WhatsApp¶ñÒâ¹¥»÷½èºÏ·¨Èí¼þÔ¶³Ì¿ØµçÄÔ
°ä²¼¹¦·ò 2026-06-246ÔÂ22ÈÕ£¬½üÆÚ£¬Ò»³¡Õë¶ÔÈ«Çò¶à¹úWhatsAppÓû§µÄ¶ñÒâÈí¼þ¹¥»÷ÔÚ³ÖÐøÊæÕ¹¡£¹¥»÷Õßͨ¹ýµÁÓÃËûÈËWhatsAppÕË»§£¬ÏòÊܺ¦ÕßµÄÁªÏµÈË·¢ËÍ´øÓкýŪÐÔµÄÐÂÎÅ£¬ÐÂÎÅÖи½´øÁ˾¹ý¸ß¶È»ìºÏµÄVBScriptÎļþ¡£ÕâЩÎļþͨ³£±»¶¨ÃûΪ²ÆÕþ»ã±¨¡¢Õ˵¥»òÕË»§Í¨ÖªµÈ¼«¾ßÒýÓÕÁ¦µÄÃû³Æ£¬ÇÒÎļþÃû»áƾ¾Ý·ÖÆç¹ú¶ÈºÍµØÓò½øÐб¾µØ»¯·Ò룬ÒÔ¼ÓÇ¿ºýŪÐÔ¡£Ò»µ©½Ó¹ÜÕßÔÚWindowsϵͳ¸ßµÍÔØ²¢Ö´Ðиø½¼þ£¬±ã»á´¥·¢Ò»Ìõ¸´ÔÓµÄϰȾÁ´£ºÊ×ÏÈ£¬VBScript»á´Ó¹¥»÷Õß½ÚÔìµÄ·þÎñÆ÷»ñÈ¡Á½¸ö¶î±íµÄ¾ç±¾£¬ÆäÖÐÒ»¸öͨ¹ýÅú¸Ä×¢²á±í½ûÓÃWindowsµÄÓû§ÕË»§½ÚÔ죨UAC£©±£»¤£¬ÁíÒ»¸öÔòÏÂÔØÔ̺¬ºÏ·¨Ô¶³ÌÖÎÀí¹¤¾ß¡°ManageEngine Endpoint Central¡±µÄѹËõ°ü¡£¸ÃÖÎÀíÈí¼þËæºóÔÚºó¶Ü±»¾²Ä¬×°Ö㬲¢ÅäÖÃΪÏνÓÖÁ¹¥»÷ÕßÖ¸¶¨µÄÖÎÀí·þÎñÆ÷£¬´Ó¶øÊ¹¹¥»÷Õß¿ÉÄÜͨ¹ý¸ÃºÏ·¨Èí¼þµÄÔ¶³Ì½ÚÔìÖ°ÄÜ£¬È«ÃæÊÕÊÜÊܺ¦ÕßµÄÍÆËã»ú£¬ÊµÏÖϵͳ½Ó¼û¡¢Êý¾ÝÇÔÈ¡µÈ¶ñÒâ²Ù×÷¡£Æ¾¾Ý¿¨°Í˹»ù¹«Ë¾µÄÒ£²âÊý¾Ý£¬Õâ´Î¹¥»÷»î¶¯ÒѲ¨¼°°ÍÎ÷¡¢Ó¡¶È¡¢Ä«Î÷¸ç¡¢ÐÂ¼ÓÆÂ¡¢Ó¢¹ú¡¢Î÷°àÑÀ¡¢Ì¨Íå¡¢°Ä´óÀûÑÇ¡¢¶íÂÞ˹¡¢Ô½ÄϺÍÂíÀ´Î÷Ñǵȶà¸ö¹ú¶ÈºÍµØÓò£¬Ó°ÏìÁìÓò¿í·º¡£
https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/
2. ÊÚȨ·ì϶ÔâÀûÓã¬MEV»úеÈËËðʧ1500Íò
