GafgytбäÖÖC0XMOÄ£¿é»¯DDoS¹¥»÷ÎïÁªÍøÉ豸
°ä²¼¹¦·ò 2026-06-086ÔÂ7ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾FortinetµÄ×êÑÐÈËÔ±½üÆÚ·¢ÏÖ£¬Gafgyt½©Ê¬ÍøÂçµÄÒ»¸öбäÖÖ¡°C0XMO¡¹ØýÒÔDD-WRT·ÓÉÆ÷¹Ì¼þΪָ±ê£¬²¢¾ß±¸Ïò¶àÖÖCPU¼Ü¹¹É豸ºáÏòǨáãµÄÄÜÁ¦¡£Ä¿Ç°ÒѼì²âµ½Õë¶ÔARM¡¢MIPS¡¢PowerPC¡¢SuperH¡¢x86¡¢x86_64µÈ¼Ü¹¹µÄÑù±¾£¬¹¥»÷ÁìÓò¸²¸ÇDVR¡¢Â·ÓÉÆ÷¡¢ÊÓÆµÖÎÀíÆ½Ì¨¼°²¿ÃÅAndroidÉ豸¡£C0XMOµÄÖ÷ÌâÖ°ÄÜÈÔÊÇÌáÒéÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷£¬Ö§³Ö¶à´ï19ÖÖ¹¥»÷²½Ö裬Ô̺¬UDP/TCP/SYN/ICMPºéË®¹¥»÷¡¢¡°éæÃüÖ®ping¡±¡¢NTP/Memcached·Å´ó¹¥»÷¡¢DiscordÓïÒôUDPºéË®¼°ValveÌØ¶¨ºéË®¹¥»÷µÈ¡£Æä´«²¼ÖØÒªÀûÓÃCVE-2021-27137·ì϶£¬Ò»¸öÓÉÓû§ÊäÈë²»¼°Òý·¢µÄ»º³åÇøÒç¶Âí½Å£¬¹¥»÷ÕßÎÞÐèÉí·ÝÑéÖ¤¼´¿ÉÖ´ÐÐËÁÒâ´úÂ롣ΪʵÏÖ¿í·ºÀ©É¢£¬C0XMO»áÏÂÔØPython¾ç±¾£¬²¢×°ÖÃrequests¡¢paramiko¡¢beautifulsoup4µÈÈí¼þ°ü£¬ÓÃÓÚÍøÂçɨÃè¼°SSH/TelnetͨѶ¡£É¨ÃèÆ÷ѡȡ¶àÏ̷߳½Ê½Ëæ»úɨÃ軥ÁªÍøÉÏÊ¢¿ª³£Óö˿ڵÄϵͳ£¬·¢ÏÖÖ¸±êºó¼´³¢ÊÔ±©Á¦ÆÆ½âÈõTelnetºÍSSHÍ´´¦£¬¼ì²âCPU¼Ü¹¹²¢²¿Êð¼æÈݵĶþ½øÔìÎļþ¡£¾ç±¾Ô̺¬½ü¶þÊ®¸öº¯Êý£¬ÕƹÜɨÃè¡¢·ì϶ÀûÓᢼܹ¹¼ì²â¼°µÇ¼£¬Ö÷ÌâÖ¸±êÊǺáÏòÒÆ¶¯¡£
https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/
2. Everest Forms Pro·ì϶CVE-2026-3300Õý±»»ý¼«ÀûÓÃ
