GafgytбäÖÖC0XMOÄ£¿é»¯DDoS¹¥»÷ÎïÁªÍøÉ豸

°ä²¼¹¦·ò 2026-06-08
1. GafgytбäÖÖC0XMOÄ£¿é»¯DDoS¹¥»÷ÎïÁªÍøÉ豸


6ÔÂ7ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾FortinetµÄ×êÑÐÈËÔ±½üÆÚ·¢ÏÖ £¬Gafgyt½©Ê¬ÍøÂçµÄÒ»¸öбäÖÖ¡°C0XMO¡¹ØýÒÔDD-WRT·ÓÉÆ÷¹Ì¼þΪָ±ê £¬²¢¾ß±¸Ïò¶àÖÖCPU¼Ü¹¹É豸ºáÏòǨáãµÄÄÜÁ¦¡£Ä¿Ç°ÒѼì²âµ½Õë¶ÔARM¡¢MIPS¡¢PowerPC¡¢SuperH¡¢x86¡¢x86_64µÈ¼Ü¹¹µÄÑù±¾ £¬¹¥»÷ÁìÓò¸²¸ÇDVR¡¢Â·ÓÉÆ÷¡¢ÊÓÆµÖÎÀíÆ½Ì¨¼°²¿ÃÅAndroidÉ豸¡£C0XMOµÄÖ÷ÌâÖ°ÄÜÈÔÊÇÌáÒéÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷ £¬Ö§³Ö¶à´ï19ÖÖ¹¥»÷²½Öè £¬Ô̺¬UDP/TCP/SYN/ICMPºéË®¹¥»÷¡¢¡°éæÃüÖ®ping¡±¡¢NTP/Memcached·Å´ó¹¥»÷¡¢DiscordÓïÒôUDPºéË®¼°ValveÌØ¶¨ºéË®¹¥»÷µÈ¡£Æä´«²¼ÖØÒªÀûÓÃCVE-2021-27137·ì϶ £¬Ò»¸öÓÉÓû§ÊäÈë²»¼°Òý·¢µÄ»º³åÇøÒç¶Âí½Å £¬¹¥»÷ÕßÎÞÐèÉí·ÝÑéÖ¤¼´¿ÉÖ´ÐÐËÁÒâ´úÂ롣ΪʵÏÖ¿í·ºÀ©É¢ £¬C0XMO»áÏÂÔØPython¾ç±¾ £¬²¢×°ÖÃrequests¡¢paramiko¡¢beautifulsoup4µÈÈí¼þ°ü £¬ÓÃÓÚÍøÂçɨÃè¼°SSH/TelnetͨѶ¡£É¨ÃèÆ÷ѡȡ¶àÏ̷߳½Ê½Ëæ»úɨÃ軥ÁªÍøÉÏÊ¢¿ª³£Óö˿ڵÄϵͳ £¬·¢ÏÖÖ¸±êºó¼´³¢ÊÔ±©Á¦ÆÆ½âÈõTelnetºÍSSHÍ´´¦ £¬¼ì²âCPU¼Ü¹¹²¢²¿Êð¼æÈݵĶþ½øÔìÎļþ¡£¾ç±¾Ô̺¬½ü¶þÊ®¸öº¯Êý £¬ÕƹÜɨÃè¡¢·ì϶ÀûÓᢼܹ¹¼ì²â¼°µÇ¼ £¬Ö÷ÌâÖ¸±êÊǺáÏòÒÆ¶¯¡£


