ShinyHuntersй¶ÁË40ÍòBCD Travel¿Í»§µÄÊý¾Ý

°ä²¼¹¦·ò 2026-06-10

1. ShinyHuntersй¶ÁË40ÍòBCD Travel¿Í»§µÄÊý¾Ý


6ÔÂ8ÈÕ£¬ÀÕË÷Èí¼þ×éÖ¯ShinyHunters½üÈÕÔÚÆä°µÍøÐ¹Â¶ÍøÕ¾Éϰ䲼ÁËÈ«Çò³ÛÃûÉÌÎñ¹Û¹â¹«Ë¾BCD TravelµÄ¹«Ë¾Êý¾Ý£¬Ô̺¬³¬¹ý30GBµÄѹËõÐÅÏ¢£¬Éæ¼°70¶àÍòÌõSalesforce¼Í¼¡¢SharePointÍøÕ¾ÄÚÈÝ¡¢ÄÚ²¿Îĵµ¡¢¿Í»§¼Í¼¡¢ºÏͬ¼°ÔËÓªµý±¨µÈ¡£BCD Travel×ܲ¿Î»ÓÚºÉÀ¼£¬ÊÇÈ«Çò×î´óµÄÉÌÎñ¹Û¹âÉçÖ®Ò»£¬Îª¿ç¹ú¹«Ë¾ºÍµ±¾Ö»ú¹¹ÌṩÔ̺¬Ô¤Ô¼»úƱ¡¢¾ÆµêºÍ×â³µÔÚÄÚµÄÉÌÎñ¹Û¹â¹æ»®·þÎñ¡£¹¥»÷ÕßÔø´ÍÓëBCD Travel¹¦·ò£¬ÒªÇóÆäÔÚ6ÔÂ1ÈÕǰ֧¸¶Êê½ð£¬²»È»½«¹«¿ªËùÓб»µÁÐÅÏ¢¡£ÓÉÓÚδÄܰ´Ê±Âú×ãÒªÇó£¬ShinyHunters°´´òË㽫Êý¾Ý¹«¿ª°ä²¼µ½°µÍøÉÏ¡£¾Ý°Ä´óÀûÑÇÍøÂ簲ȫר¼ÒTroy Hunt·ÖÎö£¬Õâ´ÎÐ¹Â¶Éæ¼°396,313¸ö·ÖÆçµÄµç×ÓÓʼþµØÖ·£¬³¬¹ýËÄ·ÖÖ®Ò»£¨Ô¼28%£©µÄÓÊÏä´ËǰÒÑ´æÔÚÓÚ¡°Have I Been Pwned¡±Êý¾Ý¿âÖС£³ýÓÊÏä±í£¬Ð¹Â¶µÄÊý¾Ý»¹Ô̺¬ÐÕÃû¡¢ÏÖʵµØÖ·¡¢µç»°ºÅÂ롢ְλÒÔ¼°Ö§³Ö¹¤µ¥ÐÅÏ¢µÈÃô¸ÐÄÚÈÝ¡£


https://cybernews.com/security/shinyhunters-400k-bcd-travel-customers-data-online/


