# 每日安全资讯(2026-05-13) - SecWiki News - [ ] [SecWiki News 2026-05-12 Review](http://www.sec-wiki.com/?2026-05-12) - Private Feed for M09Ic - [ ] [niudaii starred chainreactors/aide-for-pentest](https://github.com/chainreactors/aide-for-pentest) - [ ] [github released v0.8.9 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.8.9) - [ ] [anthropics released v2.1.140 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.140) - [ ] [modelcontextprotocol released v1.7.9 at modelcontextprotocol/registry](https://github.com/modelcontextprotocol/registry/releases/tag/v1.7.9) - [ ] [bolucat released 202605122201 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202605122201) - [ ] [joaoviictorti starred Nightmare-Eclipse/YellowKey](https://github.com/Nightmare-Eclipse/YellowKey) - [ ] [mitre-attack released v19.1 at mitre-attack/attack-stix-data](https://github.com/mitre-attack/attack-stix-data/releases/tag/v19.1) - [ ] [liamg contributed to infracost/go-proto](https://github.com/infracost/go-proto/pull/59) - [ ] [mitmproxy released v12.2.3 at mitmproxy/mitmproxy](https://github.com/mitmproxy/mitmproxy/releases/tag/v12.2.3) - [ ] [Ridter starred m-sec-org/BreachWeave](https://github.com/m-sec-org/BreachWeave) - [ ] [PrefectHQ released 3.7.1.dev6 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.7.1.dev6) - [ ] [pydantic released v1.94.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.94.0) - [ ] [niudaii starred m-sec-org/BreachWeave](https://github.com/m-sec-org/BreachWeave) - [ ] [future-architect released v0.39.0 at future-architect/vuls](https://github.com/future-architect/vuls/releases/tag/v0.39.0) - Doonsec's feed - [ ] [WAVLINK-WN530HG4 live_api.cgi接口存在远程命令执行漏洞 附POC](https://mp.weixin.qq.com/s/A1VK7zrvm93AYwfhl1E1gg) - [ ] [LeakDetector:一款自动化敏感信息搜集工具](https://mp.weixin.qq.com/s/TCHaeZ681NHoAXOi4GFLAg) - [ ] [中东卫星影像受限:开源情报的失明与破局](https://mp.weixin.qq.com/s/Wo1mP67B7s2I0At_y0PINw) - [ ] [SASCTF|广东技术师范大学网络安全攻防竞赛来啦!!](https://mp.weixin.qq.com/s/3qRHh3OT-zXKLH_wEiDSXw) - [ ] [【AI安全】Mythos和GPT-5.5-Cyber!AI 的安全主战场](https://mp.weixin.qq.com/s/K8wJiFgCsctcUJT3HJGxIA) - [ ] [360发布“龙虾”生态安全报告:23个漏洞覆盖10余款产品,智能体安全风险蔓延全行业](https://mp.weixin.qq.com/s/AKyjmlv4vfperRsGS8njsQ) - [ ] [AI正在放大ClickFix与FileFix:下一代网络攻击已经来了](https://mp.weixin.qq.com/s/Cg5x3IvcrmcN4ueYO02O4A) - [ ] [网络安全适合当兴趣爱好](https://mp.weixin.qq.com/s/zbEWtfAxBvK7ezGLV3wGJg) - [ ] [2026第四届“PGS”电子数据取证(手机)](https://mp.weixin.qq.com/s/VWnV3k29JdYFBACk3EgOCA) - [ ] [A²GRC智能体安全免疫模型:Agentic AI时代,企业安全体系如何从“防系统”走向“管智能体”](https://mp.weixin.qq.com/s/wqXbFE2c9UxKloQdiJ-e8w) - [ ] [如何在linux上检测恶意软件](https://mp.weixin.qq.com/s/Fz8CWplz7DNncIHDPvIi_w) - [ ] [威胁行为者Mr_Rot13积极利用CVE-2026-41940漏洞实施后门部署](https://mp.weixin.qq.com/s/2iUEEejnBxRdQWrwTisEPA) - [ ] [Grav CMS 组合拳漏洞| CVE-2026-42613&CVE-2026-42607复现&研究](https://mp.weixin.qq.com/s/fScOkKDIDsdUSyOlYyNkpQ) - [ ] [肯定有人对 IPv6 感到失望,随手扔了,哈哈](https://mp.weixin.qq.com/s/HdK5GC4j6KxjICepILl1KQ) - [ ] [空密码后台 → SQLite 落地 Webshell → 内核 CVE-2026-31431 root](https://mp.weixin.qq.com/s/c6VZNFWIDw0h_xuK0G45Yw) - [ ] [无聊瞎研究日记六](https://mp.weixin.qq.com/s/11DYjLNGskWKjb2eBJTEfQ) - [ ] [【2026年护网】网安项目群](https://mp.weixin.qq.com/s/UA1D2O51h4mlRdrxllKmfw) - [ ] [论文录用 | NASP实验室2篇论文被SIGCOMM 2026录用](https://mp.weixin.qq.com/s/_2pTCuCuk0R4q5kjDStDJg) - [ ] [CertiK《Skynet朝鲜加密威胁报告》:朝鲜黑客造成2025年约60%数字资产失窃,攻击模式转向“线下渗透”](https://mp.weixin.qq.com/s/iVhZKVHJ1tVMLXRcL_AJtg) - [ ] [OpenAI推出Daybreak全新网络安全计划](https://mp.weixin.qq.com/s/U1vLm_ZoU-o4I7sLNxcgbA) - [ ] [Linux 内核新增紧急开关,填补 0Day 漏洞修复空窗](https://mp.weixin.qq.com/s/HbXkqDe0-vyHhKaNdHLY5Q) - [ ] [你的紫队并非真正融合——只是红蓝队共处一室](https://mp.weixin.qq.com/s/J66hp8wS5ZNXruNCwqa7ag) - [ ] [黑客利用伪造DeepSeek TUI GitHub仓库传播恶意软件](https://mp.weixin.qq.com/s/jCu1hHqoAA7k8jvZwPsp3w) - [ ] [2026盘古石取证初赛(APK取证)](https://mp.weixin.qq.com/s/LzLFYgOPb_G6un2dPZkf5w) - [ ] [蚁剑最新高危漏洞分析:为什么一个“终端输出”最后变成了客户端 RCE?](https://mp.weixin.qq.com/s/6lAzHpefcbFDM3s6a2R0gA) - [ ] [链锁裂变|TeamPCP 供应链攻击劫持 guardrails-ai,七模块凭据收割全景分析](https://mp.weixin.qq.com/s/P4LnwNy2wVbLDEk12-3XIw) - [ ] [6年网安沉浮:从国内一线厂商安服被裁到央企项目经理上岸的真实成长](https://mp.weixin.qq.com/s/ao3mnjqdJ1D15osJHkAK3A) - [ ] [2025年度全国信息安全大事件:从银行系统瘫痪到政务云断线](https://mp.weixin.qq.com/s/Jg4R1lr-nihnc_k7aQVUBw) - [ ] [Windows 11 终于「听劝」了:文件大小显示自适应 + 刷新按钮回归首页!](https://mp.weixin.qq.com/s/d-HjnrCBZLFVeKWNQ4UOAA) - [ ] [一年一度项目群](https://mp.weixin.qq.com/s/oEAp2mmz8hkGlotFq-3gYw) - [ ] [AI会淘汰脚本小子吗?](https://mp.weixin.qq.com/s/55zrGjeUb04c5xDnctIN9Q) - [ ] [AI正在重构网络安全行业](https://mp.weixin.qq.com/s/c_QH14bNp22u3OocokOQeA) - [ ] [【免杀神器】morphkatz](https://mp.weixin.qq.com/s/ebJ9qpyYRDfZggmW_RVwTQ) - [ ] [一款功能强大的Web 漏洞扫描器(11种检测模块)](https://mp.weixin.qq.com/s/MOnAGljdhFGkh7eGBK-Auw) - [ ] [【恶意文件通告】关于Hugging Face平台仿冒OpenAI仓库的供应链投毒事件](https://mp.weixin.qq.com/s/1Gz41IktUfVoyT2bzfswxQ) - [ ] [【恶意文件通告】Linux多功能病毒分析](https://mp.weixin.qq.com/s/Zq8Yo1-czb-X358CnBuUNA) - [ ] [数据投毒、后门操控…你的AI正在悄悄“变坏”@2026白帽世界大会](https://mp.weixin.qq.com/s/ABA71JvAXZaw7LhkoMKsgQ) - [ ] [什么是以太全光交换机?](https://mp.weixin.qq.com/s/l-KI5_o2SAXoQR9NvjJUiA) - [ ] [前端核心生态 TanStack 被投毒:攻击者没有偷 npm 账号,却借官方 CI 发了 84 个恶意版本](https://mp.weixin.qq.com/s/mW8y5y218EAw_mX1nR7c9g) - [ ] [行业资讯: 北信源关于公司股价(ST信源)严重异常波动的公告](https://mp.weixin.qq.com/s/Mch2uslfLlHQo7ytJR0w-g) - [ ] [针对 Windows 11 的新型 BitUnlocker 降级攻击可在 5 分钟内访问加密磁盘](https://mp.weixin.qq.com/s/oNRHKr8lkKy8AGrf3bACmg) - [ ] [启明星辰×车企研究院共筑智能汽车全域安全生态](https://mp.weixin.qq.com/s/Uz3l6ufoKr3Ix82R4vjbww) - [ ] [PHP SOAP 扩展存在严重漏洞,可导致远程代码执行攻击](https://mp.weixin.qq.com/s/wB1Nto61yY1wymP3O27sYg) - [ ] [Mini Shai-Hulud 蠕虫式投毒继续扩散,TanStack、Mistral、Squawk 等生态受影响,周下载量超千万](https://mp.weixin.qq.com/s/DLcTz51h5NnIH7mjcxWDjQ) - [ ] [盛邦安全参股企业微纳星空科创板IPO申请获受理](https://mp.weixin.qq.com/s/aXWd_Xb2XVw9kAhJn5F5WQ) - [ ] [倒计时2天丨大咖论道:AI上了天,谁在地面画靶心?](https://mp.weixin.qq.com/s/0wJxwn-ycKrkX9_D2mtrpQ) - [ ] [黑客利用 CVE-2026-41940 漏洞控制 cPanel 和 WHM 服务器](https://mp.weixin.qq.com/s/IBV42dfZcRMquHpYOfTMzQ) - [ ] [安全与发展:《智能体规范应用与创新发展实施意见》与《审慎采用指南CAAS》的理解和比较](https://mp.weixin.qq.com/s/lCFnHIh0injhEn9GLGyjag) - [ ] [端到端加密要崩?