https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/


2. Everest Forms Pro·ì϶CVE-2026-3300Õý±»»ý¼«ÀûÓÃ


6ÔÂ6ÈÕ £¬ºÚ¿ÍÔÚ»ý¼«ÀûÓÃWordPress²å¼þEverest Forms ProÖеÄÒ»¸ö¸ßΣ·ì϶£¨CVE-2026-3300£© £¬¸Ã·ì϶ӰÏì²å¼þµÄ1.9.12¼°¸üÔç°æ±¾ £¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÔÚ·þÎñÆ÷ÉÏÖ´ÐÐËÁÒâ´úÂë £¬´Ó¶øÆëÈ«½ÚÔìÖ¸±êÍøÕ¾¡£Everest Forms ProÊÇÊ¢ÐÐ±íµ¥¹¹½¨Æ÷Everest FormsµÄóÒ׸½¼Ó×é¼þ £¬³£ÓÃÓÚ´´½¨ÁªÏµ±íµ¥¡¢Ö§¸¶±íµ¥¼°×¢²á±íµ¥µÈ¡£·ì϶±¾Ô­ÔÚÓÚ²å¼þÄÚÖõġ°¸´ÔÓÍÆË㡱ְÄÜ£º¸ÃÖ°ÄÜ½Ó¹Ü±íµ¥×Ö¶ÎÌá½»µÄÖµ £¬²¢½«Æä²åÈëPHP´úÂë×Ö·û´®ÖÐ £¬ËæºóʹÓÃPHPµÄº¯ÊýÖ´ÐÐÌìÉúµÄ´úÂë¡£Ö»¹Ü¿ª·¢Õß¶ÔÓû§ÊäÈëŲÓÃÁË¡°sanitize_text_field()¡±º¯Êý½øÐа²È«´¦Öà £¬µ«¸Ãº¯ÊýδÄÜתÒåµ¥ÒýºÅµÈ¹Ø¼ü×Ö·û¡£¹¥»÷Õß¿ÉÀûÓÃÕâһȱµã £¬Í¨¹ýÌá½»ÒÔµ¥ÒýºÅ¿ªÍ·µÄÖ·´ÌáǰʵÏÖÔ­ÓеÄ×Ö·û´®×ÖÃæÁ¿ £¬×¢ÈëËÁÒâPHP´úÂë £¬²¢ÓÃ×¢½â·û£¨//£©ºöÂÔµôÔü×ҵĴúÂëÆ¬¶Î £¬´Ó¶øÔ¤·ÀÓï·¨ÃýÎó¡£µ±±íµ¥±»´¦Öò¢Ö´ÐÐÍÆËãʱ £¬×¢ÈëµÄ´úÂë±ã»áÔËÐС£¸Ã·ì϶ÓÉ×êÑÐÈËÔ±h0xiloÓÚ2ÔÂͨ¹ýWordfenceÌá½» £¬²å¼þ¿ª·¢ÕßÔÚ3ÔÂ18ÈÕ°ä²¼Á˽¨¸´²¹¶¡¡£×Ô4ÔÂ13ÈÕÆð £¬Õë¶Ô¸Ã·ì϶µÄ¹¥»÷»î¶¯ÆðÍ·»îÔ¾ £¬Wordfence·À»ðǽÒÑÀ¹½Ø³¬¹ý29300´Î¹¥»÷³¢ÊÔ¡£


