[每日信息流] 2026-02-18

[chainreactorbot]

每日安全资讯（2026-02-18）

• SecWiki News
  • SecWiki News 2026-02-17 Review
• Doonsec's feed
  • 【逆向分析】Trae CN + IDA PRO + IDA_PRO_MCP + 豆包 2.0 半小时搞定逆向分析
  • 【人工智能】Trae CN 详细使用指南
  • 【逆向分析】IDA PRO 详细使用指南
  • 【逆向分析】ida-pro-mcp 详细使用指南
  • 【人工智能】豆包 2.0 详细使用指南
  • 新型ZeroDayRAT间谍软件同时攻击安卓与iOS系统
  • OpenEuler 服务器部署前安全加固与初始化配置指南
  • OpenEuler 等保2.0 三级合规安全加固操作指南
  • 新春快乐、马年好运
  • 新年快乐
  • 2025数证杯团体
  • 共迎马年，新春快乐！
  • 骏马昂首，奔赴新程！天融信给您拜年啦~
  • 马年到！复旦白泽祝大家新春快乐！
  • 策马扬鞭启新程｜恭祝大家新春大吉，万事亨通
  • 祝大家新年快乐，今年是受 AI 影响最大的一
  • 创宇盾风险尽御，迎新春安全无忧
  • 丙午马年・网安人新春贺词：策马出征，洞见巅峰！
  • 赛博研究院恭祝您新春快乐，马年大吉！
  • 补天给白帽师傅们拜年啦！
  • 马年贺岁，镌远科技祝大家新年快乐！
  • 丙午策马，共赴新程｜迪普科技祝您春节快乐
  • 新春贺辞
  • 春节专享来啦
  • 2026，新春快乐！烟火向星辰，所愿皆成真！
  • 祝所有的朋友们马年快乐！！
  • 新春第一声问候：新年快乐，马到成功！
  • 【新年快乐】菜狗安全祝师傅们新年快乐
  • NOVASEC团队祝大家2026新春快乐!!!
  • 福启新岁 | 云弈科技祝您新年快乐、马年順遂！
  • 🐴 T00ls祝大家 马年大吉 U0001f9e7
  • 马年大吉
  • 约旦人承认出售50家企业网络的访问权限
• Recent Commits to cve:main
  • Update Tue Feb 17 11:27:36 UTC 2026
• Private Feed for M09Ic
  • mgeeky starred obra/superpowers
  • bolucat released 202602172005 at bolucat/Archive
  • mgeeky starred Hack0ura/WebClientRelayUp
  • anthropics released v2.1.45 at anthropics/claude-code
  • OpenAEV-Platform released 2.1.8 at OpenAEV-Platform/openaev
  • safedv starred Hack0ura/WebClientRelayUp
  • mgeeky starred blacklanternsecurity/TREVORproxy
  • github released v0.0.96 at github/spec-kit
  • mgeeky starred SlavomirDurej/claude-usage-widget
  • gh0stkey starred Mrack/TInjector_Symbi
  • PrefectHQ released 3.6.18.dev4 at PrefectHQ/prefect
  • safedv starred code-yeongyu/oh-my-opencode
  • gh0stkey starred blacktop/ida-mcp-rs
  • CHYbeta starred myinvestpilot/ai-architecture
  • pydantic released v1.60.0 at pydantic/pydantic-ai
• Microsoft Security Blog
  • Unify now or pay later: New research exposes the operational cost of a fragmented SOC
• Insinuator.net
  • Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat
• Bug Bounty in InfoSec Write-ups on Medium
  • The Database Was Sold Online. but the Vulnerability Was Still Open
  • How I Escalated Privileges from “User” to “Admin”
  • Breaking Tenant Isolation: Critical Cross-Tenant Data Access in Stripo’s AI Hub Campaign
• Securelist
  • Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
• Hacking Dream
  • Windows Event Log Analysis - Investigating Kerberos & AD Attacks
• Malwarebytes
  • Chrome “preloading” could be leaking your data and causing problems in Browser Guard
  • Scam Guard for desktop: A second set of eyes for suspicious moments
  • Update Chrome now: Zero-day bug allows code execution via malicious webpages
  • Hobby coder accidentally creates vacuum robot army
• SentinelOne
  • Shadow Agents: How SentinelOne Secures the AI Tools That Act Like Users
• rtl-sdr.com
  • Khanfar Software: Analog Radio Hunter
  • Iridium-Sniffer: A Standalone Iridium Satellite Burst Detector and Demodulator
  • xSDR Crowdfunding Campaign Now Live
• Wallarm
  • Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report
• Dhole Moments
  • Cryptographic Issues in Matrix’s Rust Library Vodozemac
• 奇客Solidot–传递最新科技情报
  • 虚假医疗信息的主要受众是老年人
  • 希捷和西部数据证实其 2026 年硬盘产能已售罄
  • 内存价格飙升推动二手笔记本销量上涨
  • 切尔诺贝利工人后代的 DNA 突变
• Security Blog | Praetorian
  • MCP Server Security: The Hidden AI Attack Surface
• 锦行科技
  • 初一 · 迎春｜2026，一马当先
