|
| 1 | +# 每日安全资讯(2025-05-04) |
| 2 | + |
| 3 | +- InfoSec Write-ups - Medium |
| 4 | + - [How I Found Internal Dashboards Using Google Dorks + OSINT](https://infosecwriteups.com/how-i-found-internal-dashboards-using-google-dorks-osint-5f2c9515fcd6?source=rss----7b722bfd1b8d---4) |
| 5 | + - [Beyond the Click: Writing Introductions That Keep Readers Glued to the Page](https://infosecwriteups.com/beyond-the-click-writing-introductions-that-keep-readers-glued-to-the-page-3b9f202d9e22?source=rss----7b722bfd1b8d---4) |
| 6 | + - [AI-Powered Mystery Box Scams](https://infosecwriteups.com/ai-powered-mystery-box-scams-02e931065a19?source=rss----7b722bfd1b8d---4) |
| 7 | + - [Broken Package or Update Issues? Here’s How I Fixed My Kali Linux](https://infosecwriteups.com/broken-package-or-update-issues-heres-how-i-fixed-my-kali-linux-948bfa455300?source=rss----7b722bfd1b8d---4) |
| 8 | + - [The Hunt for Hidden Domains: A Beginner’s Guide to Subfinder and 10 Subdomain Discovery Tools for…](https://infosecwriteups.com/the-hunt-for-hidden-domains-a-beginners-guide-to-subfinder-and-10-subdomain-discovery-tools-for-ce10ade962bf?source=rss----7b722bfd1b8d---4) |
| 9 | + - [Cybersecurity Revolution: Conferences Leading the Way](https://infosecwriteups.com/cybersecurity-revolution-conferences-leading-the-way-399659f5ae16?source=rss----7b722bfd1b8d---4) |
| 10 | + - [DORA Has Entered the Chat: EU’s New Cyber Rulebook Reshaping Financial Security](https://infosecwriteups.com/dora-has-entered-the-chat-eus-new-cyber-rulebook-reshaping-financial-security-e2ce7dd95c5d?source=rss----7b722bfd1b8d---4) |
| 11 | + - [Exploiting File Inclusion: From Dot-Dot-Slash to RCE using PHP Sessions, Log Poisoning, and…](https://infosecwriteups.com/exploiting-file-inclusion-from-dot-dot-slash-to-rce-using-php-sessions-log-poisoning-and-4db1bdf8ad77?source=rss----7b722bfd1b8d---4) |
| 12 | + - [IDOR Attacks Made Simple: How Hackers Access Unauthorized Data](https://infosecwriteups.com/idor-attacks-made-simple-how-hackers-access-unauthorized-data-ca1158d18190?source=rss----7b722bfd1b8d---4) |
| 13 | + - [9 Sources of Security & Privacy Threats in LLM Agents](https://infosecwriteups.com/9-core-threats-facing-llm-agents-f6fbd66fad54?source=rss----7b722bfd1b8d---4) |
| 14 | +- CXSECURITY Database RSS Feed - CXSecurity.com |
| 15 | + - [phpMyFAQ 3.2.10 Unintended File Download Triggered by Embedded Frames](https://cxsecurity.com/issue/WLB-2025050012) |
| 16 | + - [Apache Commons Text 1.10.0 Remote Code Execution](https://cxsecurity.com/issue/WLB-2025050011) |
| 17 | + - [Daikin Security Gateway 14 Remote Password Reset](https://cxsecurity.com/issue/WLB-2025050010) |
| 18 | +- Recent Commits to cve:main |
| 19 | + - [Update Sat May 3 15:56:10 UTC 2025](https://github.com/trickest/cve/commit/44ed5fe18aaad47bcaa676c30693070bc9736067) |
| 20 | +- Security Boulevard |
| 21 | + - [Bsideslv24 – Proving Ground – Unleashing The Future Of Development: The Secret World Of Nix & Flakes](https://securityboulevard.com/2025/05/bsideslv24-proving-ground-unleashing-the-future-of-development-the-secret-world-of-nix-flakes/?utm_source=rss&utm_medium=rss&utm_campaign=bsideslv24-proving-ground-unleashing-the-future-of-development-the-secret-world-of-nix-flakes) |