https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/


3. SolarWinds Serv-U·ì϶CVE-2026-28318Õý±»»ý¼«ÀûÓÃ


6ÔÂ5ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ·¢³öÖÒ¸æ £¬ºÚ¿ÍÔÚ»ý¼«ÀûÓÃSolarWinds Serv-UÈí¼þÖÐÒ»¸ö½üÆÚ½¨¸´µÄ¸ßΣ»Ø¾ø·þÎñ·ì϶£¨CVE-2026-28318£©¡£Serv-UÊÇSolarWinds¹«Ë¾ÎªWindowsºÍLinuxƽ̨ÌṩµÄÎļþ´«ÊäÈí¼þ £¬¾ß±¸ÍйÜÎļþ´«Ê䣨MFT£©ºÍFTP·þÎñÆ÷Ö°ÄÜ £¬Ö§³ÖÓû§Í¨¹ýHTTP/HTTPS¡¢FTP¡¢FTPS¼°SFTPµÈºÍ̸°²È«»¥»»Îļþ¡£¸Ã·ì϶ԴÓÚÈí¼þ¶Ô×ÊÔ´¿÷Ëð½ÚÔì²»µ± £¬Ô¶³Ì¹¥»÷ÕßÎÞÐèÉí·ÝÑéÖ¤ £¬Ò²ÎÞÐèÓû§½»»¥ £¬¼´¿Éͨ¹ý·¢Ë;«ÐÄ»ú¹ØµÄ¡¢Ô̺¬¡°Content-Encoding: deflate¡±µÄPOSTÒªÇó £¬ÒԽϵ͸´ÔӶȵ¼ÖÂServ-U·þÎñ±ÀÀ£¡£SolarWindsÒÑÓÚÖÜËİ䲼Serv-U 15.5.4 Hotfix 1°æ±¾½¨¸´´ËÎÊÌâ £¬²¢½¨ÒéÎÞ·¨Á¢¼´²¿Êð²¹¶¡µÄÖÎÀíÔ±Ï޶ȶÔÒÑÖªµØÖ·µÄ½Ó¼û £¬Í¬Ê±×èÖ¹ËùÓÐÔ̺¬¡°content-encoding¡±×ֶεÄPOSTÒªÇó £¬ÓÉÓÚÒ×Êܹ¥»÷µÄServ-U·þÎñ±¾²»±ØÒª¸ÃÖ°ÄÜ¡£ÔÚSolarWinds°ä²¼²¹¶¡½öÊýÌìºó £¬CISA±ã½«CVE-2026-28318ÄÉÈëÆä¡°ÒÑÖªÒÑÀûÓ÷ì϶Ŀ¼¡± £¬²¢Æ¾¾ÝÔ¼ÊøÐÔ²Ù×÷Ö¸ÁBOD£©22-01 £¬ÒªÇóËùÓÐÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ»ú¹¹±ØÐëÔÚ6ÔÂ19ÈÕǰʵÏÖ²¹¶¡²¿Ê𠣬ÒÔÕмÜÔÚ½øÐеĹ¥»÷¡£


https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/


4. Å£½ò´óѧCareerConnectƽ̨ÊýÔÂÄÚÔÙ´ÎÔâÈëÇÖ


6ÔÂ6ÈÕ £¬Å£½ò´óѧµÄѧÉúÔÙ´ÎÏÝÈëÊý¾Ý°²È«·çÀË £¬¸ÃУʹÓõÄУ±íƽ̨CareerConnectÔڶ̶̼¸¸öÔÂÄÚµÚ¶þ´ÎÔâµ½ÍøÂçÈëÇÖ¡£¸Ãƽ̨ÓÉGroup GTI¹«Ë¾Ìṩ £¬Ö¼ÔÚÔ®ÊÖѧÉúºÍУÓÑѰÕÒ¹¤×÷»úÓö £¬Õâ´Î¹¥»÷µ¼ÖÂÓû§µÄÐÕÃûºÍµç×ÓÓʼþµØÖ·Ð¹Â¶ £¬Î´Ê¹Óõ¥µãµÇ¼£¨SSO£©µÄÓû§µÄ¼ÓÃÜÃÜÂëÒ²Ô⵽¶³ö¡£CareerConnectÊÇÅ£½ò´óѧְҵ·þÎñ²¿ÃŵijÁÒª×é³É²¿ÃÅ £¬·þÎñÓÚѧÉú¡¢Ð£ÓÑ¡¢×êÑÐÈËÔ±¼°ÕÐÆ¸ÈËÔ±¡£¾ÝGTI¹ÙÍø½éÉÜ £¬¸Ãƽ̨ѡȡµÄ¼¼ÊõÓëÓ¢¹ú¼°º£±í¶àËù´óѧһÑù £¬GTI½«Æä×÷ΪTargetConnect½øÐÐÍÆ¹ã¡£Å£½ò´óѧ°µÊ¾ £¬Õâ´Î¹¥»÷²úÉúÔÚ5ÔÂ28ÈÕ £¬ÓÉ¡°°²È«·ì϶¡±ÒýÆð £¬Ä¿Ç°¸Ã·ì϶Òѱ»½¨¸´¡£È»¶ø £¬GTI²¢Î´¹«¿ªÅû¶Õâ´Î°²È«ÊÂÎñ £¬Ò²Î´»ØÓ¦Ã½Ì幨ÓÚÊÜÓ°ÏìÈËÊý¼°ÊÇ·ñº±¼û¾Ý±»µÁµÄѯÎÊ¡£Å£½ò´óѧÔÚ²¼¸æÖÐÃ÷È·°µÊ¾ £¬¡°Ð£ÓÑ¡¢×êÑÐÈËÔ±ºÍ¹ÍÖ÷Óû§¡±µÄÃÜÂëÒѱ»Ç¿Ôì³ÁÖà £¬µ«Î´¾ßÌå×¢Ã÷ÆäËûÓû§ÀàÐ͵ÄÊÜÓ°ÏìÇé¿ö¡£²¼¸æÍ¬Ê±Ö¸³ö £¬¡°Ã»ÓÐÖ¤¾ÝÅú×¢¿Î³ÌÐÅÏ¢¡¢ÉÏ´«µÄÎļþ¡¢Ô¤Ô¼ÐÅÏ¢»ò²ÆÕþÐÅÏ¢Óë´ËÊÂÎñÓйء±¡£GTI·½Ãæ³Æ £¬Õâ´ÎÊý¾ÝÐ¹Â¶ËÆºõÖ¼ÔÚÍøÂçÆ¾Ö¤ £¬¿ÉÄܽøÒ»²½ÓÃÓÚÍøÂç´¹µö¹¥»÷¡£Å£½ò´óѧ佫ÔÚУѧÉúÁÐÈëÊÜÓ°ÏìÃûµ¥ £¬µ«ÏòѧÉú±¨Ö½¡¶Cherwell¡·È·ÈÏ £¬ÐÕÃûºÍµç×ÓÓʼþµØÖ·¿ÉÄÜÒѱ»Ð¹Â¶¡£


