AryStinger½©Ê¬ÍøÂçÈëÇÖËÄǧÓą̀ÀϾÉ·ÓÉÆ÷
°ä²¼¹¦·ò 2026-06-236ÔÂ21ÈÕ£¬ÍøÂ簲ȫ×êÑÐÍŶÓǧÐÅXLab½üÈÕÅû¶ÁËÒ»¸ö´Ëǰδ±»¼Í¼µÄ¶ñÒâÈí¼þ½©Ê¬ÍøÂçAryStinger¡£¸Ã¶ñÒâÈí¼þÒѳɹ¦ÈëÇÖ³¬¹ý4000̨¹ýÆÚµÄ·ÓÉÆ÷£¬½«Æäת±äΪԶ³Ì½ÚÔìµÄ¡°Ö´ÐÐÆ÷¡±£¬ÓÃÓÚ´úÀí¶ñÒâÁ÷Á¿¡¢Ö´ÐÐɨÃè¡¢Ëí·ͨѶ¼°ºÅÁîÔËÐеȲÙ×÷¡£¹¥»÷ÕßÀûÓÃÉ¢²¼Ê½Éè¼Æ£¬½«´ó¹æÄ£É¨Ã蹤×÷²ð·ÖΪ¶à¸öÓ׿飬·Ö·¢¸ø·ÖÆçÖ´ÐÐÆ÷²¢ÐÐÖ´ÐУ¬´Ó¶ø¸ßЧʵÏÖÔçÆÚ¡°×ã¼£ÍøÂ硱£¬ÎªºóÐøÉî¿ÌÈëÇֵ춨»ù´¡¡£¸üΣÏÕµÄÊÇ£¬AryStinger²»½öÄÜÀûÓñ»¿ØÉ豸×÷ÎªÌø°å£¬»¹ÄÜ´Û¸ÄDNSÉèÖ㬽ٳÖÓû§ä¯ÀÀ»î¶¯£¬²¢¾²Ä¬¼à¿ØÉõÖÁÇÔÈ¡ËùÓÐÈëÕ¾ºÍ³öÕ¾ÍøÂçÁ÷Á¿£¬¶ÔÓû§ÒþÖÔºÍÍøÂ簲ȫ×é³ÉÑϳÁÍþв¡£¸Ã¶ñÒâÈí¼þÖØÒªÀûÓÃCVE-2013-3307¡¢CVE-2016-5681ºÍCVE-2025-11837µÈ½ÏÔç·ì϶£¬³ÁµãÕë¶ÔD-Link DIR-850LºÍDIR-818LWÁ½¿îÒÑÍ£²úµÄ·ÓÉÆ÷Ðͺţ¬ÕâÁ½¿îÉ豸´ËÇ°Ò²ÔøÊÇAVrecon½©Ê¬ÍøÂçµÄ¹¥»÷Ö¸±ê¡£XLab×êÑÐÈËÔ±·¢ÏÖÁËAryStingerµÄÁ½¸ö±äÖÖ£º»ùÓÚC˵»°µÄ°æ±¾ÖØÒªÕë¶ÔÀϾÉ·ÓÉÆ÷£¬¶ø»ùÓÚGo˵»°µÄ°æ±¾ÔòרһÓÚÍøÂ總¼Ó´æ´¢£¨NAS£©ÏµÍ³¡£
https://www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/
2. ΢ÈíÈ·ÈÏSapphire SleetÖ÷µ¼Mastra AI¹©¸øÁ´¹¥»÷
6ÔÂ20ÈÕ£¬Î¢Èí½üÈÕÕýʽ½«Ò»Â·²¨¼°140Óà¸önpmÈí¼þ°üµÄ´ó¹æÄ£¹©¸øÁ´¹¥»÷ÊÂÎñ£¬¹é×ïÓÚ³¯Ïʹú¶ÈÖ§³ÖµÄºÚ¿Í×éÖ¯Sapphire