6ÔÂ22ÈÕ£¬½üÈÕ£¬³ÛÃûÒÔÌ«·»MEV£¨×î´ó¿ÉÌáÈ¡¼ÛÖµ£©»úеÈË¡°JaredFromSubway¡±Ôâ·ê¾«ÐÄÉè¼ÆµÄ¹¥»÷£¬ËðʧԼ1500ÍòÃÀÔªµÄ¼ÓÃÜ×ʲú¡£Æ¾¾ÝÇø¿éÁ´°²È«¹«Ë¾BlockaidµÄ¼à²â£¬¹¥»÷Õßͨ¹ý²¿ÊðÐéαµÄÁ÷¶¯ÐԳغʹú±ÒºÏÔ¼£¬Ïò¸Ã»úеÈ˵Ä×Ô¶¯ÂòÂôϵͳ³öÏÖ¿´ËÆÓÐÀû¿ÉͼµÄÌ×Àû»úÓö£¬´Ó¶øÓÕÆ»úеÈËÏò¹¥»÷Õß½ÚÔìµÄ¸¨ÖúºÏÔ¼ÊÚÓè´ó¶îµÄERC-20´ú±ÒÊÚȨ¡£Õû¸ö¹¥»÷¹ý³Ì¼«ÎªÖÜÃÜ£º¹¥»÷ÕßÏȽøÐжà±ÊÎÞº¦µÄ²âÊÔÂòÂô£¬ÒÔÑéÖ¤»úеÈ˵IJÙ×÷Âß¼ºÍÊÚȨ»úÔì£»Ëæºó£¬ËûÃǵ÷ÕûÂòÂôõè¾¶£¬Ê¹µÃ»úеÈËÊÚÓèµÄ¶î¶ÈÔÚÉóÅúºó²»»á±»Á¢¼´¿÷Ëð»ò³·Ïú£¬´Ó¶øÔÚ»úеÈ˲»ÖªÇéµÄÇé¿öÏÂÀÛ»ýÁËÖØ´óµÄÖ§³öȨÏÞ£¬×î¸ßÔø»ñµÃ92.1614öWETHµÄÊÚȨ¶î¶È¡£×îºó£¬¹¥»÷ÕßÀûÓÃÕâЩʢ¿ªµÄÊÚȨ£¬Í¨¹ýtransferFromº¯ÊýÖ±½Ó´Ó»úеÈ˺ÏÔ¼ÖÐÌáÈ¡ÁËWETH¡¢USDC¼°USDTµÈ×ʲú£¬ÊµÏÖÁË͵ÇÔ¡£ÔÚÕâ´ÎÊÂÎñÖУ¬¹¥»÷Õß·´ÏòÀûÓûúеÈ˵Ä×Ô¶¯»¯ÊÚȨÂß¼£¬ÒÔαÔìµÄ¡°»úÓö¡±ºýŪÁËϵͳ×ÔÉí£¬Â¶³ö³öÕâÀà»úеÈËÔÚȨÏÞÖÎÀíÉϵĴàÈõÐÔ¡£
https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/
3. FortiBleed¹¥»÷´ó¹æÄ£ÇÔÈ¡·À»ðǽʹ´¦
6ÔÂ22ÈÕ£¬°²È«¹«Ë¾SOCRadar×îл㱨½Òʾ£¬Ò»³¡´úºÅ¡°FortiBleed¡±µÄ´ó¹æÄ£ÍøÂç¹¥»÷»î¶¯ÕýÕë¶ÔÈ«Çò³¬¹ý43Íǫ̀Fortinet FortiGate·À»ðǽÉ豸·¢Õ¹£¬ÇÒÖÁÉÙ´Ó2026Äê2ÔÂÆð³ÖÐø»îÔ¾¡£¹¥»÷Õß³äÈγõʼ½Ó¼û´úÀí£¨IAB£©£¬×ÛºÏʹÓÃÆ¾Ö¤Ìî³ä¡¢±©Á¦ÆÆ½â¡¢ÀëÏßÃÜÂëÆÆ½âµÈ¼¿Á©£¬Ö¼ÔÚ»ñÈ¡ÆóÒµÍøÂç½Ó¼ûȨÏÞ¡£Õâ´Î¹¥»÷µÄÖ÷Ìâ¼¼ÊõÁÁµãÔÚÓÚ£¬ÈëÇÖÕ߳ɹ¦»ñÈ¡É豸ÖÎÀíȨÏ޺󣬻áÔÚ±»Ï°È¾µÄFortiGateÉϲ¿ÊðÒ»¿îÃûΪ¡°FortigateSniffer¡±µÄ¶¨Ô컯Golang¹¤¾ß¡£¸Ã¹¤¾ßÀÄÓÃFortiOSϵͳÄÚÖõÄdiagnose sniffer