[每日信息流] 2026-03-10

[chainreactorbot]

每日安全资讯（2026-03-10）

• SecWiki News
  • SecWiki News 2026-03-09 Review
• 美团技术团队
  • LongCat 为 OpenClaw 装上效率引擎：你的自动化任务还能再快 30%
• Private Feed for M09Ic
  • github released v0.2.0 at github/spec-kit
  • bolucat released 202603092001 at bolucat/Archive
  • PrefectHQ released 3.6.22.dev5 at PrefectHQ/prefect
  • 4ra1n starred openclaw/openclaw
  • panjf2000 contributed to panjf2000/ants
  • mgeeky starred mrphrazer/binary-ninja-headless-mcp
  • WAY29 starred glittercowboy/taches-cc-resources
  • Mr-xn starred 666ghj/MiroFish
  • safedv starred hackerschoice/thc-tips-tricks-hacks-cheat-sheet
  • OpenAEV-Platform released 2.3.0 at OpenAEV-Platform/openaev
  • Ascotbe starred Lakr233/vphone-cli
  • CHYbeta starred netease-youdao/LobsterAI
  • PrefectHQ released 3.6.22.dev4 at PrefectHQ/prefect
  • pmiaowu starred dongshuyan/Awesome-Prompts
  • wh0amitz starred AabyssZG/SpringBoot-Scan
  • Ascotbe starred hect0x7/JMComic-APK
  • CHYbeta starred sanbir/solana-auditor-skills
  • pmiaowu starred Jumbo-WJB/semantic-trap-detector
• Recent Commits to cve:main
  • Update Mon Mar 9 11:22:10 UTC 2026
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 国家安全机关紧急警示：“发票”钓鱼邮件来袭，企业如何筑牢数字防线？
  • 银狐攻击暴涨 159.5%！3大套路狂卷企业20亿，4招护好企业邮箱
  • 嘶吼安全产业研究院 | 两项图谱调研同步启动中，请务必区分填报、勿混淆！
  • 8项公共安全行业标准获批发布
  • 梆梆安全赋能交通行业安全实践，Android、iOS、鸿蒙多端共存，如何统一管控安全风险？
  • 3个月阻断超83.6万次攻击！梆梆安全为运营商计费业务构筑全生命周期安全防线
  • 【直播预告】邮件安全“三重防护”指南
  • 【梆梆安全监测】安全隐私合规监管趋势及漏洞风险报告（1207-1220）
  • 公安部通报54款APP违规收集个人信息，停车、翻译、企业服务类应用成重灾区
• Microsoft Security Blog
  • Secure agentic AI for your Frontier Transformation
• Tenable Blog
  • President Trump's Cyber Strategy for America: What It Means for the U.S. and Why It Matters Globally
  • Tenable Named a Challenger in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
• Didier Stevens
  • Update: emldump.py Version 0.0.16
• Malwarebytes
  • Fake Claude Code install pages hit Windows and Mac users with infostealers
  • Quiz sites trick users into enabling unwanted browser notifications
  • A week in security (March 2 – March 8)
• GuidePoint Security
  • Proving a Business will Recover: The Evolution of Business Resilience
• daniel.haxx.se
  • 10K curl downloads per year
• bishopfox.com
  • Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643
• 绿盟科技技术博客
  • RSAC 2026创新沙盒-Realm Labs：洞察AI推理内核，前置防控安全风险
• Offensive Security Blog: Latest Trends in Hacking | Praetorian
  • Beyond Prompt Injection: The Hidden AI Security Threats in Machine Learning Platforms
• 奇客Solidot–传递最新科技情报
  • digiKam 9.0.0 释出
  • 太空风暴让人类难以探测到 ET 的信号
  • 一百万颗卫星会如何影响天空？
  • FBI 通过 Proton Mail 识别抗议者身份
  • 卫星揭示北美和非洲桥梁面临稳定性风险
  • 耳鸣与睡眠密切相关
  • 研究人员模拟月球土壤种植收获鹰嘴豆
  • 新法律要求成人网站验证澳大利亚人年龄
• 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  • 中国7家光伏面板企业2025年预亏392亿元
  • Anthropic就供应链风险标签起诉国防部
  • 优步“可选女司机”选项在美国更多城市推出
  • 微软推出办公套件 Microsoft 365 E7
• 黑鸟
  • 欧盟议会情报平台：AI深度政治情报报告
• 安全客
  • OpenAI发布应用安全智能体：可自主发现、验证并修复漏洞
• 代码卫士
  • 黑客在Laravel 生态系统中隐藏恶意PHP包，发动供应链攻击
  • 开源 IAM 平台ZITADEL中存在漏洞，可导致用户账户遭完全接管
• 安全分析与研究
  • 如何用AI实现一款APT溯源工具