6ÔÂ6ÈÕ£¬ºÚ¿ÍÔÚ»ý¼«ÀûÓÃWordPress²å¼þEverest Forms ProÖеÄÒ»¸ö¸ßΣ·ì϶£¨CVE-2026-3300£©£¬¸Ã·ì϶ӰÏì²å¼þµÄ1.9.12¼°¸üÔç°æ±¾£¬ÔÊÐíδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÔÚ·þÎñÆ÷ÉÏÖ´ÐÐËÁÒâ´úÂ룬´Ó¶øÆëÈ«½ÚÔìÖ¸±êÍøÕ¾¡£Everest Forms ProÊÇÊ¢ÐÐ±íµ¥¹¹½¨Æ÷Everest FormsµÄóÒ׸½¼Ó×é¼þ£¬³£ÓÃÓÚ´´½¨ÁªÏµ±íµ¥¡¢Ö§¸¶±íµ¥¼°×¢²á±íµ¥µÈ¡£·ì϶±¾ÔÔÚÓÚ²å¼þÄÚÖõġ°¸´ÔÓÍÆË㡱ְÄÜ£º¸ÃÖ°ÄÜ½Ó¹Ü±íµ¥×Ö¶ÎÌá½»µÄÖµ£¬²¢½«Æä²åÈëPHP´úÂë×Ö·û´®ÖУ¬ËæºóʹÓÃPHPµÄº¯ÊýÖ´ÐÐÌìÉúµÄ´úÂë¡£Ö»¹Ü¿ª·¢Õß¶ÔÓû§ÊäÈëŲÓÃÁË¡°sanitize_text_field()¡±º¯Êý½øÐа²È«´¦Ö㬵«¸Ãº¯ÊýδÄÜתÒåµ¥ÒýºÅµÈ¹Ø¼ü×Ö·û¡£¹¥»÷Õß¿ÉÀûÓÃÕâһȱµã£¬Í¨¹ýÌá½»ÒÔµ¥ÒýºÅ¿ªÍ·µÄÖ·´ÌáǰʵÏÖÔÓеÄ×Ö·û´®×ÖÃæÁ¿£¬×¢ÈëËÁÒâPHP´úÂ룬²¢ÓÃ×¢½â·û£¨//£©ºöÂÔµôÔü×ҵĴúÂëÆ¬¶Î£¬´Ó¶øÔ¤·ÀÓï·¨ÃýÎó¡£µ±±íµ¥±»´¦Öò¢Ö´ÐÐÍÆËãʱ£¬×¢ÈëµÄ´úÂë±ã»áÔËÐС£¸Ã·ì϶ÓÉ×êÑÐÈËÔ±h0xiloÓÚ2ÔÂͨ¹ýWordfenceÌá½»£¬²å¼þ¿ª·¢ÕßÔÚ3ÔÂ18ÈÕ°ä²¼Á˽¨¸´²¹¶¡¡£×Ô4ÔÂ13ÈÕÆð£¬Õë¶Ô¸Ã·ì϶µÄ¹¥»÷»î¶¯ÆðÍ·»îÔ¾£¬Wordfence·À»ðǽÒÑÀ¹½Ø³¬¹ý29300´Î¹¥»÷³¢ÊÔ¡£
https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/
3. SolarWinds Serv-U·ì϶CVE-2026-28318Õý±»»ý¼«ÀûÓÃ
6ÔÂ5ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ·¢³öÖҸ棬ºÚ¿ÍÔÚ»ý¼«ÀûÓÃSolarWinds Serv-UÈí¼þÖÐÒ»¸ö½üÆÚ½¨¸´µÄ¸ßΣ»Ø¾ø·þÎñ·ì϶£¨CVE-2026-28318£©¡£Serv-UÊÇSolarWinds¹«Ë¾ÎªWindowsºÍLinuxƽ̨ÌṩµÄÎļþ´«ÊäÈí¼þ£¬¾ß±¸ÍйÜÎļþ´«Ê䣨MFT£©ºÍFTP·þÎñÆ÷Ö°ÄÜ£¬Ö§³ÖÓû§Í¨¹ýHTTP/HTTPS¡¢FTP¡¢FTPS¼°SFTPµÈºÍ̸°²È«»¥»»Îļþ¡£¸Ã·ì϶ԴÓÚÈí¼þ¶Ô×ÊÔ´¿÷Ëð½ÚÔì²»µ±£¬Ô¶³Ì¹¥»÷ÕßÎÞÐèÉí·ÝÑéÖ¤£¬Ò²ÎÞÐèÓû§½»»¥£¬¼´¿Éͨ¹ý·¢Ë;«ÐÄ»ú¹ØµÄ¡¢Ô̺¬¡°Content-Encoding: deflate¡±µÄPOSTÒªÇó£¬ÒԽϵ͸´ÔӶȵ¼ÖÂServ-U·þÎñ±ÀÀ£¡£SolarWindsÒÑÓÚÖÜËİ䲼Serv-U 15.5.4 Hotfix 1°æ±¾½¨¸´´ËÎÊÌ⣬²¢½¨ÒéÎÞ·¨Á¢¼´²¿Êð²¹¶¡µÄÖÎÀíÔ±Ï޶ȶÔÒÑÖªµØÖ·µÄ½Ó¼û£¬Í¬Ê±×èÖ¹ËùÓÐÔ̺¬¡°content-encoding¡±×ֶεÄPOSTÒªÇó£¬ÓÉÓÚÒ×Êܹ¥»÷µÄServ-U·þÎñ±¾²»±ØÒª¸ÃÖ°ÄÜ¡£ÔÚSolarWinds°ä²¼²¹¶¡½öÊýÌìºó£¬CISA±ã½«CVE-2026-28318ÄÉÈëÆä¡°ÒÑÖªÒÑÀûÓ÷ì϶Ŀ¼¡±£¬²¢Æ¾¾ÝÔ¼ÊøÐÔ²Ù×÷Ö¸ÁBOD£©22-01£¬ÒªÇóËùÓÐÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ»ú¹¹±ØÐëÔÚ6ÔÂ19ÈÕǰʵÏÖ²¹¶¡²¿Êð£¬ÒÔÕмÜÔÚ½øÐеĹ¥»÷¡£
https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/
4. Å£½ò´óѧCareerConnectƽ̨ÊýÔÂÄÚÔÙ´ÎÔâÈëÇÖ
6ÔÂ6ÈÕ£¬Å£½ò´óѧµÄѧÉúÔÙ´ÎÏÝÈëÊý¾Ý°²È«·çÀË£¬¸ÃУʹÓõÄУ±íƽ̨CareerConnectÔڶ̶̼¸¸öÔÂÄÚµÚ¶þ´ÎÔâµ½ÍøÂçÈëÇÖ¡£¸Ãƽ̨ÓÉGroup GTI¹«Ë¾Ìṩ£¬Ö¼ÔÚÔ®ÊÖѧÉúºÍУÓÑѰÕÒ¹¤×÷»úÓö£¬Õâ´Î¹¥»÷µ¼ÖÂÓû§µÄÐÕÃûºÍµç×ÓÓʼþµØÖ·Ð¹Â¶£¬Î´Ê¹Óõ¥µãµÇ¼£¨SSO£©µÄÓû§µÄ¼ÓÃÜÃÜÂëÒ²Ô⵽¶³ö¡£CareerConnectÊÇÅ£½ò´óѧְҵ·þÎñ²¿ÃŵijÁÒª×é³É²¿ÃÅ£¬·þÎñÓÚѧÉú¡¢Ð£ÓÑ¡¢×êÑÐÈËÔ±¼°ÕÐÆ¸ÈËÔ±¡£¾ÝGTI¹ÙÍø½éÉÜ£¬¸Ãƽ̨ѡȡµÄ¼¼ÊõÓëÓ¢¹ú¼°º£±í¶àËù´óѧһÑù£¬GTI½«Æä×÷ΪTargetConnect½øÐÐÍÆ¹ã¡£Å£½ò´óѧ°µÊ¾£¬Õâ´Î¹¥»÷²úÉúÔÚ5ÔÂ28ÈÕ£¬ÓÉ¡°°²È«·ì϶¡±ÒýÆð£¬Ä¿Ç°¸Ã·ì϶Òѱ»½¨¸´¡