packetÕï¶ÏºÅÁͨ¹ýʵʱ¼à¿ØÁ÷¾·À»ðǽµÄÍøÂçÁ÷Á¿£¬´ÓÖв¶»ñÔ̺¬Éí·ÝÑéÖ¤ÃÜÔ¿¡¢ÃÜÂë¹þÏ£ºÍÃ÷ÎÄÍ´´¦µÄÃô¸ÐÊý¾Ý¡£¹¥»÷Á÷³ÌÏÔʾ£¬ÍþвÐÐΪÕßÊ×ÏÈÀûÓÃÆ¾Ö¤Ìî³ä»ò±©Á¦ÆÆ½â¼¿Á©»ñµÃFortiGateÉ豸µÄSSHÖÎÀí½Ó¼ûȨ£¬ËæºóÖ´ÐÐÐá̽¹¤¾ß£¬½«²¶»ñµÄÊý¾Ý°ü½»ÓÉÃûΪ¡°SNIFTRAN¡±µÄ×é¼þ³Á×éΪPCAPÎļþ¡£½Ó×Å£¬¹¥»÷ÕßʹÓûùÓÚPythonµÄ¡°PCAPÉî¶È·ÖÎö¹¤¾ß°ü¡±¶ÔÁ÷Á¿½øÐнâÎö£¬ÌáÈ¡³öÃ÷ÎÄÍ´´¦¡¢NTLMºÍKerberos¹þÏ£Öµ¡¢Kerberosµ¥¾ÝÒÔ¼°ÆäËûÉí·ÝÑéÖ¤¹¤¼þ£¬²¢ÌìÉúÊÊÅäHashcatÆÆ½â¹¤¾ßµÄÌåʽÎļþ¡£ÎªÁ˸ßÐ§ÆÆ½âÕâЩ¹þÏ££¬¹¥»÷Õß×âÓÃÁËÉ¢²¼Ê½GPU¼¯Èº¡£
https://www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/
4. ¼ÓÄôóµçÁ¦¹«Ë¾¿Í»§Êý¾ÝÔâй¶
6ÔÂ22ÈÕ£¬¼ÓÄô󰲴ÖÂÔÊ¡Â×¶ØÊеĵçÁ¦·ÖÏúÉÌLondon HydroÓÚÉÏÖÜÁùÅû¶£¬¸Ã¹«Ë¾ÔÚµ÷²éһ·Êý¾Ý°²È«ÊÂÎñ£¬¸ÃÊÂÎñ¡°¿ÉÄÜÓ°Ïìµ½²¿ÃÅÕË»§ÖеIJ¿ÃÅÓ×ÎÒÐÅÏ¢¡±£¬²¢ÒÑÆðͷ֪ͨÊÜÓ°ÏìµÄ¿Í»§¡£London HydroΪÂ×¶ØÊм°ÆäÖܱ߳¬¹ý16ÍòÓû§ÌṩµçÁ¦·þÎñ£¬Õâ´ÎÊÂÎñÖпÉÄÜй¶µÄÐÅÏ¢Ô̺¬¿Í»§ÐÕÃû¡¢µØÖ·¡¢µç×ÓÓÊÏä¡¢µç»°ºÅÂë¡¢ÕË»§±àºÅ¡¢Õ˵¥±àºÅ¡¢·þÎñµØÖ·¡¢µç¼Û¹æ»®¡¢ºÏÍ¬ÕØÊ¼ÈÕÆÚÒÔ¼°µç±í¶ÁÊýµÈ¡£ÖµÍ×ÌùÐĵÄÊÇ£¬¹«Ë¾Ã÷È·°µÊ¾£¬Õâ´ÎÊÂÎñ²»Éæ¼°ÒøÐÐÕË»§ÐÅÏ¢¡¢Ö§¸¶¿¨ÏêÇé¡¢µ®ÉúÈÕÆÚ¡¢µ±¾ÖÐû¸æµÄÉí·ÝÖ¤ºÅÂë»òÆäËûÃô¸Ð²ÆÕþÊý¾Ý£¬ÕâÔڿ϶¨Ë®Æ½ÉϼõÇáÁ˿ͻ§¶ÔÖ±½Ó¾¼ÃËðʧµÄÓÇÓô¡£È»¶ø£¬ÁîÈ˲»°²µÄÊÇ£¬London HydroÆù½ñй©µÄϸ½Ú¼«ÎªÓÐÏÞ¡£Æä¹Ù·½ÉêÃ÷½ö¾Û½¹ÓÚ¿Í»§ÐÅÏ¢µÄ¿ÉÄÜй¶£¬¶ÔÓÚÊÂÎñµÄ¾ßÌåÐÔÖÊ¡¢¹¥»÷õè¾¶¡¢ÊÇ·ñÈ·º±¼û¾Ý±»ÇÔÈ¡»ò½öÊDZ»·¸·¨½Ó¼û£¬ÒÔ¼°ÊÜÓ°Ïì¿Í»§¼òÖ±ÇÐÊýÁ¿µÈ¹Ø¼üÎÊÌ⣬¾ùδ×÷³öÈκÎ×¢Ã÷¡£ÓÈÆäÒý°ä·¢½ç¹Ø×¢µÄÊÇ£¬ÉêÃ÷ÖÐÆëȫûÓÐÌá¼°¸ÃÊÂÎñÊÇ·ñ²¨¼°µ½Î¬³ÖµçÍø²»±äÔËÐеÄÔËÓª¼¼Êõϵͳ»òµçÍø½ÚÔìÍøÂç¡£
