ShinyHuntersÀÕË÷JCPenney£¬ÆÚÏÞ¹«¿ªÃô¸ÐÊý¾Ý
°ä²¼¹¦·ò 2026-06-166ÔÂ12ÈÕ£¬ºÚ¿Í×éÖ¯ShinyHunters½üÈÕ½«Ö¸±ê¶Ô×¼ÁËÃÀ¹ú±êÖ¾ÐÔ°Ù»õÁ¬ËøµêJCPenney¡£¸ÃÍÅ»ïÔÚÆäÐ¹Â¶ÍøÕ¾Éϰ䲼ÁËJCPenney¼°ÆäËû¼¸¸ö´ÓÊôÓÚCatalyst BrandsºÍAuthentic Brands GroupµÄÁãÊÛÆ·ÅƵÄÓйØÐÅÏ¢¡£Ìû×Ó°ä²¼ÓÚ2026Äê6ÔÂ12ÈÕ£¬Ðû³Æ¡°ÊýÊ®ÍòÌõ¡±¼Í¼Òѱ»µÁ£¬²¢·¢³ö×îºóͨ뺣ºÊÜÓ°ÏìµÄ×éÖ¯±ØÐëÔÚ6ÔÂ15ÈÕ֮ǰÁªÏµÓйز¿ÃÅ£¬²»È»Êý¾Ý½«±»¹«¿ª¡£¾ÝShinyHuntersÐû³Æ£¬±»µÁÊý¾ÝÔ̺¬¸ß¶ÈÃô¸ÐµÄÓ×ÎҺ;ÍÒµÐÅÏ¢£¬¾ßÌåÔ̺¬Éç»á°²È«ºÅÂë¡¢µ®ÉúÈÕÆÚ¡¢W-2˰Îñ¼Í¼¡¢¹¤×ÊÐÅÏ¢¡¢µ±¾ÖÇ©·¢Éí·ÝÖ¤Ã÷ÎļþµÄÖ½ÖÊɨÃè¼þ¡¢¼ÝÊ»ÅÆÕÕÒÔ¼°ÆäËûÓ×ÎÒÉí·ÝÐÅÏ¢¡£ÕâЩÊý¾ÝÀàÐͼ«ÎªÃô¸Ð£¬Ò»µ©Êôʵ£¬½«³ÉΪÉí·Ý͵ÇԺͽðÈÚڿƵľø¼ÑËØ²Ä¡£ÓëÄܹ»³ÁÖõÄй¼ûÜÂë·ÖÆç£¬µ±¾ÖÐû¸æµÄÉí·Ý¼ø±ðÐÅÏ¢ÈçÉç»á°²È«ºÅÂëºÍ¼ÝÊ»ÅÆÕÕ¾ßÌåÐÅÏ¢£¬Äܹ»Î¬³Ö¶àÄêÓÐЧ£¬¸øÊܺ¦Õß´øÀ´³Ö¾Ã·çÏÕ¡£W-2±í¸ñºÍ¹¤×ÊÐÅÏ¢µÄ²ÎÓë½øÒ»²½·Å´óÁËDZÔÚ·çÏÕ£¬ÓÉÓÚÕâЩÎļþͨ³£Ô̺¬×ã¹»µÄÐÅÏ¢£¬×ãÒÔÖ§³Ö¸´ÔÓµÄÍøÂç´¹µöºÍÉç»á¹¤³Ì¹¥»÷¡£È»¶ø£¬½ØÖÁĿǰ£¬ShinyHunters²¢Î´°ä²¼ÈκÎÊý¾ÝÑùÕý±¾Ö§³Ôìä˵·¨£¬Òò¶ø±í½çÉÐÎÞ·¨¶ÀÁ¢ÑéÖ¤Õâ´ÎÊý¾Ýй¶µÄÕæÊµÐԺ͹æÄ£¡£
https://cybernews.com/security/shinyhunters-jcpenney-retail-data-leak-claim/
2. ˼¿ÆSD-WANÖÎÀíÆ÷ÁãÈÕ·ì϶ÔâÀûÓÃ
