[每日信息流] 2026-03-09

# 每日安全资讯（2026-03-09）

- SecWiki News
  - [ ] [SecWiki News 2026-03-08 Review](http://www.sec-wiki.com/?2026-03-08)
- CXSECURITY Database RSS Feed - CXSecurity.com
  - [ ] [PluckCMS 4.7.10 Unrestricted File Upload](https://cxsecurity.com/issue/WLB-2026030016)
  - [ ] [Python-Multipart < 0.0.22 - Path Traversal / Arbitrary File Write (CVE-2026-24486)](https://cxsecurity.com/issue/WLB-2026030015)
  - [ ] [WeGIA < = 3.6.4 Unauthenticated Admin Authentication Bypass](https://cxsecurity.com/issue/WLB-2026030014)
  - [ ] [NocoDB < = 0.301.2 User Enumeration via Password Reset Endpoint](https://cxsecurity.com/issue/WLB-2026030013)
  - [ ] [Craft CMS 4.x & 5.x  RCE via Blocklist Bypass](https://cxsecurity.com/issue/WLB-2026030012)
  - [ ] [pac4j-jwt <  4.5.9, <  5.7.9, <  6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT](https://cxsecurity.com/issue/WLB-2026030011)
  - [ ] [AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board](https://cxsecurity.com/issue/WLB-2026030010)
- Der Flounder
  - [ ] [Using the Jamf Pro API to deploy installer packages using MDM commands](https://derflounder.wordpress.com/2026/03/08/using-the-jamf-pro-api-to-deploy-installer-packages-using-mdm-commands/)
- Recent Commits to cve:main
  - [ ] [Update Sun Mar  8 11:31:05 UTC 2026](https://github.com/trickest/cve/commit/54596bc659ecb564e8bef696e733daf2d5cdf9bd)
- Zdziarski
  - [ ] [The Link Between Christian Nationalism and Hitler’s Germany](https://www.zdziarski.com/blog/?p=13746)
- Private Feed for M09Ic
  - [ ] [xnl-h4ck3r released v8.7 at xnl-h4ck3r/waymore](https://github.com/xnl-h4ck3r/waymore/releases/tag/v8.7)
  - [ ] [mgeeky starred byt3bl33d3r/figaro](https://github.com/byt3bl33d3r/figaro)
  - [ ] [CHYbeta starred googleworkspace/cli](https://github.com/googleworkspace/cli)
  - [ ] [mgeeky starred dazzyddos/PrivHound](https://github.com/dazzyddos/PrivHound)
  - [ ] [PrefectHQ released 3.6.22.dev3 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.22.dev3)
  - [ ] [Mr-xn starred rtk-ai/rtk](https://github.com/rtk-ai/rtk)
  - [ ] [gh0stkey starred matteyeux/coruna](https://github.com/matteyeux/coruna)
  - [ ] [panjf2000 starred nearai/ironclaw](https://github.com/nearai/ironclaw)
- ClevCode
  - [ ] [Security in the Age of Agents](https://clevcode.org/security-in-the-age-of-agents/)
- Didier Stevens
  - [ ] [Update: base64dump.py Version 0.0.29](https://blog.didierstevens.com/2026/03/08/update-base64dump-py-version-0-0-29/)
- Malwarebytes
  - [ ] [Ring doorbells: Won&#8217;t you see my neighbor? (Lock and Code S07E05)](https://www.malwarebytes.com/blog/podcast/2026/03/ring-doorbells-wont-you-see-my-neighbor-lock-and-code-s07e05)
- Reverse Engineering
  - [ ] [GhostWeaver - a malware that lives up to its name](https://www.reddit.com/r/ReverseEngineering/comments/1ro58wd/ghostweaver_a_malware_that_lives_up_to_its_name/)
  - [ ] [[Update] I know I've shared LCSAJdump before, but v1.1.2 just mapped the entire x86_64 libc graph in <10s. It's now faster than ROPgadget while finding JOPs/Shadow Gadgets they physically miss.](https://www.reddit.com/r/ReverseEngineering/comments/1rob9wk/update_i_know_ive_shared_lcsajdump_before_but/)
