# 每日安全资讯(2026-02-24) - SecWiki News - [ ] [SecWiki News 2026-02-23 Review](http://www.sec-wiki.com/?2026-02-23) - Private Feed for M09Ic - [ ] [joaoviictorti starred mannyfred/wpd_com](https://github.com/mannyfred/wpd_com) - [ ] [github released v0.1.6 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.1.6) - [ ] [bolucat released 202602232019 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202602232019) - [ ] [INotGreen starred Wei-Shaw/claude-relay-service](https://github.com/Wei-Shaw/claude-relay-service) - [ ] [pydantic released v1.63.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.63.0) - [ ] [CHYbeta starred datawhalechina/self-llm](https://github.com/datawhalechina/self-llm) - [ ] [Pennyw0rth released v1.5.1 at Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec/releases/tag/v1.5.1) - [ ] [0xbug starred nelvko/clash-for-linux-install](https://github.com/nelvko/clash-for-linux-install) - [ ] [safedv starred dazzyddos/lsawhisper-bof](https://github.com/dazzyddos/lsawhisper-bof) - [ ] [0xbug starred cilium/cilium](https://github.com/cilium/cilium) - [ ] [obfuscar released v3.0.0-beta.3 at obfuscar/obfuscar](https://github.com/obfuscar/obfuscar/releases/tag/v3.0.0-beta.3) - [ ] [IC3-CR3AM forked IC3-CR3AM/CobaltStrikeBeaconCppSource from kirs112/CobaltStrikeBeaconCppSource](https://github.com/IC3-CR3AM/CobaltStrikeBeaconCppSource) - [ ] [IC3-CR3AM starred kirs112/CobaltStrikeBeaconCppSource](https://github.com/kirs112/CobaltStrikeBeaconCppSource) - Recent Commits to cve:main - [ ] [Update Mon Feb 23 11:22:32 UTC 2026](https://github.com/trickest/cve/commit/24957148160aad13fa6a2f9f8fb941da9f167f5f) - CXSECURITY Database RSS Feed - CXSecurity.com - [ ] [Oracle HTTP Server & WebLogic Proxy Plug-in – Unauthenticated Improper Access Control](https://cxsecurity.com/issue/WLB-2026020027) - [ ] [FreeBSD rtsold 15.x Remote Code Execution via DNSSL](https://cxsecurity.com/issue/WLB-2026020026) - [ ] [FileBrowser ≤ v2.57.0 - Path-Based Access Control Bypass via Multiple Leading Slashes in URL (Authenticated Authorization Byp](https://cxsecurity.com/issue/WLB-2026020025) - [ ] [Icinga for Windows 1.13.3 - Incorrect Default Permissions Private Key Exposure](https://cxsecurity.com/issue/WLB-2026020024) - [ ] [LangGraph SQLite Checkpoint - SQL Injection via Metadata Filter Key](https://cxsecurity.com/issue/WLB-2026020023) - [ ] [Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free](https://cxsecurity.com/issue/WLB-2026020022) - Cerbero Blog - [ ] [Memory Challenge 17: Recollection](https://blog.cerbero.io/memory-challenge-17-recollection/) - Payatu - [ ] [Top 7 Red Team Companies in India](https://payatu.com/blog/top-7-red-team-companies-in-india/) - Hacking Dream - [ ] [Qwen3-TTS Local Voice Cloning for Red Team Ops](https://www.hackingdream.net/2026/02/qwen3-tts-local-voice-cloning-for-red-team-ops.html) - Malwarebytes - [ ] [OpenClaw: What is it and can you use it safely?](https://www.malwarebytes.com/blog/news/2026/02/openclaw-what-is-it-and-can-you-use-it-safely) - [ ] [Password managers keep your passwords safe, unless…](https://www.malwarebytes.com/blog/news/2026/02/password-managers-keep-your-passwords-safe-unless) - [ ] [Fake Huorong security site infects users with ValleyRAT](https://www.malwarebytes.com/blog/scams/2026/02/huorong) - [ ] [A week in security (February 16 – February 22)](https://www.malwarebytes.com/blog/news/2026/02/a-week-in-security-february-16-february-22) - Reverse Engineering - [ ] [/r/ReverseEngineering's Weekly Questions Thread](https://www.reddit.com/r/ReverseEngineering/comments/1rcbjee/rreverseengineerings_weekly_questions_thread/) - [ ] [I got tired of digging through noisy driver patches, so I built a semantic diff engine for Windows kernel