˼¿ÆSD-WANÔÙÆØÁãÈÕ·ì϶£¬ÉÐÎÞ²¹¶¡¿É½¨¸´
°ä²¼¹¦·ò 2026-06-116ÔÂ9ÈÕ£¬Ë¼¿Æ¿Í»§ÕýÃæ¶ÔÓÖÒ»¸ö±»»ý¼«ÀûÓõÄÁãÈÕ·ì϶£¬¸Ã·ì϶ӰÏìÆäSD-WANÖÎÀíÈí¼þ£¬½øÒ»²½¼Ó¾çÁËÆóÒµ°²È«Ñ¹Á¦¡£¸Ã·ì϶±àºÅΪCVE-2026-20245£¬ÊǽñÄê˼¿ÆSD-WAN²úÆ·ÖÐµÚÆß¸ö±»»îÔ¾ÀûÓõÄÁãÈÕ·ì϶¡£Ë¼¿Æ°µÊ¾£¬±¾Ô³õ³õ´Î·¢Ïָ÷ì϶Òѱ»»ý¼«ÀûÓ㬲¢ÓÚÖÜËÄÕýʽÅû¶¡£¸Ã·ì϶×î³õÓÉMandiant·¢ÏÖ£¬Ä¿Ç°ÉÐδ°ä²¼°²È«²¹¶¡£¬Ò²Ã»ÓÐÈκÎһʱ»º½â¹æ»®¡£Ë¼¿Æ½²»°È˳ƽ«ÔÚδÀ´Ä³¸öÈÕÆÚÌṩ²¹¶¡¡£¾Ý˼¿Æ½éÉÜ£¬¸Ã·ì϶ÊÇÒ»¸öÓ°ÏìCisco Catalyst SD-WANÖÎÀíÆ÷µÄÑéÖ¤ÃýÎóȱµã£¬ÔÊÐí¾¹ýÉí·ÝÑéÖ¤»ò±¾µØ¹¥»÷ÕßÒÔrootȨÏÞÖ´ÐкÅÁ´Ó¶øÖ´ÐкÅÁî×¢Èë¹¥»÷¡£²»Í⣬DZÔÚÓ°ÏìÁìÓò¿ÉÄÜÓÐÏÞ£¬ÓÉÓÚÀûÓø÷ì϶±ØÒªÓÐЧƾ֤»òͨ¹ýÆäËûõè¾¶»ñµÃÌØÈ¨½Ó¼û¡£Ë¼¿ÆÖ¸³ö£¬¹¥»÷Õß¿ÉÄÜÀûÓÃÆä½ñÄêÔçЩʱ³½Åû¶µÄÁ½¸öÁãÈÕ·ì϶£¨CVE-2026-20182ºÍCVE-2026-20127£©»ñÈ¡ËùÐèµÄ½Ó¼ûȨÏÞ¡£Ë¼¿Æ°µÊ¾¡°ÉÐδ·¢ÏÖͨ¹ýÆäËû·½Ê½³É¹¦ÀûÓø÷ì϶µÄÇé¿ö¡±£¬µ«¹Û²ìµ½²¿Ã۸ÀýÖУ¬ÀûÓø÷ì϶µ¼ÖÂÅäÖøü¸Ä±»ÍÆËÍÖÁ±ßÔµÉ豸¡£
https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/
2. ¹È¸è´¹Î£½¨¸´½ñÄêµÚÎå¸öChromeÁãÈÕ·ì϶
6ÔÂ9ÈÕ£¬¹È¸è½üÈÕ°ä²¼ÁË´¹Î£¸üУ¬½¨¸´ÁËÒ»¸öÒѱ»»ý¼«ÀûÓõÄChromeä¯ÀÀÆ÷ÁãÈÕ·ì϶£¬ÕâÊǽñÄêÒÔÀ´½¨¸´µÄµÚÎå¸ö´ËÀà·ì϶¡£¸Ã·ì϶±àºÅΪCVE-2026-11645£¬¹È¸èÔÚÖÜÒ»µÄ°²È«²¼¸æÖÐÈ·ÈÏÒÑÒâʶµ½¸Ã·ì϶Òѱ»ÀûÓá£ÔÚһλÄäÃû°²È«×êÑÐÈËÔ±Ïò¹È¸è»ã±¨·ì϶Á½Öܺ󣬹«Ë¾Îª²»±ä×ÀÃæÆµÂ·Óû§½¨¸´Á˸÷ì϶£¬²¢½«Òѽ¨¸´°æ±¾Öð²½ÍƹãÖÁWindows£¨149.0.7827.102£©¡¢Mac£¨149.0.7827.103£©ºÍLinux£¨149.0.7827.102£©ÏµÍ³¡£¹ÌÈ»¹È¸è°µÊ¾°²È«¸üпÉÄܱØÒª¼¸Ììµ½¼¸ÖÜÄÜÁ¦¸²¸ÇËùÓÐЧ»§£¬µ«¾ÝÏÖʵ¼ì²â£¬¸Ã¸üÐÂÒÑÁ¢¼´¿ÉÓᣲ»ÏëÊÖ¶¯¸üеÄÓû§¿ÉÒÀ¸½Chrome±ÉÈË´ÎÆô¶¯Ê±×Ô¶¯²é³²¢×°ÖøüС£¸Ã¸ßΣÁãÈÕ·ì϶ԴÓÚChrome