MasonLiu/PyBot
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
V2.0新版
PyBot/resources/JSON/freebuf.json
MasonLiu cf5ff10e5d 2.0大版本更新
2026-05-24 19:54:12 +08:00

162 lines
14 KiB
JSON
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[
{
"title": "黑客利用单字母拼写错误的Go模块部署基于DNS的后门",
"link": "https://www.freebuf.com/articles/481976.html",
"description": "黑客利用单字母拼写错误的Go模块潜伏3年植入隐蔽DNS后门",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779282821948311_b79b9afbfa6c4129be05629890d868a1.webp!small\" alt=\"\"></p>\n<p>一个看似无害的Go模块拼写错误已悄然充当活跃后门近三年。安全研究人员发现名为<code>github.com/shopsprint/deci",
"category": "技术",
"pubDate": "Wed, 20 May 2026 12:30:23 +0800"
},
{
"title": "GitHub证实被入侵4000个私有仓库被窃取",
"link": "https://www.freebuf.com/news/481866.html",
"description": "GitHub通过官方X原Twitter账号发布声明确认正在调查针对其内部代码仓库的未授权访问事件。",
"body": "<p>5月20日GitHub通过官方X原Twitter账号发布声明确认正在调查针对其内部代码仓库的未授权访问事件。该回应直接指向威胁组织“TeamPCP”此前宣称的大规模数据窃取行为。</p><h2 id=\"h2-1\">官方回应:客户数据暂未受影响</h2><p><img src=\"https://image.3001.net/images/20260520/1779249234_6a0d",
"category": "资讯",
"pubDate": "Wed, 20 May 2026 11:51:03 +0800"
},
{
"title": "NGINX 安全分析CVE202642945 漏洞解析",
"link": "https://www.freebuf.com/articles/web/481861.html",
"description": "该漏洞在 NGINX 源代码中存在 长达 18 年之久,波及几十亿请求路径和数百万服务实例。",
"body": "<h2 id=\"h2-1\">一、背景简介:互联网核心组件的历史性缺陷</h2><p>NGINX 是全球部署最广泛的高性能 HTTP 服务器、反向代理和负载均衡器承载无数网站、API、微服务等关键业务。2026 年安全界爆出一个震惊业界的漏洞——<strong>CVE202642945</strong>,该漏洞在 NGINX 源代码中存在 <strong>长达 18 年</strong>之久,",
"category": "Web安全",
"pubDate": "Wed, 20 May 2026 11:19:25 +0800"
},
{
"title": "组件投毒预警atool npm 维护者账户被接管317个包遭凭证蠕虫攻击",
"link": "https://www.freebuf.com/articles/vuls/481859.html",
"description": "此次受影响的软件包覆盖面极广,既包括前端开发中的高频基础依赖,也包括大量企业常用的数据可视化与图分析组件。",
"body": "<h1 id=\"activity-name\"><span>事件概述</span></h1><p id=\"js_content\"></p><p>近日安全玻璃盒供应链安全威胁情报中心检测到npm生态爆发一起高危供应链投毒事件。公开情报显示npm账户 <strong>atooli@hust.cc</strong>于 <strong>2026 年 5 月 19 日</strong>被攻击者劫持,随",
"category": "漏洞",
"pubDate": "Wed, 20 May 2026 11:11:09 +0800"
},
{
"title": "职等你来,同花顺招聘安全工程师",
"link": "https://www.freebuf.com/articles/481850.html",
"description": "职等你来,同花顺招聘安全工程师",
"body": "<h2 class=\"tinymce-p\" id=\"h2-1\">招聘岗位</h2><h3 id=\"h3-1\">基础安全工程师/专家 (30-90K)</h3><p class=\"tinymce-p\"><strong>岗位职责:</strong></p><p class=\"tinymce-p\">1.负责公司基础信息系统安全建设。以黑客视角对基础设施进行安全风险识别与评估,并给出安全加固建议;</p>",
"category": "安全招聘",
"pubDate": "Wed, 20 May 2026 10:06:54 +0800"
},
{
"title": "CVE Lite CLI开源依赖项漏洞扫描工具",
"link": "https://www.freebuf.com/articles/development/481895.html",
"description": "\"开源工具CVE Lite CLI让依赖漏洞扫描提前到开发终端秒级定位高危风险\"",
"body": "\n<p>在 JavaScript 和 TypeScript 项目中,依赖项漏洞扫描长期以来都处于开发管道的末端。开发者提交拉取请求后,持续集成系统开始运行,安全扫描器返回一系列 CVE 编号,而此时开发者往往需要花费数小时甚至数天时间来处理这些漏洞。作为 OWASP 官方认证的孵化项目CVE Lite CLI 将这项检查工作提前到了开发者终端阶段。</p>\n<p>这款由 Sonu Kapoor ",
"category": "开发安全",
"pubDate": "Wed, 20 May 2026 06:00:59 +0800"
},
{
"title": "华为0Day漏洞被指导致2025年卢森堡全国通信瘫痪",
"link": "https://www.freebuf.com/articles/ics-articles/481893.html",