6ÔÂ15ÈÕ£¬Ë¼¿Æ½üÈÕ°ä²¼°²È«¸üУ¬½¨¸´ÁËCatalyst SD-WANÖÎÀíÆ÷£¨ÔÃûSD-WAN vManage£©ÖеÄÒ»¸ö¸ßΣÁãÈÕ·ì϶£¨±àºÅCVE-2026-20262£©¡£¸Ã·ì϶Òѱ»¹¥»÷Õß»ý¼«ÀûÓ㬿ɽè´Ë½«È¨ÏÞÌáÉýÖÁroot¼¶±ð¡£Catalyst SD-WANÖÎÀíÆ÷ÊÇÒ»¿îÍøÂçÖÎÀíÈí¼þ£¬ÔÊÐíÖÎÀíÔ±´Óµ¥Ò»½ÚÔìÃæ°åÖÎÀí¶à´ï6000̨SD-WANÉ豸¡£Õâ´Î½¨¸´µÄ·ì϶ӰÏìËùÓв¿ÊðÀàÐÍ£¬Ô̺¬±¾µØ²¿Êð¡¢ÔÆÍйܼ°µ±¾ÖÔÆ»·¾³µÈ£¬ÎÞÂÛÉ豸ÅäÖÃÈôºÎ¾ùÊܲ¨¼°¡£Ë¼¿ÆÔÚ²¼¸æÖÐÚ¹Êͳƣ¬¸Ã·ì϶ԴÓÚÎļþÉÏ´«¹ý³ÌÖжÔÓû§ÊäÈëÑéÖ¤²»¼°¡£µÍȨÏÞµÄÔ¶³Ì¹¥»÷Õß¿ÉÏòÊÜÓ°ÏìµÄAPI¶Ëµã·¢Ë;«ÐÄ»ú¹ØµÄHTTPÒªÇ󣬴ӶøÒÔrootÉí·ÝÖ´ÐÐËÁÒâºÅÁ´´½¨»ò¸²¸ÇϵͳÎļþϵͳÉϵÄÈκÎÎļþ£¬×îÖÕʵÏÖȨÏÞÌáÉý¡£Ë¼¿Æ²úÆ·°²È«ÊÂÎñÏìÓ¦ÍŶӣ¨PSIRT£©ÓÚ±¾Ô³õ·¢Ïָ÷ì϶£¬²¢Ç¿ÁÒ½¨Òé¿Í»§¾¡¿ì½¨²¹ÏµÍ³¡£Ë¼¿ÆÒѰ䲼ÊÜÓ°Ïì°æ±¾¼°¶ÔÓ¦µÄ½¨¸´°æ±¾£¬Èç20.9.9.1¼°¸üÔç°æ±¾ÐèÉý¼¶ÖÁ20.9.9.2£¬20.12.7.1¼°¸üÔç°æ±¾ÐèÉý¼¶ÖÁ20.12.7.2µÈ¡£´Ë±í£¬Ë¼¿Æ»¹ÌṩÁËÈëÇÖ¼ì²âÖ¸±ê£¨IOC£©£¬½¨ÒéÖÎÀíÔ±²é³SD-WANÓйØÈÕÖ¾Îļþ£¬²éÕÒ¿ÉÒɵÄÉÏ´«ÐÐΪ¡£
https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/
3. WordPressÈý´ó²å¼þÔ⹩¸øÁ´¹¥»÷
6ÔÂ15ÈÕ£¬½üÈÕ£¬WordPress²å¼þOptinMonster¡¢TrustPulseºÍPushEngageÔÚÒ»´Î¹©¸øÁ´¹¥»÷Öб»ÈëÇÖ£¬¹¥»÷Ô´Í·Ö¸ÏòÆä¿ª·¢ÉÌAwesome MotiveµÄÄÚÈÝ·Ö·¢ÍøÂ磨CDN£©¡£Awesome Motive°ä²¼µÄ°²È«²¼¸æÚ¹ÊÏçËÊÂÎñÔµÓÉ£ººÚ¿ÍÀûÓÃUpdraftPlus