| 22 | +- SecWiki News |
| 23 | + - [SecWiki News 2025-05-03 Review](http://www.sec-wiki.com/?2025-05-03) |
| 24 | +- Bug Bounty in InfoSec Write-ups on Medium |
| 25 | + - [How I Found Internal Dashboards Using Google Dorks + OSINT](https://infosecwriteups.com/how-i-found-internal-dashboards-using-google-dorks-osint-5f2c9515fcd6?source=rss----7b722bfd1b8d--bug_bounty) |
| 26 | + - [Exploiting File Inclusion: From Dot-Dot-Slash to RCE using PHP Sessions, Log Poisoning, and…](https://infosecwriteups.com/exploiting-file-inclusion-from-dot-dot-slash-to-rce-using-php-sessions-log-poisoning-and-4db1bdf8ad77?source=rss----7b722bfd1b8d--bug_bounty) |
| 27 | + - [IDOR Attacks Made Simple: How Hackers Access Unauthorized Data](https://infosecwriteups.com/idor-attacks-made-simple-how-hackers-access-unauthorized-data-ca1158d18190?source=rss----7b722bfd1b8d--bug_bounty) |
| 28 | + - [Payloads in Plain Sight: How Open Redirect + JavaScript Led to Full Account Takeover](https://infosecwriteups.com/payloads-in-plain-sight-how-open-redirect-javascript-led-to-full-account-takeover-a7ae1c359679?source=rss----7b722bfd1b8d--bug_bounty) |
| 29 | + - [$4,323 Bounty Alert](https://infosecwriteups.com/4-323-bounty-alert-4af6e66bb8c1?source=rss----7b722bfd1b8d--bug_bounty) |
| 30 | +- Reverse Engineering |
| 31 | + - [retoolkit 2025.04](https://www.reddit.com/r/ReverseEngineering/comments/1kdqucz/retoolkit_202504/) |
| 32 | + - [Goldeneye Decomp Coming Soon! And Two More Decomps In the Works](https://www.reddit.com/r/ReverseEngineering/comments/1ke36j3/goldeneye_decomp_coming_soon_and_two_more_decomps/) |
| 33 | +- SentinelOne |
| 34 | + - [DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists](https://www.sentinelone.com/blog/dragonforce-ransomware-gang-from-hacktivists-to-high-street-extortionists/) |
| 35 | +- Shostack & Friends Blog |
| 36 | + - [Andor Threats: Information Disclosure](https://shostack.org/blog/andor-threats-information-disclosure/) |
| 37 | +- KitPloit - PenTest & Hacking Tools |
| 38 | + - [Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database](http://www.kitploit.com/2025/05/liam-automatically-generates-beautiful.html) |
| 39 | +- 黑海洋 - Wiki |
| 40 | + - [Style AI:全能AI图像风格转换工具](https://blog.upx8.com/4785) |
| 41 | +- 安全分析与研究 |
| 42 | + - [海莲花APT组织最新高级免杀样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247491817&idx=1&sn=381d48cd39080e8e5f3f49785deacff8&subscene=0) |
| 43 | +- 青衣十三楼飞花堂 |
| 44 | + - [Claude的风控真严](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247488266&idx=1&sn=c915c7ee1d9859f37d525187671a20c3&subscene=0) |
| 45 | +- 丁爸 情报分析师的工具箱 |
| 46 | + - [【资料】美国在研究生物武器研发中可能受到的阻碍](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651149864&idx=1&sn=65d1721f0306b0cdcb7a0efc7d2dc43a&subscene=0) |
| 47 | + - [【资料】美国生物制造计划](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651149864&idx=2&sn=f69ca2382b1ad4b4ba16b0e1e3170aed&subscene=0) |
| 48 | +- 奇客Solidot–传递最新科技情报 |
| 49 | + - [Ubuntu 25.10 代号 Questing Quokka](https://www.solidot.org/story?sid=81207) |
| 50 | + - [Temu 停止向美国消费者直接销售来自中国的商品](https://www.solidot.org/story?sid=81206) |
| 51 | +- 安全圈 |