法国议会秘密给情报部门开“幽灵后门”](https://mp.weixin.qq.com/s/9pK4YxAmr8mjdku6H9q5bA) - [ ] [【AI-Red攻防学习篇】:从端口到提示词,重构 AI 目标的侦察范式](https://mp.weixin.qq.com/s/Q_u8LYJRq97yoeFXxOdtdg) - [ ] [系统停摆,37台手术逼停,需付800比特币,遭勒索攻击医院如何抉择?](https://mp.weixin.qq.com/s/hN6Pd20mvpWhJZoAoBpuwQ) - [ ] [谷歌首次发现“AI自主开发”0Day漏洞攻击工具](https://mp.weixin.qq.com/s/lHGi9W1fjnrqwgg4bmkXzA) - [ ] [重磅解读|十五五 6 次点名 “数智化”,和数字化到底差在哪?](https://mp.weixin.qq.com/s/NZFaGA5tPlzk-565HN4QOQ) - [ ] [国家数据局出手:高质量数据集,才是AI真正的“硬底座”](https://mp.weixin.qq.com/s/Lw6Ax7rvc0PW1SmZRVLR9Q) - [ ] [首次发现!AI生成零日漏洞利用工具并实施网络攻击](https://mp.weixin.qq.com/s/4OWzmOw1oH11TwmlEmq9jw) - Verne in GitHub - [ ] [codex-lb:用负载均衡的思路管理多个 ChatGPT 账号](https://blog.einverne.info/post/2026/05/codex-lb-chatgpt-account-load-balancer.html) - [ ] [socat:比 netcat 更强大的网络瑞士军刀](https://blog.einverne.info/post/2026/05/socat-command-usage.html) - [ ] [本地快速切换 Claude Code 和 Codex CLI 账号的几种方案](https://blog.einverne.info/post/2026/05/switch-claude-code-codex-accounts.html) - 先知安全技术社区 - [ ] [【漏洞研究】多层内容解析链引发的 XSS 语义错位绕过及根因分析](https://xz.aliyun.com/news/92125) - 安全客-有思想的安全新媒体 - [ ] [科技云报到:智算千亿赛道向何方?一文读懂信通院《2026智能算力服务研究报告》](https://www.anquanke.com/post/id/315489) - [ ] [亿格云完成数亿元B轮融资,加码“人+AI”统一安全治理](https://www.anquanke.com/post/id/315487) - Recent Commits to cve:main - [ ] [Update Tue May 12 11:39:35 UTC 2026](https://github.com/trickest/cve/commit/b4820345482afaac0fbd931d98c9f68ab0e9ad15) - Tenable Blog - [ ] [Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)](https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103) - Microsoft Security Blog - [ ] [Accelerating detection engineering using AI-assisted synthetic attack logs generation](https://www.microsoft.com/en-us/security/blog/2026/05/12/accelerating-detection-engineering-using-ai-assisted-synthetic-attack-logs-generation/) - [ ] [Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmark](https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/) - [ ] [Defending consumer web properties against modern DDoS attacks](https://www.microsoft.com/en-us/security/blog/2026/05/12/defending-consumer-web-properties-against-modern-ddos-attacks/) - [ ] [Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise](https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/) - obaby 𝐢𝐧⃝ void - [ ] [体检以及其他](https://zhongxiaojie.cn/2026/05/1244/) - Der Flounder - [ ] [Using pmset to set your Mac to automatically power on when power is available on macOS Tahoe 26.5.0](https://derflounder.wordpress.com/2026/05/12/using-pmset-to-set-your-mac-to-automatically-power-on-when-power-is-available-on-macos-tahoe-26-5-0/) - Securelist - [ ] [State of ransomware in 2026](https://securelist.com/state-of-ransomware-in-2026/119761/) - Malwarebytes - [ ] [Fake Claude search results lure Mac users into ClickFix attack](https://www.malwarebytes.com/blog/news/2026/05/fake-claude-search-results-lure-mac-users-into-clickfix-attack) - [ ] [1 in 8 employees have sold company logins or know someone who has](https://www.malwarebytes.com/blog/news/2026/05/1-in-8-employees-have-sold-company-logins-or-know-someone-who-has) - [ ] [Stolen Canvas data was “returned” after hacker agreement, Instructure says](https://www.malwarebytes.com/blog/news/2026/05/stolen-canvas-data-was-returned-after-hacker-agreement-instructure-says) - The Trail of Bits Blog - [ ] [Go fuzzing was missing half the toolkit. We forked the toolchain to fix it.](https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./) - GuidePoint Security - [ ] [What Is Contextual Analysis in Cloud Security and Why Does it