Sleet£¨±ðÃûBlueNoroff£©¡£¾Ý΢ÈíÅû¶£¬¹¥»÷ʼÓÚÒ»Ãû³Æ×÷¡°ehindero¡±µÄnpmÊØ»¤ÕßÕË»§±»¹¥ÆÆ£¬¸ÃÕË»§Õ¼ÓжÔ@mastra×÷ÓÃÓòÄÚÈí¼þ°üµÄ°ä²¼È¨ÏÞ¡£¹¥»÷ÕßÀûÓôËȨÏÞÅúÁ¿°ä²¼Á˳¬¹ý140¸ö¶ñÒâ¸üа汾£¬²¢ÔÚÆäÖÐ×¢ÈëÁËÒ»¸öÃûΪ¡°easy-day-js¡±µÄÒÀÀµÏî¡£Ò»µ©¿ª·¢Õß×°Öñ»Ï°È¾µÄ°ü£¬¶ñÒâÒÀÀµÏî±ã»á´¥·¢×°Öúó¹³×Ó£¬Ö´ÐÐÒ»¶Î»ìºÏµÄͶµÝ¾ç±¾£¬¸Ã¾ç±¾Ê×ÏȽûÓô«Êä²ã°²È«£¨TLS£©Ö¤ÊéÑéÖ¤£¬ËæºóÏνÓÖÁ¹¥»÷Õß½ÚÔìµÄºÅÁîÓë½ÚÔ죨C2£©·þÎñÆ÷£¬ÏÂÔØ²¢Ö´Ðеڶþ½×¶ÎµÄÓÐÐ§ÔØºÉ£¬ÇÒÒÔ·ÖÀëµÄ°µ²Ø¹ý³ÌÔËÐÐÒÔ¶ã±Ü¼ì²â¡£µÚ¶þ½×¶ÎµÄÓÐÐ§ÔØºÉ±»È·ÒÔΪһ¿îÖ°ÄÜ׳´óµÄ¿çƽ̨ÐÅÏ¢ÇÔÈ¡·¨Ê½£¬×¨ÃÅÕë¶ÔWindows¡¢LinuxºÍmacOSϵͳ¡£¸Ã·¨Ê½»áÈ«ÃæÍøÂçÖ÷»úÐÅÏ¢¡¢ä¯ÀÀÆ÷º¹Çà¼Í¼¡¢ÒÑ×°ÖÃÀûÓ÷¨Ê½ºÍÔÚÔËÐеĹý³Ì£¬²¢³ÁµãɨÃè166ÖÖ¼ÓÃÜÇ®±ÒÇ®°üä¯ÀÀÆ÷À©´ó¡£ÎªÊµÏÖÓÆ¾ÃפÁô£¬¶ñÒâÈí¼þƾ¾Ý·ÖÆç²Ù×÷ϵͳ²¿ÊðÁËÏàÓ¦µÄ×ÔÆô¶¯»úÔì¡£
https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
3. µÃÖݵÐÔÖÊý¾Ýй¶²¨¼°³¬300Íò¼ÝÕÕ³ÖÓÐÕß
6ÔÂ21ÈÕ£¬ÃÀ¹úµÃ¿ËÈøË¹Öݹ«Ô°ÓëÒ°»îÆÃÎïÖÎÀí¾Ö£¨TPWD£©½üÈÕÅû¶һ·³Á´óÊý¾Ýй¶ÊÂÎñ£¬Òò±í²¿Ðí¿É֤ϵͳ¹©¸øÉÌÔâδÊÚȨ½Ó¼û£¬µ¼Ö³¬¹ý308ÍòÃûá÷ÁÔ¼°´¹µöÐí¿ÉÖ¤³ÖÓÐÕßµÄÓ×ÎÒÐÅϢ¶³ö¡£Õâ´ÎÈëÇÖÓɵÃÖÝÍøÂç˾ÁÂÊÏÈ·¢ÏÖ²¢·¢Õ¹µ÷²é£¬È·ÈÏÉç±£ºÅÂë¡¢µ®ÉúÈÕÆÚ¼°ÐÅÓþ¿¨µÈ²ÆÕþÊý¾ÝδÊÜÓ°Ï죬µ«¹¥»÷Õß¿ÉÄÜ»ñÈ¡Á˶à´ï3,087,721Ãû¿Í»§µÄ¼ÝÕÕÐÅÏ¢¡¢»¤ÕÕºÅÂë¡¢µç×ÓÓÊÏä¡¢µç»°ºÅÂ뼰סլµØÖ·¡£TPWDÇ¿µ÷£¬ÔÝÎÞÖ¤¾ÝÅú×¢18ËêÒÔÏÂδ³ÉÄêÈË»òÌØ¶¨ÈºÌå±»Õë¶Ô