KDDIÈí¼þ·ì϶ÖÂ1420ÍòÓÊÏäÕË»§Ôâй¶
°ä²¼¹¦·ò 2026-06-291. KDDIÈí¼þ·ì϶ÖÂ1420ÍòÓÊÏäÕË»§Ôâй¶
6ÔÂ28ÈÕ£¬ÈÕ±¾µçОÞÍ·KDDIÖêʽ»áÉçÓÚ2026Äê6ÔÂ17ÈÕ¼ì²âµ½Ò»Â·ÑϳÁµÄÊý¾Ýй¶ÊÂÎñ£¬µ¼ÖÂÆäÏòÁù¼Ò»¥ÁªÍø·þÎñÌṩÉÌÌṩµÄµç×ÓÓʼþϵͳÖУ¬¶à´ï1420Íò¸öÕË»§ÐÅÏ¢¿ÉÄܱ»±í²¿·¸·¨»ñÈ¡¡£¸Ã¹«Ë¾Õ¼Óг¬6ÍòÃûÔ±¹¤£¬Äê½»Ò×¶îÔ¼400ÒÚÃÀÔª£¬ÒµÎñº¸ÇÒÆ¶¯¡¢¹ÌÍø¡¢ÔÆÍÆËã¼°ÎïÁªÍøµÈ¶à¸öÁìÓò£¬Õâ´ÎÊÂÎñÖØÒªÓ°ÏìÆä¹úÄÚ·þÎñÉÌÍøÂç¡£¾ÝKDDIµ÷²é£¬¹¥»÷ÕßÀûÓÃÁ˵ç×ÓÓʼþϵͳËùʹÓõĵÚÈý·½Èí¼þ·ì϶ִÐÐÁËÈëÇÖ£¬¹«Ë¾ÔÚ·¢ÏÖºóÁ¢¼´½øÐм¼Êõ¹ýÎÊÒÔ×è¶Ï½øÒ»²½ÇÖº¦£¬²¢ÒѶ¨Î»µ½Î´¾ÊÚȨµÄ½Ó¼ûµã¡£ÊÜÓ°ÏìµÄ·þÎñÉÌÔ̺¬STNet¡¢KDDI Web Communications¡¢JCOM¡¢Öв¿µçÐÅ¡¢Nifty¼°BIGLOBE£¬Ð¹Â¶µÄÊý¾ÝÁìÓòº¸Çµç×ÓÓʼþµØÖ·¼°ÃÜÂ룬¹ÌÈ»ÃÜÂë¾¹ý¹þÏ£»ò¼ÓÃÜ´¦Ö㬵«¹«Ë¾ÈÔÖÒ¸æ´æÔÚ±»ÆÆ½âµÄ·çÏÕ¡£Ä¿Ç°£¬KDDIÒÑÏòÈÕ±¾ÒþÖԺ͵çÐżà¹Ü»ú¹¹»ã±¨´ËÊÂÎñ£¬²¢Õýе÷¸÷·þÎñÉ̹²Í¬Ó¦¶Ô£¬Í¬Ê±¶½´ÙËùÓÐÊÜÓ°ÏìÓû§Á¢¼´¸ü¸ÄÃÜÂ룬ÒÔ·À±¸Ç±ÔڵݲȫÍþв¡£¹«Ë¾³Ðŵ½«³ÖÐøÓëISPºÏ×÷£¬È·±£Óû§ÊµÊ±»ñµÃ֪ͨ²¢²ÉÈ¡Êʵ±·À»¤´ëÊ©¡£
https://securityaffairs.com/194387/data-breach/kddi-data-breach-impacts-up-to-14-2-million-email-accounts-at-six-isps.html
2. ΢Èí½Ò¾ÆµêÒµÔ⸴ÔÓ´¹µö¹¥»÷
