense policy roadmap
  • Authorities dismantle 'AudiA6' ransomware crypto-laundering service
  • Cisco Talos, nel 2026 operazioni sponsorizzate dagli Stati sono meno rumorose ma più pazienti: ecco come difendersi
  • Hacker linked to Void Blizzard faces charges over cyberespionage campaign
  • British high school sends students home following cyberattack
  • University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft
  • Why AI-driven threats are exposing the limits of MSP security stacks
  • Software Bill of Materials (Sbom) nel 2026: i progessi e i 3 ostacoli all’adozione degli inventari
  • Coupang hit with record $409 million data breach fine in Korea
  • CISA tells govt agencies to patch critical exploited flaws in 3 days
  • pCloud 20 GB di spazio cloud gratis: come funziona la promozione e quali vantaggi include
  • May 2026 Cyber Attacks Statistics
  • Cyble Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies — and What Cyble Feels It Means for the Next Era of Threat Intel
  • La sfida dei data center spaziali
  • Microsoft fixes BitLocker recovery bug on Windows Server 2025
  • AI nella PA: la formazione di massa alla prova della sicurezza dei dati e della conformità normativa
  • L’importanza della discovery e dell’osservabilità nell’era agentica
  • From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
  • L’adozione dell’AI tra Mythos e Fable 5: le nuove sfide alla sicurezza nazionale
  • Mackay Sugar Security Incident Forces Mill Shutdowns and Halts Harvesting Operations
  • Sniper’s Nest: From Brand Impersonation to Browser Hijacking and CPA Fraud
  • Nottingham University data breach affects over 450,000 students
  • ServiceNow Flaw Exploited by Threat Actors to Access Customer Instances
  • APT28, an evolution of tradecraft
  • Max severity Ivanti Sentry vulnerability now exploited in attacks
  • CISA Sets 72-Hour Patch Window for Federal Systems Facing Highest Cyber Risks
• TrustedSec
  • Hardening Intune: The Implementation Guide
• Schneier on Security
  • Enhanced License Plate Tracking
• SANS Internet Storm Center, InfoCON: green
  • ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
• Instapaper: Unread
  • Enhanced License Plate Tracking
  • GreatXML BitLocker Bypass 0-Day Exploited Via Windows Defender Offline Scan
  • What’s Really Slowing Your Extractions (Hint Not Your Tools)
  • LEAPPing with LAVA
  • GhostTrace – a Windows forensic scanner that finds what Uninstall leaves behind (22 modules, read-only, offline)
• TorrentFreak
  • Tech Industry Warns of Piracy Blocking Risks as FIFA World Cup Kicks Off
  • Court Holds New York IPTV Box Seller Liable, Millions of Damages at Stake
• The Hacker News
  • ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
  • New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
  • New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
  • The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
  • Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
  • ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
  • AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
  • OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
  • GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
• Security Affairs
  • CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
  • OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
  • Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
  • Fortinet patched a new critical FortiSandbox flaw
  • JDY Botnet Evolves After KV Takedown, Targets Military Networks
• Deeplinks
  • Yes to California's Bill to Ban Surveillance Pricing
  • ‘News’ Site Keeps Hallucinating EFF Staffers
  • LGBT Q&A: We’re Back With Season 2!
• HACKMAGEDDON
  • May 2026 Cyber Attacks Statistics
• www.theregister.com - Articles
  • ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day
  • Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day
  • VRChat says somebody faked a breach notice with the Maine AG's office
  • Every employee’s password was stored in a single Excel file
  • Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
• Security Weekly Podcast Network (Audio)
  • Trolling Microsoft With Vulnerabilities - PSW #930