drivers](https://www.reddit.com/r/ReverseEngineering/comments/1rcpx6r/i_got_tired_of_digging_through_noisy_driver/) - [ ] [Reverse Engineering the PROM for the SGI O2](https://www.reddit.com/r/ReverseEngineering/comments/1rcvqkm/reverse_engineering_the_prom_for_the_sgi_o2/) - [ ] [GitHub - merces/awesome-hex-editors: A curated and enriched list of awesome hexadecimal editors for Windows, macOS, and Linux.](https://www.reddit.com/r/ReverseEngineering/comments/1rc6spa/github_mercesawesomehexeditors_a_curated_and/) - Checkmarx - [ ] [AI Code Needs AI Security: Why Claude’s Announcement Signals a Bigger Shift](https://checkmarx.com/blog/ai-code-needs-ai-security-why-claudes-announcement-signals-a-bigger-shift/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [Anthropic:深度求索等中企蒸馏了其AI模型](https://blog.upx8.com/Anthropic-%E6%B7%B1%E5%BA%A6%E6%B1%82%E7%B4%A2%E7%AD%89%E4%B8%AD%E4%BC%81%E8%92%B8%E9%A6%8F%E4%BA%86%E5%85%B6AI%E6%A8%A1%E5%9E%8B) - 奇客Solidot–传递最新科技情报 - [ ] [F-35 能被越狱安装第三方软件](https://www.solidot.org/story?sid=83596) - [ ] [Linux 7.0-rc1 释出](https://www.solidot.org/story?sid=83595) - [ ] [雏鸡也存在 Bouba/Kiki 效应](https://www.solidot.org/story?sid=83594) - 锦行科技 - [ ] [初七 · 庆生 | 人强,马壮](https://mp.weixin.qq.com/s?__biz=MzIxNTQxMjQyNg==&mid=2247494763&idx=1&sn=daac9311fe0683f9663670ab401b212d) - 威努特安全网络 - [ ] [低空经济下无人机产业的网络安全挑战与应对策略](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651140125&idx=1&sn=40991f64a01972c71211342e67c0df0f) - 黑鸟 - [ ] [预装系统应用的隐私盲区:天气应用将位置收藏转化为可追踪唯一标识](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185440&idx=1&sn=2ff0bc702df0492ae1a4d133f9a6e69b) - 中国信息安全 - [ ] [论坛·2025全球网安概览 | 欧亚地区2025年网络安全态势综述](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259448&idx=1&sn=911c301e5b89b733eca0ff016946183d) - [ ] [专家解读 | 分类协同 提升能力 监管规范 培育数据流通服务机构的三大支柱](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259448&idx=2&sn=2b947e222ab43aa0ac356c687a2a3f7d) - [ ] [观点 | 人工智能的军事应用及风险挑战](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259448&idx=3&sn=2dbc650b08ccc0371936a93cdc848e56) - [ ] [评论 | 为网络治理现代化筑牢网络安全法治之基](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259448&idx=4&sn=695d651a2e9dd8dcc38dc0f11678738c) - 安全研究GoSSIP - [ ] [G.O.S.S.I.P 2026 新春总动员(4):Unix星空下的第一步](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501461&idx=1&sn=41f4ac4450f44d9ee2af2a85b139ee8d) - 数世咨询 - [ ] [ATM深夜狂吐钞票,美国5年损失超4000万美元](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541796&idx=1&sn=f53aad4c55b7fc216b95d01e970ee2bf) - 极客公园 - [ ] [20 年生命 vs 2 小时训练,Sam Altman 开始算「人肉成本」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653099800&idx=1&sn=42c25bf71b903a6d0dd51e004863c2f8) - [ ] [最强年货,华强北 AI 眼镜销量暴涨 80%;传腾讯元宝跌出苹果商店前 10;嫌犯用 GPT 生成暴力场景,OpenAI 报警 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653099792&idx=1&sn=bcc73edbda21923d2919eb7f6f02e978) - 吴鲁加 - [ ] [春节归来,怎么跟你多出来的这 5 斤肉和解?](https://mp.weixin.qq.com/s?__biz=Mzg5NDY4ODM1MA==&mid=2247485901&idx=1&sn=93d26af8d5216640f0ab6c51e7731a74) - 迪哥讲事 - [ ] [2026年需重点关注的几类高价值漏洞](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499104&idx=1&sn=177f60dfbf265322390cd98eac4a2a81) - 安全行者老霍 - [ ] [OpenClaw集成VirusTotal扫描检测恶意ClawHub Skills](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247485944&idx=1&sn=d7dc58f984521fbcc4c139d69a56778e) - 360数字安全 - [ ] [大年初七 | 马载千祥,“午”福绵长](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585011&idx=1&sn=ea5701e0e4010e28525722ce9a9d7ed2) - Over Security - Cybersecurity news aggregator - [ ] [Android mental health apps with 14.7M installs filled with security flaws](https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/) - [ ] [Spain arrests suspected hacktivists for DDoSing govt sites](https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-anonymous-fenix-hacktivists-for-ddosing-govt-sites/) - [ ] [UK regulator fines porn company $1.8 million for failing to verify user