DriveSurgeÀûÓÃÉç»á¹¤³ÌÕ½Êõ¹¥»÷ÊýÇ§ÍøÕ¾

°ä²¼¹¦·ò 2026-06-02

1.DriveSurgeÀûÓÃÉç»á¹¤³ÌÕ½Êõ¹¥»÷ÊýÇ§ÍøÕ¾


6ÔÂ1ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Silent Push×îÐÂ×êÑз¢ÏÖ£¬Ò»¸öÃûΪDriveSurgeµÄÍþвÐÐΪÕßÕýÀûÓÃClickFixºÍFakeUpdatesÁ½ÖÖÉç»á¹¤³Ì¼¼Êõ£¬ÔÚÊýǧ¸ö±»ÈëÇÖµÄÍøÕ¾ÉÏ·¢Õ¹´ó¹æÄ£¶ñÒâÈí¼þ·Ö·¢»î¶¯¡£DriveSurgeÖØÒª±íÑݳõʼ½Ó¼û´úÀíµÄ½ÇÉ«£¬Ñ¡È¡°´×°Öø¶·Ñģʽ£¬ÎªºóÐø¸üÑϳÁµÄÍøÂç¹¥»÷ÆÌ·¡£Ôڸù¥»÷»î¶¯ÖУ¬Êܺ¦Õß½Ó¼û±»ÈëÇֵĺϷ¨ÍøÕ¾ºó£¬»á±»³Á¶¨Ïòµ½Ò»¸öÃûΪzTDSµÄ¿ªÔ´Á÷Á¿·ÖÅäϵͳ¡£zTDS×Ô2015Äê¾ÍÒÑ´æÔÚ£¬¶øDriveSurgeÖÁÉÙ´Ó2025Äê9ÔÂÆðͷʹÓÃËü¡£¸Ãϵͳ»á¶Ôÿ¸ö½Ó¼ûÕß½øÐзÖÎö£¬¶¯Ì¬ÅжÏÊÇչʾFakeUpdatesµö¶ü»¹ÊÇClickFixµö¶ü¸üΪÏàÒË¡£Silent PushÖ¸³ö£¬DriveSurgeÀûÓÃzTDS½Ù³ÖÁËÊýǧ¸öŵÑÔÓÅÁ¼µÄÍøÕ¾£¬ÔÚÍøÕ¾ËùÓÐÕߺͽӼûÕß¾ù²»ÖªÇéµÄÇé¿öÏ£¬ÇÄÈ»½«Á÷Á¿µ¼Ïò¶ñÒâÈí¼þ·Ö·¢»ù´¡ÉèÊ©¡£FakeUpdates¹¥»÷ͨ¹ýαÔìµÄä¯ÀÀÆ÷¸üÐÂÌáÐÑÒýÓÕÊܺ¦Õߣ¬¸²¸ÇChrome¡¢Firefox¡¢Edge¡¢Safari¡¢Opera¡¢Brave¡¢Yandex¡¢Vivaldi¡¢ÈýÐÇä¯ÀÀÆ÷¼°UCä¯ÀÀÆ÷µÈÖ÷Á÷ä¯ÀÀÆ÷¡£¶øClickFix¹¥»÷ÔòÊÇÒ»ÖÖÊ¢ÐеÄÉç»á¹¤³ÌÕ½Êõ£¬ËüÓÕÆ­Êܺ¦ÕßÒÔ½â¾ö¼¼ÊõÎÊÌâΪ»Ï×Ó£¬ÔÚϵͳÉϸ´Ôì²¢Ö´ÐжñÒâºÅÁ´Ó¶øµ¼ÖÂϰȾ¡£


https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/


2. Red Hat npmÔâÈëÇÖ£¬¡°Miasma¡±ÇÔÈ¡¿ª·¢Æ¾Ö¤


6ÔÂ1ÈÕ£¬½üÈÕ£¬Ò»Â·Õë¶ÔRed HatµÄ¹©¸øÁ´¹¥»÷µ¼ÖÂÆä¡°@redhat-cloud-services¡±¶¨Ãû¿Õ¼äϵÄ30¶à¸önpmÈí¼þ°ü±»Ö²ÈëºóÃÅ£¬´«²¼ÃûΪ¡°Miasma¡±µÄShai-Hulud¶ñÒâÈí¼þбäÖÖ¡£¾Ýͳ¼Æ£¬ÕâЩ±»ÈëÇÖµÄÈí¼þ°üÿÖÜÏÂÔØÁ¿Ô¼´ï11.7Íò´Î¡£¹¥»÷ÕßÒÉËÆÍ¨¹ýÈëÇÖÒ»ÃûRed HatÔ±¹¤µÄGitHubÕÊ»§£¬Ö±½ÓÏò¶à¸ö´æ´¢¿âÍÆËͶñÒâÌá½»¡£ÕâЩÌá½»Ôö³¤ÁËGitHub Actions¹¤×÷Á÷¼°Ò»¸ö¾ç±¾£¬¸Ã¾ç±¾ÀÄÓÃnpmµÄ°ä²¼»úÔ죬ÀûÓÃOIDCÁîÅÆÍ¨¹ýnpmµÄ¿ÉÐŰ䲼¶Ëµã½øÐÐÉí·ÝÑéÖ¤£¬ÅúÁ¿°ä²¼´øÓкóÃŵÄÈí¼þ°ü°æ±¾¡£±»ÈëÇÖµÄÈí¼þ°üÖÐÔ̺¬¶ñÒâµÄ¡°preinstall¡±¾ç±¾£¬¿ª·¢Õß×°ÖÃÈí¼þ°üʱ»á×Ô¶¯Ö´ÐÐÒ»¸ö¸ß¶È»ìºÏµÄindex.jsÎļþ£¨Ô¼4.2 MB£©£¬ÓÃÓÚÇÔÈ¡GitHub ActionsÃÜÔ¿¡¢AWS¼°Google Cloudƾ֤¡¢Azure·þÎñÖ÷Ì対֤¡¢HashiCorp VaultÁîÅÆ¡¢Kubernetes·þÎñÕË»§ÁîÅÆ¡¢npmºÍPyPI°ä²¼ÁîÅÆ¡¢SSHÃÜÔ¿¡¢Dockerƾ֤¡¢GPGÃÜÔ¿ÒÔ¼°.envÎļþÖеÄÃô¸ÐÐÅÏ¢¡£Red HatÒѽ«ÊÜÓ°ÏìÈí¼þ°ü´Ónpm×¢²á±íÖÐɾ³ý£¬²¢Ç¿µ÷Õâ´Îй¶½öÏÞÓÚÄÚ²¿¿ª·¢¹¤¾ß£¬ÉÐδ·¢ÏÖ¿Í»§»òºÏ×÷ͬ°é»·¾³¼°Red Hat³ö²úϵͳÊܵ½ÈκÎÓ°Ï죬µ«Î´×¢Ã÷ÕË»§±»ÈëÇֵľßÌåÔ­Òò¡£


https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/


3. DashlaneÔⱩÁ¦ÆÆ½â¹¥»÷£¬Óû§ÕË»§±»×Ô¶¯Ëø¶¨


6ÔÂ1ÈÕ£¬½üÈÕ£¬¶àÃûDashlaneÃÜÂëÖÎÀí·þÎñµÄÓû§Ôâ·êÕË»§±»Ëø¶¨ÊÂÎñ£¬Ô­ÒòÊǹ¥»÷Õß·¢ÆðÁ˱©Á¦ÆÆ½â¹¥»÷£¬ÊÔͼ´ÓÔ¶¾àÀëµØÖ·ºÍδ֪É豸µÇ¼Óû§ÕË»§¡£Dashlane¹«Ë¾Ö¤Êµ£¬Õâ´ÎÕË»§ÔÝÍ£ÊÇÆä×Ô¶¯»¯°²È«ÏìÓ¦»úÔìµÄÒ»²¿ÃÅ£¬Ö¼ÔÚÔ¤·ÀÕË»§±»½Ù³Ö¡£ÊÂÎñÆØ¹âÔ´ÓÚ¶àÃûÓû§ÔÚRedditÉÏ·¢Ìû£¬³ÆÊÕµ½ÁËÀ´×Ô¹ú±íµÄ¿ÉÒɽӼûÒªÇó֪ͨÓʼþ£¬ÆäÖÐÔ̺¬ÓÃÓÚ×¢²áÐÂÉ豸µÄÑéÖ¤Âë¡£ºÜ¶àÓû§¸ÐÓ¦²ÂÒÉ£¬ÓÉÓÚËûÃDz¢Î´ÌáÒéÕâЩҪÇó£¬Ò»¶ÈÒÉ»óÕâÊÇÕë¶ÔDashlaneÓû§µÄÍøÂç´¹µö¹¥»÷¡£Ëæºó£¬DashlaneÔÚRedditÉϻظ´³ÆÆäϵͳÊǰ²È«µÄ£¬±©Á¦ÆÆ½â¹¥»÷ͨ¹ýÂ½Ðø³¢ÊÔ¶à¸öÃÜÂëÀ´»ñÈ¡ÕË»§½Ó¼ûȨÏÞ£¬¶øÆ½Ì¨»áͨ¹ýËÙ¶ÈÏÞ¶È¡¢ÑéÖ¤ÂëÌôÕ½ºÍÕË»§Ëø¶¨µÈ±£»¤´ëÊ©£¬ÔÚʧ°Ü³¢ÊÔ´ÎÊý´ïµ½ãÐÖµºó×Ô¶¯×èÖ¹´ËÀ๥»÷¡£Æ¾¾ÝDashlane×´Ì¬Ò³ÃæÏÔʾ£¬¶Ô¸ÃÊÂÎñµÄµ÷²éÓÚ5ÔÂ31ÈÕ15:19 UTCÆô¶¯£¬ÖÁ22:30 UTC±»ÏóÕ÷Ϊ¡°Òѽâ¾ö¡±£¬Ðû³ÆËùÓÐÊÜÓ°ÏìÕË»§Òѽâ·â¡£6ÔÂ1ÈÕ07:32 UTC°ä²¼µÄ¸üÐÂÈ·ÈÏÁËͬÑùÇé¿ö£¬Dashlane±£ÕÏÍŶÓÔÚ¼à¿Ø²¢Ö´Ðжî±í´ëÊ©¡£


https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/


4. SteamÆÀÂ۲ضñÒâ´úÂ룬½ü2000¸öWordPressÍøÕ¾Ï°È¾


6ÔÂ1ÈÕ£¬½ü2000¸öWordPressÍøÕ¾Ï°È¾ÁËÒ»ÖÖÐÂÐͶñÒâÈí¼þ£¬¸Ã¶ñÒâÈí¼þÀûÓÃSteamÉçÇøÓ×ÎÒ×ÊÁÏÆÀÂÛÖеIJ»Ë½¼ûUnicode×Ö·û°µ²ØºÅÁîÓë½ÚÔ죨C2£©Êý¾Ý¡£×Ô2025Äê7Ô³õ´Î·¢Ïָù¥»÷»î¶¯ÒÔÀ´£¬GoDaddyµÄ°²È«¹¤³ÌʦÒÑÔÚԼĪ1980¸öWordPressÍøÕ¾Éϼì²âµ½¸Ã¶ñÒâÈí¼þ¡£Ä¿Ç°Éв»Ã÷ÏÔºÚ¿ÍÈëÇÖÕâÐ©ÍøÕ¾µÄ¾ßÌ巽ʽ£¬×êÑÐÈËÔ±ÒÔΪ³õʼϰȾõè¾¶¿ÉÄÜÔ̺¬£ºÇÔÈ¡ÖÎÀíÔ±µÇ¼ÐÅÏ¢»òй¶µÄFTP/SFTPÍ´´¦¡¢ÀûÓôæÔÚ·ì϶µÄWordPressÖ÷Ìâ»ò²å¼þ£¬»òÕßͨ¹ý¹©¸øÁ´¹¥»÷Ö²Èë¶ñÒâ´úÂë¡£Ö²ÈëÍøÕ¾µÄµÚÒ»½×¶Î¶ñÒâÈí¼þÀûÓÃWordPressÒ³Ãæ¼ÓÔØÀ´½Ó¼ûÌØ¶¨µÄSteamÓ×ÎÒ×ÊÁÏ£¬²¢´Ó¿´ËÆÎÞº¦µÄÆÀÂÛÖÐÌáÈ¡Îı¾¡£È»¶ø£¬ÕâЩÎı¾ÖÐÔ̺¬°µ²ØµÄUnicode×Ö·û£¬ËüÃdzÐÔØ×ÅÏÖʵ¶ñÒâÔØºÉ£¬ÓÐʱ¼Ù×°³ÉASCIIÒÕÊõ¡£½âÂëÆ÷»áºöÂÔËùÓпɼû×Ö·û£¬½«²»Ë½¼û×Ö·ûÓ³ÉäΪÊý×Ö²¢×ª»»Îª¶þ½øÔ죬×îÖÕ³Á½¨³ö×Ö½Ú¡£½âÂëºóµÄÓÐÐ§ÔØºÉÓÃÓÚ¹¹½¨Ò»¸öhello-mywordl[.]infoµÄURL£¬¸ÃURLÌṩ¼Ù×°³ÉºÏ·¨JavaScript¿âµÄ¶ñÒâ´úÂ룬²¢×¢È뵽ÿ¸öWordPressǰ¶ËÒ³ÃæÖС£¹¥»÷µÄ×îºó½×¶ÎÊÇÖ²ÈëÒ»¸öºóÃÅ£¬¸ÃºóÃÅ»áÏìÓ¦Ô̺¬Ìض¨Éí·ÝÑéÖ¤cookieµÄPOSTÒªÇó£¬Í¨¹ýPOST²ÎÊý½Ó¹Übase64±àÂëµÄPHP´úÂë¡£


https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/


5. Windows NetlogonÑϳÁ·ì϶Ôâ»îÔ¾ÀûÓÃ


6ÔÂ1ÈÕ£¬±ÈÀûÊ±ÍøÂ簲ȫÖÐÐÄ£¨CCB£©½üÈÕ·¢³öÖҸ棬ÍþвÐÐΪÕßÔÚ»ý¼«ÀûÓÃ΢Èí×î½ü½¨¸´µÄÒ»¸öWindows NetlogonÑϳÁ·ì϶£¨CVE-2026-41089£©ÌáÒé¹¥»÷¡£¸Ã·ì϶ÊÇ΢ÈíÔÚ2026Äê5Ô¡°²¹¶¡ÐÇÆÚ¶þ¡±»î¶¯Öн¨¸´µÄ£¬±»ÃèÊöΪWindows Netlogon·þÎñÖеĻùÓÚ²Ö¿âµÄ»º³åÇøÒç¶Âí½Å£¬ÔÊÐíûÓÐȨÏ޵Ĺ¥»÷ÕßÔÚÖ¸±êÓò½ÚÔìÆ÷ÉÏ»ñµÃÔ¶³Ì´úÂëÖ´ÐÐȨÏÞ¡£¹¥»÷ÕßÖ»ÐèÏò³äÈÎÓò½ÚÔìÆ÷µÄWindows·þÎñÆ÷·¢ËÍÌØÔìµÄÍøÂçÒªÇ󣬼´¿ÉÎÞÐèµÇ¼»òÊÂÏÈ»ñµÃ½Ó¼ûȨÏÞ£¬ÔÚÊÜÓ°ÏìµÄϵͳÉÏÔËÐжñÒâ´úÂë¡£¸Ã·ì϶ӰÏìËùÓе±Ç°ÊÜÖ§³ÖµÄWindows Server°æ±¾£¬Ô̺¬×îа汾Windows Server 2025£¬ÓÉ΢ÈíÄÚ²¿µÄWindows¹¥»÷×êÑÐÓë±£»¤ÍŶӷ¢ÏÖ¡£CCBÔÚÖÜÎå°ä²¼ÖÒ¸æ³Æ¸Ã·ì϶ĿǰÒÑÔâ»îÔ¾ÀûÓ㬲¢¶½´ÙÖÎÀíÔ±Á¢¼´½¨²¹´æÔÚ·ì϶µÄ·þÎñÆ÷¡£CCBÔÚÍÆÌØÉÏÖ¸³ö£¬¸Ã·ì϶µÄCVSS 3.1ÆÀ·ÖΪ9.8£¬ÊôÓÚÑϳÁ¼¶±ð¡£È»¶ø£¬CCB²¢Î´ÌṩÓйØÕâЩ³ÖÐø¹¥»÷µÄ¾ßÌåϸ½Ú£¬Ò²Ã»ÓлØÓ¦Ã½Ìå½øÒ»²½ÐÅÏ¢µÄÒªÇó¡£Î¢ÈíÉÐδ¸üÐÂÆä°²È«²¼¸æ£¬Ò²Î´È·Èϸ÷ì϶ÊÇ·ñÒѱ»»îÔ¾ÀûÓá£


https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/


6. ³¯ÏʺڿͽèÐéαZoom¸üй¥»÷¼ÓÃÜÇ®±ÒÓëWeb3ÐÐÒµ


6ÔÂ1ÈÕ£¬Æ¾¾ÝSpiderLabsµÄ×îл㱨£¬Ò»¸ö±»¹é×ïÓÚ³¯ÏʺڿÍ×éÖ¯Sapphire SleetµÄ¶ñÒâÈí¼þ¹¥»÷»î¶¯£¬ÔÚרÃÅÕë¶Ô¼ÓÃÜÇ®±Ò×éÖ¯¡¢·çÏÕͶ×ʹ«Ë¾ºÍWeb3¿ª·¢ÈËÔ±¡£¹¥»÷Á÷³ÌʼÓÚºÚ¿Íͨ¹ýLinkedIn¡¢Telegram¡¢µç×ÓÓʼþ»òÆäËûרҵƽ̨ÁªÏµÖ¸±ê×éÖ¯µÄ³ÉÔ±£¬¼ÙÒâÕÐÆ¸ÈËÔ±¡¢Í¶×ÊÕß»òóÒ×ͬ°é¡£Ò»µ©³ÉÁ¢³õ²½ÐÅÀµ¹ØÏµ£¬¹¥»÷Õß±ã»áÌáÒé½øÐÐÊÓÆµ»áÒ顣Ȼ¶øÔÚ»áÒéÆðͷǰ£¬Êܺ¦Õ߻ᱻÅúʾװÖÃÒ»¸öËùνµÄ¡°Zoom SDK¸üС±¡£ÏÖʵÏÂÔØµÄÎļþ²¢·ÇºÏ·¨¸üУ¬¶øÊÇÒ»¶Î¶ñÒâµÄAppleScript¾ç±¾£¬¸Ã¾ç±¾Ëæ¼´Æô¶¯Ò»¸ö¶à½×¶ÎµÄϰȾÁ´¡£»ñµÃ³õʼ½Ó¼ûȨÏ޺󣬶ñÒâÈí¼þ»áÅúʾÊÜÐÅÀµµÄmacOS×é¼þÏÂÔØ¶î±íµÄÓÐÐ§ÔØºÉ£¬ÒÔʵÏÖÓÆ¾Ã»¯½Ó¼û²¢Èƹý°²È«½ÚÔì´ëÊ©¡£Í¬Ê±£¬Ëü»á¶¨ÆÚÓëºÅÁîÓë½ÚÔì·þÎñÆ÷ͨѶ¡£½ÓÏÂÀ´£¬Ò»¸öÃûΪsystemupdate.appµÄÐéαÀûÓ÷¨Ê½»áµ¯³öÒ»¸ö¿´ËÆmacOSÔ­ÉúÉí·ÝÑéÖ¤´°¿ÚµÄÌáÐÑ£¬ÓÃÓÚÇÔÈ¡Óû§µÄµÇ¼ÃÜÂë¡£ÔÚʵÏÖ»·¾³Ì½²âºÍȨÏÞ»ñÈ¡ºó£¬¶ñÒâÈí¼þÆðÍ·ËÑË÷ÊÜϰȾÉ豸ÖÐÓмÛÖµµÄÐÅÏ¢£¬Ö¸±êÔ̺¬£º¼ÓÃÜÇ®±ÒÈí¼þÇ®°ü¡¢±¾µØä¯ÀÀÆ÷À©´óÊý¾Ý¡¢Telegram»á»°ÐÅÏ¢¡¢±¾µØSSHÃÜÔ¿ÒÔ¼°Apple NotesÖеÄδ¼ÓÃܼͼ¡£ËùÓÐÕâЩ±»ÇÔÈ¡µÄÊý¾ÝËæºó»á±»´ò°üѹËõ£¬²¢·¢Ë͵½³¯ÏʽÚÔìµÄ·þÎñÆ÷¡£


https://cybernews.com/security/north-korean-hacker-macos-malware/