Matter?](https://www.guidepointsecurity.com/blog/contextual-analysis-in-cloud-security-and-why-it-matters/) - PortSwigger Blog - [ ] [The beast needs a cage: What's next for AppSec post-Mythos](https://portswigger.net/blog/the-beast-needs-a-cage-whats-next-for-appsec-post-mythos) - Intigriti - [ ] [NIS2 compliance beyond the April 2026 deadline](https://www.intigriti.com/blog/business-insights/nis2-compliance-beyond-the-april-2026-deadline) - Wallarm - [ ] [Extending Security to MCP Servers: Closing a Critical Gap](https://lab.wallarm.com/extend-security-mcp-servers-close-critical-gap/) - HackerNews - [ ] [斯柯达数据泄露事件波及在线商店客户](http://0.0.0.0:8080/post/64237) - [ ] [新型 GhostLock 工具滥用 Windows API 阻断文件访问](http://0.0.0.0:8080/post/64236) - [ ] [Checkmarx 官方 Jenkins 插件包遭入侵,内含信息窃取程序](http://0.0.0.0:8080/post/64235) - [ ] [“Crimenetwork” 平台关停后死灰复燃,再遭德国当局捣毁](http://0.0.0.0:8080/post/64234) - [ ] [SailPoint 披露 GitHub 代码库遭黑客攻击](http://0.0.0.0:8080/post/64233) - 奇客Solidot–传递最新科技情报 - [ ] [社媒上的毒性](https://www.solidot.org/story?sid=84281) - [ ] [土星冰环可能源自其卫星](https://www.solidot.org/story?sid=84280) - [ ] [欧盟准备对 TikTok 和 Instagram 的成瘾性设计采取行动](https://www.solidot.org/story?sid=84279) - [ ] [研究发现工作时间减少与肥胖率下降相关](https://www.solidot.org/story?sid=84278) - [ ] [Digg 再次尝试重启,将转向 AI 新闻聚合](https://www.solidot.org/story?sid=84277) - [ ] [Forza Horizon 6 开发商严惩玩泄密版本的玩家](https://www.solidot.org/story?sid=84276) - [ ] [印度总理呼吁居家办公以应对中东能源危机](https://www.solidot.org/story?sid=84275) - [ ] [Debian 将要求可复现构建](https://www.solidot.org/story?sid=84274) - [ ] [Linux Kernel 将停止支持 AMD K5 CPU](https://www.solidot.org/story?sid=84273) - [ ] [GitLab 以 AI 为由裁员](https://www.solidot.org/story?sid=84272) - 绿盟科技技术博客 - [ ] [安全与发展:《智能体规范应用与创新发展实施意见》与《审慎采用指南CAAS》的理解和比较](https://blog.nsfocus.net/%e5%ae%89%e5%85%a8%e4%b8%8e%e5%8f%91%e5%b1%95%ef%bc%9a%e3%80%8a%e6%99%ba%e8%83%bd%e4%bd%93%e8%a7%84%e8%8c%83%e5%ba%94%e7%94%a8%e4%b8%8e%e5%88%9b%e6%96%b0%e5%8f%91%e5%b1%95%e5%ae%9e%e6%96%bd%e6%84%8f/) - [ ] [2026年国际AI安全报告(七)](https://blog.nsfocus.net/2026%e5%b9%b4%e5%9b%bd%e9%99%85ai%e5%ae%89%e5%85%a8%e6%8a%a5%e5%91%8a%ef%bc%88%e4%b8%83%ef%bc%89/) - Checkmarx - [ ] [Two Fronts, One Risk: Securing Yesterday’s Debt and Today’s AI Code](https://checkmarx.com/blog/two-fronts-one-risk-securing-yesterdays-debt-and-todays-ai-code/) - 奇安信 CERT - [ ] [今日(2026年5月12日)热点网络安全漏洞动态](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247505729&idx=1&sn=2935cba9e61f3fa04a47c062b529d715) - 黑鸟 - [ ] [中东卫星影像受限:开源情报的失明与破局](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186691&idx=1&sn=8b21a9a253123b602ecb2550c93a933c) - 威努特安全网络 - [ ] [电力DCS系统密码应用改造:电厂网络安全的关键防线](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141587&idx=1&sn=750602e50d7dc7cefbcc7e57c8d0591e) - 微步在线研究响应中心 - [ ] [从OA进,靠AI横移,半数都是RCE:2026红队攻击彻底变了](https://mp.weixin.qq.com/s?__biz=Mzg5MTc3ODY4Mw==&mid=2247508706&idx=1&sn=0a47dc86458f4a42dc94b1b142c304b4) - 代码卫士 - [ ] [Checkmarx 再遭攻击,Jenkins AST 插件受陷](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525972&idx=1&sn=b93bcffc7c3ad4c106fbd39a4ee2218e) - [ ] [Go 流行库 fsnotify 的维护人员访问权限变更,拉响供应链攻击警报](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525972&idx=2&sn=26ec27a2c831c25b913ce2dfb5658469) - Shostack & Friends Blog - [ ] [Black Hat training earlybird pricing ends soon](https://shostack.org/blog/black-hat-early-bird-26/) - 安全内参 - [ ] [首次发现!AI生成零日漏洞利用工具并实施网络攻击](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515926&idx=1&sn=347bcbc856a812c74954c74e814786f0) - [ ] [告别静态标签:DarkAtlas发布“六维六层”网络威胁归因模型](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515926&idx=2&sn=3fbf2a4960913276cacc078572b24fcf) - 安全圈 - [ ] [【安全圈】警惕!