£È»¶ø£¬GTI²¢Î´¹«¿ªÅû¶Õâ´Î°²È«ÊÂÎñ£¬Ò²Î´»ØÓ¦Ã½Ì幨ÓÚÊÜÓ°ÏìÈËÊý¼°ÊÇ·ñº±¼û¾Ý±»µÁµÄѯÎÊ¡£Å£½ò´óѧÔÚ²¼¸æÖÐÃ÷È·°µÊ¾£¬¡°Ð£ÓÑ¡¢×êÑÐÈËÔ±ºÍ¹ÍÖ÷Óû§¡±µÄÃÜÂëÒѱ»Ç¿Ôì³ÁÖ㬵«Î´¾ßÌå×¢Ã÷ÆäËûÓû§ÀàÐ͵ÄÊÜÓ°ÏìÇé¿ö¡£²¼¸æÍ¬Ê±Ö¸³ö£¬¡°Ã»ÓÐÖ¤¾ÝÅú×¢¿Î³ÌÐÅÏ¢¡¢ÉÏ´«µÄÎļþ¡¢Ô¤Ô¼ÐÅÏ¢»ò²ÆÕþÐÅÏ¢Óë´ËÊÂÎñÓйء±¡£GTI·½Ãæ³Æ£¬Õâ´ÎÊý¾ÝÐ¹Â¶ËÆºõÖ¼ÔÚÍøÂçÆ¾Ö¤£¬¿ÉÄܽøÒ»²½ÓÃÓÚÍøÂç´¹µö¹¥»÷¡£Å£½ò´óѧ佫ÔÚУѧÉúÁÐÈëÊÜÓ°ÏìÃûµ¥£¬µ«ÏòѧÉú±¨Ö½¡¶Cherwell¡·È·ÈÏ£¬ÐÕÃûºÍµç×ÓÓʼþµØÖ·¿ÉÄÜÒѱ»Ð¹Â¶¡£
https://www.theregister.com/security/2026/06/06/oxford-university-data-pwned-again-by-career-platform-breach/5251754
5. ¶«Ö¥¡¢ÎÞÓ¡Á¼Æ·µÈÍøÕ¾µ¯³öÐéαµÇ¼´°ÇÔȡƾ֤
6ÔÂ5ÈÕ£¬¿Æ¼¼¾ÞÍ·¶«Ö¥ÓëÁãÊÛ¾ÞÍ·ÎÞÓ¡Á¼Æ·½üÈÕ±ðÀëÏòÆäÍøÕ¾·Ã¿Í·¢³öÖҸ棬³ÆÍøÕ¾ÉϳöÏÖÁË¿ÉÒɵĵǼµ¯³ö´°¿Ú£¬¿ÉÄܱ»ÓÃÓÚÇÔÈ¡Óû§ÕË»§Æ¾Ö¤¡£Á½¼Ò¹«Ë¾¾ù½¨ÒéÒÑÔÚÓйؽçÃæÊäÈë¹ýµÇ¼ÐÅÏ¢µÄÓû§Á¢¼´¸ü¸ÄÃÜÂë¡£¸ÃÒì³£µÇ¼ÌáÐÑÓÉ±í²¿·þÎñ polyfill[.]io ÌìÉú£¬Polyfill ±¾ÊÇÒ»¸öΪ¾É°æä¯ÀÀÆ÷ÌṩJavaScript¼æÈݲãµÄCDN·þÎñ£¬µ«ÔÓòÃû²¢·ÇÓÉÏîÄ¿´´½¨ÕßAndrew Betts½ÚÔ죬ÓòÃû¹ýÆÚºó±»ËûÈË×¢²á¡£BettsÔø½¨ÒéÍøÕ¾Ç¨áãÖÁÐÂÓòÃû polyfill.com£¬ºó¸ÄΪpolyfill.top¡£Ö»¹Üpolyfill[.]ioµÄ·þÎñÒÑÍ£Ó㬵«²¿ÃÅÍøÕ¾ÔÚ´ÓǰÁ½ÄêÖÐδÄܳ¹µ×ËãÕÊËùÓÐÒ³Ãæ£¬²ÐÁôµÄPolyfill´úÂëÒÀÈ»´æÔÚ¡£°²È«×êÑÐÔ±Pasquale Pillitteri»ã±¨³Æ£¬×Ô2026Äê5ÔÂÏÂÑ®Æð£¬¸ÃÓòÃûÔٴλîÔ¾£¬ÆðÍ·ÏìÓ¦HTTP 