• 虎符智库
  • OpenClaw爆火，AI智能体数据、内容、权限三大风险如何兜底？
• 先进攻防
  • 赛博龙虾养殖指南
• Flanker论安全
  • 当 Agent 成为新公民：互联网风控的'西西弗斯'时刻
• 全频带阻塞干扰
  • ​新窃密技术预警：现代光学鼠标窃密
• 看雪学苑
  • Linux内核modprobe_path覆盖利用技术
  • 效率封神！Claude Opus 4.6联合Mozilla，挖出Firefox 22个全新漏洞
  • 非虫重磅打造 | 阶段二：安卓软件开发与逆向分析（工具篇）
• 安全内参
  • AI医生可被任意劫持：篡改患者处方剂量、给出错误医疗建议
  • 从网络防御到网络征伐：特朗普政府发布新版美国网络战略
• 认知独省
  • 腾讯云鼎攻防招聘
• 信安之路
  • 写文章随便打开一个案例就发现了漏洞，真好玩儿！
• 中国信息安全
  • 中国信息安全测评中心主任彭涛：良法善治筑坚盾 网安新规绘新篇
  • 《中国信息安全》杂志2026年第2期目录
• 极客公园
  • 17 万人，这一次硅谷裁员，超过了「新冠疫情」
  • OpenClaw 上，正在长出一整个「AI 硬件」生态
  • 未来不远机器人 2 个月内再获数亿元融资，累计完成 3 万+小时家庭服务
  • 苹果新笔记本上市即破发，低至3599；马化腾：没想到免费装龙虾这么火；深圳上线首批「政务龙虾」 | 极客早知道
• 数世咨询
  • 英国国家安全局首席安全官年薪17.5万美元
• 青藤云安全
  • WorkClaw正式发布：企业版小龙虾——好用不折腾，安全又可控
• 信息安全国家工程研究中心
  • AI “养龙虾” 走红，官方提示：警惕安全风险
• 天黑说嘿话
  • 如何高效排查员工是否安装了OpenClaw？企业安全防护指南
• 小米安全中心
  • 春锋猎洞活动来啦，MiSRC等你来挖洞
• 安全圈
  • 【安全圈】全民疯抢！60 岁大爷大妈也开始养龙虾了 官方：极易引发网络攻击、信息泄露
  • 【安全圈】“95后”网安尖兵张智恒：如何将嫌犯堵在国门之内
  • 【安全圈】维基百科遭 JavaScript 蠕虫攻击，数千页面被恶意篡改
  • 【安全圈】伪造 PDF 与会议链接诱骗下载，微软曝光利用合法证书签名的多段式钓鱼攻击
• 火绒安全
  • 游戏虽好别乱下！这类游戏盒子暗藏DDoS病毒
  • 诚邀渠道合作伙伴共启新征程
• 慢雾科技
  • AI 驱动安全升级｜慢雾(SlowMist) 将举办链上合规新品发布会
• 嘶吼专业版
  • 嘶吼安全产业研究院 | 两项图谱调研同步启动中，请务必区分填报、勿混淆！
  • 8项公共安全行业标准获批发布
• 情报分析师
  • 调查2026年美以与伊朗冲突各方战损的方法
• 360数字安全
  • 赛博龙虾暗藏杀机：OpenClaw席卷全球背后，多少人在“裸奔”？
• 谛听ditecting
  • 谛听 工控安全月报 | 2月
• 枇杷熟了
  • 枇杷熟了-全球网络安全日报2026-03-09
• T00ls安全
  • Android 小程序APP 抓包，从一直报错443到抓包畅通无阻
• 迪哥讲事
  • 内网漫游
• 安全行者老霍
  • 2025年安全漏洞疯长，但仅1%被用于攻击
• 字节跳动技术团队
  • OpenViking x OpenClaw：开箱即用 解决 Agent 的长期记忆困局
  • Vibe Coding 一键部署——火山引擎推出 Supabase， 驱动Agent 应用快速上线
• Over Security - Cybersecurity news aggregator
  • Microsoft Teams phishing targets employees with backdoors
  • Trump nominee to lead Cyber Command, NSA clears key Senate hurdle
  • Google: Cloud attacks exploit flaws more than weak credentials
  • Dutch govt warns of Signal, WhatsApp account hijacking attacks
  • White House floats Victims Restoration Program for millions affected by cyber fraud
  • New White House cyber strategy pledges to ease regulations, ‘impose costs’ on bad actors
  • Ericsson US discloses data breach after service provider hack
  • Sicurezza dei dispositivi medici: i 3 pilastri cyber per competere con i mercati globali
  • ShinyHunters claims ongoing Salesforce Aura data theft attacks
  • Microsoft Teams will tag third-party bots trying to join meetings
  • Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn
  • Strategia cyber USA 2026: i sei pilastri di Trump per il dominio tecnologico USA
  • Detection e function hooking
  • FBI warns of phishing attacks impersonating US city, county officials
  • Sospetto cyber attacco cinese contro l’FBI: le analogie con l’intrusione contro il Viminale
  • FBI investigating ‘suspicious activities’ on agency network following February incident
  • Indonesia to ban children under 16 from social media
  • Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown
  • Kremlin hackers attempting to compromise Signal, WhatsApp accounts globally
  • Why Password Audits Miss the Accounts Attackers Actually Want