6ÔÂ27ÈÕ£¬Î¢ÈíÍþвµý±¨Åû¶£¬×Ô2026Äê4ÔÂÆðÓкڿͳÖÐøÕë¶ÔÈ«Çò¾ÆµêÒµÌáÒ龫Ãܹ¥»÷¡£¹¥»÷Õßͨ¹ýɸѡº¬¡°reception¡±¡¢¡°frontdesk¡±µÈ¹Ø¼ü´ÊµÄÉ豸£¬Ëø¶¨¾Æµêǰ̨¼°Ô¤Ô¼²¿ÃÅ£¬ÀûÓÃCalendlyÓë¹È¸èURL³Á¶¨Ïò¹¹½¨ÄÜͨ¹ýÓʼþÉí·ÝÑéÖ¤µÄ¡°¶àÌø¡±Í¶µÝÁ´¡£µö¶üÓʼþ¼ÙÒâ¡°Booking Manager¡±£¬ÒÔ´²Ê¡¢ÎÀÉú²é³µÈ´¹Î£ÄÚÈÝÓÕʹÊܺ¦Õßµã»÷£¬¾¶à³Á³Á¶¨Ïò¼°Cloudflare¹ýÂ˺ó£¬ÏÂÔØ¼Ù×°³ÉͼƬµÄ.lnkÎļþ£¬Æô¶¯¾Æß²ã»ìºÏµÄPowerShell¾ç±¾£¬×îÖÕ´Ó¹Ù·½Ô´ÏÂÔØNode.js²¢Ö´ÐÓ×°TonRAT¡±¶ñÒⷨʽ¡£Æä×î͹ÆðµÄÌØµãÊÇÈßÓàÓÆ¾Ã»¯»úÔ죺¼Èͨ¹ýHKCU\Run³ÉÁ¢Í¨Àý×ÔÆô£¬ÓÖÀûÓÃHKCU\RunOnce·´¸´³ÁÐ´ÔØºÉÐγÉÑ»·£¬È·±£µ¥µã¶Ï¸ùºóÈÔÄܸ´Ô¡£Î¢ÈíEDRÔøÀ¹½ØPEÔØºÉ£¬µ«ÒòNode.jsÆô¶¯Ïî²ÐÁô£¬Á½Ììºó·¨Ê½¾ÐÂC2·þÎñÆ÷³Áм¤»î¡£²¿ÃÅʧÏÝÖ÷»ú»¹Ïò·Ç³ß¶È¶Ë¿Ú·¢Ðűꡢ½øÐеØÀíµØÎ»²é³ÉõÖÁÇ¿Ôì¹Ø»ú¡£¹¥»÷Õß×îÖÕÒâͼÉв»Ã÷È·£¬µ«Æä׳´óµÄÓÆ¾Ã»¯ÄÜÁ¦ÖµµÃ¾¯Ìè¡£³¹µ×¶Ï¸ùÐèÒÆ³ýRunÓëRunOnceÓйØ×¢²áÏɾ³ýNode.jsÔËÐÐʱ¼°¾ç±¾£¬²¢ÓÅÏÈÅŲéǰ̨ϵͳ£¬¶Ô´æÔÚNode.js¹ý³ÌµÄÉ豸ά³Ö¸ß¶ÈÒÉ»ó¡£
https://securityaffairs.com/194349/uncategorized/hospitality-sector-hit-by-phishing-campaign-using-fake-guest-complaint-emails.html
3. AI±àÂ븱ÊÖÔâ¹¥»÷£ºÎÞ¶ñÒâ´úÂë²Ö¿â¿ÉÖ²ÈëºóÃÅ
6ÔÂ27ÈÕ£¬MozillaÁãÈÕµ÷²éÍøÂ磨0DIN£©½üÈÕÅû¶£¬¹¥»÷Õß¿ÉÀûÓÃAI±àÂ븱ÊÖ£¨ÈçClaude Code£©µÄ¹¤×÷Á÷³Ì£¬Í¨¹ýÒ»¸ö±í±íÎÞº¦µÄGitHub²Ö¿â£¬ÔÚ¿ª·¢ÕßÉ豸ÉÏÖ²Èë·´Ïòshell£¬Õû¸ö¹ý³Ì²»Ô̺¬Èκδ«Í³¶ñÒâ´úÂ룬¶Ô°²È«É¨ÃèÆ÷¡¢AI´úÀíÉõÖÁÈËΪÉó²é¾ùά³Ö¡°ÒþÉí¡±¡£ÕâÖÖ¹¥»÷·½Ê½²»ÒÀÀµ·ì϶»ò¿ÉÒɺÅÁ¶øÊÇͨ¹ýÈý¸ö¹ÂÁ¢À´¿´ºÁÎÞÍþвµÄ»·½Ú×é³É¹¥»÷Á´£ºÊ×ÏÈ£¬¹¥»÷ÕßÌṩһ¸ö³ß¶ÈµÄGitHub²Ö¿â£¬Ô̺¬Õý³£µÄ×°ÖÃ×¢Ã÷£»Æä´Î£¬ÆäÖеÄPython°ü±»Éè¼ÆÎªÔÚ³õʼ»¯Ê±ÓÐÒⱨ´í£¬²¢ÌáÐÑÓû§Ö´ÐÐpython3 -m axiom init£¬Claude Code½«´ËÊÓΪͨ³£ÉèÖÃÎÊÌâ¶ø×Ô¶¯ÔËÐн¨ÒéºÅÁ×îºó£¬¸Ã³õʼ»¯ºÅÁîŲÓÃÒ»¸öshell¾ç±¾£¬´Ó¹¥»÷Õß½ÚÔìµÄDNS TXT¼Í¼Öж¯Ì¬»ñÈ¡ÅäÖÃÖµ²¢Ö±½ÓÖ´ÐС£0DIN×êÑÐÈËԱǿµ÷£¬Claude Code´Óδ×Ô¶¯¾ö¶¨´ò¿ªshell£¬Ö»ÊÇÔÚ¡°½¨¸´Ò»¸öÃýÎó¡±£¬¶ø·´ÏòshellµÄ´¥·¢ÓëAIÏÖʵÆÀ¹ÀµÄÄÚÈÝÖ®¾àÀëÁËÈý²ã¼ä½Ó¹ØÏµ£¬Ò»ÌõÊÜÐÅÀµµÄÃýÎóÐÂÎÅ¡¢Ò»¸ö»ñȡֵµÄ¾ç±¾£¬ÒÔ¼°Ò»Ìõ´Óδ±»AI¼û¹ýµÄDNS¼Í¼¡£Ò»µ©³É¹¦£¬¹¥»÷Õß¼´¿É»ñµÃÒÔ¿ª·¢ÕßȨÏÞÔËÐеĽ»»¥Ê½shell£¬´Ó¶ø½Ó¼û»·¾³±äÁ¿¡¢APIÃÜÔ¿¡¢ÅäÖÃÎļþ²¢³ÉÁ¢Óƾû¯¡£
https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/
4. ÐÂÐÍMisticºóÃŽèÔ±¹¤Éç»á¹¤³ÌÈëÇÔìóÒµ
6ÔÂ26ÈÕ£¬°²È«×êÑÐÈËÔ±·¢ÏÖÒ»¿îÃûΪBackdoor.Mistic£¨Òà±»×·×ÙΪMLTBackdoor£©µÄÐÂÐÍÔ¶³Ì½Ó¼ûľÂí£¬×Ô2026Äê4ÔÂÆð±»Ìض¨×éÖ¯ÓÃÓÚÔÚÆóÒµÄÚ²¿³ÉÁ¢Òñ±ÎÈë¿Ú£¬³äÈγõʼ½Ó¼û´úÀí£¬½«ÉøÈëºóµÄÍøÂçȨÏÞÏúÊÛ¸øQilin¡¢Rhysida¡¢AkiraµÈÖ÷Á÷ÀÕË÷Èí¼þÍŻ¸Ã»î¶¯¹ØÁªÖÁ×Ô2024Äê5ÔÂÆð»îÔ¾µÄºÚ¿Í×éÖ¯Woodgnat£¨±ðÃûKongTuke£©£¬Æä¹¥»÷Ö¸±êËæ»ú¸²¸ÇѧÌᢱ£ÏÕ¹«Ë¾¼°IT·þÎñ»ú¹¹¡£¹¥»÷ÊÖ·¨ÒÔÉç»á¹¤³ÌΪÖ÷Ì⣺ÔçÆÚͨ¹ý½Ù³ÖWordPressÍøÕ¾ÍÆËÍÐéα¼¼Êõ¾¯±¨£¬×Ô2026Äê4ÔÂÆðÔòÉý¼¶ÎªÍ¨¹ýMicrosoft