|
| 1 | +# 每日安全资讯(2025-05-12) |
| 2 | + |
| 3 | +- SecWiki News |
| 4 | + - [SecWiki News 2025-05-11 Review](http://www.sec-wiki.com/?2025-05-11) |
| 5 | +- Security Boulevard |
| 6 | + - [Achieve Stability with Streamlined Secrets Management](https://securityboulevard.com/2025/05/achieve-stability-with-streamlined-secrets-management/?utm_source=rss&utm_medium=rss&utm_campaign=achieve-stability-with-streamlined-secrets-management) |
| 7 | + - [Justify Your Investment in Cloud-Native NHIs](https://securityboulevard.com/2025/05/justify-your-investment-in-cloud-native-nhis/?utm_source=rss&utm_medium=rss&utm_campaign=justify-your-investment-in-cloud-native-nhis) |
| 8 | + - [BSidesLV24 – Proving Ground – The Immortal Retrofuturism Of Mainframe Computers And How To Keep Them Safe](https://securityboulevard.com/2025/05/bsideslv24-proving-ground-the-immortal-retrofuturism-of-mainframe-computers-and-how-to-keep-them-safe/?utm_source=rss&utm_medium=rss&utm_campaign=bsideslv24-proving-ground-the-immortal-retrofuturism-of-mainframe-computers-and-how-to-keep-them-safe) |
| 9 | + - [Did LockBit Just Get Locked Out? The Walmart of Ransomware’s Massive Leak](https://securityboulevard.com/2025/05/did-lockbit-just-get-locked-out-the-walmart-of-ransomwares-massive-leak/?utm_source=rss&utm_medium=rss&utm_campaign=did-lockbit-just-get-locked-out-the-walmart-of-ransomwares-massive-leak) |
| 10 | + - [The Legacy Cyber Threat: Why We Must Prioritize Modernization](https://securityboulevard.com/2025/05/the-legacy-cyber-threat-why-we-must-prioritize-modernization/?utm_source=rss&utm_medium=rss&utm_campaign=the-legacy-cyber-threat-why-we-must-prioritize-modernization) |
| 11 | +- Recent Commits to cve:main |
| 12 | + - [Update Sun May 11 16:00:05 UTC 2025](https://github.com/trickest/cve/commit/636e428a4868a680e8b294c07155b1669e40ba9b) |
| 13 | +- 一个被知识诅咒的人 |
| 14 | + - [【人工智能】全面掌控:使用Python进行深度学习模型监控与调优](https://blog.csdn.net/nokiaguy/article/details/147873231) |
| 15 | + - [【人工智能】 大模型训练的艺术:从数据到智能的飞跃](https://blog.csdn.net/nokiaguy/article/details/147873212) |
| 16 | + - [【Python】异步优势演员-评论家(A3C)算法在Python中的实现与应用](https://blog.csdn.net/nokiaguy/article/details/147873198) |
| 17 | + - [【运维】基于Python打造分布式系统日志聚合与分析利器](https://blog.csdn.net/nokiaguy/article/details/147873180) |
| 18 | + - [【人工智能】DeepSeek的崛起-下一代AI模型的秘密武器](https://blog.csdn.net/nokiaguy/article/details/147873142) |
| 19 | + - [【人工智能】微调魔法:释放大模型的个性化潜能](https://blog.csdn.net/nokiaguy/article/details/147873116) |
| 20 | +- No Headback |
| 21 | + - [开源软件供应链安全的五十年(译)](http://xargin.com/open-source-supply-chain-security/) |
| 22 | +- obaby@mars |
| 23 | + - [FaceFusion 3.2.0 — 进阶体验(不要瑟瑟)](https://h4ck.org.cn/2025/05/20664) |
| 24 | +- 不忘初心 方得始终 |
| 25 | + - [transformer库中的kv cache分析与调试](http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2025/05/11/kvcache-intro) |
| 26 | +- SentinelOne |
| 27 | + - [Mothers of SentinelOne Balance Cybersecurity & Parenthood](https://www.sentinelone.com/blog/mothers-of-sentinelone-balance-cybersecurity-parenthood/) |
| 28 | +- Reverse Engineering |
| 29 | + - [I built a sub-€200 PCB delayering system in my bedroom — down to 3µm precision (LACED project)](https://www.reddit.com/r/ReverseEngineering/comments/1kjr2xv/i_built_a_sub200_pcb_delayering_system_in_my/) |
| 30 | + - [Reverse engineering the 386 processor's prefetch queue circuitry](https://www.reddit.com/r/ReverseEngineering/comments/1kjrhry/reverse_engineering_the_386_processors_prefetch/) |
| 31 | + - [How Windows 11 Killed A 90s Classic (& My Fix)](https://www.reddit.com/r/ReverseEngineering/comments/1kjqzuf/how_windows_11_killed_a_90s_classic_my_fix/) |
| 32 | + - [Reverse-Engineering the Address Translation Caches](https://www.reddit.com/r/ReverseEngineering/comments/1kjsow1/reverseengineering_the_address_translation_caches/) |