https://www.theregister.com/security/2026/06/06/oxford-university-data-pwned-again-by-career-platform-breach/5251754


5. ¶«Ö¥¡¢ÎÞÓ¡Á¼Æ·µÈÍøÕ¾µ¯³öÐéαµÇ¼´°ÇÔȡƾ֤


6ÔÂ5ÈÕ £¬¿Æ¼¼¾ÞÍ·¶«Ö¥ÓëÁãÊÛ¾ÞÍ·ÎÞÓ¡Á¼Æ·½üÈÕ±ðÀëÏòÆäÍøÕ¾·Ã¿Í·¢³öÖÒ¸æ £¬³ÆÍøÕ¾ÉϳöÏÖÁË¿ÉÒɵĵǼµ¯³ö´°¿Ú £¬¿ÉÄܱ»ÓÃÓÚÇÔÈ¡Óû§ÕË»§Æ¾Ö¤¡£Á½¼Ò¹«Ë¾¾ù½¨ÒéÒÑÔÚÓйؽçÃæÊäÈë¹ýµÇ¼ÐÅÏ¢µÄÓû§Á¢¼´¸ü¸ÄÃÜÂë¡£¸ÃÒì³£µÇ¼ÌáÐÑÓÉ±í²¿·þÎñ polyfill[.]io ÌìÉú £¬Polyfill ±¾ÊÇÒ»¸öΪ¾É°æä¯ÀÀÆ÷ÌṩJavaScript¼æÈݲãµÄCDN·þÎñ £¬µ«Ô­ÓòÃû²¢·ÇÓÉÏîÄ¿´´½¨ÕßAndrew Betts½ÚÔì £¬ÓòÃû¹ýÆÚºó±»ËûÈË×¢²á¡£BettsÔø½¨ÒéÍøÕ¾Ç¨áãÖÁÐÂÓòÃû polyfill.com £¬ºó¸ÄΪpolyfill.top¡£Ö»¹Üpolyfill[.]ioµÄ·þÎñÒÑÍ£Óà £¬µ«²¿ÃÅÍøÕ¾ÔÚ´ÓǰÁ½ÄêÖÐδÄܳ¹µ×ËãÕÊËùÓÐÒ³Ãæ £¬²ÐÁôµÄPolyfill´úÂëÒÀÈ»´æÔÚ¡£°²È«×êÑÐÔ±Pasquale Pillitteri»ã±¨³Æ £¬×Ô2026Äê5ÔÂÏÂÑ®Æð £¬¸ÃÓòÃûÔٴλîÔ¾ £¬ÆðÍ·ÏìÓ¦HTTP 401Éí·ÝÑéÖ¤ÒªÇó¡£µ±Óû§½Ó¼ûÈÔǶÓоɴúÂëµÄÍøÕ¾Ê± £¬ä¯ÀÀÆ÷»áÎóÒÔΪ±ØÒªÉí·ÝÑéÖ¤ £¬´Ó¶øµ¯³öµÇ¼ÌáÐÑ¡£ÈÕ±¾Ã½Ì屨·³Æ £¬ÏóÓ¡¡¢FiNC Technologies¡¢Ê¯Ò©³ö°æÉç¼°HobonichiµÈÆ·ÅÆÒ²Ôâ·êÁËͬÑùÎÊÌâ¡£Pillitteri»¹Ö¸³ö £¬ÈýÐÇÖÇÄܵçÊÓ¼°²¿ÃÅÍøÕ¾ÔÚ6ÔÂ1ÈÕÒ²ÏÔʾÁËÀàËÆµÇ¼ÌáÐÑ¡£