ages](https://therecord.media/ofcom-porn-fine-verification) - [ ] [Microsoft says bug in classic Outlook hides the mouse pointer](https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-in-classic-outlook-hides-the-mouse-pointer/) - [ ] [Ad tech firm Optimizely confirms data breach after vishing attack](https://www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/) - [ ] [Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says](https://therecord.media/gen-ai-fortigate-hackers-russia) - [ ] [Global data protection authorities warn generative AI companies against replicating real people](https://therecord.media/data-protection-authorities-warn-ai-companies-of-sharing-images) - [ ] [Air Côte d'Ivoire confirms cyberattack following ransomware claims](https://therecord.media/air-cote-divoire-confirms-cyberattack) - [ ] [Ring: una taglia a 4 zeri per forzare l’esecuzione in locale](https://www.securityinfo.it/2026/02/23/ring-una-taglia-a-4-zeri-per-forzare-lesecuzione-in-locale/) - [ ] [VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report](https://techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/) - [ ] [EDPB, diritto alla cancellazione: tra risultati positivi e sfide molteplici](https://www.cybersecurity360.it/news/edpb-diritto-alla-cancellazione-tra-risultati-positivi-e-sfide-molteplici/) - [ ] [Shadowleak, l’attacco senza permesso: nel Cybercrime 5.0 l’IA minaccia l’IA](https://www.cybersecurity360.it/nuove-minacce/shadowleak-lattacco-senza-permesso-nel-cybercrime-5-0-lia-minaccia-lia/) - [ ] [When identity isn’t the weak link, access still is](https://www.bleepingcomputer.com/news/security/when-identity-isnt-the-weak-link-access-still-is/) - [ ] [CISA: Recently patched RoundCube flaws now exploited in attacks](https://www.bleepingcomputer.com/news/security/cisa-recently-patched-roundcube-flaws-now-exploited-in-attacks/) - [ ] [Ransomware gangs advancing Moscow’s geopolitical aims, Romanian cyber chief warns](https://therecord.media/ransomware-gangs-advancing-moscow-geopolitical-interests-warns-romania) - [ ] [Ukraine says cyberattacks on energy grid now used to guide missile strikes](https://therecord.media/ukraine-cyberattacks-guiding-russian-missile-strikes) - [ ] [The First Mobile Hacking Conference Is Coming This March](https://www.mobile-hacker.com/2026/02/23/the-first-mobile-hacking-conference-is-coming-this-march/) - [ ] [Il cyber sabotaggio russo diventa più audace: il Cremlino sfrutta le divisioni fra Usa e Ue](https://www.cybersecurity360.it/nuove-minacce/il-cyber-sabotaggio-russo-diventa-piu-audace-il-cremlino-sfrutta-le-divisioni-fra-usa-e-ue/) - [ ] [Attenti a quell’sms, è una truffa: 25 casi reale e come difendersi](https://www.cybersecurity360.it/nuove-minacce/attenti-a-quellsms-e-una-truffa-25-casi-reale-e-come-difendersi/) - [ ] [ATM Jackpotting Losses Cross $20M as Malware Targets U.S. Cash Machines](https://thecyberexpress.com/fbi-flags-rise-in-atm-jackpotting-attacks/) - [ ] [X vs EU: Platform Appeals Against €120M Digital Services Act Penalty](https://thecyberexpress.com/e120m-digital-services-act-penalty/) - [ ] [Analisi dei processi e teoria dei sistemi: un framework per mitigare i rischi dei LLM](https://www.cybersecurity360.it/cultura-cyber/analisi-dei-processi-e-teoria-dei-sistemi-un-framework-per-mitigare-i-rischi-dei-llm/) - [ ] [UAE Blocked AI-Powered Terrorist Cyberattacks Targeting Critical Infrastructure](https://thecyberexpress.com/uae-blocked-ai-powered-terrorist-cyberattacks/) - Securityinfo.it - [ ] [Ring: una taglia a 4 zeri per forzare l’esecuzione in locale](https://www.securityinfo.it/2026/02/23/ring-una-taglia-a-4-zeri-per-forzare-lesecuzione-in-locale/?utm_source=rss&utm_medium=rss&utm_campaign=ring-una-taglia-a-4-zeri-per-forzare-lesecuzione-in-locale) - SANS Internet Storm