2. ÷è÷ëÀÕË÷×é֯Ϯ»÷ŦԼÐÂÔóÎ÷¸ÛÎñ¾ÖЭ»á


6ÔÂ8ÈÕ£¬³ôÃûÔ¶ÑïµÄ¶íÓïÀÕË÷Èí¼þ×éÖ¯¡°÷è÷롱½üÈÕÔÚÆä°µÍøÐ¹Â¶ÍøÕ¾Éϰ䲼ÁËŦԼºÍÐÂÔóÎ÷¸ÛÎñ¾ÖЭ»á£¨SANYNJ£©µÄÓйØÐÅÏ¢¡£Ö»¹Ü¸Ã×éÖ¯ÔÚÊܺ¦ÕßÌõ¿îÖÐÌṩµÄϸ½ÚºÜÉÙ£¬µ«Ðû³ÆÒÑ¡°°ä²¼¡±´ÓÕâÒ»ÖØ´óº£Ê»áÔ±×éÖ¯ÇÔÈ¡µÄÊý¾Ý¡£½ØÖÁ»ã±¨°ä²¼Ê±£¬²é¿´Êý¾ÝµÄÁ´½ÓÒÑʧЧ£¬Òò¶øÉв»Ã÷ÏÔÏÖʵй¶µÄÐÅÏ¢Á¿¼°¾ßÌåÀà±ð¡£È»¶ø£¬Õâ´Î¹¥»÷µÄDZÔÚºó¹û¿ÉÄÜÓ°ÏìÉîÔ¶¡£SANYNJ´ú±íÔÚŦԼºÍÐÂÔóÎ÷¸ÛÔËÓª´¬²°¡¢ÔËÊä»õÎïÒÔ¼°ÅàѵºÍ¹ÍÓô¬²º¹¤È˵Ĵ¬²ºÔËÓªÉÌ¡¢Ô¶Ñó³ÐÔËÉÌ¡¢×°Ð¶¹¤È˼°Óйغ£ÑóÆóÒµ¡£¸Ã¸Û¿ÚÊÇÃÀ¹ú»õÎïµÄÖØÒªÃÅ»§£¬´¦ÖÃÈ«ÃÀ80%µÄ½ø¿Ú±í¹ú»õÎΪȫ¹úÔ¼40%µÄÈ˶¡ÌṩʳƷ£¬²¢Í¨¹ý×ÔÓÐÌú·ϵͳ½«»õÎïÔËÊäÖÁÖÐÎ÷²¿ºÍ¼ÓÄôó¡£¹©¸øÁ´×¨¼ÒÖҸ棬Õë¶Ôº£ÔËÒµµÄ³Á´óÍøÂç¹¥»÷¿ÉÄÜÔì³ÉÑϳÁµÄϵͳ¹ÊÕÏ£¬Ó°Ïì»õÎï×·×ÙºÍÎïÁ÷£¬µ¼Ö¸ù»ùÉÌÆ·Ç·È±¡£¹¥»÷ÕßÈôδ¾­ÊÚȨ½Ó¼ûÃô¸Ð»õÎïÊý¾Ý£¬¿ÉÄܴ۸ĻõÔËÐÅÏ¢¡¢·ÛËéÆð³Á»úºÍÕ¢Ãŵȹؼü»ù´¡ÉèÊ©£¬ÉõÖÁ¸ú×ÙÃô¸Ð¾üÊ»õÎﶯÏò¡£


https://cybernews.com/security/qilin-ransomware-claims-hack-of-major-new-york-new-jersey-shipping-association/


3. ServiceNow API·ì϶ÖÂÊý¾Ýй¶·çÏÕ


6ÔÂ9ÈÕ£¬½üÈÕ£¬ÆóÒµÔÆÆ½Ì¨ServiceNow°ä²¼°²È«ÖҸ棬³ÆÆäÒ»¸ö´æÔÚ·ì϶µÄAPI¶Ëµã±»¹¥»÷ÕßÀûÓã¬Í¨¹ýδ¾­Éí·ÝÑéÖ¤µÄ½Ó¼û·ì϶£¬³É¹¦´Ó²¿Ãſͻ§Ê·ýÖвéÎÊÊý¾Ý£¬µ¼Ö°²È«ÊÂÎñ²úÉú¡£¸Ã¹«Ë¾ÔÚ¼ì²âµ½¡°Òì³£»î¶¯¡±ºó£¬Í¨¹ýÖ§³Ö²¼¸æºÍÖ±½ÓÖ§³Ö°¸ÀýÏòÊÜÓ°Ïì¿Í»§·¢³öÖҸ棬µ«¸Ã²¼¸æ½ö°ä²¼ÓÚServiceNow¿Í»§Ö§³ÖµÇ¼ÃÅ»§ºó·½£¬²¢Î´¹«¿ªÅû¶¡£¾Ý²¼¸æ£¬ServiceNowÓÚ2026Äê6ÔÂ5ÈÕ¶ÔÍйܿͻ§Ê·ýÀûÓÃÁ˰²È«¸üУ¬¸Ã¸üÐÂÖ¼ÔÚ½â¾öÒ»¸ö¿ÉÄÜÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÓû§ÔÚijЩÇé¿öÏ»ñµÃ³¬³öÔ¤ÆÚÊ·ý½Ó¼ûȨÏ޵ݲȫÎÊÌâ¡£¾ßÌå¶øÑÔ£¬°²È«¸üÐÂÅú¸ÄÁËAPI¶ËµãÅäÖ㬽«½Ó¼ûȨÏÞÏÞ¶ÈΪ½öÏÞÒÑÈÏÖ¤Óû§¡£ServiceNowÈ·ÈϹ¥»÷ÕßÀûÓø÷ì϶³É¹¦²éÎÊÁ˿ͻ§Ê·ýÖеıíÊý¾Ý¡£Ö»¹Ü¹«Ë¾Î´Ð¹Â©¾ßÌå±»½Ó¼ûµÄÊý¾ÝÄÚÈÝ£¬µ«´ËÀàÊ·ýͨ³£´æ´¢Ãô¸ÐµÄÆóÒµÐÅÏ¢£¬Ô̺¬ITÖ§³Ö¹¤µ¥¡¢Ô±¹¤¼Í¼¡¢ÄÚ²¿Îĵµ¡¢×ʲúÇåµ¥¡¢°²È«ÊÂÎñ»ã±¨¡¢¹¤×÷Á÷Êý¾ÝÒÔ¼°ÏµÍ³ºÍ·þÎñµÄÅäÖÃÏêÇé¡£


https://www.bleepingcomputer.com/news/security/servicenow-discloses-security-incident-exposing-customer-data/


4. ·¨¹úTchapƽ̨ÔâÈëÇÖ£¬³¬13GBÊý¾Ý±»ÇÔ


6ÔÂ9ÈÕ£¬·¨¹úµÐÔÖÊý×ÖÊÂÎñ¾Ö£¨DINUM£©½üÈÕ·¢³öÖҸ棬ÓкڿÍÀûÓñ»½Ù³ÖµÄÓû§ÕÊ»§³É¹¦ÈëÇÖÁË·¨¹úµ±¾ÖרΪ¹«¹²²¿ÃÅÉè¼ÆµÄ¼ÓÃÜͨѶƽ̨Tchap¡£TchapÓÉDINUMÓë·¨¹úÍøÂ簲ȫ¾Ö£¨ANSSI£©ÓÚ2018Äê»ùÓÚÈ¥ÖÐÐÄ»¯µÄMatrixºÍ̸ºÏ×÷¿ª·¢£¬Ö¼ÔÚΪ·¨¹ú¹«¹²²¿ÃÅÌṩ°²È«µÄ¼´Ê±Í¨Åå·þÎñ¡£ÔÚ×ÜÀí¸¥ÀÊË÷Íß¡¤±´Â³ÓÚ2025Äê8Ô³õÇ¿ÔìËùÓй«ÎñԱʹÓÃTchap²¢²»ÈÝʹÓñí¹úÀûÓ÷¨Ê½½øÐй¤×÷¹µÍ¨ºó£¬¸Ãƽ̨µÄÔ»îÔ¾Óû§Òѳ¬¹ý30Íò£¬ÔÚGoogle PlayÉ̵êµÄÏÂÔØÁ¿Í»ÆÆ50Íò¡£¾ÝDINUMÖÜһй©£¬ANSSIÓÚǰһ¸öÖÜÈÕ¼ì²âµ½°²È«·ì϶£¬ÓÐÍþвÐÐΪÕßÀûÓñ»µÁÓõÄÓû§ÕÊ»§½Ó¼ûÁËÕâÒ»±¾Ó¦°²È«µÄͨѶƽ̨¡£·¨¹úÊý×ÖÊÂÎñ¾ÖÒÑÏò·¨¹úÊý¾Ý±£»¤»ú¹¹CNIL·¢³ö¾¯±¨£¬ÓÉÓÚ¹¥»÷Õß¿ÉÄܽӼûÁËijЩÓû§ÔÚ¶Ô»°ÖзÖÏíµÄÓ×ÎÒÊý¾Ý£¬µ¼ÖÂÕâЩÐÅÏ¢´æÔÚй¶·çÏÕ¡£Ò»ÃûÍþвÐÐΪÕßÔÚÖÜÄ©Ðû³Æ¶ÔÕâ´ÎÊÂÎñÕÆ¹Ü£¬²¢·ÖÏíÁ˱»µÁÎļþÑù±¾¡£¸Ã¹¥»÷Õß°µÊ¾£¬ËûÃÇͨ¹ýÉç½»¹¤³Ì¼¿Á©ÔÚ½ÌÓý·Ôì¬ÉÏ»ñµÃÁËÓÐЧÕË»§£¬²¢Ðû³ÆÇÔÈ¡ÁËͨ¹ý·¨¹ú˰Îñ¾ÖµØÓòÖ÷¹Ü¹²ÏíµÄPowerShell¾ç±¾Ð¹Â¶µÄÓ²±àÂëLDAPÍ´´¦£¬ÒÔ¼°¹«ÎñԱʹÓÃTchap·þÎñ¹²ÏíµÄ³¬¹ý13.5GBµÄÎĵµºÍýÌåÎļþ¡£


https://www.bleepingcomputer.com/news/security/french-govt-messaging-service-breached-in-account-hijacking-attack/


5. CISA´¹Î£ÒªÇ󽨲¹Check Point VPNÁãÈÕ·ì϶


6ÔÂ9ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©ÒѺÅÁîÃÀ¹úµ±¾Ö»ú¹¹´¹Î£±£»¤ÆäCheck PointÔ¶³Ì½Ó¼ûVPN¼°Òƶ¯½Ó¼û²¿Êð£¬ÒÔ·À±¸Ò»¸ö±»÷è÷ëÀÕË÷Èí¼þ¹ØÁª×éÖ¯ÔÚÁãÈÕ¹¥»÷ÖÐÀûÓõĹؼü·ì϶¡£¸Ã·ì϶±àºÅΪCVE-2026-50751£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÈÆ¹ýÉí·ÝÑéÖ¤£¬ÔÚÖ¸±êÒÆ¶¯½Ó¼û/SSL VPN¡¢Ô¶³Ì½Ó¼ûVPN»òSpark·À»ðǽÉϳÉÁ¢Ô¶³Ì½Ó¼ûVPNÏνÓ¡£¸Ã·ì϶½öÓ°ÏìÅäÖÃΪʹÓÃÒÑÆúÓõÄIKEv1ÃÜÔ¿»¥»»ºÍ̸µÄÊ·ý£¬ÒÔ¼°²»±ØÒª»úе֤Êé¼´¿É³ÉÁ¢ÏνӲ¢½ÓÊܾɰæÔ¶³Ì½Ó¼û¿Í»§¶ËµÄ°²È«Íø¹Ø¡£ÒÔÉ«ÁÐÍøÂ簲ȫ¹«Ë¾Check PointÓÚÖÜÒ»°ä²¼Á˰²È«¸üУ¬²¢Ö¸³ö¸Ã·ì϶Òѱ»ÓÃÓÚ×Ô5ÔÂ7ÈÕÆðÍ·¡¢ÔÚÖÜÄ©¼¤ÔöµÄ¹¥»÷ÖС£Ö»¹ÜÕâЩ¹¥»÷½öµ¼ÖÂÈ«Çò¡°¼¸Ê®¸ö¡±×éÖ¯Êܺ¦£¬µ«Check PointÒѽ«ÖÁÉÙһ·ÊÂÎñÓë÷è÷ëÀÕË÷Èí¼þ¼´·þÎñ£¨RaaS£©Ðж¯ÁªÏµÆðÀ´¡£CISA½«CVE-2026-50751²ÎÓëÆäÒÑÖªÀûÓ÷ì϶£¨KEV£©Ä¿Â¼£¬ºÅÁîÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ£¨FCEB£©»ú¹¹ÔÚ6ÔÂ11ÈÕǰ½¨¸´·ì϶¡£