https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/


6. RCI HospitalityÊý¾Ýй¶ӰÏìÔ¼4ÍòÈË


6ÔÂ5ÈÕ £¬ÃÀ¹ú×î´óµÄ³ÉÈËÒ¹×Ü»áÔËÓªÉÌÖ®Ò»RCI Hospitality Holdings½üÈÕÏòÓйز¿ÃÅ´«µÝ £¬ÆäÓÚ½ñÄê4ÔÂÅû¶µÄһ·Êý¾Ýй¶ÊÂÎñÏÖʵÉÏÓ°ÏìÁËÔ¼4ÍòÈË¡£¸Ã¹«Ë¾ÆìÏ»¹¾­ÓªÌåÓý¾Æ°ÉºÍÌøÎè¾ãÀÖ²¿¡£RCI HospitalityÔÚ4ÔÂÖÐÑ®ÏòÃÀ¹ú֤ȯÂòÂôίԱ»á£¨SEC£©»ã±¨³Æ £¬Æä×Ó¹«Ë¾RCI Internet ServicesÓÚ3ÔÂ23ÈÕÔÚÆäIIS Web·þÎñÆ÷Öз¢ÏÖÁËÒ»¸ö²»°²È«µÄÖ±½Ó¶ÔÏóÒýÓã¨IDOR£©·ì϶ £¬¸Ã·ì϶µ¼ÖÂÁËδ¾­ÊÚȨµÄÓ×ÎÒÐÅÏ¢½Ó¼û¡£IDOR·ì϶ÊÇÒ»ÖÖ³£¼ûµÄ°²È«È±µã £¬¹¥»÷Õß¿Éͨ¹ýÅú¸ÄURL»òÒªÇóÖеIJÎÊýÖ·´½Ó¼ûÆäËûÓû§µÄÊý¾Ý¡£ÀýÈç £¬µÇ¼ÕË»§Îª¡°101¡±µÄÓû§Èô½«URLÖеIJÎÊý¸ÄΪ¡°102¡± £¬±ã¿ÉÄܲ鿴µ½ÁíÒ»Óû§µÄ¸öÈËÐÅÏ¢¡£RCIÆäʱÅû¶ £¬¶à¶à¶ÀÁ¢³Ð°üÉ̵ÄÐÅÏ¢Ô⵽й¶ £¬Éæ¼°ÐÕÃû¡¢ÁªÏµ·½Ê½¡¢µ®ÉúÈÕÆÚ¡¢Éç»á±£ÏÕºÅÂë¼°¼ÝÊ»ÅÆÕÕºÅÂëµÈÃô¸ÐÄÚÈÝ¡£Æ¾¾Ý·¢¸øÊÜÓ°ÏìÓ×ÎÒµÄ֪ͨÐÅ £¬¶Ô±»µÁÎļþµÄÉó²é¹¤×÷ÒÑÓÚ5ÔÂ13ÈÕʵÏÖ¡£Ä¿Ç° £¬Áª¹úµ÷²é¾ÖÒѱ»·î¸æ´ËÊ £¬RCI°µÊ¾½«¹²Í¬ºóÐøµÄÈκε÷²é¡£


https://www.securityweek.com/nightclub-giant-rci-says-data-breach-affects-40000-individuals/