  - [ ] [I need help in Wana see the source code or the things used in app like can we see ?? I have recently came to know that it's possible with using JADX please help we to how to see code is it possible](https://www.reddit.com/r/ReverseEngineering/comments/1roddn7/i_need_help_in_wana_see_the_source_code_or_the/)
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  - [ ] [龙岗拟出台措施 支持OpenClaw&OPC发展](https://blog.upx8.com/%E9%BE%99%E5%B2%97%E6%8B%9F%E5%87%BA%E5%8F%B0%E6%8E%AA%E6%96%BD-%E6%94%AF%E6%8C%81OpenClaw-OPC%E5%8F%91%E5%B1%95)
  - [ ] [AI 聊天机器人将用户引导至非法在线赌场](https://blog.upx8.com/AI-%E8%81%8A%E5%A4%A9%E6%9C%BA%E5%99%A8%E4%BA%BA%E5%B0%86%E7%94%A8%E6%88%B7%E5%BC%95%E5%AF%BC%E8%87%B3%E9%9D%9E%E6%B3%95%E5%9C%A8%E7%BA%BF%E8%B5%8C%E5%9C%BA)
  - [ ] [伊朗就新任最高领袖人选达成多数共识](https://blog.upx8.com/%E4%BC%8A%E6%9C%97%E5%B0%B1%E6%96%B0%E4%BB%BB%E6%9C%80%E9%AB%98%E9%A2%86%E8%A2%96%E4%BA%BA%E9%80%89%E8%BE%BE%E6%88%90%E5%A4%9A%E6%95%B0%E5%85%B1%E8%AF%86)
  - [ ] [三星称愿与OpenAI等更多公司达成战略合作](https://blog.upx8.com/%E4%B8%89%E6%98%9F%E7%A7%B0%E6%84%BF%E4%B8%8EOpenAI%E7%AD%89%E6%9B%B4%E5%A4%9A%E5%85%AC%E5%8F%B8%E8%BE%BE%E6%88%90%E6%88%98%E7%95%A5%E5%90%88%E4%BD%9C)
  - [ ] [印度PC出货量超越疫情峰值 达1590万台](https://blog.upx8.com/%E5%8D%B0%E5%BA%A6PC%E5%87%BA%E8%B4%A7%E9%87%8F%E8%B6%85%E8%B6%8A%E7%96%AB%E6%83%85%E5%B3%B0%E5%80%BC-%E8%BE%BE1590%E4%B8%87%E5%8F%B0)
  - [ ] [安世半导体风波再起，中国警告全球产供链危机](https://blog.upx8.com/%E5%AE%89%E4%B8%96%E5%8D%8A%E5%AF%BC%E4%BD%93%E9%A3%8E%E6%B3%A2%E5%86%8D%E8%B5%B7-%E4%B8%AD%E5%9B%BD%E8%AD%A6%E5%91%8A%E5%85%A8%E7%90%83%E4%BA%A7%E4%BE%9B%E9%93%BE%E5%8D%B1%E6%9C%BA)
  - [ ] [OpenAI再次推迟ChatGPT的“成人模式”](https://blog.upx8.com/OpenAI%E5%86%8D%E6%AC%A1%E6%8E%A8%E8%BF%9FChatGPT%E7%9A%84-%E6%88%90%E4%BA%BA%E6%A8%A1%E5%BC%8F)
- 奇客Solidot–传递最新科技情报
  - [ ] [印尼和印度卡纳塔克邦将禁止 16 岁以下儿童使用社媒](https://www.solidot.org/story?sid=83713)
  - [ ] [NASA DART 探测器确认改变了小行星的轨道](https://www.solidot.org/story?sid=83712)
- 威努特安全网络
  - [ ] [AI掀起工业安全新挑战，看威努特“白环境”如何破局？](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651140394&idx=1&sn=0e5620bf49f24b5568ff1e4ef8038226)
- 丁爸 情报分析师的工具箱
  - [ ] [【工具】美伊冲突实时追踪网站](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651154705&idx=1&sn=0102f2a546013e48b672f14ce0c51edc)
- 黑鸟
  - [ ] [避开英文AI写作套路：别让AI检测工具成了写作的枷锁](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185628&idx=1&sn=0c2be2783ae96bbcf2bb950264d8b2a7)
- 吾爱破解论坛
  - [ ] [十八周年开放注册微信抽奖活动，先送20个账号注册码或300论坛币，周一下午两点开奖，详见：【开放注册公告】吾爱破解论坛2026年3月13日十八周年开放注册公告](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143712&idx=1&sn=8af7768967ffac69a438a1f1524c3635)
- 皮相
  - [ ] [掌控信息，而不是被信息掌控](https://mp.weixin.qq.com/s?__biz=MzI0NDA5MDYyNA==&mid=2648257329&idx=1&sn=20908ae6e8fb09950b5e1f7a5b5c2f96)
- 青衣十三楼飞花堂
  - [ ] [初一下学期的倒角难题挑战](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489084&idx=1&sn=7ac8a6e3a7424ff4a2770d84b52bc237)
- 电子物证
  - [ ] [【实用 APK 分析模板：溯源链路与研判分析汇总】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048940&idx=1&sn=33d8cc14cb5d2c6864a954d5d914ef05)