  • Claude trova 22 bug critici in Firefox: l’IA ridisegna il futuro del vulnerability research
  • Microsoft still working to fix Windows Explorer white flashes
  • Australia, New Zealand, Tonga, Warn of Rising INC Ransom Attacks Targeting Pacific Networks
  • The Mystery of Nadia Marcinko: Epstein’s Alleged Right Hand and Her Digital Trail
  • Generative Application Firewall: un nuovo paradigma per la sicurezza dei sistemi basati su LLM
  • Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
  • Kids Internet and Digital Safety Act Gains Momentum in U.S. House
  • Ghanaian Man Pleads Guilty in U.S. Court for Romance Scams That Stole $100M
  • ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux
• 奇安信 CERT
  • 【已复现】Nginx UI 信息泄露漏洞(CVE-2026-27944)安全风险通告
• Arturo Di Corinto
  • Manualetto di sicurezza digitale per giornalisti e attivisti
• 洞源实验室
  • 没有握把的刀：OpenClaw的启示，比它自身更重要
• ChaMd5安全团队
  • EHAX CTF 2026 Writeup by Mini-Venom
• CNVD漏洞平台
  • CNVD漏洞周报2026年第9期
  • 上周关注度较高的产品安全漏洞(20260302-20260308)
• 安全419
  • 全民“养虾”背后：AI Agent狂欢下的安全冷思考
• Schneier on Security
  • New Attack Against Wi-Fi
• ICT Security Magazine
  • Frode occupazionale nordcoreana AI: come la DPRK infiltra le aziende tech
  • Cyber-guerra Iran-USA-Israele: operazione Epic Fury e Roaring Lion, il più grande attacco informatico della storia
  • Comunicazioni illecite in carcere: perché i jammer non funzionano e cosa fare davvero
• The Hacker News
  • Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
  • UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
  • ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
  • Can the Security Platform Finally Deliver for the Mid-Market?
  • Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
  • Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
• TorrentFreak
  • Major Publishers Sue Anna’s Archive Over ‘Staggering’ Copyright Infringement, Seek Injunction
  • Italian IPTV Pirates Pay €1,000 in Damages to Football League Serie A
• Security Affairs
  • FBI alert: scammers target zoning permit applicants
  • Russia-linked hackers target Signal, WhatsApp of officials globally
  • Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients
  • Anthropic Claude Opus AI model discovers 22 Firefox bugs
• Deeplinks
  • The SAFE Act is an Imperfect Vehicle for Real Section 702 Reform
  • Privacy's Defender: Launch Party in Berkeley
  • EFFecting Change: Privacy's Defender
• The Register - Security
  • AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours
  • ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
  • EV charger biz ELECQ zapped by ransomware crooks, customer contact data stolen
  • Dutch cops warn 100 alleged scammers: Turn yourselves in or we tell Grandma
  • Russian cybercrims phish their way into officials' Signal and WhatsApp accounts
  • Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
  • Royal Navy races to arm ships against drone threat
  • Iran is the first out-loud cyberwar the US has fought
• Trend Micro Research, News and Perspectives
  • TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense