# 每日安全资讯(2026-03-09) - SecWiki News - [ ] [SecWiki News 2026-03-08 Review](http://www.sec-wiki.com/?2026-03-08) - CXSECURITY Database RSS Feed - CXSecurity.com - [ ] [PluckCMS 4.7.10 Unrestricted File Upload](https://cxsecurity.com/issue/WLB-2026030016) - [ ] [Python-Multipart < 0.0.22 - Path Traversal / Arbitrary File Write (CVE-2026-24486)](https://cxsecurity.com/issue/WLB-2026030015) - [ ] [WeGIA < = 3.6.4 Unauthenticated Admin Authentication Bypass](https://cxsecurity.com/issue/WLB-2026030014) - [ ] [NocoDB < = 0.301.2 User Enumeration via Password Reset Endpoint](https://cxsecurity.com/issue/WLB-2026030013) - [ ] [Craft CMS 4.x & 5.x RCE via Blocklist Bypass](https://cxsecurity.com/issue/WLB-2026030012) - [ ] [pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT](https://cxsecurity.com/issue/WLB-2026030011) - [ ] [AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board](https://cxsecurity.com/issue/WLB-2026030010) - Der Flounder - [ ] [Using the Jamf Pro API to deploy installer packages using MDM commands](https://derflounder.wordpress.com/2026/03/08/using-the-jamf-pro-api-to-deploy-installer-packages-using-mdm-commands/) - Recent Commits to cve:main - [ ] [Update Sun Mar 8 11:31:05 UTC 2026](https://github.com/trickest/cve/commit/54596bc659ecb564e8bef696e733daf2d5cdf9bd) - Zdziarski - [ ] [The Link Between Christian Nationalism and Hitler’s Germany](https://www.zdziarski.com/blog/?p=13746) - Private Feed for M09Ic - [ ] [xnl-h4ck3r released v8.7 at xnl-h4ck3r/waymore](https://github.com/xnl-h4ck3r/waymore/releases/tag/v8.7) - [ ] [mgeeky starred byt3bl33d3r/figaro](https://github.com/byt3bl33d3r/figaro) - [ ] [CHYbeta starred googleworkspace/cli](https://github.com/googleworkspace/cli) - [ ] [mgeeky starred dazzyddos/PrivHound](https://github.com/dazzyddos/PrivHound) - [ ] [PrefectHQ released 3.6.22.dev3 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.22.dev3) - [ ] [Mr-xn starred rtk-ai/rtk](https://github.com/rtk-ai/rtk) - [ ] [gh0stkey starred matteyeux/coruna](https://github.com/matteyeux/coruna) - [ ] [panjf2000 starred nearai/ironclaw](https://github.com/nearai/ironclaw) - ClevCode - [ ] [Security in the Age of Agents](https://clevcode.org/security-in-the-age-of-agents/) - Didier Stevens - [ ] [Update: base64dump.py Version 0.0.29](https://blog.didierstevens.com/2026/03/08/update-base64dump-py-version-0-0-29/) - Malwarebytes - [ ] [Ring doorbells: Won’t you see my neighbor? (Lock and Code S07E05)](https://www.malwarebytes.com/blog/podcast/2026/03/ring-doorbells-wont-you-see-my-neighbor-lock-and-code-s07e05) - Reverse Engineering - [ ] [GhostWeaver - a malware that lives up to its name](https://www.reddit.com/r/ReverseEngineering/comments/1ro58wd/ghostweaver_a_malware_that_lives_up_to_its_name/) - [ ] [[Update] I know I've shared LCSAJdump before, but v1.1.2 just mapped the entire x86_64 libc graph in <10s. It's now faster than ROPgadget while finding JOPs/Shadow Gadgets they physically miss.](https://www.reddit.com/r/ReverseEngineering/comments/1rob9wk/update_i_know_ive_shared_lcsajdump_before_but/) - [ ] [I need help in Wana see the source code or the things used in app like can we see ?? I have recently came to know that it's possible with using JADX please help we to how to see code is it possible](https://www.reddit.com/r/ReverseEngineering/comments/1roddn7/i_need_help_in_wana_see_the_source_code_or_the/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [龙岗拟出台措施 支持OpenClaw&OPC发展](https://blog.upx8.com/%E9%BE%99%E5%B2%97%E6%8B%9F%E5%87%BA%E5%8F%B0%E6%8E%AA%E6%96%BD-%E6%94%AF%E6%8C%81OpenClaw-OPC%E5%8F%91%E5%B1%95) - [ ] [AI 聊天机器人将用户引导至非法在线赌场](https://blog.upx8.com/AI-%E8%81%8A%E5%A4%A9%E6%9C%BA%E5%99%A8%E4%BA%BA%E5%B0%86%E7%94%A8%E6%88%B7%E5%BC%95%E5%AF%BC%E8%87%B3%E9%9D%9E%E6%B3%95%E5%9C%A8%E7%BA%BF%E8%B5%8C%E5%9C%BA) - [ ] [伊朗就新任最高领袖人选达成多数共识](https://blog.upx8.com/%E4%BC%8A%E6%9C%97%E5%B0%B1%E6%96%B0%E4%BB%BB%E6%9C%80%E9%AB%98%E9%A2%86%E8%A2%96%E4%BA%BA%E9%80%89%E8%BE%BE%E6%88%90%E5%A4%9A%E6%95%B0%E5%85%B1%E8%AF%86) - [ ] [三星称愿与OpenAI等更多公司达成战略合作](https://blog.upx8.com/%E4%B8%89%E6%98%9F%E7%A7%B0%E6%84%BF%E4%B8%8EOpenAI%E7%AD%89%E6%9B%B4%E5%A4%9A%E5%85%AC%E5%8F%B8%E8%BE%BE%E6%88%90%E6%88%98%E7%95%A5%E5%90%88%E4%BD%9C) - [ ] [印度PC出货量超越疫情峰值 达1590万台](https://blog.upx8.com/%E5%8D%B0%E5%BA%A6PC%E5%87%BA%E8%B4%A7%E9%87%8F%E8%B6%85%E8%B6%8A%E7%96%AB%E6%83%85%E5%B3%B0%E5%80%BC-%E8%BE%BE1590%E4%B8%87%E5%8F%B0) - [ ] [安世半导体风波再起,中国警告全球产供链危机](https://blog.upx8.com/%E5%AE%89%E4%B8%96%E5%8D%8A%E5%AF%BC%E4%BD%93%E9%A3%8E%E6%B3%A2%E5%86%8D%E8%B5%B7-%E4%B8%AD%E5%9B%BD%E8%AD%A6%E5%91%8A%E5%85%A8%E7%90%83%E4%BA%A7%E4%BE%9B%E9%93%BE%E5%8D%B1%E6%9C%BA) - [ ] [OpenAI再次推迟ChatGPT的“成人模式”](https://blog.upx8.com/OpenAI%E5%86%8D%E6%AC%A1%E6%8E%A8%E8%BF%9FChatGPT%E7%9A%84-%E6%88%90%E4%BA%BA%E6%A8%A1%E5%BC%8F) - 奇客Solidot–传递最新科技情报 - [ ] [印尼和印度卡纳塔克邦将禁止 16 岁以下儿童使用社媒](https://www.solidot.org/story?sid=83713) - [ ] [NASA DART 探测器确认改变了小行星的轨道](https://www.solidot.org/story?sid=83712) - 威努特安全网络 - [ ] [AI掀起工业安全新挑战,看威努特“白环境”如何破局?](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651140394&idx=1&sn=0e5620bf49f24b5568ff1e4ef8038226) - 丁爸 情报分析师的工具箱 - [ ] [【工具】美伊冲突实时追踪网站](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651154705&idx=1&sn=0102f2a546013e48b672f14ce0c51edc) - 黑鸟 - [ ] [避开英文AI写作套路:别让AI检测工具成了写作的枷锁](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185628&idx=1&sn=0c2be2783ae96bbcf2bb950264d8b2a7) - 吾爱破解论坛 - [ ] [十八周年开放注册微信抽奖活动,先送20个账号注册码或300论坛币,周一下午两点开奖,详见:【开放注册公告】吾爱破解论坛2026年3月13日十八周年开放注册公告](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143712&idx=1&sn=8af7768967ffac69a438a1f1524c3635) - 皮相 - [ ] [掌控信息,而不是被信息掌控](https://mp.weixin.qq.com/s?__biz=MzI0NDA5MDYyNA==&mid=2648257329&idx=1&sn=20908ae6e8fb09950b5e1f7a5b5c2f96) - 青衣十三楼飞花堂 - [ ] [初一下学期的倒角难题挑战](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489084&idx=1&sn=7ac8a6e3a7424ff4a2770d84b52bc237) - 电子物证 - [ ] [【实用 APK 分析模板:溯源链路与研判分析汇总】](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048940&idx=1&sn=33d8cc14cb5d2c6864a954d5d914ef05) - [ ] [【一图看懂】常用哈希算法原理](https://mp.weixin.qq.com/s?__biz=MzAwNDcwMDgzMA==&mid=2651048940&idx=2&sn=2168b140333bc7f61ead1f792ddf5fb1) - 极客公园 - [ ] [给 OpenAI 造机器人的人,看见了可怕的未来](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100595&idx=1&sn=820ed2e94b292ee22abf1bf09b8f1d7a) - [ ] [为什么「从 1 数到 10」这件事,所有视频模型都不会?](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100564&idx=1&sn=e74e00270a8dd1f1877718ce39705161) - [ ] [雷军:未来每周只需工作 3 天;腾讯 QQ 官方接入「龙虾」,1 账号 5 个;ChatGPT「成人模式」推迟发布 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100586&idx=1&sn=01356e98916bcad168b1f73ac79b8bbc) - 非尝咸鱼贩 - [ ] [重访斯洛伐克:打卡名人机位和后朋克专辑封面](https://mp.weixin.qq.com/s?__biz=Mzk0NDE3MTkzNQ==&mid=2247485830&idx=1&sn=15fc406e15a254a81f974244bcd26415) - 火绒安全 - [ ] [芳华启新程|火绒致敬每一位独立坚守、勇敢担当的她](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531229&idx=1&sn=e92394a8a2e718fb9db072690c8c26fb) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531229&idx=2&sn=4d4e0a088996299136178d6f1fe15c0b) - 复旦白泽战队 - [ ] [妇女节到啦|白泽AI祝大家快乐在线,状态满格!](https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247497789&idx=1&sn=7951df4a11843c4a1ee21121d67d5592) - 安全圈 - [ ] [【安全圈】紧急!思科发布最高级别预警,一口气修复48个漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=1&sn=ef939eb4d183296256162bca1d577177) - [ ] [【安全圈】重磅!IBM X-Force报告:AI驱动攻击狂飙,勒索软件激增49%](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=2&sn=41aac7caec6bd6da98ec4c7c6b1f785f) - [ ] [【安全圈】紧急!游戏平台遭黑客入侵,1500万账户数据泄露,波及PSN/Xbox/Steam/Epic](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=3&sn=a9c6660530e537b38ec8593c0ab2427c) - [ ] [【安全圈】高危0day突袭!俄APT28借MSHTML漏洞突破防线,政企紧急戒备](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074459&idx=4&sn=f3ae22e08096eab2957816229960f85b) - 安全行者老霍 - [ ] [托管安全服务:实操指南--如何外包网络防御而不失控](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486032&idx=1&sn=e3f8ddfe984fd9bfaf7f76bb594ddb4f) - 自在安全 - [ ] [如何利用 AI 分析 CVE-2025-20393 思科安全邮件网关 CVSS10 满分复杂匿名 RCE 漏洞](https://mp.weixin.qq.com/s?__biz=Mzk0NTU5Mjg0Ng==&mid=2247492706&idx=1&sn=fdd3a02e537a160a014f2b3e2870d60e) - Over Security - Cybersecurity news aggregator - [ ] [How AI Assistants are Moving the Security Goalposts](https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/) - [ ] [EU court adviser says banks must immediately refund phishing victims](https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/) - [ ] [Hackers abuse .arpa DNS and ipv6 to evade phishing defenses](https://www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/) - [ ] [Ransomware Group Securotrop Claims Breach of Universal Mailing Service, Says 490GB of Data Stolen](https://www.suspectfile.com/ransomware-group-securotrop-claims-breach-of-universal-mailing-service-says-490gb-of-data-stolen/) - [ ] [Women in Cybersecurity Reveal the Skills That Built Their Confidence](https://thecyberexpress.com/women-in-cybersecurity-give-to-gain/) - [ ] [Top 50 Women Leaders in Cybersecurity to Watch in 2026](https://thecyberexpress.com/top-50-women-in-cybersecurity-to-watch-in-2026/) - cavallette - [ ] [Problema hardware / Hardware issue](https://cavallette.noblogs.org/2026/03/10038) - bellingcat - [ ] [Video Shows US Tomahawk Missile Strike Next to Girls’ School in Iran](https://www.bellingcat.com/news/2026/03/08/video-shows-us-tomahawk-missile-strike-next-to-girls-school-in-iran/) - The Register - Security - [ ] [FBI is investigating breach that may have hit its wiretapping tools](https://go.theregister.com/feed/www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/) - [ ] [AI agents now help attackers, including North Korea, manage their drudge work](https://go.theregister.com/feed/www.theregister.com/2026/03/08/deploy_and_manage_attack_infrastructure/) - Security Affairs - [ ] [Critical Nginx UI flaw CVE-2026-27944 exposes server backups](https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html) - [ ] [Massive GitHub malware operation spreads BoryptGrab stealer](https://securityaffairs.com/189110/malware/massive-github-malware-operation-spreads-boryptgrab-stealer.html) - [ ] [SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87](https://securityaffairs.com/189103/malware/security-affairs-malware-newsletter-round-87.html) - [ ] [Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION](https://securityaffairs.com/189094/breaking-news/security-affairs-newsletter-round-566-by-pierluigi-paganini-international-edition.html) - Your Open Hacker Community - [ ] [How do hackers receive money without getting their bank accounts tracked ?](https://www.reddit.com/r/HowToHack/comments/1rntz18/how_do_hackers_receive_money_without_getting/) - [ ] [Hostname discovery on network](https://www.reddit.com/r/HowToHack/comments/1ro0d9c/hostname_discovery_on_network/) - [ ] [Retrieve information from old Galaxy S Advance (locked)](https://www.reddit.com/r/HowToHack/comments/1ro1e6m/retrieve_information_from_old_galaxy_s_advance/) - [ ] [How to hack a Shenzhen MT61?](https://www.reddit.com/r/HowToHack/comments/1ro2o3m/how_to_hack_a_shenzhen_mt61/) - [ ] [how to unencrypt .vbk files?](https://www.reddit.com/r/HowToHack/comments/1ro8mgx/how_to_unencrypt_vbk_files/) - [ ] [Bypass vpn detection in survey website](https://www.reddit.com/r/HowToHack/comments/1rnxvts/bypass_vpn_detection_in_survey_website/) - [ ] [I need help](https://www.reddit.com/r/HowToHack/comments/1ro24hm/i_need_help/) - Social Engineering - [ ] [I'm a Dentist. What are some Books that will help me raise concern, motivation, and compliance in patients?](https://www.reddit.com/r/SocialEngineering/comments/1rok3hh/im_a_dentist_what_are_some_books_that_will_help/) - [ ] [People's weaknesses, do you know any?](https://www.reddit.com/r/SocialEngineering/comments/1robdad/peoples_weaknesses_do_you_know_any/) - Krebs on Security - [ ] [How AI Assistants are Moving the Security Goalposts](https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/) - Dark Space Blogspot - [ ] [I Protagonisti Delle Crypto Wars: Da Zimmermann a Durov](http://darkwhite666.blogspot.com/2026/03/i-protagonisti-delle-crypto-wars-da.html) - Information Security - [ ] [Sentinel-ThreatWall](https://www.reddit.com/r/Information_Security/comments/1rodji8/sentinelthreatwall/) - [ ] [Is user training as preventative as we’d hope?](https://www.reddit.com/r/Information_Security/comments/1rnx1qx/is_user_training_as_preventative_as_wed_hope/) - Technical Information Security Content & Discussion - [ ] [Fake Claude Code Install Guides Spread Amatera Infostealer in New “InstallFix” Malvertising Campaign](https://www.reddit.com/r/netsec/comments/1robwok/fake_claude_code_install_guides_spread_amatera/) - [ ] [From Chrome Extension Supply-Chain Compromise to Host Malware: Technical Breakdown of the ShotBird Campaign](https://www.reddit.com/r/netsec/comments/1rob5no/from_chrome_extension_supplychain_compromise_to/) - [ ] [AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks](https://www.reddit.com/r/netsec/comments/1rojhfl/airsnitch_demystifying_and_breaking_client/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [Free Workshop: Understanding IAM (Identity & Access Management)](https://www.reddit.com/r/netsecstudents/comments/1rof0t0/free_workshop_understanding_iam_identity_access/) - [ ] [OpenShell——An open-source reverse shell management server written in Go.](https://www.reddit.com/r/netsecstudents/comments/1roahws/openshellan_opensource_reverse_shell_management/) - [ ] [Beginner cybersecurity learner – what networking topics should I study?](https://www.reddit.com/r/netsecstudents/comments/1ro3psz/beginner_cybersecurity_learner_what_networking/) - [ ] [New rental home network](https://www.reddit.com/r/netsecstudents/comments/1rob6ze/new_rental_home_network/) - [ ] [Soon to be Ex-marketing technology bloke looking to enter cyber sec, Would love if i could request some aid in a project i'm working on for my CV](https://www.reddit.com/r/netsecstudents/comments/1ro2311/soon_to_be_exmarketing_technology_bloke_looking/) - [ ] [Built a self-hosted subdomain monitoring tool for bug bounty](https://www.reddit.com/r/netsecstudents/comments/1rnwrm0/built_a_selfhosted_subdomain_monitoring_tool_for/) - [ ] [Sto provando a spiegare come funziona davvero Internet: feedback tecnico benvenuto](https://www.reddit.com/r/netsecstudents/comments/1rnwbl8/sto_provando_a_spiegare_come_funziona_davvero/) - Blackhat Library: Hacking techniques and research - [ ] [We used Kolega to find and fix real vulnerabilities in high-quality open source projects](https://www.reddit.com/r/blackhat/comments/1ro3wpp/we_used_kolega_to_find_and_fix_real/) - [ ] [Security professionals: what’s a vulnerability you discovered that made you question how the system ever passed testing?](https://www.reddit.com/r/blackhat/comments/1rnptnd/security_professionals_whats_a_vulnerability_you/)
每日安全资讯(2026-03-09)