https://www.theregister.com/security/2026/06/22/canadian-utility-fesses-up-to-data-breach-but-key-details-remain-off-grid/5259309
5. ËþËþµç×ÓÔâÀÕË÷£¬Æ»¹ûÌØË¹ÀÊý¾Ýй¶
6ÔÂ22ÈÕ£¬Ó¡¶ÈËþËþµç×Ó½üÈÕ֤ʵ²úÉúÒ»Â·ÍøÂ簲ȫÊÂÎñ£¬ÊÂÎñ²úÉú¼¸ÖÜǰ£¬¹«Ë¾ÒÑÁ¢¼´Æô¶¯Ó¦¶Ô¹æ»®£¬²¢Ç¿µ÷¸ÃÊÂÎñδ¶Ô¸÷ÒµÎñÔËÓªÔì³ÉÈκÎÓ°Ïì¡£´ËǰÀÕË÷×éÖ¯World LeaksÔÚÆä°µÍøÐ¹ÃÜÍøÕ¾Éϰ䲼Á˳¬¹ý20Íò·Ý¾Ý³ÆÓë¸ÃÆóÒµÓйصÄÎļþ£¬Êý¾Ý×ÜÁ¿´ï630.4GB¡£Ð¹Â¶µÄ204,341·ÝÎļþÖÐÔ̺¬´óÁ¿»úÃܺÍרº±¼û¾Ý£¬Ô̺¬Æ»¹ûºÍÌØË¹ÀµÄµÀÀíͼ¡¢¼¼ÊõÓë»úеͼֽ¡¢ÆëÈ«µÄ»¤ÕÕɨÃè¼þµÈ¡£°²È«×êÑÐÈËÔ±Éó²éÑù±¾ºó·¢ÏÖ£¬ÎļþÉæ¼°Æ»¹ûÔì×÷Á÷³ÌºÍÌØË¹À¹¤³ÌÏîÄ¿£¬ÆäÖÐÔ̺¬ÃûΪ¡°com.apple.factorydata¡±µÄÎļþ¼ÐÒÔ¼°±êעΪ¡°Ã³Ò×»úÃÜ¡±µÄÎļþ¡£ÓÈÆäÖµÍ×ÌùÐĵÄÊÇ£¬Ò»·ÝÉæ¼°ÌØË¹À¸Ä½øÐÍModel 3½Î³µµÄͼֽ±»Ã÷È·ÏóÕ÷ΪóÒ×»úÃÜ¡£´Ë±í£¬Ð¹Â¶Êý¾Ý»¹º¸ÇPDF¡¢Excelµç×Ó±í¸ñ¡¢ÄÜÔ´Õ˵¥¡¢¹¤³§Ðí¿ÉÖ¤¡¢Ô±¹¤µç×ÓÓʼþ¡¢¼ÓÃÜÖ¤Êé¡¢ÃÜÔ¿ÎļþÒÔ¼°ÓâÔ½ÊýÄêµÄÊÂÎñÈÕÖ¾µÈ¡£×êÑÐÈËÔ±»¹ÔÚÎļþÖз¢ÏÖ¶Ô¸»Ê¿¿µ¡¢ºÍ˶ºÍ¸ßͨµÈÆ»¹û¹©¸øÁ´¹Ø¼ü¹«Ë¾µÄÌá¼°£¬µ«ÔÝÎÞÖ¤¾ÝÅú×¢ÕâЩÆóÒµÒѱ»ÈëÇÖ¡£¾Ý·͸É籨·£¬Æ»¹û¹«Ë¾ÒѰµÊ¾ÔÚµ÷²é´ËÊÂÎñ£¬ËþËþ¼¯ÍžݳÆÒÑÊÕµ½Êê½ðÒªÇ󣬵«Î´Ð¹Â©ÊÇ·ñÔÚ½»Éæ»ò¾ßÌåË÷Òª½ð¶î¡£