£¬µ«Â¶³öµÄÃô¸ÐÉí·ÝÐÅÏ¢ÈÔΪºóÐøÍøÂç´¹µö¡¢¼ÙÒâڿƼ°¶ñÒâÈí¼þͶµÝÌṩÁ˿ɳËÖ®»ú¡£¸ÃÊÂÎñÔ´ÓÚTPWDͨ¹ý±í²¿¹©¸øÉÌ·¢·ÅÐí¿ÉÖ¤£¬¶ø·ì϶²úÉúÔÚ¹©¸øÉ̹ØÁªµÄÐí¿É֤ϵͳ»·¾³ÖС£Ê·¢ºó£¬TPWDÕýÓ빩¸øÉÌÇ×êǺÏ×÷£¬Ö´ÐÐÐµİ²È«·À»¤´ëÊ©²¢¼ÓÇ¿¼à¿Ø·þÎñ£¬Í¬Ê±ÎªÊÜÓ°ÏìÓ×ÎÒÌṩΪÆÚÒ»ÄêµÄÃâ·ÑÐÅÓþ¼à¿Ø¡£¹Ù·½½¨ÒéÓû§¶¨ÆÚºË²éÐÅÓþ»ã±¨ºÍ²ÆÕþÕ˵¥£¬Ë¼¿¼ÉèÏàÐÅÓþ¶³½á»òڲƾ¯±¨£¬²¢¶Ô´¹µöÓʼþºÍ¼ÙÒâÐÐΪά³Ö¾¯Ìè¡£
https://securityboulevard.com/2026/06/texas-government-data-breach-exposes-over-3-million-drivers-licenses/
4. Splunk Enterprise¸ßΣ·ì϶ÔâÔÚÒ°ÀûÓÃ
6ÔÂ19ÈÕ£¬Splunk Enterprise½üÈÕÆØ³öÒ»¸ö±àºÅΪCVE-2026-20253µÄÑϳÁ°²È«·ì϶£¬¸Ã·ì϶ÔÚ¹«¿ªÅû¶½öÊýÈÕºó±ãÒÑÔâÔÚÒ°ÀûÓ᣸÷ì϶CVSSÆÀ·ÖΪ9.8·Ö£¨¸ßΣ£©£¬Ó°ÏìSplunk Enterprise 10.2.4֮ǰµÄ10.2°æ±¾ÒÔ¼°10.0.7֮ǰµÄ10.0°æ±¾¡£·ì϶±¾ÔÔÚÓÚSplunk EnterpriseÖÐPostgreSQL Sidecar ServiceµÄ±¸·ÝÓ븴Զ˵㲻×ãÉí·ÝÈÏÖ¤½ÚÔì¡£ÈκοÉÄÜͨ¹ýÍøÂç½Ó¼û¸Ã·þÎñµÄδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õߣ¬¾ù¿ÉÎÞÐèÍ´´¦Ö±½ÓŲÓÃÎļþ²Ù×÷£¬´´½¨»ò½Ø¶ÏËÁÒâÎļþ¡£¸Ã·ì϶µÄÍþвԶ²»Ö¹ÓÚÎļþ²Ù×÷¡£ÍøÂ簲ȫ¹«Ë¾WatchTowrÔÚ·ì϶¹«¿ªÁ½Ììºó£¨6ÔÂ12ÈÕ£©°ä²¼Á˾ßÌåµÄ¼¼Êõ·ÖÎöºÍ¸ÅÏëÑéÖ¤£¨PoC£©´úÂ룬֤ʵ¹¥»÷Õß¿Éͨ¹ýÁ´Ê½ÀûÓÃʵÏÖδ¾Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©¡£SplunkÒÑÓÚ6ÔÂ18