  - [ ] [【一图看懂】常用哈希算法原理](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048940&idx=2&sn=2168b140333bc7f61ead1f792ddf5fb1)
- 极客公园
  - [ ] [给 OpenAI 造机器人的人，看见了可怕的未来](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100595&idx=1&sn=820ed2e94b292ee22abf1bf09b8f1d7a)
  - [ ] [为什么「从 1 数到 10」这件事，所有视频模型都不会？](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100564&idx=1&sn=e74e00270a8dd1f1877718ce39705161)
  - [ ] [雷军：未来每周只需工作 3 天；腾讯 QQ 官方接入「龙虾」，1 账号 5 个；ChatGPT「成人模式」推迟发布 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100586&idx=1&sn=01356e98916bcad168b1f73ac79b8bbc)
- 非尝咸鱼贩
  - [ ] [重访斯洛伐克：打卡名人机位和后朋克专辑封面](https://mp.weixin.qq.com/s?__biz=Mzk0NDE3MTkzNQ==&mid=2247485830&idx=1&sn=15fc406e15a254a81f974244bcd26415)
- 火绒安全
  - [ ] [芳华启新程｜火绒致敬每一位独立坚守、勇敢担当的她](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531229&idx=1&sn=e92394a8a2e718fb9db072690c8c26fb)
  - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531229&idx=2&sn=4d4e0a088996299136178d6f1fe15c0b)
- 复旦白泽战队
  - [ ] [妇女节到啦｜白泽AI祝大家快乐在线，状态满格！](https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247497789&idx=1&sn=7951df4a11843c4a1ee21121d67d5592)
- 安全圈
  - [ ] [【安全圈】紧急！思科发布最高级别预警，一口气修复48个漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=1&sn=ef939eb4d183296256162bca1d577177)
  - [ ] [【安全圈】重磅！IBM X-Force报告：AI驱动攻击狂飙，勒索软件激增49%](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=2&sn=41aac7caec6bd6da98ec4c7c6b1f785f)
  - [ ] [【安全圈】紧急！游戏平台遭黑客入侵，1500万账户数据泄露，波及PSN/Xbox/Steam/Epic](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=3&sn=a9c6660530e537b38ec8593c0ab2427c)
  - [ ] [【安全圈】高危0day突袭！俄APT28借MSHTML漏洞突破防线，政企紧急戒备](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=4&sn=f3ae22e08096eab2957816229960f85b)
- 安全行者老霍
  - [ ] [托管安全服务：实操指南--如何外包网络防御而不失控](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486032&idx=1&sn=e3f8ddfe984fd9bfaf7f76bb594ddb4f)
- 自在安全
  - [ ] [如何利用 AI 分析 CVE-2025-20393 思科安全邮件网关 CVSS10 满分复杂匿名 RCE 漏洞](https://mp.weixin.qq.com/s?__biz=Mzk0NTU5Mjg0Ng==&mid=2247492706&idx=1&sn=fdd3a02e537a160a014f2b3e2870d60e)
- Over Security - Cybersecurity news aggregator
  - [ ] [How AI Assistants are Moving the Security Goalposts](https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/)
  - [ ] [EU court adviser says banks must immediately refund phishing victims](https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/)
  - [ ] [Hackers abuse .arpa DNS and ipv6 to evade phishing defenses](https://www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/)
  - [ ] [Ransomware Group Securotrop Claims Breach of Universal Mailing Service, Says 490GB of Data Stolen](https://www.suspectfile.com/ransomware-group-securotrop-claims-breach-of-universal-mailing-service-says-490gb-of-data-stolen/)
  - [ ] [Women in Cybersecurity Reveal the Skills That Built Their Confidence](https://thecyberexpress.com/women-in-cybersecurity-give-to-gain/)
  - [ ] [Top 50 Women Leaders in Cybersecurity to Watch in 2026](https://thecyberexpress.com/top-50-women-in-cybersecurity-to-watch-in-2026/)
- cavallette