Center, InfoCON: green - [ ] [Another day, another malicious JPEG, (Mon, Feb 23rd)](https://isc.sans.edu/diary/rss/32738) - [ ] [ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)](https://isc.sans.edu/diary/rss/32736) - ICT Security Magazine - [ ] [Whistleblowing e ritorsioni: le sentenze del 2025 che cambiano le regole del gioco](https://www.ictsecuritymagazine.com/notizie/whistleblowing-e-ritorsioni/) - [ ] [e-Health: verso una sanità digitale](https://www.ictsecuritymagazine.com/articoli/e-health/) - Schneier on Security - [ ] [On the Security of Password Managers](https://www.schneier.com/blog/archives/2026/02/on-the-security-of-password-managers.html) - Daniel Miessler - [ ] [Why I Hate Anthropic and You Should Too](https://danielmiessler.com/blog/why-you-should-hate-anthropic?utm_source=rss&utm_medium=feed&utm_campaign=website) - [ ] [Bitter-Pilled Engineering](https://danielmiessler.com/blog/bitter-pilled-engineering?utm_source=rss&utm_medium=feed&utm_campaign=website) - NetSPI - [ ] [Stay Ahead of Cloud Threats: Introducing Azure and AWS Security Reviews](https://www.netspi.com/blog/executive-blog/cloud-pentesting/stay-ahead-of-cloud-threats-introducing-azure-and-aws-security-reviews/) - The Hacker News - [ ] [APT28 Targeted European Entities Using Webhook-Based Macro Malware](https://thehackernews.com/2026/02/apt28-targeted-european-entities-using.html) - [ ] [Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb](https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html) - [ ] [⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More](https://thehackernews.com/2026/02/weekly-recap-double-tap-skimmers.html) - [ ] [How Exposed Endpoints Increase Risk Across LLM Infrastructure](https://thehackernews.com/2026/02/how-exposed-endpoints-increase-risk.html) - [ ] [Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens](https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html) - [ ] [MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP](https://thehackernews.com/2026/02/muddywater-targets-mena-organizations.html) - The Register - Security - [ ] [Infosec community panics as Anthropic rolls out Claude code security checker](https://go.theregister.com/feed/www.theregister.com/2026/02/23/claude_code_security_panic/) - [ ] [Global regulators say AI image tools don't get a free pass on privacy rules](https://go.theregister.com/feed/www.theregister.com/2026/02/23/privacy_watchdogs_ai_images/) - [ ] [Break free of Ring's servers, earn a five-figure bounty](https://go.theregister.com/feed/www.theregister.com/2026/02/23/ring_bounty/) - [ ] [Suspected Anonymous members detained in Spain over post-flood DDoS blitz](https://go.theregister.com/feed/www.theregister.com/2026/02/23/anonymous_arrests_spain/) - [ ] [AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign](https://go.theregister.com/feed/www.theregister.com/2026/02/23/aws_fortigate_firewalls/) - [ ] [Every day in every way, passwords are getting worse and worse](https://go.theregister.com/feed/www.theregister.com/2026/02/23/password_opinion/) - TorrentFreak - [ ] [Belgian Pirate Site Blocking Order Targets Cloudflare and Google, But Not Their DNS](https://torrentfreak.com/belgian-pirate-site-blocking-order-targets-cloudflare-and-google-but-not-their-dns/) - Security Affairs - [ ] [Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth](https://securityaffairs.com/188388/malware/wormable-xmrig-campaign-leverages-byovd-and-timed-kill-switch-for-stealth.html) - [ ] [Romanian hacker pleads guilty to selling access to Oregon state networks](https://securityaffairs.com/188380/cyber-crime/romanian-hacker-pleads-guilty-to-selling-access-to-oregon-state-networks.html) - [ ] [CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products](https://securityaffairs.com/188370/hacking/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html) - [ ] [AI-powered campaign compromises 600 FortiGate systems worldwide](https://securityaffairs.com/188351/hacking/ai-powered-campaign-compromises-600-fortigate-systems-worldwide.html) - [ ] [Anthropic unveils Claude Code Security to detect and fix code bugs](https://securityaffairs.com/188358/ai/anthropic-unveils-claude-code-security-to-detect-and-fix-code-bugs.html) - Deep Web - [ ] [Search](https://www.reddit.com/r/deepweb/comments/1rchd9x/search/) - [ ] [Excavator](https://www.reddit.com/r/deepweb/comments/1rc85de/excavator/) - Trend Micro Research, News and Perspectives - [ ] [Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer](https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html) - Information Security - [ ] [600 FortiGate firewalls compromised across 55 countries. not a zero-day. just exposed management ports and no MFA](https://www.reddit.com/r/Information_Security/comments/1rci7gc/600_fortigate_firewalls_compromised_across_55/) - [ ] [Weatherzero](https://www.reddit.com/r/Information_Security/comments/1rcjzmo/weatherzero/) - [ ] [Mapping the federal identity verification contract stack: IBM VIS modernization + Palantir analytics layer](https://www.reddit.com/r/Information_Security/comments/1rc6ria/mapping_the_federal_identity_verification/) - [ ] [Checking Security Alerts During Business Hours” Is No Longer Enough](https://www.reddit.com/r/Information_Security/comments/1rcg7b0/checking_security_alerts_during_business_hours_is/) - Your Open Hacker Community - [ ] [Is there a way to find my raw gps data?](https://www.reddit.com/r/HowToHack/comments/1rcwo9u/is_there_a_way_to_find_my_raw_gps_data/) - [ ] [Please help me recover my dads photos and phone](https://www.reddit.com/r/HowToHack/comments/1rcbot8/please_help_me_recover_my_dads_photos_and_phone/) - [ ] [Android 12, Moto g40, how to unlock](https://www.reddit.com/r/HowToHack/comments/1rcaj0f/android_12_moto_g40_how_to_unlock/) - [ ] [iPhone Pictures Access](https://www.reddit.com/r/HowToHack/comments/1rcvv6n/iphone_pictures_access/) - [ ] [Help to end network/device hacking attack please](https://www.reddit.com/r/HowToHack/comments/1rcfzsu/help_to_end_networkdevice_hacking_attack_please/) - [ ] [Is this exe file safe?](https://www.reddit.com/r/HowToHack/comments/1rcq3br/is_this_exe_file_safe/) - [ ] [How can i find someones social media account using only there name, country and date of birth?](https://www.reddit.com/r/HowToHack/comments/1rcmmji/how_can_i_find_someones_social_media_account/) - Computer Forensics - [ ] [I was offered a position that is beyond my experience level](https://www.reddit.com/r/computerforensics/comments/1rce2ed/i_was_offered_a_position_that_is_beyond_my/) - [ ] [windows 10 pro spool](https://www.reddit.com/r/computerforensics/comments/1rcfkyb/windows_10_pro_spool/) - Technical Information Security Content & Discussion - [ ] [Another exposed Supabase DB strikes: 20k+ attendees and FULL write access](https://www.reddit.com/r/netsec/comments/1rconlm/another_exposed_supabase_db_strikes_20k_attendees/) - [ ] [Have you tried turning it off and on again? On bricking OT devices (part 2)](https://www.reddit.com/r/netsec/comments/1rcexc6/have_you_tried_turning_it_off_and_on_again_on/) - [ ] [Scary datapoints re network visibility in Dragos annual report on OT cyberattacks](https://www.reddit.com/r/netsec/comments/1rc6t3w/scary_datapoints_re_network_visibility_in_dragos/) - Security Weekly Podcast Network (Audio) - [ ] [Bringing intelligence to assets, new White House cybersecurity strategy, and the news - Tim Morris - ESW #447](http://sites.libsyn.com/18678/bringing-intelligence-to-assets-new-white-house-cybersecurity-strategy-and-the-news-tim-morris-esw-447)
每日安全资讯(2026-02-24)