ÈÕÈ·Èϸ÷ì϶ÒÑÔâÓÐÏÞÔÚÒ°ÀûÓá£ÃÀ¹úÍøÂ簲ȫÓë»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©ÒÑÓÚͬÈÕ½«¸Ã·ì϶ÄÉÈëÒÑÖªÒÑÀûÓ÷ì϶£¨KEV£©Ä¿Â¼£¬²¢ÒªÇóÁª¹úÃñÓûú¹¹ÔÚ6ÔÂ21ÈÕǰʵÏÖ½¨¸´¡£
https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/
5. IcarusÀûÓÃKlue·ì϶£¬ÇÔÈ¡¶à¼Ò¿Í»§SalesforceÊý¾Ý
6ÔÂ19ÈÕ£¬Êг¡µý±¨Æ½Ì¨Klue½üÈÕ¹«¿ªÈ·ÈÏÁËһ·°²È«ÊÂÎñ£¬¹¥»÷ÕßÇÔÈ¡ÁËÓÃÓÚÏνӿͻ§Salesforce»·¾³µÄOAuthÁîÅÆ£¬²¢ÒԴ˽ӼûÁ˶à¼Ò¿Í»§»·¾³ÖеÄÊý¾Ý¡£KlueÊ×ϯִÐйÙÔÚÉêÃ÷ÖаµÊ¾£¬¹«Ë¾ÓÚ6ÔÂ12ÈÕ·¢ÏÖÓ°Ï첿Ãż¯³É»ù´¡ÉèÊ©µÄδÊÚȨ»î¶¯£¬Ëæ¼´½áºÏÍøÂ簲ȫר¼Ò·¢Õ¹µ÷²é£¬Í¬Ê±Ö§³Ö¿Í»§²¢¸´ÔÊÜÓ°ÏìµÄÏνӡ£µ÷²éÈ·¶¨£¬¹¥»÷Õßͨ¹ýÒ»¸öÓ뼯³É·þÎñÓйصÄÒÑй¶µÄ¾ÉÍ´´¦»ñµÃ½Ó¼ûȨÏÞ£¬½ø¶ø»ñÈ¡ÁËÓÃÓÚÏνÓKlueÓëµÚÈý·½Æ½Ì¨£¨Ô̺¬Salesforce£©µÄOAuthÁîÅÆ£¬Ëæºó½Ó¼ûÁ˶à¸öÒÑÏνӿͻ§»·¾³ÖеÄÊý¾Ý¡£Ä¿Ç°ÉÐÎÞÖ¤¾ÝÅú×¢Klueƽ̨ÄÚ²¿Ö±½Ó´æ´¢µÄ¿Í»§ÄÚÈÝÊܵ½Ó°Ï죬ÊÂÎñ½öÏÞÓÚµÚÈý·½¼¯³ÉÁìÓò¡£KlueÒÑÁ¢¼´³·ÏúÊÜÓ°ÏìµÄÍ´´¦ºÍÁîÅÆ¡¢É¾³ýδÊÚȨ´úÂë¡¢½ûÓÃÊÜÓ°ÏìµÄ¼¯³É¡¢Æô¶¯µ÷²é²¢Í¨Öª·¨Âɲ¿ÃÅ£¬Í¬Ê±ÀñƸCrowdStrikeÐÖúÓ¦¼±ÏìÓ¦¡£Óë´Ëͬʱ£¬Icarus×éÖ¯ÔÚÆäÊý¾ÝÐ¹Â¶ÍøÕ¾ÉϹ«¿ªÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü£¬Ðû³ÆÒÑ´ÓKlueµÄ¶à¼ÒºÏ×÷ͬ°é¹«Ë¾ÖÐÇÔÈ¡ÁËSalesforceÊ·ýÊý¾Ý£¬²¢ÍþвÊÜÓ°Ï췽ͨ¹ýSession¼´Ê±Í¨Ñ¶Æ½Ì¨ÁªÏµ£¬ÒÔÔ¤·ÀÊý¾Ý±»¹«¿ªÐ¹Â¶¡£