  - [ ] [Problema hardware / Hardware issue](https://cavallette.noblogs.org/2026/03/10038)
- bellingcat
  - [ ] [Video Shows US Tomahawk Missile Strike Next to Girls’ School in Iran](https://www.bellingcat.com/news/2026/03/08/video-shows-us-tomahawk-missile-strike-next-to-girls-school-in-iran/)
- The Register - Security
  - [ ] [FBI is investigating breach that may have hit its wiretapping tools](https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/)
  - [ ] [AI agents now help attackers, including North Korea, manage their drudge work](https://go.theregister.com/feed/www.theregister.com/2026/03/08/deploy_and_manage_attack_infrastructure/)
- Security Affairs
  - [ ] [Critical Nginx UI flaw CVE-2026-27944 exposes server backups](https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html)
  - [ ] [Massive GitHub malware operation spreads BoryptGrab stealer](https://securityaffairs.com/189110/malware/massive-github-malware-operation-spreads-boryptgrab-stealer.html)
  - [ ] [SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87](https://securityaffairs.com/189103/malware/security-affairs-malware-newsletter-round-87.html)
  - [ ] [Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION](https://securityaffairs.com/189094/breaking-news/security-affairs-newsletter-round-566-by-pierluigi-paganini-international-edition.html)
- Your Open Hacker Community
  - [ ] [How do hackers receive money without getting their bank accounts tracked ?](https://www.reddit.com/r/HowToHack/comments/1rntz18/how_do_hackers_receive_money_without_getting/)
  - [ ] [Hostname discovery on network](https://www.reddit.com/r/HowToHack/comments/1ro0d9c/hostname_discovery_on_network/)
  - [ ] [Retrieve information from old Galaxy S Advance (locked)](https://www.reddit.com/r/HowToHack/comments/1ro1e6m/retrieve_information_from_old_galaxy_s_advance/)
  - [ ] [How to hack a Shenzhen MT61?](https://www.reddit.com/r/HowToHack/comments/1ro2o3m/how_to_hack_a_shenzhen_mt61/)
  - [ ] [how to unencrypt .vbk files?](https://www.reddit.com/r/HowToHack/comments/1ro8mgx/how_to_unencrypt_vbk_files/)
  - [ ] [Bypass vpn detection in survey website](https://www.reddit.com/r/HowToHack/comments/1rnxvts/bypass_vpn_detection_in_survey_website/)
  - [ ] [I need help](https://www.reddit.com/r/HowToHack/comments/1ro24hm/i_need_help/)
- Social Engineering
  - [ ] [I'm a Dentist. What are some Books that will help me raise concern, motivation, and compliance in patients?](https://www.reddit.com/r/SocialEngineering/comments/1rok3hh/im_a_dentist_what_are_some_books_that_will_help/)
  - [ ] [People's weaknesses, do you know any?](https://www.reddit.com/r/SocialEngineering/comments/1robdad/peoples_weaknesses_do_you_know_any/)
- Krebs on Security
  - [ ] [How AI Assistants are Moving the Security Goalposts](https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/)
- Dark Space Blogspot
  - [ ] [I Protagonisti Delle Crypto Wars: Da Zimmermann a Durov](http://darkwhite666.blogspot.com/2026/03/i-protagonisti-delle-crypto-wars-da.html)
- Information Security