你的蓝牙可能正被监听 改一个设置就能有效防护](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076374&idx=1&sn=80e79d8ca786f2b8a4f2a23fe7d5bad4) - [ ] [【安全圈】谷歌确认黑客利用 AI 生成零日漏洞攻击 可提升攻击速度](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076374&idx=2&sn=6ddc9b61db17560810d8e2ede885638d) - [ ] [【安全圈】“Crimenetwork” 平台关停后死灰复燃,再遭德国当局捣毁](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076374&idx=3&sn=cde7250ec4d43b997cf6a5e4993a5c93) - 看雪学苑 - [ ] [看雪·2026 KCTF 防守方规则出炉!全网火热征题进行中(新增AI赛道)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614891&idx=1&sn=6836c87fff9b825a3d068bb98dd2a8fe) - [ ] [基于LLVM的通用自包含化(Shellcode)编译器开发思路](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614891&idx=2&sn=78d6f9684285c9b2f339ab01f3ca37f0) - [ ] [安卓惊现零点击核弹漏洞!远程Shell权限被轻易窃取,PoC已公开](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614891&idx=3&sn=0de81f82941d24d10b76da58cb08c893) - 中国信息安全 - [ ] [专题·个人信息保护 | 智能体个人信息保护风险及应对路径](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=1&sn=f010e1a831c1cb71cdca8d4b7b14e8c5) - [ ] [专家解读|邬贺铨:为智能体发展树立规范、留足空间](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=2&sn=d2f594599d152bd730ce100dc50907ae) - [ ] [关注 | 网信办整治来源不清、真假难辨、混淆视听等问题,清理短视频52万余个,严惩账号6.8万余个](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=3&sn=4c9abf2be35458517086f25a5f0c1bb3) - [ ] [行业 | 360发布研究报告:“AI安全时间差”成政企安全防御新变量](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=4&sn=4e4b4e6c72d8c88e1ad93eeb95e6db9d) - [ ] [评论 | 无人机必须在法治航道上飞行](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=5&sn=56e34593904a3c84fe50379fca33d59c) - [ ] [关注 | 2026年4月全国受理网络违法和不良信息举报1686.1万件](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664262496&idx=6&sn=09f66f0e5c888706bd041c8ef8d63b79) - 极客公园 - [ ] [谷歌开了一场「读作 Android,写作 Gemini」的硬件发布会](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106452&idx=1&sn=f2c98af0b8776bacd94a2b3ac5cbcb50) - [ ] [AI 为什么一定会成为这代人的全新购物入口](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106439&idx=1&sn=1415cd4fc753e8c4a0eb4ce95c44c807) - [ ] [免费 1500 次背后,商汤在下一盘什么棋](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106423&idx=1&sn=2c58cabf2c88d292f52868034fed4262) - [ ] [OPPO 就母亲节文案发布问责通告;OpenAI 投资 40 亿美元成立新公司加速企业级 AI 落地;Claude 勒索行为源于网络邪恶信息 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653106350&idx=1&sn=9564b5ee413634b42dfd45438d55c02d) - 安全牛 - [ ] [2026 年 SIEM 市场变革:从 “日志归集工具” 迈向网络韧性核心平台](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141315&idx=1&sn=cfb0d8e5e7b762f829ae8465bd85afa2) - [ ] [CNVD 发布安全公告:多款智能体技能包暗藏恶意执行风险;亿格云完成数亿元B轮融资,加码“人+AI”统一安全治理 | 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141315&idx=2&sn=4e120d8c7390291f6bbb0aa7b3fe4117) - 青藤云安全 - [ ] [一张图:说清楚【AI对抗AI】落地实践](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851276&idx=1&sn=2003983decb069236baf33f2a74139e9) - 微步在线 - [ ] [近百个恶意版本!TanStack遭遇自动化投毒(含排查脚本)](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186511&idx=1&sn=c2d9c23d28bbe5cb8587b5fe9c232d42) - 情报分析师 - [ ] [7款顶级GEOINT与SOCMINT工具清单](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567818&idx=1&sn=49376dfa63807949c829da09eb01fe27) - 阿里安全响应中心 - [ ] [活动改期|先知安全沙龙 - 北京站 5月30日开启!](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652998870&idx=1&sn=a3055f71d8d5efc4384bf843f9ad0f38) - 腾讯安全威胁情报中心 - [ ] [链锁裂变|TeamPCP 供应链攻击劫持 guardrails-ai,七模块凭据收割全景分析](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247511898&idx=1&sn=55cf5a7445b1796c68e2649152e4d592) - 火绒安全 - [ ] [技术驱动防护升级 火绒安全核心研发能力持续提升](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532697&idx=1&sn=7093e8a956c010b4c10019e979efc6e5) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247532697&idx=2&sn=1f5b473b792afd1c8ce3d3b2ecc0f41b) - 陌陌安全 - [ ] [春日福利暴击!陌陌 Q1 直播抽奖,惊喜好礼等你来薅~](https://mp.weixin.qq.com/s?__biz=MzI2OTYzOTQzNw==&mid=2247489582&idx=1&sn=2806d6b599accc8d2fff29ada330ec60) - 奇安信威胁情报中心 - [ ] [【原创】某加密IM官网供应链事件,“离岸”爱国者卷土重来](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247518784&idx=1&sn=16b5fe101414c690ae21f811f931791d) - 数世咨询 - [ ] [疯狂迭代:OpenClaw 143 次版本更新,安全体系是如何"被迫"长出来的?](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542838&idx=1&sn=e7d8ee50a09d50c32724bd8c02e4f74d) - [ ] [亿格云完成数亿元B轮融资,加码“人+AI”统一安全治理](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542838&idx=2&sn=3e198c8122e19b81e23af1d2d6549e41) - [ ] [【高新招聘】网安项目经理/安服驻场实施人员招募中](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542838&idx=3&sn=5767d2ff8ebd7fdbe5ec4c304bd00734) - M01N Team - [ ] [AISS社区|Top5安全事件与技术案例解析](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247495038&idx=1&sn=bdf03f33bc9acdfd1d516ad02b691d1d) - 表图 - [ ] [五家网络安全头部公司的 2019—2025:活下来了,但还没走出去](https://mp.weixin.qq.com/s?__biz=MzUzOTI4NDQ3NA==&mid=2247485014&idx=1&sn=f58f60dc647c9185da14186efd5d227d) - 迪哥讲事 - [ ] [权限绕过](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499431&idx=1&sn=0ddec433ea7ac571491c0cb05a89baca) - 软件安全与逆向分析 - [ ] [三大Root框架通杀检测与反检测方法分析](https://mp.weixin.qq.com/s?__biz=MzU3MTY5MzQxMA==&mid=2247485204&idx=1&sn=0cf8c32c11363b3fab82419058605ad5) - TrustedSec - [ ] [Slamming the Door on Quick Assist Tech Support Scams and Abuse](https://trustedsec.com/blog/slamming-the-door-on-quick-assist-tech-support-scams-and-abuse) - 360数字安全 - [ ] [360发布“龙虾”生态安全报告:23个漏洞覆盖10余款产品,智能体安全风险蔓延全行业](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585949&idx=1&sn=3a9961caf97d6bf505fdaaf76f1c06e4) - [ ] [360首提“AI安全时间差” 政企实战进入速度竞争阶段](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585949&idx=2&sn=4a8aeb1fda7f5fd5d9312c37c0ca2d6d) - 安全行者老霍 - [ ] [揭秘AI越狱者:“我见证了人类制造的最糟糕的东西”](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486674&idx=1&sn=d86088cbc02b2f5efd9188c186092a9f) - 深信服千里目安全技术中心 - [ ] [【恶意文件通告】关于Hugging Face平台仿冒OpenAI仓库的供应链投毒事件](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525577&idx=1&sn=5f71c741c56237738ad5c7cf6519a70f) - [ ] [【恶意文件通告】Linux多功能病毒分析](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525577&idx=2&sn=f77ac8f1303ea4b3e5b5dc78b8881b71) - Tails - News - [ ] [Tails 7.7.3](https://tails.net/news/version_7.7.3/) - 墨菲安全 - [ ] [上海线下闭门沙龙:聊AI 和企业安全](https://mp.weixin.qq.com/s?