| 52 | + - [【安全圈】国家网络安全通报中心公布境外恶意网址和IP](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069416&idx=1&sn=515cc01e2351fc7bc0f1b62da0313900&subscene=0) |
| 53 | + - [【安全圈】迪士尼1.1TB数据泄露](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069416&idx=2&sn=f807df4735b9462cfb11efeda17a97a3&subscene=0) |
| 54 | + - [【安全圈】英国多家零售商遭遇网络黑客攻击](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652069416&idx=3&sn=54ab1afc45b0f52d9482d1ff5ad86d27&subscene=0) |
| 55 | +- dotNet安全矩阵 |
| 56 | + - [.NET 总第 70 期红队武器库和资源汇总](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247499583&idx=2&sn=6bd035f1623fb3ae0be91d15d79a93e7&subscene=0) |
| 57 | + - [.NET 免杀新思路,基于 Emit 技术实现的 WebShell](https://mp.weixin.qq.com/s?__biz=MzUyOTc3NTQ5MA==&mid=2247499583&idx=3&sn=eb5cb35ed3a635a830c7cd4e95ba7cb1&subscene=0) |
| 58 | +- 极客公园 |
| 59 | + - [小米取消 SU7 Ultra 大马力限制 OTA;淘宝闪购上线,每天2个大红包;极客团队推《人生切割术》同款键盘 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653078688&idx=1&sn=cf59cc0869d34ae67e31a0bbe159a1e2&subscene=0) |
| 60 | +- 白帽子章华鹏 |
| 61 | + - [聊聊对安全漏洞的一些关键认知](https://mp.weixin.qq.com/s?__biz=MzIyOTAxOTYwMw==&mid=2650237152&idx=1&sn=b10e2842659aaa2534416d1b9464e8b8&subscene=0) |
| 62 | +- 迪哥讲事 |
| 63 | + - [$9000 赏金的漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247497546&idx=1&sn=5e65d132cee50ec6533c214ebb178613&subscene=0) |
| 64 | +- Over Security - Cybersecurity news aggregator |
| 65 | + - [Microsoft ends Authenticator password autofill, moves users to Edge](https://www.bleepingcomputer.com/news/security/microsoft-ends-authenticator-password-autofill-moves-users-to-edge/) |
| 66 | + - [Google NotebookLM is now using Gemini 2.5 Flash](https://www.bleepingcomputer.com/news/artificial-intelligence/google-notebooklm-is-now-using-gemini-25-flash/) |
| 67 | + - [How Riot Games is fighting the war against video game hackers](https://techcrunch.com/2025/05/03/how-riot-games-is-fighting-the-war-against-video-game-hackers/) |
| 68 | + - [TikTok sotto accusa: multa da 530 milioni per trasferimento illegale di dati in Cina](https://www.cybersecurity360.it/news/tiktok-sotto-accusa-multa-da-530-milioni-per-trasferimento-illegale-di-dati-in-cina/) |
| 69 | + - [CERT-AGID 26 aprile – 2 maggio: campagne di phishing con PagoPA e il ritorno di vecchi malware](https://www.securityinfo.it/2025/05/03/cert-agid-26-aprile-2-maggio-phishing-pagopa-ritorno-vecchi-malware/) |
| 70 | +- Securityinfo.it |
| 71 | + - [CERT-AGID 26 aprile – 2 maggio: campagne di phishing con PagoPA e il ritorno di vecchi malware](https://www.securityinfo.it/2025/05/03/cert-agid-26-aprile-2-maggio-phishing-pagopa-ritorno-vecchi-malware/?utm_source=rss&utm_medium=rss&utm_campaign=cert-agid-26-aprile-2-maggio-phishing-pagopa-ritorno-vecchi-malware) |
| 72 | +- BorderGate |
| 73 | + - [Exploiting IOS-XE](https://www.bordergate.co.uk/exploiting-ios-xe/) |
| 74 | +- KitPloit - PenTest Tools! |
| 75 | + - [Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database](http://www.kitploit.com/2025/05/liam-automatically-generates-beautiful.html) |
| 76 | +- Security Affairs |
| 77 | + - [Rhysida Ransomware gang claims the hack of the Government of Peru](https://securityaffairs.com/177388/cyber-crime/rhysida-ransomware-gang-claims-the-hack-of-the-government-of-peru.html) |