https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/
6. Gravity SMTP·ì϶Ôâ´ó¹æÄ£ÀûÓ㬹¥»÷³¬1700Íò´Î
6ÔÂ19ÈÕ£¬WordPress°²È«¹«Ë¾Defiant½üÈÕ·¢³öÖҸ棬ºÚ¿ÍÔÚ»ý¼«ÀûÓÃGravity SMTP²å¼þÖеÄÒ»¸öδÊÚȨÐÅϢй¶·ì϶£¨CVE-2026-4020£©¡£¸Ã²å¼þ»îÔ¾ÓÚ10Íò¸öÍøÕ¾£¬·ì϶ӰÏì2.1.4¼°¸üÔç°æ±¾£¬ÒÑÓÚ3ÔÂ17ÈÕ°ä²¼µÄ2.1.5°æ±¾Öн¨¸´¡£¸Ã·ì϶ԴÓÚ²å¼þ¶³öµÄREST API¶Ëµã/wp-json/gravitysmtp/v1/tests/mock-data£¬Æäpermission_callbackʼÖÕ·µ»Øtrue£¬µ¼ÖÂδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿Éͨ¹ýGETÒªÇó»ñÈ¡²å¼þÌìÉúµÄÆëÈ«JSONÌåʽ¡°ÏµÍ³»ã±¨¡±¡£¹ÌÈ»¸Ã·ì϶±»ÆÀ¼¶Îª¡°ÖÐΣ¡±£¬µ«Â¶³öµÄÐÅÏ¢¼«ÎªÃô¸Ð£¬Ô̺¬£ºÅäÖÃÓʼþ¼¯³ÉµÄAPIÃÜÔ¿¡¢ÃÜÔ¿ºÍOAuthÁîÅÆ£»µÚÈý·½Óʼþ·þÎñ£¨ÈçAmazon SES¡¢Google¡¢Mailjet¡¢Resend¡¢Zoho£©µÄÍ´´¦£»WordPressÅäÖÃÏêÇ飨ÒÑ×°Öòå¼þ¡¢Ö÷Ìâ¼°°æ±¾£©£»·þÎñÆ÷ºÍPHP»·¾³ÐÅÏ¢£»Êý¾Ý¿âÅäÖ㨰汾¼°±íÃû£©µÈ¡£¹¥»÷ÕßÀûÓÃÕâЩʹ´¦¿É¼ÙÒâÊܺ¦Õß½Ó¼ûµÚÈý·½Óʼþ·þÎñ£¬Í¬Ê±Í¨¹ý¾ßÌåµÄϵͳ»ã±¨ÇáËɰÑÎÕÍøÕ¾Èí¼þÕ»£¬ÎªºóÐø¶¨Ïò¹¥»÷µì¶¨»ù´¡¡£DefiantÆìÏÂWordfence·À»ðǽÒÑÀ¹½Ø³¬¹ý1700Íò´ÎÕë¶ÔÊܱ£»¤¿Í»§µÄ¹¥»÷³¢ÊÔ¡£¹¥»÷»î¶¯ÓÚ6ÔÂ7ÈÕ´ïµ½¶¥·å£¬µ±ÈÕµ¥ÈÕÀ¹½ØÒªÇó´ï400Íò´Î£¬ËæºóÊýÈÕ³ÖÐøÓдóÁ¿¹¥»÷¼Í¼¡£
https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/


¾©¹«Íø°²±¸11010802024551ºÅ