__biz=MzkwOTM0MjI5NQ==&mid=2247488407&idx=1&sn=ef65e1f6ec3df3be95e2c10cc59618ec) - DARKNAVY - [ ] [我们试着把干掉黑客的AI干掉了|前瞻对抗](https://mp.weixin.qq.com/s?__biz=MzkyMjM5MTk3NQ==&mid=2247497966&idx=1&sn=495f70acae6c8db7682dbb5439200dac) - Qualys Security Blog - [ ] [Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review](https://blog.qualys.com/category/vulnerabilities-threat-research) - ICT Security Magazine - [ ] [Whistleblowing e NIS2: quando la segnalazione diventa governance](https://www.ictsecuritymagazine.com/articoli/whistleblowing-nis2/) - [ ] [AI governance aziendale: i rischi degli agenti autonomi](https://www.ictsecuritymagazine.com/articoli/ai-governance/) - 0x727开源安全团队 - [ ] [你站在哪里](https://mp.weixin.qq.com/s?__biz=MzkwNTI3MjIyOQ==&mid=2247484298&idx=1&sn=0b1f9f53022815994c894ce064b4d8eb) - SANS Internet Storm Center, InfoCON: green - [ ] [Microsoft May 2026 Patch Tuesday, (Tue, May 12th)](https://isc.sans.edu/diary/rss/32980) - [ ] [ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)](https://isc.sans.edu/diary/rss/32978) - Future of Tech and Security: Strategy & Innovation with Raffy - [ ] [Next-Gen MDR Has To Become An AI-Native SecOps Control Plane](https://raffy.ch/blog/2026/05/12/next-gen-mdr-has-to-become-an-ai-native-secops-control-plane/) - Have I Been Pwned latest breaches - [ ] [Cushman & Wakefield - 310,431 breached accounts](https://haveibeenpwned.com/Breach/CushmanWakefield) - NetSPI - [ ] [Why Continuous Testing is the New Standard for Modern Security](https://www.netspi.com/blog/executive-blog/netspi-updates/continuous-testing-new-standard-for-modern-security/) - The Hacker News - [ ] [New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution](https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html) - [ ] [RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded](https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html) - [ ] [New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots](https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html) - [ ] [Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help](https://thehackernews.com/2026/05/webinar-what-riskiest-soc-alerts-go.html) - [ ] [Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages](https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html) - [ ] [Why Agentic AI Is Security's Next Blind Spot](https://thehackernews.com/2026/05/why-agentic-ai-is-securitys-next-blind.html) - [ ] [Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak](https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html) - [ ] [OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation](https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html) - [ ] [iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android](https://thehackernews.com/2026/05/ios-265-brings-default-end-to-end.html) - 白帽子章华鹏 - [ ] [上海线下闭门沙龙:聊AI 和企业安全](https://mp.weixin.qq.com/s?