WordPress²å¼þÖеÄÒ»¸öÒÑÖª·ì϶£¬»ñµÃÁË¶ÔÆäÓªÏúÍøÕ¾·þÎñÆ÷µÄ½Ó¼ûȨÏÞ¡£¸Ã·þÎñÆ÷¹ÌȻδÏνӳö²ú»ù´¡ÉèÊ©»òÊý¾Ýϵͳ£¬µ«ÍйÜÁ˹«Ë¾CDNÕË»§µÄÍ´´¦£¬ÕâЩʹ´¦±»ºÚ¿ÍÇÔÈ¡¡£¹¥»÷ÕßÀûÓÃÇÔÈ¡µÄCDN APIÃÜÔ¿£¬Åú¸ÄÁËͨ¹ýCDN·Ö·¢µÄJavaScriptÎļþ£¬µ¼ÖÂÍøÕ¾Ö±½Ó´ÓCDN¾²Ä¬¼ÓÔØ¶ñÒâ´úÂë¡£¶ñÒâ¾ç±¾ÔÚÌØ°´¹¦·ò´°¿ÚÄÚ±»Ìṩ¸øOptinMonsterºÍTrustPulseµÄÓû§£¬¾ßÌåΪÖÜÎåUTC¹¦·ò22:17ÖÁ22:42¡£¶øPushEngageµÄ¶ñÒâJavaScript´úÂëÔò³ÖÐøÍ¶·ÅÖÁÖÜÁù19:02 UTC¡£¸Ã¶ñÒâÈí¼þ½öÔÚWordPressÖÎÀíÔ±½Ó¼ûÊÜÏ°È¾ÍøÕ¾Ò³ÃæÊ±´¥·¢£¬Ëü»áÍøÂçÉí·ÝÑéÖ¤ÁîÅÆºÍËæ»úÊý£¬½ø¶ø´´½¨¶ñÒâÖÎÀíÔ¹ØË»§¡£ÈëÇÖÕßËæºó×°ÖÃÁËÒ»¸ö×Ô°µ²ØºóÃŲå¼þ£¬Óë¼ÙÒâTidioµÄÓòÃû³ÉÁ¢Í¨Ñ¶Í¨Â·ÒÔ´«ÊäÇÔÈ¡µÄÊý¾Ý¡£¸ÃºóÃÅÌṩÆëÈ«µÄÔ¶³Ì½Ó¼ûÖ°ÄÜ£¬Ô̺¬Web ShellºÍËÁÒâPHP´úÂëÖ´ÐУ¬Ê¹¹¥»÷Õß¿ÉÄÜÆëÈ«½ÚÔì±»ÈëÇÖµÄÍøÕ¾¡£
https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/
4. ¶íÂÞ˹Èí¼þ¹«Ë¾Kaluga AstralÔâÍøÂç¹¥»÷
6ÔÂ15ÈÕ£¬¶íÂÞ˹Èí¼þ¹«Ë¾Kaluga AstralÖÜÒ»Åû¶£¬¸Ã¹«Ë¾±¾ÔÂÔçЩʱ³½Ôâ·êÍøÂç¹¥»÷£¬µ¼Ö¶àÏî·þÎñÖжÏÔ¼Ò»Öܹ¦·ò£¬ÑϳÁÓ°ÏìÁËÒÀÀµÆäÈí¼þ½øÐÐ˰ÎñÉ걨¡¢µç×ÓÎĵµÖÎÀí¼°ÆäËûÒµÎñÔËÓªµÄ¿Í»§¡£¸Ã¹«Ë¾°µÊ¾£¬Ö»ÓÐÔÚÍêÓñ³ÉÃæµÄ°²È«Éó²éºó²Å»á¸´ÔÿÏî·þÎñ£¬Ç¿µ÷²»Ô¸ÎªÁËËٶȶø¾ÍÒ尲ȫÐÔ£¬ÕâÒ²ÊǸ´Ô¹ý³Ì±ÈÔ¤ÆÚ¸ü³¤µÄÔÒò¡£ÓÉÓÚ¶íÂÞ˹µ±¾Ö»ú¹¹ÒѲμӵ÷²é£¬AstralÎÞ·¨¾ÍÕâ´Î¹¥»÷ÊÂÎñ¹«¿ª°ä·¢¸ü¶àÆÀÂÛ¡£¾Ý¹«Ë¾ÄÚ²¿µ÷²é£¬Ä¿Ç°Î´·¢ÏÖ¿Í»§Êý¾Ýй¶»ò±»µÁÓõÄÖ¤¾Ý¡£Astral