[每日信息流] 2026-02-21

[chainreactorbot]

每日安全资讯（2026-02-21）

• SecWiki News
  • SecWiki News 2026-02-20 Review
• Private Feed for M09Ic
  • goplus released v0.12.2 at goplus/llgo
  • anthropics released v2.1.50 at anthropics/claude-code
  • mgeeky starred microsoft/PyRIT-Ship
  • joaoviictorti starred SpecterOps/GitHound
  • github released v0.1.4 at github/spec-kit
  • bolucat released 202602201957 at bolucat/Archive
  • usestrix released v0.8.1 at usestrix/strix
  • mgeeky starred danielmiessler/Fabric
  • github released v0.1.3 at github/spec-kit
  • 0e0w forked GPTHack/gemini-balance-do from zaunist/gemini-balance-do
  • CHYbeta starred ComposioHQ/composio
  • joaoviictorti starred gabriellandau/Redux
  • kpcyrd contributed to kpcyrd/repro-threshold
  • mgeeky starred clearbluejar/ghidrecomp
  • mgeeky starred outflanknl/macos-jit
  • L-codes starred skryl/mlx-ruby
  • future-architect released v0.38.2 at future-architect/vuls
  • PrefectHQ released 3.6.19.dev1 at PrefectHQ/prefect
  • safedv starred KiFilterFiberContext/microsoft-warbird
  • future-architect released v0.38.1 at future-architect/vuls
• Recent Commits to cve:main
  • Update Fri Feb 20 11:15:46 UTC 2026
• Tenable Blog
  • Dynamic Objects in Active Directory: The Stealthy Threat
• Doonsec's feed
  • 大龄程序员出路在哪里？
  • 【商密测评】SM4分组密码算法
  • 安卓手机间谍软件正利用生成式AI进入一个新阶段
• Filippo Valsorda
  • Turn Dependabot Off
• Blogs dade
  • Experimenting with Nixos Anywhere
• Bug Bounty in InfoSec Write-ups on Medium
  • The Database Was Sold Online… but the Vulnerability Was Still Open
  • How I Bypassed Email Verification Using an Exposed API Endpoint
• Didier Stevens
  • Update: rtfdump.py Version 0.0.14
• Binary Ninja
  • Building a Custom Architecture and Platform: Part 1
• The Trail of Bits Blog
  • Using threat modeling and prompt injection to audit Comet
• SentinelOne
  • The Good, the Bad and the Ugly in Cybersecurity – Week 8
• Malwarebytes
  • Age verification vendor Persona left frontend exposed, researchers say
  • Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
• Intigriti
  • Intigriti Bug Bytes #233 - February 2026 🚀
• Security Blog | Praetorian
  • There’s Always Something: Secrets Detection at Engagement Scale with Titus
• 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  • 美航天局载人绕月任务发射将于3月6日进行
  • OpenAI首款硬件设备是带摄像头的智能音箱
  • 美国最高法院裁定特朗普的关税政策无效
• 锦行科技
  • 初四 · 纳福 | 烟火起，万事兴
• 奇客Solidot–传递最新科技情报
  • 特朗普将下令公开外星人和 UFO 相关文件
  • FBI 线人协助运营了暗网毒品市场 Incognito
  • Mozilla 建议 Windows 7/8/8.1 用户切换到 Linux
  • 家猫的癌症基因组
• 黑鸟
  • 安卓手机间谍软件正利用生成式AI进入一个新阶段
• 极客公园
  • Vibe Coding，是怎么「玩废」程序员的？
  • Gemini 3.1 Pro 曝光，能力翻倍价格不变，谷歌想重新定义 AI 竞争规则
  • Google 深夜更新 Gemini 3.1 模型；传 OpenAI 敲定 1000 亿美元融资；黄仁勋：3 月发「震惊世界」的芯片 | 极客早知道
• 吴鲁加
  • 找餐厅这件事，一百条好评不如一个靠谱的朋友
• 迪哥讲事
  • 点击劫持所造成的账户劫持
• 360数字安全
  • 大年初四 | 马迎灶神，“午”谷丰登
• 安全行者老霍
  • 如何构建事件响应框架
• 看雪学苑
  • 第十届安全开发者峰会（SDC2026）【议题火热征集中】
  • 刺杀 VMP 3.9.4混淆
• 吾爱破解论坛
  • 昨天上线的Android初级题居然只有一百多位同学完成！忘了提醒大家，这其实是个游戏题，完全不需要逆向技术就能搞定。你们不会连游戏都打不过吧？😂 快来试试看！
• bellingcat
  • Viral Child Soldiers on TikTok: The ‘Disney Stars’ of Sudan’s Civil War
• ICT Security Magazine
  • LLM sovrani europei: chi guida la corsa all’intelligenza artificiale indipendente
• Over Security - Cybersecurity news aggregator
  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
  • Romanian hacker faces up to 7 years for breaching Oregon emergency management department
  • Japanese tech giant Advantest hit by ransomware attack
  • Ukrainian national gets 5-year sentence for involvement in North Korea IT worker scheme
  • Finanza nel mirino, incidenti raddoppiati nel 2025
  • CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
  • AI e attori Nation-State: quando i modelli diventano infrastruttura strategica del conflitto ibrido
  • AI, ransomware, deepfake, supply chain: le frontiere della sicurezza nel 2026
  • Data breach at French bank registry impacts 1.2 million accounts
  • Errare disumanum est
  • SigmaWare Stealer Analysis - Intelshare
  • Sintesi riepilogativa delle campagne malevole nella settimana del 14 – 20 febbraio
  • Why the shift left dream has become a nightmare for security and developers
  • Musk and X launch legal appeal against EU’s record €120 million fine
  • Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns
  • PayPal discloses data breach that exposed user info for 6 months
  • Hackers breach contractor linked to Ukraine’s central bank collectible coin store
  • Mississippi medical center closes all clinics after ransomware attack
  • The Cyber Express Weekly Roundup: AI Disruption, Regulatory Pressure, and the Evolving Cyber Threat Landscape
  • French National Bank Authority Breach Exposed 1.2 Million Accounts
  • Operation Olalampo: Inside MuddyWater’s Latest Campaign
  • FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
  • What Big Tech Leaders Said On AI’s Future at India AI Impact Summit 2026
  • Cyberattack Forces Clinic Closures, Surgery Cancellations at University of Mississippi Medical Center
  • Two Petabytes Worth Data of Israeli’s Siphoned, Says Cyber Head
  • ClickFix: la nuova frontiera del social engineering, tra DNS e Google Ads
  • Ukrainian gets 5 years for helping North Koreans infiltrate US firms
  • Indicatori di compromissione
  • La compliance che non protegge. Quando il GDPR resta solo sulla carta
  • CarMax - 431,371 breached accounts
• Schneier on Security
  • Friday Squid Blogging: Squid Cartoon
  • Ring Cancels Its Partnership with Flock
• Have I Been Pwned latest breaches
  • CarMax - 431,371 breached accounts
• SANS Internet Storm Center, InfoCON: green
  • ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)
• Security Affairs
  • PayPal discloses extended data leak linked to Loan App glitch
  • North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
  • FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
  • Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
  • PromptSpy abuses Gemini AI to gain persistent access on Android
• Deeplinks
  • EFF’s Policy on LLM-Assisted Contributions to Our Open-Source Projects
• The Hacker News
  • BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
  • Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
  • ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
  • Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
  • Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
  • FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
  • Former Google Engineers Indicted Over Trade Secret Transfers to Iran
• Securityinfo.it
  • Finanza nel mirino, incidenti raddoppiati nel 2025
• TorrentFreak
  • Ukraine Paves the Way for Pirate Site Blocking, Despite Ongoing War
• Krebs on Security
  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
• The Register - Security
  • PayPal app code error leaked personal info and a 'few' unauthorized transactions
  • AI coding assistant Cline compromised to create more OpenClaw chaos
  • ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
  • Ukrainian gets five years for helping North Koreans secure US tech jobs
  • Founder ditches AWS for Euro stack, finds sovereignty isn't plug-and-play
  • CISA gives federal agencies three days to patch actively exploited Dell bug
  • Ex-Google engineers accused of helping themselves to chip security secrets
  • Attackers have 16-digit card numbers, expiry dates, but not names. Now org gets £500k fine
  • Snyk CEO bails, wants someone with more AI experience to replace him
  • AI agents abound, unbound by rules or safety disclosures
• GRAHAM CLULEY
  • Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent
• Security Weekly Podcast Network (Audio)
  • Code of Hammurabi, RockYou, MimicRat, Trustconnect, Introsort, AI, Josh Marpet... - SWN #557