__biz=MzIyOTAxOTYwMw==&mid=2650239023&idx=1&sn=ae15b37b46ed397eeaca5006c49f3bd9) - TorrentFreak - [ ] [Broadcaster Loses FIFA World Cup Rights After 20 Years, Citing “Rampant Piracy”](https://torrentfreak.com/broadcaster-loses-fifa-world-cup-rights-after-20-years-citing-rampant-piracy/) - Tor Project blog - [ ] [New Release: Tails 7.7.3](https://blog.torproject.org/new-release-tails-7_7_3/) - [ ] [Defending the public's right to know](https://blog.torproject.org/Defending-the-right-to-know/) - Security Affairs - [ ] [Hackers accessed BWH Hotels reservation system for months](https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html) - [ ] [The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl](https://securityaffairs.com/192029/hacking/the-worlds-most-dangerous-ai-anthropics-mythos-found-only-one-flaw-in-curl.html) - [ ] [Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor](https://securityaffairs.com/192013/cyber-crime/attackers-exploit-cpanel-cve-2026-41940-to-deploy-filemanager-backdoor.html) - [ ] [WannaCry, the ransomware attack that changed the history of cybersecurity](https://securityaffairs.com/192015/malware/wannacry-the-ransomware-attack-that-changed-the-history-of-cybersecurity.html) - [ ] [Android banking Trojan TrickMo evolves using TON network for C2](https://securityaffairs.com/192003/malware/android-banking-trojan-trickmo-evolves-using-ton-network-for-c2.html) - www.theregister.com - Articles - [ ] [Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs](https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224) - [ ] [Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files](https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144) - [ ] [US bank reports itself after slinging customer data at 'unauthorized AI app'](https://www.theregister.com/security/2026/05/12/us-bank-reports-itself-after-ai-customer-data-mishap/5238787) - [ ] [Cache-poisoning caper turns TanStack npm packages toxic](https://www.theregister.com/cyber-crime/2026/05/12/cache-poisoning-caper-turns-tanstack-npm-packages-toxic/5238650) - [ ] [Apple, Google drag cross-platform texting into the encrypted age](https://www.theregister.com/security/2026/05/12/apple-google-drag-cross-platform-texting-into-the-encrypted-age/5238556) - [ ] [Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla](https://www.theregister.com/security/2026/05/12/japans-pm-orders-cybersecurity-review-to-defend-against-anthropic-mythos/5238501) - Schneier on Security - [ ] [Copy.Fail Linux Vulnerability](https://www.schneier.com/blog/archives/2026/05/copy-fail-linux-vulnerability.html) - Krebs on Security - [ ] [Patch Tuesday, May 2026 Edition](https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/) - Deeplinks - [ ] [Broken Promises: RIP Instagram’s End-to-End Encrypted DMs](https://www.eff.org/deeplinks/2026/05/broken-promises-rip-instagrams-end-end-encrypted-dms) - [ ] [Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats](https://www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-rcs-comes-apple-and-android-chats) - [ ] [EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid](https://www.eff.org/deeplinks/2026/05/eff-launches-new-offline-campaign-saudi-wikipedian-osama-khalid) - [ ] [A Hackers Guide to Circumventing Internet Shutdowns](https://www.eff.org/deeplinks/2026/05/hackers-guide-circumventing-internet-shutdowns) - 网安寻路人 - [ ] [机器速度下的攻防失衡:AI 时代网络安全治理逻辑的根本性重构](https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247508504&idx=1&sn=cfae8460469397bdb3d49f3b20f4c02b)
每日安全资讯(2026-05-13)