Teams¼ÙÒâIT·þÎñֱ̨½ÓÏòÔ±¹¤·¢ËÍÐÂÎÅ£¬ÓÕÆÆäÔËÐжñÒâÖ¸Áî¡£Ò»µ©µÃÊÖ£¬¶à½×¶ÎPowerShellÁ´¼´ÏÂÔØMisticºóÃÅ£¬¸ÃľÂí¾ß±¸ÎļþÖÎÀí¡¢ÐéαµÇ¼½çÃæÃÜÂëÇÔÈ¡µÈÖ°ÄÜ£¬²¢ÀûÓÃWindowsÄÚÖù¤¾ß½øÐÐÄÚÍø¿úËÅ£¬Í¨¹ýCurl±í´«Êý¾Ý¡£Æä͹ÆðÌØµãÔÚÓÚ¼«¸ßµÄÒñ±ÎÐÔ£ºÒÀÀµDLL²à¼ÓÔØ¼¼ÊõÀûÓÿÉÐÅWindowsÎļþÈÆ¹ý°²È«Èí¼þ£¬ÇÒÆëÈ«ÔÚÍÆËã»úһʱÄÚ´æÖÐÔËÐУ¬²»Ð´ÈëÓ²ÅÌ£¬ÏÔÖøÔö³¤¼ì²âÄѶȣ¬Í¬Ê±ÄÚÖÃÖÕÖ¹¿ª¹Ø¿ÉÔÚ±»·¢ÏÖʱÁ¢¼´×Ô»Ù¡£
https://hackread.com/woodgnat-hackers-mistic-rat-access-ransomware-gangs/
5. ·¨¹ú¹ú¶Èͳ¼Æ¾ÖÔâ¹¥»÷£¬1.28ÍòÔ±¹¤ÐÅϢй¶
6ÔÂ26ÈÕ£¬·¨¹ú¹ú¶Èͳ¼ÆÓë¾¼Ã×êÑÐËù£¨Insee£©½üÈÕ֤ʵÔâ·êÍøÂç¹¥»÷£¬µ¼ÖÂÆäÄÚ²¿Ô±¹¤Ãû¼ÖÐÔ¼12,800ÃûÏÖÈκÍǰÈÎÔ±¹¤¼°Óйع«ÎñÔ±µÄÓ×ÎÒÊý¾ÝÔ⵽й¶¡£¾ÝInsee¹Ù·½ÉêÃ÷£¬Ð¹Â¶ÐÅÏ¢½öÏÞÓÚÉí·Ý×ÊÁϺÍÖ°ÒµÁªÏµ·½Ê½£¬²»º¬ÃÜÂë¡¢¼Òͥסַ¡¢ÒøÐÐÕË»§¡¢Éç»á±£ÏÕºÅÂë»òÒ½ÁƼͼµÈ¸ß¶ÈÃô¸ÐÊý¾Ý¡£È»¶ø£¬¾Ý·¨ÓïÍøÂ簲ȫýÌåCyberattaque±¨Â·£¬»¯Ãû¡°Saturne¡±µÄºÚ¿ÍÒÑÔÚÍøÂç·¸×ïÂÛ̳ÉϹ«¿ªÁ˾ݳÆÀ´×ÔInseeÄÚ²¿Ä¿Â¼£¨trombi.insee.fr£©µÄÊý¾Ý¿â£¬¸ÃÄ¿Â¼ÖØÒªÓÃÓÚÔ±¹¤¼ä²éÎÊרҵÁªÏµ·½Ê½¡¢¹¤×÷ÆÌÅż°ÐÐÕþÏêÇé¡£Õâ´Îй¶ÊÂÎñÓë·¨¹úµ±¾Ö½üÆÚƵ·¢µÄÍøÂ簲ȫ±äÂÒÐγÉÏìÓ¦£º´Ëǰµ±¾ÐĴʱͨѶ¹¤¾ßTchapÔâÈëÇÖ£¬ÖÂ73,467ÃûÓû§Êý¾ÝÁ÷Ïò°µÍø£»½ñÄê4Ô£¬·¨¹úµ±¾ÖÓÃÓÚ±£»¤Éí·ÝÎļþµÄÊý¾Ý¿âÒ²±»¹¥ÆÆ£¬Ô¼1,900ÍòÌõÔ̺¬»¤ÕÕ¡¢Éí·ÝÖ¤¼°¼ÝÕÕÐÅÏ¢µÄ¼Í¼±íй¡£ÏµÁÐÊÂÎñ͹ÏÔ·¨¹ú¹«¹²²¿ÃÅÔÚÊý¾Ý°²È«±£»¤·½ÃæÃæ¶ÔµÄÑϸñÌôÕ½¡£