"description": "华为0Day漏洞致卢森堡全国通信瘫痪漏洞未修复仍存隐患",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779260600782542_674120c2a01844d08d096249af3caf3f.jpg!small\" alt=\"\"></p>\n<h2>华为路由器0Day漏洞引发卢森堡全国通信中断</h2>\n<p>2025年7月23日卢森堡遭遇全国性通信中断事件据调查由华为企业路由器中一",
"category": "关基安全",
"pubDate": "Wed, 20 May 2026 05:30:04 +0800"
},
{
"title": "GitHub 遭入侵:员工设备遭恶意扩展攻击致内部源码仓库泄露",
"link": "https://www.freebuf.com/articles/database/481971.html",
"description": "GitHub员工遭恶意扩展攻击3800个内部源码仓库泄露",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779280305659712_201420402a6c414ea57c5a7ab5e56403.webp!small\" alt=\"\"></p>\n<p>2026年5月20日GitHub通过系列官方声明证实其检测到某员工设备因安装恶意Visual Studio Code扩展而遭入侵导致内",
"category": "数据安全",
"pubDate": "Wed, 20 May 2026 04:47:29 +0800"
},
{
"title": "AI Agent 安全:自动化工作流时如何规避提示注入与数据泄露风险",
"link": "https://www.freebuf.com/articles/ai-security/481829.html",
"description": "AI Agent权限越大风险越高提示注入可致数据泄露",
"body": "<p class=\"tinymce-p\"><img src=\"https://image.3001.net/images/20260520/1779246191_6a0d246fa6e1d68d408d0.jpg!small\" width=\"690\" height=\"388\" alt=\"\" />AI Agent 安全始于一个简单事实Agent 权限越大,其访问控制就需越严格。仅能总结文档的 AI",
"category": "AI安全",
"pubDate": "Tue, 19 May 2026 21:13:08 +0800"
},
{
"title": "FreeBuf早报 | Mythos Preview 实现自动化漏洞研究中 PoC 漏洞利用链构建n8n漏洞使自动化节点面临完整RCE风险",
"link": "https://www.freebuf.com/news/481732.html",
"description": "AI模型可自动构建漏洞利用链安全边界面临重构。",
"body": "<h2 id=\"h2-1\">全球网安事件速递</h2><h3 id=\"h3-1\">1. Mythos Preview 实现自动化漏洞研究中 PoC 漏洞利用链构建</h3><p>Anthropic的AI模型Mythos Preview实现突破能串联漏洞生成可验证的PoC利用链填补漏洞发现与利用间的技术鸿沟。需定制化框架优化结果但安全防护仍需额外措施凸显攻防时间窗缩短的紧迫性。【<a hre",
"category": "资讯",
"pubDate": "Tue, 19 May 2026 18:17:06 +0800"
},
{
"title": "DirtyDecrypt Linux 内核漏洞 PoC 利用代码公开",
"link": "https://www.freebuf.com/articles/system/481812.html",
"description": "高危漏洞DirtyDecrypt曝光Linux本地提权风险加剧容器逃逸威胁企业安全。",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779213934717431_fbd338cb0e024d0ba4f1d28e73d86e72.webp!small\" alt=\"\"></p>\n<p>针对一个被命名为 DirtyDecrypt亦被追踪为 DirtyCBC的高危 Linux 内核本地提权漏洞的概念验证PoC利用代码已",
"category": "系统安全",
"pubDate": "Tue, 19 May 2026 17:18:30 +0800"
},
{
"title": "威胁情报落地的三大SOC战术",
"link": "https://www.freebuf.com/articles/es/481821.html",
"description": "被动安全难抵风险累积三大SOC战术让威胁情报落地提速",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779217503385468_e8ec77053d1742bcb9a4f775553f99f9.webp!small\" alt=\"3 SOC Tactics for Threat Intelligence\"></p>\n<p>数据泄露事件可能只会上头条一天,但其造成的损害却会持续数年。关键业",
"category": "企业安全",
"pubDate": "Tue, 19 May 2026 17:12:12 +0800"
},
{
"title": "新型钓鱼点击OAuth授权如何绕过多因素认证",
"link": "https://www.freebuf.com/articles/ai-security/481770.html",
"description": "OAuth钓鱼攻击绕过MFA窃取企业数据刷新令牌成黑客新武器",
"body": "\n<p><img src=\"https://image.3001.net/images/20260519/1779195846621043_1d6c880720b84255aa9dbabb26ac1bf0.jpg!small\" alt=\"image\"></p>\n<p>2026年2月名为EvilTokens的钓鱼即服务PhaaS平台开始运作。短短五周内该平台就成功入侵了五个国家超过340家微",
"category": "AI安全",
"pubDate": "Tue, 19 May 2026 17:00:00 +0800"
},
{
"title": "Pwn2Own Berlin 2026落幕0Day漏洞奖金总额达130万美元",
"link": "https://www.freebuf.com/articles/481792.html",
"description": "Pwn2Own柏林赛狂揽47个0Day奖金近130万美元",