²¢Î´½«Õâ´Î¹¥»÷¹é×ïÓÚÈκÎÌØ¶¨µÄºÚ¿Í×éÖ¯£¬Ò²Î´Åû¶Èκμ¼Êõϸ½Ú»ò¿ÉÄܵĹ¥»÷¶¯»ú¡£È»¶ø£¬Æ¾¾Ý¿Í»§Í¶Ëߣ¬Õâ´ÎÖжÏÒÑ¶ÔÆóҵʹÓõĶàÖÖ·þÎñÔì³É¿í·ºÓ°Ï죬¾ßÌå²û·¢Îª£ºÊÕÒø»ú²Ù×÷Öжϡ¢Ä³Ð©ÊܹÜÔìÉÌÆ·µÄÏúÊÛ³öÏÖÄÑÌâ¡¢¿Í»§ÃÅ»§ºÍ¹«Ë¾µç×ÓÓʼþ½Ó¼ûȨÏÞʧÂ䣬ÒÔ¼°µç×ÓÈËÁ¦×ÊÔ´ÎĵµÖÎÀíϵͳºÍʹÓÃÊý×ÖÖ¤Êé½øÐÐÉí·ÝÑé֤ʱ³öÏÖÎÊÌâ¡£
https://therecord.media/cyberattack-on-russian-tech-firm-astral-disrupts-business-government-services
5. °Ä´óÀûÑÇÖØÒªÌÇÆóÂó¿ÌÇÒµÔâÀÕË÷Èí¼þ¹¥»÷
6ÔÂ15ÈÕ£¬°Ä´óÀûÑǵڶþ´óÔÌdzö²úÉÌÂó¿ÌÇÒµ¹«Ë¾½üÈÕÔâ·êÀÕË÷Èí¼þ¹¥»÷£¬µ¼Ö²¿ÃÅÌdz§±»ÆÈ¹Ø¹Ø£¬ÔËÓªÊܵ½ÑϳÁ×ÌÈÅ¡£¸Ã¹«Ë¾ÓÚ6ÔÂ10ÈÕ³õ´ÎÅû¶ÔÚÓ¦¶Ôһ·ӰÏìÆä²¿ÃÅÒµÎñµÄÍøÂ簲ȫÊÂÎñ£¬²¢°µÊ¾ÒÑÔ충һʱÁ÷³ÌÀ´Ö§³Ö¹Ø¼üÒµÎñÖ°ÄÜ£¬¾¡¿ÉÄÜÏ÷¼õÖжϡ£Âó¿ÌÇÒµÔÚÀ¥Ê¿À¼ÖݾӪ×ÅÈý¼Ò¸ÊÕá¼Ó¹¤³§£¬Õâ´ÎÍøÂç¹¥»÷ÖØÒªÓ°ÏìÁËÆäÖÐÁ½¼ÒÌdz§µÄÔËÓª¡£6ÔÂ12ÈÕ£¬¸Ã¹«Ë¾°ä·¢ÒÑÔÚÒ»¼ÒÌdz§¡°¸´ÔÓÐÏÞµÄÈËΪѹե×÷Òµ¡±£¬ÒÔ´¦ÖÃÊÂÎñ²úÉúǰÊճɵĸÊÕá¡£²»Í⣬¹Ø¼üµÄ¸ÊÕṩ¸øºÍÎïÁ÷ϵͳÈÔÔÚ³ÖÐø¸´ÔÖУ¬Ìdz§Ôݲ»½Ó¹ÜÈκζî±íµÄ¸ÊÕá¡£½ØÖÁ6ÔÂ15ÈÕ£¬¹«Ë¾ÔÚ¸´ÔÖ§³Ö¸ÊÕṩ¸ø¡¢ÊÕ¸îºÍÌdz§ÔËÓªµÄϵͳ·½Ãæ»ñµÃÁ˳ÁÃͽøÕ¹£¬ÕôÆûÊÔÑéÔÚ½øÐÐÖУ¬Ô¤¼Æ±¾Öܽ«¸´Ô²¿ÃÅÊո×÷£¬Îª·Ö½×¶Î³ÁÆôѹե×÷Òµ×ö³ï±¸¡£¹«Ë¾Í¬Ê±ÕƹÜÈεؽ¨ÒéÖÖÖ²»§ºÍÊÕ¸îÕßÔÚÊÕµ½Í¨ÖªÇ°²»Òª¸´ÔÊո×÷¡£6ÔÂ15ÈÕ£¬ÃûΪ¡°ÉðÊ¿¡±£¨Gentlemen£©µÄÀÕË÷Èí¼þ×éÖ¯ÔÚÆä»ùÓÚTorµÄÍøÕ¾Éϰ䲼ÁËÂó¿ÌÇÒµµÄÃû×Ö£¬µ«½ØÖÁĿǰÉÐδй¶ÈκÎÊý¾Ý¡£Âó¿ÌÇÒµµÄ×îд«µÝҲδÌṩÓйØÇ±ÔÚÊý¾Ýй¶µÄ¾ßÌåÐÅÏ¢¡£
