漏洞 Vulnerability CVE-2021-1647：Microsoft Defender远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=e383d1342eb0fb09cc4a1f0addf7c0e9 2021-01 补丁日: 微软多个高危漏洞通告 https://cert.360.cn/warning/detail?id=cd9723d0a9357f9a860aff3c494fbcc8 Laravel <= 8.4.2 Debug模式 _ignition 远程代码执行漏洞 https://xz.aliyun.com/t/9021 安全工具 Security Tools RadareEye：一种专门用于扫描附近设备（BLE，蓝牙和Wifi）并在目标设备进入范围内时在系统上执行给定命令的工具 https://www.kitploit.com/2021/01/radareeye-tool-made-for-specially.html Sigurls：一种侦察工具，它从AlienVault的OTX，Common Crawl，URLScan，Github和Wayback机中获取URL https://www.kitploit.com/2021/01/sigurls-reconnaissance-tool-it-fetches.html 安全报告 Security Report Sunburst后门分析报告 https://securelist.com/sunburst-backdoor-kazuar/99981/ Ursnif的新变种持续瞄准意大利 https://www.fortinet.com/blog/threat-research/new-variant-of-ursnif-continuously-targeting-italy McAfee2021年威胁预测报告 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/2021-threat-predictions-report/ 安全研究 Security Research 使用跨进程 XSS 逃逸 macOS Safari 沙箱 https://mp.weixin.qq.com/s/oUp99tATgNNVu0uyZSD9FA TRENDnet 无线摄像头 TV-IP512WN 栈溢出漏洞分析 https://www.anquanke.com/post/id/228228 Jackson反序列化漏洞（CVE-2020-36188）从通告到POC https://www.anquanke.com/post/id/227943 三星手机内核防护技术RKP深度剖析（一） https://www.anquanke.com/post/id/228269 恶意软件 Malware Incaseformat 蠕虫病毒威胁通告 https://cert.360.cn/warning/detail?id=39a713a8612444993801f654e5ed9ed8