V8 JavaScriptÒýÇæÖеÄÔ½½ç¶ÁÈ¡ºÍдÈëÈõµã£¬Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý¾«ÐÄ»ú¹ØµÄHTMLÒ³Ãæ£¬ÔÚWebä¯ÀÀÆ÷µÄɳÏäÄÚÖ´ÐÐËÁÒâ´úÂë¡£³É¹¦ÀûÓ÷ì϶ºó£¬¹¥»÷Õß¿ÉÄÜͨ¹ý¶Ñ°Ü»µ½Ó¼ûÄڴ滺³åÇøÖ®±íµÄÊý¾Ý£¬´Ó¶øÂ¶³öÃô¸ÐÐÅÏ¢»òÒý·¢ä¯ÀÀÆ÷±ÀÀ£¡£´Ë±í£¬¸Ã·ì϶»¹¿É±»ÀûÓÃÀ´ÈƹýASLRµÈÄÚ´æ±£»¤»úÔ죬´Ó¶ø¸üÈÝÒ×ͨ¹ýÆäËûÈõµãʵÏÖ´úÂëÖ´ÐС£
https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/
3. Langflow¸ßΣ·ì϶CVE-2026-5027Õý±»ÀûÓÃ
6ÔÂ10ÈÕ£¬½üÆÚ£¬¹¥»÷ÕßÔÚ»ý¼«ÀûÓÿªÔ´AI¿ª·¢Æ½Ì¨LangflowÖеÄÒ»¸ö¸ßΣõè¾¶±éÀú·ì϶£¨CVE-2026-5027£©£¬ÔÚ¶³öµÄ·þÎñÆ÷ÉÏʵÏÖËÁÒâÎļþдÈë¡£LangflowÊÇÒ»¸ö¹ãÊÜ»¶ÓµÄ¿ÉÊÓ»¯Æ½Ì¨£¬Í¨¹ýÍϷŽçÃæÔ®ÊÖ¿ª·¢ÍŶӹ¹½¨AIÀûÓᢴúÀí¼°¼ìË÷¼ÓÇ¿ÌìÉúϵͳ£¬ÆäÔÚGitHubÉÏÒÑ»ñµÃ³¬¹ý14.9Íò¸öÐDZêºÍ9200¸ö·ÖÖ§¡£¸Ã·ì϶´æÔÚÓÚÎļþÉÏ´«Ö°Äܵġ°POST /api/v2/files¡±¶ËµãÖУ¬ÓÉÓÚδÄÜÕýÈ·ËãÕÊÓû§ÌṩµÄ¡°filename¡±²ÎÊý£¬¹¥»÷Õß¿Éͨ¹ýõè¾¶±éÀúÐòÁн«ÎļþдÈëÎļþϵͳÉϵÄËÁÒâµØÎ»¡£ÍøÂ簲ȫ¹«Ë¾TenableÓÚ2026ÄêËêÊ×·¢ÏÖ´ËÎÊÌ⣬²¢ÓÚ3ÔÂ27ÈÕ¹«¿ªÅû¶£¬´ËǰÁ½¸ö¶àÔµĻ㱨δ»ñLangflowÍŶӻØÓ¦¡£Ö»¹ÜTenableµÄ²¼¸æÎ´ÌὨ¸´¹æ»®£¬µ«Snyk SecurityÔÚ3ÔÂ30ÈÕÖ¸³ö£¬¸Ã·ì϶ÒÑÔÚlangflow-base°ü0.8.3°æºÍLangflowÀûÓÃ1.9.0°æÖÐʵÏÖ½¨¸´¡£¸üÁîÈ˾¯ÌèµÄÊÇ£¬VulnCheck°²È«×êÑÐÔ±Caitlin Condon°µÊ¾£¬ÆäÃÛ¹ÞÒѼì²âµ½¹¥»÷ÕßÀûÓø÷ì϶Ͷ·Å²âÊÔÎļþ¡£
https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/