https://cybernews.com/security/france-statistics-agency-insee-cyberattack-taff-data/
6. ÃÀ±£ÏÕ¼à¹Ü»ú¹¹NAICÔâÁãÈÕ¹¥»÷£¬3.1TBÊý¾Ýй¶
6ÔÂ26ÈÕ£¬ÃÀ¹úÈ«¹ú±£Ïռල¹ÙлᣨNAIC£©½üÈÕ֤ʵ£¬±¾ÔÂÔçЩʱ³½ÒòOracle PeopleSoftÈí¼þÁãÈÕ·ì϶Ôâ¹¥»÷µ¼ÖÂÊý¾Ý±»µÁ£¬³ôÃûÔ¶ÑïµÄÀÕË÷ÍÅ»ïShinyHuntersËæºóÔÚ°µÍø°ä²¼Á˾ݳƴï3.1TBµÄ»º´æÊý¾Ý¡£NAICÓÚ6ÔÂ11ÈÕ³õ´Î·¢Ïָð²È«ÊÂÎñ£¬²¢°µÊ¾±»µÁÊý¾ÝÒѱ»ÓйØ×éÖ¯¹«¿ª¡£NAIC¹Ù·½ÉêÃ÷³Æ£¬Ó×ÎÒÉí·ÝÐÅÏ¢¡¢Ö§¸¶ÐÅÏ¢¡¢¸÷Öݱ£ÏÕ²¿ÃÅϵͳ¼°Ö÷Ìâϵͳ£¨ÈçSERFF¡¢OPTins¡¢UCAAµÈ£©Î´ÊÜÓ°Ï죬Ա¹¤Ó×ÎÒÊý¾Ý¡¢±£µ¥³ÖÓÐÈËÐÅÏ¢µÈÒàδ±»½Ó¼û¡£È»¶ø£¬ShinyHuntersÅû¶µÄÊý¾Ý¼¯Ô¶³¬Í¨³£±£ÏÕÎļþ£¬¾Ý³ÆÔ̺¬2017ÖÁ2024Äê¼ä³¬¹ý26.4Íò·Ý±£ÏÕ¹«Ë¾¼à¹ÜµÇ¼ÇPDF¡¢Ô¼2,000Ìõ¿Í»§ÓëÅúÁ¿¶©µ¥¼Í¼£¨º¬ÐÕÃû¡¢ÓÊÏä¼°Ö§¸¶ÂòÂô±êʶ·û£©¡¢À´×Ôĵϡ¢»ÝÓþ¡¢±êÆÕµÈÖØÒªÆÀ¼¶»ú¹¹µÄÔ¼4.5Íò·ÝÎļþ¡¢±£ÏÕ¹«Ë¾·¨¶¨Äê¶È¼°¼¾¶È²ÆÕþ±¨±í£¬ÒÔ¼°³ö²ú»·¾³AWS»ù´¡ÉèÊ©ÈÕÖ¾¡¢ÔÆÅäÖÃÎļþ¡¢SQL¾ç±¾ºÍÓëSERFFµÈϵͳ¹ØÁªµÄ´æ´¢Í´´¦¡£°²È«×¨¼ÒÖҸ棬»ù´¡ÉèÊ©Îļþ¡¢ÅäÖÃÊý¾ÝºÍ³ö²ú±¸·Ý¿ÉÄÜΪ¹¥»÷ÕßÌṩNAICÄÚ²¿»·¾³µÄ·Ïßͼ£¬Â¶³öϵÍÂ䬽ÓÓëÊý¾ÝÁ÷ת·½Ê½£¬ÍþвÃô¸Ðƾ֤ÓëÖÎÀíÖ°ÄÜ¡£NAIC°µÊ¾ÔËÓªÒѸù»ù¸´Ô£¬½öÔÚÏß·¢Æ±Ö§¸¶µÈÁ½ÏîÀý±íÈÔÔÚ´¦ÖÃÖУ¬²¢ÕýÆÚ´ýµÚÈý·½ÐÅÓþÆÀ¼¶»ú¹¹È·ÈÏϵͳ°²È«¡£
https://cybernews.com/news/naic-breach-shinyhunters-3tb-insurance-systems-data/


¾©¹«Íø°²±¸11010802024551ºÅ