| 78 | + - [DragonForce group claims the theft of data after Co-op cyberattack](https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html) |
| 79 | + - [U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177367/hacking/u-s-cisa-adds-yii-framework-and-commvault-command-center-flaws-to-its-known-exploited-vulnerabilities-catalog.html) |
| 80 | +- Deep Web |
| 81 | + - [Where can i find lots of useful Onion links?](https://www.reddit.com/r/deepweb/comments/1kdz2go/where_can_i_find_lots_of_useful_onion_links/) |
| 82 | +- netsecstudents: Subreddit for students studying Network Security and its related subjects |
| 83 | + - [19 y/o Pursuing offensive pentesting -> Red/Purple Teamer Where to start from ? Please Seniors Guide Me as You would your youngerself ?](https://www.reddit.com/r/netsecstudents/comments/1kdpsuv/19_yo_pursuing_offensive_pentesting_redpurple/) |
| 84 | +- The Hacker News |
| 85 | + - [Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack](https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html) |
| 86 | + - [Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware](https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html) |
| 87 | + - [U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems](https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html) |
| 88 | +- Social Engineering |
| 89 | + - [When someone tells a story, how do you gain a perspective on it?](https://www.reddit.com/r/SocialEngineering/comments/1ke3vhz/when_someone_tells_a_story_how_do_you_gain_a/) |
| 90 | +- Information Security |
| 91 | + - [Victims lost $16.6 billion to cybercrime in 2024](https://www.reddit.com/r/Information_Security/comments/1ke1fse/victims_lost_166_billion_to_cybercrime_in_2024/) |
| 92 | + - [“It’s Not a Bug, It’s a Feature”: Microsoft’s RDP Caching Nightmare](https://www.reddit.com/r/Information_Security/comments/1ke2ieu/its_not_a_bug_its_a_feature_microsofts_rdp/) |
| 93 | +- Your Open Hacker Community |
| 94 | + - [To all reverse engineering experts out there](https://www.reddit.com/r/HowToHack/comments/1ke1zxv/to_all_reverse_engineering_experts_out_there/) |
| 95 | + - [Udemy Course Question](https://www.reddit.com/r/HowToHack/comments/1ke5wgv/udemy_course_question/) |
| 96 | + - [Help with finding RCE on very strange outdated webserver software](https://www.reddit.com/r/HowToHack/comments/1kdfsx5/help_with_finding_rce_on_very_strange_outdated/) |
| 97 | + - [Recommend a program that mimics an antivirus to Windows Security Center](https://www.reddit.com/r/HowToHack/comments/1kdfy9i/recommend_a_program_that_mimics_an_antivirus_to/) |
| 98 | + - [Need to Ddos attack my wifi](https://www.reddit.com/r/HowToHack/comments/1kdkoeb/need_to_ddos_attack_my_wifi/) |
| 99 | +- Computer Forensics |
| 100 | + - [CCO/CCPA Exam Attempts](https://www.reddit.com/r/computerforensics/comments/1ke0sba/ccoccpa_exam_attempts/) |
| 101 | +- Blackhat Library: Hacking techniques and research |
| 102 | + - [Looking for partners and/or group(s)](https://www.reddit.com/r/blackhat/comments/1kduc1u/looking_for_partners_andor_groups/) |
| 103 | +- SANS Internet Storm Center, InfoCON: green |
| 104 | + - [Steganography Challenge, (Sat, May 3rd)](https://isc.sans.edu/diary/rss/31910) |
0 commit comments