| 33 | +- KitPloit - PenTest & Hacking Tools |
| 34 | + - [Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices](http://www.kitploit.com/2025/05/shodan-dorks-dorks-for-shodan-powerful.html) |
| 35 | + - [Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool](http://www.kitploit.com/2025/05/pegasus-pentest-arsenal-comprehensive.html) |
| 36 | +- 奇客Solidot–传递最新科技情报 |
| 37 | + - [过去 20 年最强地磁风暴带来的经验和启示](https://www.solidot.org/story?sid=81259) |
| 38 | + - [放弃 Google 搜索比预期的更简单](https://www.solidot.org/story?sid=81258) |
| 39 | + - [用 AI 作过一次弊的学生可能会一直用 AI 作弊](https://www.solidot.org/story?sid=81257) |
| 40 | +- 黑海洋 - Wiki |
| 41 | + - [如何快速注册SJSU教育邮箱](https://blog.upx8.com/4797) |
| 42 | +- 锦行科技 |
| 43 | + - [妈妈的守护从不掉线--用爱筑起的防火墙](https://mp.weixin.qq.com/s?__biz=MzIxNTQxMjQyNg==&mid=2247494016&idx=1&sn=371ac2685fece5c78a11e33aaff2d5e7&subscene=0) |
| 44 | +- 威努特安全网络 |
| 45 | + - [印度电网瘫痪警示:构建电力安全防御体系的实践路径](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651132964&idx=1&sn=2726985923f0e7b7d147fa852391bf6e&subscene=0) |
| 46 | +- 青衣十三楼飞花堂 |
| 47 | + - [西城44中是所好学校](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247488277&idx=1&sn=ecefe8f97d071a4d7fd026e43b841fe8&subscene=0) |
| 48 | +- dotNet安全矩阵 |
| 49 | + - [.NET 内网实战:通过 Windows 系统服务注册表值实现权限维持](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247499641&idx=1&sn=7afbdf6d26129d1e85536d3c0085609a&subscene=0) |
| 50 | + - [.NET 总第 71 期红队武器库和资源汇总](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247499641&idx=2&sn=aa591d98a71f78639e94ab761baece63&subscene=0) |
| 51 | + - [从 .NET 代码审计看 ViewState 反序列化漏洞](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247499641&idx=3&sn=d7f3a802ba857dfd318ec850e660210b&subscene=0) |
| 52 | +- 安全圈 |
| 53 | + - [【安全圈】Microsoft Teams 将禁止在会议期间截屏](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069558&idx=1&sn=2987948da429aca3ced7a01f29894350&subscene=0) |
| 54 | + - [【安全圈】新型.NET恶意软件"PupkinStealer":窃取浏览器凭据并通过Telegram外传](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069558&idx=2&sn=98a85cb1368ce09d81bbe5fdb0e703ae&subscene=0) |
| 55 | + - [【安全圈】20年代理僵尸网络被捣毁:每周利用1000台未修复设备经过协同行动](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069558&idx=3&sn=753a6001c974bfd4de18ddbe1cd2aecb&subscene=0) |
| 56 | +- 极客公园 |
| 57 | + - [雷军隔月首发声:创立小米以来最难的日子;Altman向马斯克服软「AGI比恩怨重要」;酷玩等明星抗议AI滥用 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653079046&idx=1&sn=9c8fbf0a34005b08dc7b1462cfb8f2cb&subscene=0) |
| 58 | +- 自在安全 |
| 59 | + - [CVSS 10 满分漏洞:CVE-2025-32432 Craft CMS RCE 及未公开利用链深度解构](https://mp.weixin.qq.com/s?__biz=Mzk0NTU5Mjg0Ng==&mid=2247492026&idx=1&sn=a45585cfb3c85bb1d0d2101a1ff10b41&subscene=0) |
| 60 | +- 迪哥讲事 |
| 61 | + - [命令执行不出网、无回显、连基础工具base64/xxd都没有?极限生存下的命令执行,怎么打?](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247497580&idx=1&sn=c77028340ad979d0182045d5796a3826&subscene=0) |
| 62 | +- 0x00sec - The Home of the Hacker - Top topics |
| 63 | + - [Help using ( I could use some personal help as well standing up the server it's on pretty shaky legs) and invite ppl who might be interested](https://0x00sec.org/t/help-using-i-could-use-some-personal-help-as-well-standing-up-the-server-its-on-pretty-shaky-legs-and-invite-ppl-who-might-be-interested/43890) |
| 64 | +- Over Security - Cybersecurity news aggregator |
| 65 | + - [Russell Child Development Center Targeted by Medusa Ransomware Group: 215 GB of Sensitive Data Exfiltrated and Encrypted](https://www.suspectfile.com/russell-child-development-center-targeted-by-medusa-ransomware-group-215-gb-of-sensitive-data-exfiltrated-and-encrypted/) |
| 66 | + - [Bluetooth 6.1 enhances privacy with randomized RPA timing](https://www.bleepingcomputer.com/news/security/bluetooth-61-enhances-privacy-with-randomized-rpa-timing/) |
