🌍 国际网络安全每日情报 – 2026年03月21日
本文档由系统自动生成,汇总国际最新网络安全漏洞情报、安全新闻和技术解读。
内容策略:聚焦国际网络安全动态,涵盖The Hacker News、BleepingComputer、CISA等权威来源。
🌍 国际网络安全动态
📰 Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
来源:The Hacker News
全球领先网络安全新闻
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Original: Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Original Title: Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
📰 Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
来源:The Hacker News
全球领先网络安全新闻
Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
Original: Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
Original Title: Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
📰 Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
来源:The Hacker News
全球领先网络安全新闻
Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.
Original: Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.
Original Title: Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
📰 The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
来源:The Hacker News
全球领先网络安全新闻
AI-based cyber attacks often blend in with normal behavior. Learn why behavioral analytics must adapt to protect digital identities from AI-based thre
Original: AI-based cyber attacks often blend in with normal behavior. Learn why behavioral analytics must adapt to protect digital identities from AI-based thre
Original Title: The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
📰 Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
来源:The Hacker News
全球领先网络安全新闻
Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk.
Original: Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk.
Original Title: Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
📰 [CVE-2025-32432] Craft CMS Craft CMS – Craft CMS Code Injection Vulnerability
来源:CISA KEV
CISA 已知被利用漏洞 | 添加日期:2026-03-20 | 修复期限:2026-04-03
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Original: Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Original Title: [CVE-2025-32432] Craft CMS Craft CMS – Craft CMS Code Injection Vulnerability
📰 [CVE-2025-54068] Laravel Livewire – Laravel Livewire Code Injection Vulnerability
来源:CISA KEV
CISA 已知被利用漏洞 | 添加日期:2026-03-20 | 修复期限:2026-04-03
Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Original: Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Original Title: [CVE-2025-54068] Laravel Livewire – Laravel Livewire Code Injection Vulnerability
📰 [CVE-2025-43510] Apple Multiple Products – Apple Multiple Products Improper Locking Vulnerability
来源:CISA KEV
CISA 已知被利用漏洞 | 添加日期:2026-03-20 | 修复期限:2026-04-03
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Original: Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Original Title: [CVE-2025-43510] Apple Multiple Products – Apple Multiple Products Improper Locking Vulnerability
📰 [CVE-2025-43520] Apple Multiple Products – Apple Multiple Products Classic Buffer Overflow Vulnerability
来源:CISA KEV
CISA 已知被利用漏洞 | 添加日期:2026-03-20 | 修复期限:2026-04-03
Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Original: Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Original Title: [CVE-2025-43520] Apple Multiple Products – Apple Multiple Products Classic Buffer Overflow Vulnerability
📰 [CVE-2025-31277] Apple Multiple Products – Apple Multiple Products Buffer Overflow Vulnerability
来源:CISA KEV
CISA 已知被利用漏洞 | 添加日期:2026-03-20 | 修复期限:2026-04-03
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Original: Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Original Title: [CVE-2025-31277] Apple Multiple Products – Apple Multiple Products Buffer Overflow Vulnerability
本文档自动生成于 2026-03-21 11:25:54 | 专注中国网络安全新闻
暂无评论内容