"body": "<p><img src=\"https://image.3001.net/images/20260520/1779245390_6a0d214e84c1e53d92ea6.jpg!small\" width=\"690\" height=\"388\" alt=\"\" /></p><p>2026年5月16日备受期待的Pwn2Own Berlin 2026黑客大赛在OffensiveCon会议期间经过三天激烈角",
"category": "技术",
"pubDate": "Tue, 19 May 2026 15:59:01 +0800"
},
{
"title": "Orchid Security安全报告三分之二非人类账户处于失控状态",
"link": "https://www.freebuf.com/articles/es/481795.html",
"description": "&quot;企业身份暗物质失控AI时代埋下致命隐患&quot;",
"body": "<p><img src=\"https://image.3001.net/images/20260520/1779207353112015_f86eae1a3ccd4966a6209094af950edf.webp!small\" alt=\"\" /></p><p><strong>美国纽约2026年5月19日CyberNewswire电</strong><strong>新研究表明身份暗物质持续扩张,",
"category": "企业安全",
"pubDate": "Tue, 19 May 2026 15:37:57 +0800"
},
{
"title": "GitHub缩减漏洞赏金计划提醒用户安全责任需共担",
"link": "https://www.freebuf.com/articles/ai-security/481793.html",
"description": "GitHub因AI垃圾报告泛滥缩减漏洞赏金警告用户需自担安全风险。",
"body": "\n<h2>代码托管平台呼吁研究者减少AI生成的低质报告</h2>\n<p><img src=\"https://image.3001.net/images/20260520/1779207203294546_1db731e7b91849f687c029395a13791e.jpg!small\" alt=\"通过GitHub供应链发起的攻击\"></p>\n<p>面对漏洞赏金计划提交量的激增GitHub正对",
"category": "AI安全",
"pubDate": "Tue, 19 May 2026 15:28:48 +0800"
},
{
"title": "Apache Flink 高危漏洞可导致远程代码执行攻击",
"link": "https://www.freebuf.com/articles/database/481799.html",
"description": "高危漏洞Apache Flink SQL注入可致集群沦陷速升级",
"body": "\n<p><img src=\"https://image.3001.net/images/20260520/1779207728416657_85c769744ebd4e9ba16508b0f2df642c.webp!small\" alt=\"\"></p>\n<p>Apache Flink 近日披露一个编号为 CVE-2026-35194 的高危漏洞,该漏洞通过平台代码生成引擎中的 SQL 注入缺陷,使",
"category": "数据安全",
"pubDate": "Tue, 19 May 2026 15:03:10 +0800"
},
{
"title": "Linux应急响应入侵排查篇",
"link": "https://www.freebuf.com/articles/defense/481696.html",
"description": "在日常安全运营中Linux 服务器被入侵是非常常见的应急场景。",
"body": "<p>在日常安全运营中Linux 服务器被入侵是非常常见的应急场景。攻击者通过弱口令、Web 漏洞、组件漏洞、密钥泄露等方式进入主机,随后进行提权、植入后门、横向移动、挖矿、代理转发或数据窃取。</p><h2 id=\"h2-1\"><strong>一、Linux入侵排查思路</strong></h2><p><strong>1.系统信息收集</strong></p><p>主要是收集系统的版本内核信息",
"category": "攻防演练",
"pubDate": "Tue, 19 May 2026 15:01:07 +0800"
},
{
"title": "攻击者利用Cloudflare存储节点从被入侵网络窃取文件",
"link": "https://www.freebuf.com/articles/database/481791.html",
"description": "攻击者利用Cloudflare存储节点窃取政府企业数据定制化工具规避检测。",
"body": "<p><img src=\"https://image.3001.net/images/20260519/1779203091162279_635083f446bd4b7e9241ec9f5e05ffb4.webp!small\" alt=\"\" /></p><p>攻击者发现了一种从被入侵网络静默窃取数据的新方法——这次他们隐藏在人们熟悉的Cloudflare服务背后。安全研究人员发现一起针对性入侵行动",
"category": "数据安全",
"pubDate": "Tue, 19 May 2026 14:01:55 +0800"
},
{
"title": "CVE-2026-42945 深度解析 NGINX Rift 潜伏18年的堆溢出漏洞分析与防御指南",
"link": "https://www.freebuf.com/articles/vuls/481654.html",
"description": "NGINX Rift漏洞极其罕见地在 NGINX 的核心源码库中潜伏了大约 18 年之久。据溯源分析,该缺陷最早在 2008 年左右的提交中被引入。",
"body": "<p>在全球互联网基础设施的底层架构中NGINX 凭借其极致的异步非阻塞事件驱动模型和极低的内存消耗,长期占据着 Web 服务器、反向代理、负载均衡器以及 API 网关领域的统治地位。NGINX的安全性影响全球数以千万计在线服务。2026年5月13日一项被正式命名为 “NGINX Rift” 的严重内存破坏漏洞CVE-2026-42945的公开披露在网络安全业界引发了强烈的震动。</p>",
"category": "漏洞",
"pubDate": "Tue, 19 May 2026 09:33:04 +0800"
}
]
Reference in New Issue View Git Blame Copy Permalink