401Éí·ÝÑéÖ¤ÒªÇó¡£µ±Óû§½Ó¼ûÈÔǶÓоɴúÂëµÄÍøÕ¾Ê±£¬ä¯ÀÀÆ÷»áÎóÒÔΪ±ØÒªÉí·ÝÑéÖ¤£¬´Ó¶øµ¯³öµÇ¼ÌáÐÑ¡£ÈÕ±¾Ã½Ì屨·³Æ£¬ÏóÓ¡¡¢FiNC Technologies¡¢Ê¯Ò©³ö°æÉç¼°HobonichiµÈÆ·ÅÆÒ²Ôâ·êÁËͬÑùÎÊÌâ¡£Pillitteri»¹Ö¸³ö£¬ÈýÐÇÖÇÄܵçÊÓ¼°²¿ÃÅÍøÕ¾ÔÚ6ÔÂ1ÈÕÒ²ÏÔʾÁËÀàËÆµÇ¼ÌáÐÑ¡£
https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/
6. RCI HospitalityÊý¾Ýй¶ӰÏìÔ¼4ÍòÈË
6ÔÂ5ÈÕ£¬ÃÀ¹ú×î´óµÄ³ÉÈËÒ¹×Ü»áÔËÓªÉÌÖ®Ò»RCI Hospitality Holdings½üÈÕÏòÓйز¿ÃÅ´«µÝ£¬ÆäÓÚ½ñÄê4ÔÂÅû¶µÄһ·Êý¾Ýй¶ÊÂÎñÏÖʵÉÏÓ°ÏìÁËÔ¼4ÍòÈË¡£¸Ã¹«Ë¾ÆìÏ»¹¾ÓªÌåÓý¾Æ°ÉºÍÌøÎè¾ãÀÖ²¿¡£RCI HospitalityÔÚ4ÔÂÖÐÑ®ÏòÃÀ¹ú֤ȯÂòÂôίԱ»á£¨SEC£©»ã±¨³Æ£¬Æä×Ó¹«Ë¾RCI Internet ServicesÓÚ3ÔÂ23ÈÕÔÚÆäIIS Web·þÎñÆ÷Öз¢ÏÖÁËÒ»¸ö²»°²È«µÄÖ±½Ó¶ÔÏóÒýÓã¨IDOR£©·ì϶£¬¸Ã·ì϶µ¼ÖÂÁËδ¾ÊÚȨµÄÓ×ÎÒÐÅÏ¢½Ó¼û¡£IDOR·ì϶ÊÇÒ»ÖÖ³£¼ûµÄ°²È«È±µã£¬¹¥»÷Õß¿Éͨ¹ýÅú¸ÄURL»òÒªÇóÖеIJÎÊýÖ·´½Ó¼ûÆäËûÓû§µÄÊý¾Ý¡£ÀýÈ磬µÇ¼ÕË»§Îª¡°101¡±µÄÓû§Èô½«URLÖеIJÎÊý¸ÄΪ¡°102¡±£¬±ã¿ÉÄܲ鿴µ½ÁíÒ»Óû§µÄ¸öÈËÐÅÏ¢¡£RCIÆäʱÅû¶£¬¶à¶à¶ÀÁ¢³Ð°üÉ̵ÄÐÅÏ¢Ô⵽й¶£¬Éæ¼°ÐÕÃû¡¢ÁªÏµ·½Ê½¡¢µ®ÉúÈÕÆÚ¡¢Éç»á±£ÏÕºÅÂë¼°¼ÝÊ»ÅÆÕÕºÅÂëµÈÃô¸ÐÄÚÈÝ¡£Æ¾¾Ý·¢¸øÊÜÓ°ÏìÓ×ÎÒµÄ֪ͨÐÅ£¬¶Ô±»µÁÎļþµÄÉó²é¹¤×÷ÒÑÓÚ5ÔÂ13ÈÕʵÏÖ¡£Ä¿Ç°£¬Áª¹úµ÷²é¾ÖÒѱ»·î¸æ´ËÊ£¬RCI°µÊ¾½«¹²Í¬ºóÐøµÄÈκε÷²é¡£
https://www.securityweek.com/nightclub-giant-rci-says-data-breach-affects-40000-individuals/


¾©¹«Íø°²±¸11010802024551ºÅ