• 黑鸟
  • 新型Keenadu安卓固件级后门揭开跨僵尸网络协同攻击链条
• 安全客
  • 骏马扬蹄开景运，灵风送暖启新程
• 360漏洞云
  • 马驰万里开新路，鹏举九霄展壮图
• 丁爸 情报分析师的工具箱
  • 【时政】AI讨论总台春晚版权保护声明
  • 【时政】随着住房负担能力危机加剧，工薪阶层感受不到情人节的甜蜜
• 中国信息安全
  • 新年启新程 马到必成功
• 极客公园
  • 对话任永亮：有 6000 万用户的测测，为什么要做一个机器人？
  • 「机器人春晚」的 B 面：我们在欢笑中，接受了新型的人机关系
  • 阿里发布千问 3.5；宇树春晚武术表演刷新多项纪录；内存太贵，索尼将推迟发售下一代 PS 游戏机 | 极客早知道
• 火绒安全
  • 新春喜乐至 护网守平安
  • 诚邀渠道合作伙伴共启新征程
• 慢雾科技
  • 祝大家新春快乐，马年大吉！
• 吴鲁加
  • 小而美，难，也不难
• 情报分析师
  • 如何每天将开源情报纳入情报收集计划
• 迪哥讲事
  • 大家春节快乐
• 360数字安全
  • 大年初一 | 一马当先，“午”福临门
• 威胁猎人Threat Hunter
  • 骏马扬蹄奔新程，情报护航步步稳
• Over Security - Cybersecurity news aggregator
  • Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
  • Spain orders NordVPN and ProtonVPN to block LaLiga stream piracy
  • Flaws in popular VSCode extensions expose developers to attacks
  • Chinese hackers exploiting Dell zero-day flaw since mid-2024
  • Polish police detain alleged cybercriminal with Phobos ransomware ties
  • Notepad++ boosts update security with ‘double-lock’ mechanism
  • Citizen Lab: Kenyan authorities used Cellebrite to break into phone of dissident
  • Canada Goose says leaked customer transaction data did not come from company systems
  • 针对叙利亚军人的复合式攻击活动分析
  • Microsoft Teams outage affects users in United States, Europe
  • Cyber attacchi, l’Italia è il paese più esposto: come proteggersi nell’era della GenAI in azienda
  • Hackers target supporters of Iran protests in new espionage campaign
  • What 5 Million Apps Revealed About Secrets in JavaScript
  • Il malware che ruba password e ambienti delle IA locali
  • New Keenadu backdoor found in Android firmware, Google Play apps
  • A Closer Look at Malicious SVG Phishing
  • Smetti di contare i virus bloccati: le uniche 3 metriche che interessano al CdA
  • Dutch police arrest man who refused to delete confidential files shared by mistake
  • Трояны Android.Phantom заражают смартфоны через игры и пиратские моды, используя ИИ и видеотрансляции для накрутки кликов
  • Il Cloud Security Report 2026 di Fortinet rivela un divario di complessità
  • Analisi di un C2 per OSX
  • Poland arrests suspect linked to Phobos ransomware operation
  • LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis
  • Ireland Opens GDPR Probe Into Grok’s AI-Generated Deepfakes of Children
  • Think You’re Too Small to Be Hacked? NCSC Says Think Again
  • Ireland now also investigating X over Grok-made sexual images
  • CleanTalk WordPress Plugin Vulnerability Puts 200,000 Sites at Risk
  • AI a Tool for Inclusion, Jobs and Global Cooperation: India AI Impact Summit 2026
  • Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
  • Convenzione di Budapest, metodo e fiducia per una prova che regge tra gli Stati
  • Come evolvono le truffe telefoniche in Italia
  • Eurail Breach Escalates as Stolen Passport Data and IBANs Surface on Dark Web for Sale
  • DSS Files Charges Against El-Rufai Over Alleged NSA Phone Interception
  • Canada Goose - 581,877 breached accounts
• Qualys Security Blog
  • Qualys Recognized as a Leader in the 2026 Forrester Wave™ for CNAPP
• DARKNAVY
  • 当 AI 助手成为黑客攻击链的一环｜豆包手机安全分析
• 悬镜安全
  • 大年初一，拜大年！
• IntelTechniques Blog
  • Video Training Final Price Increase
• 吾爱破解论坛
  • 【2026春节】解题领红包活动开始喽，解出就送论坛币！
• Arturo Di Corinto
  • DIGITAL REPATRIATON
• 看雪学苑
  • 2026新春致谢 | 礼承厚意，马跃新程共青云（留言点赞送新春礼盒）