https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/


6. WinRAR°ä²¼½üÒ»ÄêµÄ·ì϶ÈÔ±»¶íºÚ¿ÍÓÃÓÚ¹¥»÷ÎÚ¿ËÀ¼


6ÔÂ9ÈÕ£¬Ö»¹Ü²¹¶¡°ä²¼ÒѽüÒ»Ä꣬Á½¸öÓë¶íÂÞ˹½áÃ˵ÄÍøÂç¹¥»÷»î¶¯ÈÔÔÚ³ÖÐøÀûÓÃWinRARÖеݲȫ·ì϶£¨CVE-2025-8088£©¹¥»÷ÎÚ¿ËÀ¼×éÖ¯¡£Ç÷Ïò¿Æ¼¼½«ÕâÁ½Æð»î¶¯±ðÀë¹éÒòÓÚEarth Dahu£¨±ðÃûGamaredon£©ºÍSHADOW-EARTH-066£¨±ðÃûUAC-0226£©¡£¸Ã·ì϶ÊÇÒ»¸öõè¾¶±éÀú·ì϶£¬ÔÊÐí¹¥»÷Õßͨ¹ýNTFS±¸ÓÃÊý¾ÝÁ÷½«ÎļþдÈë½âѹĿ¼֮±íµÄµØÎ»¡£WinRARÒÑÓÚ2025Äê7Ô½¨¸´¸Ã·ì϶¡£ÆäÖУ¬SHADOW-EARTH-066ÀûÓþ«ÐÄ»ú¹ØµÄRARѹËõ°ü£¬ÄÚº¬Ò»¸öµö¶üPDFÎĵµºÍÈý¸ö°µ²ØÔÚ½âѹĿ¼֮±íµÄADSÓÐÐ§ÔØºÉ¡£Ï°È¾Á÷³ÌÔ̺¬£º½«Ò»¸öWindows¿ì½Ý·½Ê½Îļþ¸éÖÃÓÚÆô¶¯Îļþ¼ÐÒÔʵÏÖÓÆ¾Ã»¯£¬¸ÃLNKÎļþͨ¹ýcmd.exeÆô¶¯PowerShell¼ÓÔØÆ÷£¬ËæºóʹÓÃÄÚ´æÖеÄDLL×îÖÕ¼ÓÔØ¸üа汾µÄGIFTEDCROOK¡£¸Ã¶ñÒâÈí¼þÖ¼ÔÚÇÔÈ¡»ùÓÚChromiumµÄä¯ÀÀÆ÷¼°FirefoxÖеÄÃÜÂëºÍCookie£¬Í¬Ê±´ÓÊܺ¦ÍÆËã»úÉÏÍøÂçÌØ¶¨À©´óÃûµÄÎĵµ¡£Êý¾Ý±»±íйÖÁ±í²¿·þÎñÆ÷ºó£¬ËùÓжñÒâºÛ¼£»á±»É¾³ýÒÔ¸²¸Çȡ֤×ÙÓ°¡£Earth DahuÀûÓø÷ì϶ͨ¹ýHTAµ½VBScriptµÄϰȾÁ´´«²¼¼äµýÄ £¿é£¬ÇÒ¸ÃϰȾÁ´ÖÁÉÙÔÚ2026Äê4ÔÂ10ÈÕǰά³Ö»îÔ¾¡£¾ÝSekoia¼Í¼£¬ÕâЩ¹¥»÷×îÖÕ²¿ÊðGammaPhish£¬½ø¶ø¼ìË÷ÃûΪGammaLoadµÄVBScriptÏÂÔØÆ÷£¬ÔÙÌṩGammaSteelµÈÐÅÏ¢ÇÔÈ¡Ä £¿é¡£


https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html