https://cybernews.com/security/tata-electronics-breach-apple-tesla-secret-files/
6. XsolisÔâ´¹µö¹¥»÷£¬½ü140ÍòÈËÐÅϢй¶
6ÔÂ23ÈÕ£¬ÌïÄÉÎ÷ÖÝÒ½ÁƼ¼Êõ¹«Ë¾Xsolis½üÈÕÅû¶ÁËһ·´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ£¬Ó°ÏìÈËÊý´ï1,396,519ÈË¡£¸Ã¹«Ë¾ÖØÒªÎªÒ½Ôº¡¢Ò½ÁÆÏµÍ³ºÍÖ§¸¶·½ÌṩÀûÓÃÖÎÀíÓëÊÕÈëÖÜÆÚ½â¾ö¹æ»®¡£¾Ý¹Ù·½°ä²¼µÄ°²È«Í¨Öª£¬¹«Ë¾ÓÚ½ñÄê1ÔÂ22ÈÕÔÚÆäϵͳÖмì²âµ½Î´¾ÊÚȨµÄ»î¶¯£¬¾µ÷²éÈ·ÈÏ£¬ÈëÇÖÔ´ÓÚÁ½Ììǰһ´ÎÓÐÕë¶ÔÐÔµÄÍøÂç´¹µö¹¥»÷£¬¹¥»÷ÕßÀûÓô¹µöÓʼþ³É¹¦»ñÈ¡ÁËϵͳ½Ó¼ûȨÏÞ¡£Ð¹Â¶µÄÎļþÔ̺¬Xsolis´Ó¿Í»§´¦ÍøÂçµÄÓ×ÎÒ¼°Êܱ£»¤½¡¿µÐÅÏ¢£¬¾ßÌåÉæ¼°ÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢µØÖ·¡¢Éç»á±£ÏÕºÅÂë¡¢½¡¿µ±£ÏÕÐÅÏ¢ºÍÒ½ÁƼͼµÈÃô¸ÐÊý¾Ý¡£Ö»¹Ü¹«Ë¾ÔçÔÚÁ½ÖÜǰ¾Í¹«¿ªÁËÕâ´ÎÊÂÎñ£¬µ«ÊÜÓ°ÏìµÄ¾ßÌåÈËÊýÖ±ÖÁ±¾ÖÜÒ»²ÅÓÉÃÀ¹úÎÀÉúÓ빫¼Ò·þÎñ²¿£¨HHS£©Í¨¹ýÆäÊý¾Ýй¶׷×ÙÆ÷ÕýʽÅû¶£¬È·ÈÏ×ÜÊýΪ1,396,519ÈË¡£½ØÖÁĿǰ£¬ÉÐÎÞÒÑÖªµÄÀÕË÷Èí¼þ×éÖ¯¹«¿ªÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü¡£È»¶ø£¬Ë¼¿¼µ½Ð¹Â¶Êý¾ÝÖÐÔ̺¬Éç»á±£ÏÕºÅÂëºÍ½¡¿µ±£ÏÕÐÅÏ¢µÈ¸ß¶ÈÃô¸ÐµÄÓ×ÎÒ±êʶ£¬ÊÜÓ°ÏìµÄÓ×ÎÒÈÔÃæ¶Ô³Ö¾ÃµÄÉí·Ý͵ÇÔºÍÒ½ÁÆÚ²Æ·çÏÕ¡£ÕâÀàÒ½Áƽ¡¿µÓйØÊý¾ÝÔÚ°µÅÌÉϼÛÖµ¼«¸ß£¬¹¥»÷Õß¿ÉÄÜÀûÓÃÕâЩÐÅϢαÔì±£ÏÕË÷Åâ¡¢»ñÈ¡´¦·½Ò©»ò½øÐÐÆäËû½ðÈÚÚ¿Æ¡£
https://www.securityweek.com/xsolis-data-breach-affects-1-4-million-individuals/


¾©¹«Íø°²±¸11010802024551ºÅ