• ICT Security Magazine
  • Kill Switch Microsoft-ICC: quando la dipendenza tecnologica diventa un’arma geopolitica
  • EDR killer BYOVD: il ransomware che spegne le difese endpoint
  • L’evoluzione del SOC: dalla quinta generazione all’era dell’Intelligenza Artificiale
• Schneier on Security
  • Side-Channel Attacks Against LLMs
• Troy Hunt's Blog
  • Weekly Update 491
• IT Service Management News
  • I maschi possono fare tutto (Febbraio 2026)
  • ENISA EU ICT Supply Chain Security Toolbox
• SANS Internet Storm Center, InfoCON: green
  • Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)
  • ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812, (Tue, Feb 17th)
• Tor Project blog
  • New Alpha Release: Tor Browser 16.0a3
• Securityinfo.it
  • Il malware che ruba password e ambienti delle IA locali
• Have I Been Pwned latest breaches
  • Canada Goose - 581,877 breached accounts
• The Hacker News
  • Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
  • Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
  • Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
  • SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
  • My Day Getting My Hands Dirty with an NDR System
  • Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
  • Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta
• The Register - Security
  • China remains embedded in US energy networks 'for the purpose of taking it down'
  • US lawyers fire up privacy class action accusing Lenovo of bulk data transfers to China
  • Polish cops nab 47-year-old man in Phobos ransomware raid
  • UK.gov launches cyber 'lockdown' campaign as 80% of orgs still leave door open
  • Ireland joins regulator smackdown after X's Grok AI accused of undressing people
  • MoD ticks shopping list as PM considers weapons budget boost
• Deeplinks
  • San Jose Can Protect Immigrants by Ending Flock Surveillance System
  • New Report Helps Journalists Dig Deeper Into Police Surveillance Technology
• Security Affairs
  • SmartLoader hackers clone Oura MCP project to spread StealC malware
  • Polish cybercrime Police arrest man linked to Phobos ransomware operation
  • Poorly crafted phishing campaign leverages bogus security incident report
  • South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach
  • Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build
  • Hackers steal OpenClaw configuration in emerging AI agent threat
  • Hackers sell stolen Eurail traveler information on dark web
• Instapaper: Unread
  • Come Pensa la Macchina
  • Come proteggere i dati biometrici
  • New ZeroDayRAT Attacking Android and iOS For Real-Time Surveillance and Data Theft
  • Cassandra Crossing 660 SIM che scompaiono e connessioni ubique
  • UpScrolled Forensic Artifacts on iOS
• TrustedSec
  • Updated GSA Contractor CUI Protection Requirements
• TorrentFreak
  • Spanish Court Orders ProtonVPN and NordVPN to Block Pirate Football Streams
  • ACE Targets Pirate Streaming Site ‘HDFull’ Through Cloudflare and Discord Subpoenas
• Trend Micro Research, News and Perspectives
  • Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities
• Security Weekly Podcast Network (Audio)
  • Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, & More - SWN #556
  • Conducting Secure Code Analysis with LLMs - ASW #370