4. ¿ªÔ´Æ¾Ö¤ÇÔÈ¡¿ò¼ÜMiasmaÔ´Âëй¶
6ÔÂ10ÈÕ£¬½üÆÚ£¬Ò»¸öÃûΪMiasmaµÄƾ֤ÇÔÈ¡¹¥»÷¿ò¼Üͨ¹ý¹©¸øÁ´¹¥»÷¶Ô×¼¿ªÔ´Éú̬ϵͳ£¬ÆäÔ´´úÂëÔøÔÚGitHubÉ϶ÌÔݹ«¿ª¡£¸Ã¶ñÒâÈí¼þ±»ÒÔΪÊÇÔçÆÚShai-HuludÈ䳿µÄ½ø»¯°æ±¾£¬Á½ÕßÔÚÖ°ÄÜ¡¢¼¼Êõ¼°´úÂë²ãÃæ´æÔÚ´óÁ¿ÀàËÆÖ®´¦¡£SafeDepµÄ×êÑÐÈËÔ±½üÈջ㱨³Æ£¬MiasmaµÄÔ´´úÂëͨ¹ý¶à¸ö±»µÁÓõĿª·¢ÕßÕË»§ÔÚGitHubÉÏй¶£¬Ã¿¸öÕË»§¾ù´´½¨ÁËÃûΪ¡°Miasma-Open-Source-Release¡±µÄ²Ö¿â¡£ÕâÅú×¢¹¥»÷ÕßÊÇÓÐÒ⹫¿ª´úÂ룬¶ø·ÇÒâ±íй¶¡£´úÂë·ÖÎöÏÔʾ£¬¸Ã¹¤¾ß°üÎÞÐ贫ͳµÄºÅÁîÓë½ÚÔ죨C2£©»ù´¡ÉèÊ©£¬¶øÊÇÀûÓÃGitHub×ÔÉíÀ´ÊµÏÖ½ÚÔìÖ°ÄÜ¡£MiasmaÄÜ´ÓÔÆ·þÎñÉÌ¡¢CI/CDϵͳ¡¢ÃÜÂëÖÎÀíÆ÷¡¢Kubernetes¼°ÃÜÔ¿´æ´¢ÖÐ¿í·ºÍøÂçÆ¾Ö¤£¬²¢ÀÄÓÃÕâЩƾ֤·ÛËénpm¡¢PyPI¡¢RubyGems°üÒÔ¼°GitHub²Ö¿â¡¢Actions¹¤×÷Á÷ºÍJFrog ArtifactoryÊ·ý¡£´Ë±í£¬Ëü»¹ÄÜͨ¹ýSSHºÍAWS Systems Manager½øÐкáÏòÒÆ¶¯£¬²¢·ÛËéClaude¡¢Gemini¡¢Cursor¡¢Copilot¡¢KiroºÍClineµÈAI±àÂ빤¾ßµÄÅäÖá£
https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/
5. ShinyHunters¹¥»÷Oracle PeopleSoft·þÎñÆ÷
6ÔÂ10ÈÕ£¬Oracle PeopleSoft·þÎñÆ÷Õý³ÉΪShinyHuntersÀÕË÷ÍÅ»ï³ÖÐøÊý¾ÝÇÔÈ¡¹¥»÷µÄ³ÁµãÖ¸±ê¡£¸ÃÍÅ»ïÐû³ÆÒѳɹ¦´Ó100¶à¸ö×éÖ¯µÄ300¸öÊ·ýÖÐÇÔÈ¡ÁËÊý¾Ý¡£PeopleSoft×÷Ϊһ¿îÆóÒµ¼¼û³Ò×Èí¼þÌ×¼þ£¬±»´óÐÍ×éÖ¯¿í·ºÓÃÓÚÖÎÀíÈËÁ¦×ÊÔ´¡¢¹¤×Ê¡¢²ÆÕþ¡¢¹©¸øÁ´¼°Ñ§ÉúÖÎÀíµÈÖ÷ÌâÒµÎñ¡£¾Ý±¨Â·£¬Õë¶ÔÔÆ¶ËºÍ±¾µØ²¿ÊðµÄPeopleSoft¿Í»§µÄ´ó¹æÄ£Êý¾ÝÇÔÈ¡¹¥»÷½üÆÚƵ·¢£¬Êܺ¦Õß¾ùÊÕµ½ÁËÊðÃûΪShinyHuntersµÄÀÕË÷ÐÅ¡£¹¥»÷ÕßÏòýÌå֤ʵÁËÆäÉí·Ý£¬²¢Ðû³ÆÀûÓÃÁËÒ»¸öÓɾɷì϶ºÍÁãÈÕ·ì϶×é³ÉµÄ¡°¹¤¾ßÁ´¡±ÌáÒé¹¥»÷£¬µ«Í¬Ê±Ò²Ö¸³ö¹¥»÷²¢·ÇÔÚËùÓÐϵͳÉ϶¼Äܳɹ¦£¬¾ßÌåÈ¡¾öÓÚÊ·ýµÄÅäÖ÷½Ê½¡£½ØÖÁĿǰ£¬Oracle¹«Ë¾ÉÐδ¾ÍÓйØÁãÈÕ·ì϶µÄѯÎÊ×÷³ö¹«¿ª»ØÓ¦¡£¾Ý¹¥»÷Õßй©£¬ÊÜÓ°ÏìµÄ×éÖ¯¶à¼¯ÖÐÓÚ½ÌÓýÁìÓò£¬ÆäÖкܶà´Ëǰ¾ÍÒÑÔâ·ê¹ý¸ÃÍÅ»ïµÄÀÕË÷¡£Ö»¹ÜOracleδ¹«¿ªÅû¶¹¥»÷ϸ½Ú£¬ÍøÂ簲ȫ×êÑÐÔ±¡°Michael R¡±·¢ÏÖÁ˶à¸ö¶³öµÄÔÚÏßĿ¼£¬ÆäÖÐÔ̺¬Óë´Ë¹¥»÷ÓйصŤ¾ß¡£ÕâЩĿ¼½ÒʾÁËÕë¶ÔPeopleSoft»·¾³µÄ³ÖÐø¹¥»÷£¬ÏÖ³¡»¹ÁôÓÐMeshCentral´úÀí·¨Ê½¡¢ÓÃÓÚÍøÒ³´Û¸ÄµÄ¾ç±¾ÒÔ¼°Î±ÔìÆ¾Ö¤µÄÅçÆá¾ç±¾µÈ¹¤¾ß¡£
https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/
6. OkCupid±»ÆØÊý¾Ýй¶£¬3500ÍòÓû§×ÊÁÏÒÉÔâÇÔ
6ÔÂ9ÈÕ£¬³ÛÃûÃÀ¹úÔ¼»áÍøÕ¾OkCupidµÄÔ¼3500ÍòÓû§Ó×ÎÒÐÅÏ¢Òѱ»ºÚ¿ÍÇÔÈ¡£¬ÓйØÊý¾ÝÑù±¾Òѳʴ˿ÌÒ»¸öÈȵãÊý¾Ýй¶ÂÛ̳ÉÏ¡£¹¥»÷ÕßÔÚ·¢ÌûÖÐÐû³Æ£¬ËûÃÇÓëͬÊÂͨ¹ýijÖÖ·½Ê½»ñµÃÁ˶ÔOkCupidÄÚ²¿APIµÄÌØÈ¨½Ó¼ûȨÏÞ£¬´Ó¶ø³É¹¦×¥È¡Á˸ÃÀûÓ÷¨Ê½ËùÓÐЧ»§µÄÓ×ÎÒ×¢²áÐÅÏ¢£¬²¢¸´ÔìÁ˺ó¶ËϵͳÖеÄÈ«ÊýÄÚÈÝ¡£OkCupid¹Ù·½Ðû³ÆÆäÓû§¹æÄ£³¬¹ý3000Íò£¬ÕâÓë¹¥»÷ÕßËù³ÆµÄ3500Íò±Ê¼Í¼¸ù»ùÎǺϡ£×êÑÐÍŶӶԹ¥»÷ÕßµÄ˵·¨½øÐÐÁ˳õ²½ÑéÖ¤£¬¹¥»÷ÕßÔÚÂÛ̳ÉϽö¸½ÉÏÁËÒ»¸öÔ̺¬8±Ê¼Í¼µÄÊý¾ÝÑù±¾¡£ÕâЩÑù±¾ÖÐÔ̺¬Á˾ßÌåµÄÔ¼»á×ÊÁÏÐÅÏ¢¡¢Ó×ÎÒÉí·ÝÐÅÏ¢ÒÔ¼°bcryptÃÜÂë¹þÏ£Öµ¡£×êÑÐÍŶÓÈ·ÈÏ£¬Ñù±¾ÖгöÏÖµÄËùÓеç×ÓÓʼþµØÖ·¾ùΪºÏ·¨ÇÒÔøÔÚ¹ýÍùÆäËû·þÎñµÄÊý¾Ýй¶ÊÂÎñÖгöÏÖ¹ý¡£È»¶ø£¬ÓÉÓÚÎÞ·¨ºËʵ¹¥»÷ÕßÊÇ·ñÕæµÄ»ñÈ¡ÁË3500Íò±Ê¼Í¼£¬ÇÒÑù±¾Êý¾Ý¿ÉÄÜÔ´ÓÚ´ËǰÂÅ´Îй¶ÊÂÎñµÄ»ã×Ü£¬×êÑÐÍŶÓĿǰÈÔ¶Ô¹¥»÷ÕßµÄ˵·¨³Ö±£Áô̬¶È¡£
https://cybernews.com/security/okcupid-user-data-breach-claims/


¾©¹«Íø°²±¸11010802024551ºÅ