| 67 | + - [Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation](https://www.darknet.org.uk/2025/05/bantam-advanced-php-backdoor-management-tool-for-post-exploitation/) |
| 68 | + - [iClicker hack targeted students with malware via fake CAPTCHA](https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/) |
| 69 | + - [ChatGPT is finally adding Download as PDF for Deep Research](https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-finally-adding-download-as-pdf-for-deep-research/) |
| 70 | + - [Guerre di Rete - L’AI, i lavoratori e i rapporti di potere](https://guerredirete.substack.com/p/guerre-di-rete-lai-i-lavoratori-e) |
| 71 | +- Technical Information Security Content & Discussion |
| 72 | + - [One-Click RCE in ASUS’s Preinstalled Driver Software](https://www.reddit.com/r/netsec/comments/1kjwfuh/oneclick_rce_in_asuss_preinstalled_driver_software/) |
| 73 | +- Your Open Hacker Community |
| 74 | + - [Anyone hacked a Nixplay w10k digital picture frame?](https://www.reddit.com/r/HowToHack/comments/1kk6n3s/anyone_hacked_a_nixplay_w10k_digital_picture_frame/) |
| 75 | +- Blackhat Library: Hacking techniques and research |
| 76 | + - [Nunflix downloaded a .exe into my downloads folder](https://www.reddit.com/r/blackhat/comments/1kk6w3v/nunflix_downloaded_a_exe_into_my_downloads_folder/) |
| 77 | +- Social Engineering |
| 78 | + - [Chase Hughes 5-2-6 method chart source?](https://www.reddit.com/r/SocialEngineering/comments/1kkcafs/chase_hughes_526_method_chart_source/) |
| 79 | + - [What to do when civilians get caught up in govt/mil-driven cybersecurity attacks & exercises and how should/are perpetrators/attackers held accountable?](https://www.reddit.com/r/SocialEngineering/comments/1kk27gu/what_to_do_when_civilians_get_caught_up_in/) |
| 80 | + - [Fake users data](https://www.reddit.com/r/SocialEngineering/comments/1kjxhnm/fake_users_data/) |
| 81 | + - [What if everything you thought was your idea... wasn’t?](https://www.reddit.com/r/SocialEngineering/comments/1kjsopn/what_if_everything_you_thought_was_your_idea_wasnt/) |
| 82 | +- Security Affairs |
| 83 | + - [SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45](https://securityaffairs.com/177697/breaking-news/security-affairs-malware-newsletter-round-45.html) |
| 84 | + - [Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION](https://securityaffairs.com/177689/breaking-news/security-affairs-newsletter-round-523-by-pierluigi-paganini-international-edition.html) |
| 85 | + - [Google will pay Texas $1.4 billion over its location tracking practices](https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html) |
| 86 | +- netsecstudents: Subreddit for students studying Network Security and its related subjects |
| 87 | + - [Does anyone have a more realistic red team training environment? Feels like the current tools still fall short.](https://www.reddit.com/r/netsecstudents/comments/1kjv4nv/does_anyone_have_a_more_realistic_red_team/) |
| 88 | + - [Looking for direction and/or mentoring](https://www.reddit.com/r/netsecstudents/comments/1kjqkgt/looking_for_direction_andor_mentoring/) |
| 89 | + - [Is this a tap or some kind of surveillance device on my home internet modem?](https://www.reddit.com/r/netsecstudents/comments/1kjr85r/is_this_a_tap_or_some_kind_of_surveillance_device/) |
| 90 | +- KitPloit - PenTest Tools! |
| 91 | + - [Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices](http://www.kitploit.com/2025/05/shodan-dorks-dorks-for-shodan-powerful.html) |
| 92 | + - [Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool](http://www.kitploit.com/2025/05/pegasus-pentest-arsenal-comprehensive.html) |
0 commit comments