  - [ ] [Sentinel-ThreatWall](https://www.reddit.com/r/Information_Security/comments/1rodji8/sentinelthreatwall/)
  - [ ] [Is user training as preventative as we’d hope?](https://www.reddit.com/r/Information_Security/comments/1rnx1qx/is_user_training_as_preventative_as_wed_hope/)
- Technical Information Security Content & Discussion
  - [ ] [Fake Claude Code Install Guides Spread Amatera Infostealer in New “InstallFix” Malvertising Campaign](https://www.reddit.com/r/netsec/comments/1robwok/fake_claude_code_install_guides_spread_amatera/)
  - [ ] [From Chrome Extension Supply-Chain Compromise to Host Malware: Technical Breakdown of the ShotBird Campaign](https://www.reddit.com/r/netsec/comments/1rob5no/from_chrome_extension_supplychain_compromise_to/)
  - [ ] [AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks](https://www.reddit.com/r/netsec/comments/1rojhfl/airsnitch_demystifying_and_breaking_client/)
- netsecstudents: Subreddit for students studying Network Security and its related subjects
  - [ ] [Free Workshop: Understanding IAM (Identity & Access Management)](https://www.reddit.com/r/netsecstudents/comments/1rof0t0/free_workshop_understanding_iam_identity_access/)
  - [ ] [OpenShell——An open-source reverse shell management server written in Go.](https://www.reddit.com/r/netsecstudents/comments/1roahws/openshellan_opensource_reverse_shell_management/)
  - [ ] [Beginner cybersecurity learner – what networking topics should I study?](https://www.reddit.com/r/netsecstudents/comments/1ro3psz/beginner_cybersecurity_learner_what_networking/)
  - [ ] [New rental home network](https://www.reddit.com/r/netsecstudents/comments/1rob6ze/new_rental_home_network/)
  - [ ] [Soon to be Ex-marketing technology bloke looking to enter cyber sec, Would love if i could request some aid in a project i'm working on for my CV](https://www.reddit.com/r/netsecstudents/comments/1ro2311/soon_to_be_exmarketing_technology_bloke_looking/)
  - [ ] [Built a self-hosted subdomain monitoring tool for bug bounty](https://www.reddit.com/r/netsecstudents/comments/1rnwrm0/built_a_selfhosted_subdomain_monitoring_tool_for/)
  - [ ] [Sto provando a spiegare come funziona davvero Internet: feedback tecnico benvenuto](https://www.reddit.com/r/netsecstudents/comments/1rnwbl8/sto_provando_a_spiegare_come_funziona_davvero/)
- Blackhat Library: Hacking techniques and research
  - [ ] [We used Kolega to find and fix real vulnerabilities in high-quality open source projects](https://www.reddit.com/r/blackhat/comments/1ro3wpp/we_used_kolega_to_find_and_fix_real/)
  - [ ] [Security professionals: what’s a vulnerability you discovered that made you question how the system ever passed testing?](https://www.reddit.com/r/blackhat/comments/1rnptnd/security_professionals_whats_a_vulnerability_you/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[每日信息流] 2026-03-09 #1172

每日安全资讯（2026-03-09）

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[每日信息流] 2026-03-09 #1172

Description

每日安全资讯（2026-03-09）

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions