Lapsus$ÍÅ»ïÇÔÈ¡Ò˼ÒÌØÐí¾­ÓªÉÌ180GBÄÚ²¿Êý¾Ý

°ä²¼¹¦·ò 2026-06-04
1. Lapsus$ÍÅ»ïÇÔÈ¡Ò˼ÒÌØÐí¾­ÓªÉÌ180GBÄÚ²¿Êý¾Ý


6ÔÂ2ÈÕ £¬ÃûΪLapsus$µÄÍþвÐÐΪÕß½üÈÕÐû³Æ £¬ÒÑ´ÓÒË¼ÒÆ·ÅÆ×î´óµÄÌØÐí¾­ÓªÉÌÓ¢¸ñ¿¨¼¯ÍÅÇÔÈ¡ÁË180GBÄÚ²¿Êý¾Ý £¬Ä¿Ç°Õý¹ÒÅÆÏúÊÛ¡£Ó¢¸ñ¿¨¼¯ÍÅÔÚÈ«Çò32¸ö¹ú¶È¾­Óª×ÅÊý°Ù¼ÒʵÌåÃŵ꼰Êý×ÖÇþ·¡£¾Ý³Æ £¬Ð¹Â¶µÄÊý¾ÝÔ̺¬ÄÚ²¿Ô´´úÂë¡£Ö»¹ÜÒ˼ÒÉÐδÕýʽȷÈÏÕâ´ÎÊý¾Ýй¶ÊÂÎñ £¬µ«ÈôÊÇÖ¸¿ØÊôʵ £¬Õâ¼ÒÈ«Çò×î´óµÄ¼Ò¾ßÁãÊÛÉ̽«Ãæ¶ÔÑϳÁµÄ°²È«·çÏÕ¡£¹¥»÷ÕßÔÚÆäÍÅ»ïÍøÕ¾Éϰ䲼ÁËÊý¾ÝÇåµ¥ £¬Ðû³ÆÊý¾Ý¼¯Ô̺¬¡°È«Çòµç×ÓÉÌÎñ¼Ü¹¹ºÍÄÚ²¿ºÏ×÷ƽ̨µÄÆëȫӳÉ䡱 £¬ÒÔ¼°¡°¹©¸øÁ´ÎïÁ÷¡¢ÔÆ»ù´¡ÉèÊ©ºÍAI/MLOps´æ´¢¿â¡±¡£Îª×ôÖ¤Æä˵·¨ £¬ÍþвÐÐΪÕß°ä²¼ÁËÒ»¸öÑù±¾Îļþ £¬¸ÃÎļþÔ̺¬Ô¼6300¸öĿ¼µÄĿ¼Ê÷½á¹¹ £¬µ«²¢Î´Ô̺¬ÏÖʵÎļþÄÚÈÝ¡£×êÑÐÈËÔ±Éó²éºó·¢ÏÖ £¬Ä¿Â¼Ãû³Æ°µÊ¾Á˾ݳÆÐ¹Â¶µÄÊý¾ÝÐÔÖÊ £¬¿ÉÄÜÔ̺¬Ò˼ҿª·¢µÄ¸÷À๤¾ßºÍÀûÓ÷¨Ê½µÄÔ´´úÂë¿â £¬ÈçÄÚ²¿Êý¾Ý·ÖÎö¹¤¾ß¡¢ÄÚÈÝÖÎÀíϵͳ£¨CMS£©¡¢Ò˼Ұ²×¿ÀûÓÃÒÔ¼°ÄÚ²¿ÒµÎñÀûÓ÷¨Ê½¡£È»¶ø £¬ÓÉÓÚÎÞ·¨½Ó¼ûµ×²ãÎļþ £¬Ä¿Ç°ÈÔ²»ÄÜÈ·¶¨ÕâЩ´æ´¢¿âÊÇ·ñÕæµÄÔ̺¬Ô´´úÂë¡¢ÅäÖÃÎļþ¡¢Í´´¦»ò¿Í»§ÐÅÏ¢¡£


https://cybernews.com/security/ikea-source-code-data-sale-lapsus/


2. ºÚ¿Í¶¢É϶³öÔÚ»¥ÁªÍøµÄ´¢¹Þ¼ÆÁ¿ÏµÍ³


6ÔÂ3ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö½áºÏÁª¹úµ÷²é¾Ö¡¢¹ú¶È°²È«¾Ö¡¢ÄÜÔ´²¿µÈ¶à¸öµ±¾Ö»ú¹¹½üÈÕ°ä²¼ÖÒ¸æ £¬Ö¸³öºÚ¿ÍÕý»ý¼«¹¥»÷¶³öÔÚ»¥ÁªÍøÉϵÄ×Ô¶¯´¢¹Þ¼ÆÁ¿ÏµÍ³¡£ÕâÀàϵͳ¿í·ºÀûÓÃÓÚÄÜÔ´¡¢»¯¹¤¡¢Ê³Æ·¡¢Å©Òµ¼°½»Í¨ÔËÊäµÈ¹Ø¼ü»ù´¡ÉèÊ©ÁìÓò £¬ÓÃÓÚÔ¶³Ì¼à¿Ø´¢¹ÞµÄҺλ¡¢Î¶ȼ°Ð¹Â©Çé¿ö¡£¹ÌÈ»ÃÀµ±¾ÖÉÐ佫Óйػ¹é×ïÓÚÈκÎÌØ¶¨¹ú¶È»ò×éÖ¯ £¬µ«´ËǰÓб¨Â·³ÆÒÁÀʺڿÍÔøÉæ¼°¶àÆðÕë¶Ô¼ÓÓÍÕ¾´¢¹ÞϵͳµÄÈëÇÖÊÂÎñ¡£¾Ý²¼¸æÅû¶ £¬¹¥»÷Õßͨ¹ýÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶¡¢Ó²±àÂëÍ´´¦¡¢²Ù×÷ϵͳºÅÁî×¢Èë¡¢SQL×¢ÈëÒÔ¼°È¨ÏÞÌáÉýµÈ¶àÖÖ·½Ê½ £¬³É¹¦ÈëÇÖÁªÍøµÄATGϵͳ £¬²¢Ô¶³ÌÖ´ÐжñÒâºÅÁî¡£Ò»µ©µÃÊÖ £¬¹¥»÷ÕßÄܹ»´Û¸ÄϵͳÉèÖà £¬Ô̺¬ÍøÂçÅäÖᢲúÆ·±êʶ·û¡¢´¢¹ÞÈÝ»ý²ÎÊý¼°±Ã½ÚÔìÖ¸Áî £¬»¹Äܱ¨´ð¹Ø¹Ø¾¯±¨»òÔì×÷×è°­ £¬¹ÊÕϲÙ×÷ÈËԱʵʱ¼à¿ØÒºÎ» £¬´Ó¶øÏÔÖøÔö³¤Ð¹Â©»òÉ豸¹ÊÕϵķçÏÕ¡£ÎªÓ¦¶ÔÕâÒ»Íþв £¬CISAµÈ»ú¹¹¶½´ÙÓйØ×éÖ¯Á¢¼´²ÉÈ¡·À»¤´ëÊ©£º½«ATGϵͳÓ뻥ÁªÍø¸ôÀë £¬Í¨¹ý·À»ðǽ¡¢VPN»ò½Ó¼û½ÚÔìÁбíÑϸñÏÞ¶ÈÔ¶³Ì½Ó¼û £¬¸ü»»ËùÓÐĬÈÏÃÜÂë £¬ÆôÓÃÇ¿ÃÜÂëÕ½ÊõºÍ¶à³É·ÖÈÏÖ¤ £¬ÊµÊ±×°Öð²È«¸üР£¬²¢³ÖÐø¼à¿ØÏµÍ³ÊÇ·ñ´æÔÚδ¾­ÊÚȨµÄÅäÖõ÷»»¡£


https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/


3. UltrahumanÔâºÚ¿ÍÈëÇÖ £¬¿Í»§½¡¿µÊý¾Ýй¶


6ÔÂ3ÈÕ £¬¿É´©´÷½¡¿µ¿Æ¼¼²Ý´´¹«Ë¾Ultrahuman½üÈÕÅû¶ £¬Ò»Â·°²È«·ì϶µ¼Ö²¿Ãſͻ§µÄ½¡¿µÊý¾Ý±»Î´¾­ÊÚȨ½Ó¼û¡£¸Ã¹«Ë¾×ܲ¿Î»ÓÚÓ¡¶È £¬ÒÔÖÇÄܽäÖ¸ºÍ´úл½¡¿µ×·×ÙÉ豸ÎÅÃû £¬Æä×î³ÛÃû²úƷΪÓëOura Ring¾ºÕùµÄRing Air £¬½üÆÚ»¹ÍƳöÁËÉý¼¶°æRing Pro¡£¾ÝUltrahuman֤ʵ £¬Õâ´ÎÊÂÎñ²úÉúÓÚ3ÔÂ27ÈÕ £¬ºÚ¿Íͨ¹ý¶ñÒâÈí¼þÇÔÈ¡ÁËÒ»ÃûÔ±¹¤µÄ±Ê¼Ç±¾µçÄÔÆ¾Ö¤ £¬½ø¶ø½Ó¼ûÁËÓÃÓÚÄÚ²¿ÃÅÎöµÄϵͳ¡£¹«Ë¾³Æ £¬Æä°²È«¾¯±¨ÏµÍ³ÔÚÊýÓ×ʱÄÚ¼ì²âµ½ÈëÇÖ £¬ËæºóѸËÙ½«ÊÜÓ°ÏìϵͳÀëÏß £¬²¢³·ÏúÁËËùÓнӼûȨÏÞ¡£Æ¾¾Ý¸Ã¹«Ë¾´Ëǰ°ä²¼µÄÔ¼70ÍòÔ»îÔ¾Óû§Êý¾Ý £¬Ô¼0.1%µÄÓû§Êܵ½Ó°Ïì £¬ÕâÒâζ×ÅÖÁÉÙÓÐ700Ãû¿Í»§µÄ½¡¿µÊý¾Ý±»Ð¹Â¶¡£Ultrahumanδ·ñ¶¨ÕâÒ»Êý×Ö £¬µ«»Ø¾øÐ¹Â©¾ßÌåÈËÊý¡£¹«Ë¾Ç¿µ÷ £¬ÃÜÂë¡¢Ö§¸¶ÐÅÏ¢¡¢³ö²úϵͳÒÔ¼°Ultrahuman RingÉ豸×ÔÉí¾ùδÔ⵽й¶¡£Ê×ϯִÐйÙMohit Kumar°µÊ¾ £¬¹«Ë¾ÒÑѸËÙ½¨¸´·ì϶ £¬²¢ÔÚ֪ͨÓйؼà¹Ü»ú¹¹¡£


https://techcrunch.com/2026/06/03/ultrahuman-says-hackers-accessed-customers-wellness-data-via-internal-tool/


4. IMA Diligence ServicesÊý¾Ýй¶²¨¼°Óâ52ÍòÈË


6ÔÂ3ÈÕ £¬IMA Diligence ServicesÊÇÒ»¼ÒΪ²¢¹º¼°¹«Ë¾ÂòÂôÌṩ²ÆÕþÕ÷ѯ·þÎñµÄ»ú¹¹ £¬Ò²ÊÇIMA½ðÈÚ¼¯ÍŵÄ×Ó¹«Ë¾¡£¸Ã¹«Ë¾ÔÚ֪ͨ³¬¹ý52.5ÍòÃûÓ×ÎÒ £¬ÆäÓ×ÎÒÐÅÏ¢ÔÚ2024Äê12Ô²úÉúµÄÊý¾Ýй¶ÊÂÎñÖб»µÁ¡£¾Ý¹«Ë¾¹ÙÍø°ä²¼µÄÊÂÎñ֪ͨ £¬¸ÃÊÂÎñÓÚ12ÔÂÖÐÑ®±»·¢ÏÖ £¬Æäʱһ̨ÓɵÚÈý·½ÖÎÀíµÄ¾É·þÎñÆ÷ÎÞ·¨½Ó¼û¡£·¢ÏÖºó £¬¹«Ë¾Á¢¼´Í¨Öª·¨Âɲ¿ÃŲ¢·¢Õ¹µ÷²é £¬Í¬Ê±ÀñƸ±í²¿ÍøÂ簲ȫר¼ÒЭÖú¡£µ÷²éÏÔʾ £¬¹¥»÷ÕßÔÚ12ÔÂ8ÈÕÖÁ12ÔÂ16ÈÕÆÚ¼ä½Ó¼ûÁ˸÷þÎñÆ÷²¢ÇÔÈ¡ÁËijЩÎļþ¡£¾­Êý¾ÝÉó²éÈ·ÈÏ £¬Ð¹Â¶ÐÅÏ¢Ô̺¬ÐÕÃû¡¢µØÖ·¡¢Éç»á±£ÏÕºÅÂë¡¢¼ÝÊ»ÅÆÕÕºÅÂë £¬ÒÔ¼°²ÆÕþÐÅÏ¢ÈçÕ˺źÍÐÅÓþ¿¨ºÅ¡¢Ò½Áƺͽ¡¿µ±£ÏÕÐÅÏ¢ £¬²¿ÃÅÇé¿öÏ»¹Éæ¼°»¤ÕÕºÅÂëºÍÄÉ˰È˼ø±ðºÅ¡£¹«Ë¾ÏòÓ¡µÚ°²ÄÉÖÝ×ܼì²ì³¤°ì¹«Êһ㱨³Æ £¬¹²ÓÐ525,306ÈËÊܵ½Ó°Ïì¡£×÷Ϊ»ØÓ¦ £¬IMA Diligence Services½«ÎªÊÜÓ°ÏìÓ×ÎÒÌṩΪÆÚ12¸öÔµÄÃâ·ÑÐÅÓþ¼à¿ØºÍÉí·Ý¸´Ô­·þÎñ¡£¹ÌÈ»¹«Ë¾Í¨ÖªÎ´Åû¶¹¥»÷Õßϸ½Ú £¬µ«GenesisÀÕË÷Èí¼þ×éÖ¯ÒÑÐû³Æ¶Ô´ËÕÆ¹Ü¡£1ÔÂÏÂÑ® £¬¸ÃÍŻォÆäÁÐÈë»ùÓÚTorµÄÐ¹Â¶ÍøÕ¾ £¬Ðû³Æ´Ó¸Ã¹«Ë¾ÇÔÈ¡ÁË700GBÊý¾Ý £¬Ô̺¬Ó×ÎÒÐÅÏ¢¡¢Ã³Ò×ÎļþºÍ»úÃÜÎļþ¡£


https://www.securityweek.com/ima-diligence-services-data-breach-impacts-525000-people/


5. AndroidÁãÈÕ·ì϶CVE-2025-48595ÒÑÔâÀûÓÃ


6ÔÂ3ÈÕ £¬¹È¸èÓÚ2026Äê6Ô°䲼ÁËAndroid°²È«¸üР£¬½¨¸´Á˸ÃÒÆ¶¯²Ù×÷ϵͳÖеÄ124¸ö·ì϶¡£ÆäÖбàºÅΪCVE-2025-48595¡¢CVSSÆÀ·Ö¸ß´ï8.4µÄ·ì϶ÓÈΪΣÏÕ £¬ÓÉÓÚËüÒѱ»ÓÃÓÚÏÖʵ¹¥»÷¡£¸Ã·ì϶ӰÏìÔËÐÐAndroid 14¡¢15¡¢16¼°Android 16 QPR2µÄÉ豸 £¬ÓÉÕûÊýÒç³öÎÊÌâÒý·¢ £¬¿Éµ¼Ö´úÂëÖ´ÐкÍȨÏÞÌáÉý¡£¹¥»÷Õß¿ÉÄÜÔÚÎÞÐè¶î±íȨÏÞµÄÇé¿öÏ»ñµÃϵͳ¸ß¼¶½Ó¼ûȨÏÞ¡£¹È¸è֤ʵ £¬Óм£ÏóÅú×¢¸Ã·ì϶ÕýÔâ·ê¡°ÓÐÏ޵ġ¢ÓÐÕë¶ÔÐÔµÄÀûÓá± £¬µ«Î´Ð¹Â©¹¥»÷ÕßÉí·Ý¡¢Êܺ¦ÕßÊýÁ¿¼°¾ßÌåÀûÓ÷½Ê½¡£ÏÖ½×¶ÎÉÐÎÞ¹«¿ªÖ¤¾Ý½«¸Ã·ì϶ÓëÌØ¶¨¹¥»÷Õß¹ØÁª £¬µ«¶àÏî¼£ÏóÅú×¢ÕâÊÇÒ»Ìõ¸´ÔӵĹ¥»÷Á´¡£¸Ã·ì϶λÓÚAndroid¿ò¼Ü £¬²Ù×÷ϵͳ×îÃô¸ÐµÄ²ã¼¶Ö®Ò» £¬ÎÞÐèÓû§½»»¥¼´¿É´¥·¢¡£×êÑÐÈËÔ±ÒÔΪ £¬×î¿ÉÄܵÄÇé¾°ÊǶñÒâÀûÓ÷¨Ê½ÔÚ×°ÖúóÀûÓø÷ì϶»ñÈ¡¸ü¸ßȨÏÞ £¬×îÖÕÆëÈ«½ÚÔìÉ豸¡£ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾ÖÒÑÓÚ2026Äê6ÔÂ2ÈÕ½«¸Ã·ì϶ÁÐÈëÒÑÖªÀûÓ÷ì϶Ŀ¼ £¬ÒªÇóÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ»ú¹¹ÔÚ6ÔÂ5ÈÕǰʵÏÖ½¨¸´¡£


https://securityaffairs.com/193057/breaking-news/google-patches-actively-exploited-android-flaw-affecting-millions-of-devices.html


6. °¬ÃÀ½±¹ÙÍøÐ¹Â¶AWSƾ֤ £¬ÄÚ²¿×ÊÔ´ÏÕÔâÈëÇÖ


6ÔÂ3ÈÕ £¬ËÄÔ³õ £¬ÍøÂ簲ȫ×êÑÐÍŶÓÊÕµ½ÄäÃû¾Ù±¨ £¬³Æ°¬ÃÀ½±¹Ù·½Æ½Ì¨Emmy.tv´æÔÚÑϳÁ°²È«·ì϶¡£ÃÀ¹ú¹ú¶ÈµçÊÓÒÕÊõÓë¿ÆÑ§Ñ§ÔºµÄ¹Ù·½Æ½Ì¨ÔÚÒ»´Î¸üкó £¬ÑÇÂíÑ·ÍøÂç·þÎñƾ֤±»Òâ±íй¶¡£¹ÌÈ»ÎÞ·¨°Ù·ÖÖ®°ÙÈ·¶¨Ô­Òò £¬µ«ÔÚ´óÎÞÊý´ËÀàÊÂÎñÖÐ £¬±¨´ðÃýÎóÊÇÖØÒª³É·Ö¡£ÕâЩƾ֤×÷Ϊ¹«¿ª¿É½Ó¼ûµÄHTML´úÂëµÄÒ»²¿ÃŰ䲼 £¬ËùÓÐä¯ÀÀÆ÷ÔÚ½Ó¼ûÍøÕ¾Ê±³ÇÊÐÏÂÔØ¸Ã´úÂ롣ƾ¾Ý±¬ÁÏÐÅÏ¢ £¬Ð¹Â¶µÄƾ֤¶³öÁ˰¬ÃÀ½±³ö²ú»·¾³ÖÐÃô¸Ð×ÊÔ´µÄÔÆ´æ´¢Í°Áбí £¬Ô̺¬Slack¡¢Jira¡¢Zoom¼°°¬ÃÀ½±µç×ÓÓʼþÕË»§µÈ¶à¶àÃô¸Ð·þÎñ¡£ÆäËû¶³öµÄ»ù´¡ÉèÊ©»¹Ô̺¬EmmysµÄAndroid¡¢FireTV¡¢iOSºÍRokuÀûÓà £¬ÒÔ¼°¶à¸öÄÚ²¿Êý¾Ý¿â¡£×êÑÐÍŶÓÖ¸³ö £¬AWSƾ֤ÅÔ±ßÖ¸¶¨µÄ´æ´¢Í°ÉõÖÁûÓÐÉèÖýӼû±£»¤ £¬ÇÒÍйÜÁ˰¬ÃÀ½±µÄ³ÉÔ±Ìá½»ÄÚÈÝ £¬Ô̺¬Ô¤±¨Æ¬ºÍ¾ç±¾¡£×êÑÐÍŶӺËʵÁËÄäÃû×êÑÐÈËÔ±µÄ˵·¨ £¬²¢ÔÚÊÕµ½ÏßË÷ºóÒ²·¢ÏÖÁ˱»ÆØ¹âµÄƾ֤ £¬µ«²¢Î´ÀûÓÃй¶ƾ֤½Ó¼ûÈκηþÎñ¡£ÍŶÓÉó²é×ÊÔ´Áбíºó·¢ÏÖ £¬ÆäÖÐһЩ×ÊÔ´ÎÞÐèÈÎºÎÆ¾Ö¤¼´¿ÉÖ±½Ó½Ó¼û¡£ÔÚÁªÏµ°¬ÃÀ½±ºó £¬½ØÖÁ5ÔÂ6ÈÕ £¬ÓÐ¹ØÆ¾Ö¤ÒѲ»ÔÙй¶¡£


https://cybernews.com/security/emmy-awards-platform-data-leak/