https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/
6. ÃÀ¹ú²é·âAIÌìÉú·Ç×ÔÔ¸ÂãÌåÄÚÈÝÍøÕ¾
6ÔÂ15ÈÕ£¬ÃÀ¹ú˾·¨²¿ÖÜÎå°ä·¢£¬ÒѲé·âCFAKE.comºÍSOCFAKE.comÁ½¸öÍøÕ¾£¬ÉæÏÓÍйÜδ¾Å®ÐÔÔ޳ɵÄAIÌìÉúÂãÌåͼƬºÍÊÓÆµ¡£ÕâËÆºõÊÇÆ¾¾Ý¡¶È¡µÞÐéαͼÏñ·¨°¸¡·³õ´Î¹«¿ª°ä·¢µÄÓòÃû²é·âÐж¯¡£¾Ý˾·¨²¿³Æ£¬ÕâÐ©ÍøÕ¾·ÖÏíÁËÉî¶ÈαÔìͼÏñ£¬ÃèÊöÁËÀ´×Ô¶à¸ö¹ú¶ÈµÄÕþÖμҡ¢ÃûÈË¡¢»î´øÍ·¡¢ÒôÀÖ¼ÒÉõÖÁ»ÊÊÒ³ÉÔ±¡£Éî¶ÈαÔìÊÇÖ¸ÀûÓÃÈËΪÖÇÄÜÌìÉú»ò°Ñ³ÖµÄýÌ壬ʹÈËÎïÒÔ´Óδ²úÉú¹ýµÄ·½Ê½³öÏÖ£¬³£±»ÓÃÓÚÌìÉúδ¾Ô޳ɵÄ̻¶ÄÚÈÝ¡¢¼ÙÒâËûÈ˽øÐÐڿƵȷ¸×ï»î¶¯¡£ÖÜËÄ£¬ÃÀ¹ú˾·¨²¿ºÍºÓɽ°²È«µ÷²é¾ÖÔÚÁªÍõ·¨¹ÙÈ϶¨ÓкÏÀíÀíÓÉÏàÐÅÕâЩÓòÃûÎ¥·´¡¶É¾³ý¶ñÒâÓòÃû·¨°¸¡·ºó½«Æä²é·â¡£Ä¿Ç°ÓòÃûÒÑÏÔʾ²é·â֪ͨ£¬Õâ´ÎÐж¯ÊÇÃÀ¹ú¡¢Òâ´óÀûºÍ·¨¹ú½áºÏ·¨ÂɵÄÒ»²¿ÃÅ¡£µ÷²éʼÓÚÒâ´óÀûÓÊÕþºÍÍøÂ簲ȫ¾¯Ô±½Óµ½Í¶Ëߣ¬³ÆÓÐÈËΪÖÇÄÜÌìÉúÃèÊö¶àÃû¹«¼ÒÅ®ÐÔÈËÎïµÄ¶¹ÇÐÔͼÏñ¡£Òâ´óÀûµ±¾Ö»ñµÃ·¨Ôº½ûÁî¹Ø±Õ¾³ÄÚ½Ó¼ûºó£¬ÃÀ¹ú·¨Âɲ¿ÃÅÍøÂçÖ¤¾Ý²¢Óë·¨¹ú¹²Ïí¡£Ëæºó£¬·¨¹ú¼ì²ì¹ÙÓÚ6ÔÂ10ÈÕÔÚÄá˹¿ÛÁôÁËÒ»ÃûÏÓÒÉÈË£¬²¢½É»ñÁ˾ݳÆÓë¸ÃÐж¯ÓйصļÓÃÜÇ®±Ò¡£
https://www.bleepingcomputer.com/news/security/doj-seizes-cfake-socfake-deepfake-nude-sites-under-take-it-down-act/


¾©¹«Íø°²±¸11010802024551ºÅ