΢ÈíDefenderÁãÈÕ·ì϶BlueHammerÔâÀÕË÷Èí¼þÀûÓÃ

°ä²¼¹¦·ò 2026-07-02
1. ΢ÈíDefenderÁãÈÕ·ì϶BlueHammerÔâÀÕË÷Èí¼þÀûÓÃ


6ÔÂ30ÈÕ£¬ÃÀ¹úÍøÂ簲ȫÓë»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕÈ·ÈÏ£¬Î¢ÈíDefenderÖеÄÒ»¸ö¸ßΣȨÏÞÌáÉý·ì϶Òѱ»ÏÖʵÓÃÓÚÀÕË÷Èí¼þ¹¥»÷£¬¸Ã·ì϶±àºÅΪCVE-2026-33825£¬´úºÅ"BlueHammer"¡£¸Ã·ì϶µÄÅû¶¹ý³Ì³ä³âÕùÒ飺ËüÓÉһλ»¯Ãû"Chaotic Eclipse"»ò"Nightmare Eclipse"µÄ°²È«×êÑÐÔ±ÔÚ½ü¼¸¸öÔÂÄÚ¹«¿ª£¬¸Ã×êÑÐÔ±Òò²»Âú΢Èí´¦Ö÷ì϶»ã±¨µÄ·½Ê½£¬ÔÚ³§Ḛ́䲼½¨¸´·¨Ê½Ö®Ç°±ã¹«¿ªÁ˶à¸ö·ì϶ÀûÓôúÂë¡£CVE-2026-33825ÓÚ2026Äê4ÔÂ2ÈÕ±»¹«Ö®Óڶ࣬΢ÈíËæ¼´ÓÚ4ÔÂ14ÈÕ°ä²¼°²È«²¹¶¡£¬²¢ÖҸ澭¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÀûÓø÷ì϶ʵÏÖȨÏÞÌáÉý¡£Ö»¹Ü΢ÈíÔÚ4ÔÂ30ÈÕ¸üеIJ¼¸æÖÐÈϿɷì϶±»ÀûÓõĿÉÄÜÐÔ"½Ï´ó"£¬µ«ÆäʱÈÔδ֤ʵ´æÔÚÏÖʵ¹¥»÷°¸Àý¡£È»¶ø£¬ÍøÂ簲ȫ¹«Ë¾HuntressÔçÔÚ΢Èí°ä²¼²¹¶¡Ö®Ç°¾Í¹Û²ìµ½¸Ã·ì϶Òѱ»Ò°±íÀûÓã¬Òâζ×ÅËüÏÖʵÉÏÊÇÒ»¸öÁãÈÕ·ì϶¡£CISAÓÚ4ÔÂ22ÈÕ½«BlueHammerÁÐÈëÆäÒÑÖªÀûÓ÷ì϶£¨KEV£©Ä¿Â¼£¬²¢ÔÚºóÐø¸üÐÂÖÐÃ÷È·½«ÆäÓëÀÕË÷Èí¼þ»î¶¯¹ØÁªÆðÀ´¡£½ØÖÁĿǰ£¬Éв»Ã÷ÏÔ¾ßÌåÊÇÄĸöÀÕË÷Èí¼þ×éÖ¯ÔÚÀûÓÃCVE-2026-33825£¬Ò²²»×ã¾ßÌåµÄ¹¥»÷°¸Àý»ã±¨À´ÃèÊö¸Ã·ì϶µÄÏÖʵÀûÓ÷½Ê½¡£


https://www.securityweek.com/bluehammer-vulnerability-exploited-in-ransomware-attacks/


2. ÈÕ±¾µç²úÔâBlackfieldÀÕË÷£¬±»Ë÷200ÍòÃÀÔªÊê½ð


6ÔÂ30ÈÕ£¬ÈÕ±¾´óÐ͵ç×ÓÔª¼þÔì×÷ÉÌNidec Corporation£¨ÈÕ±¾µç²ú£©½üÈÕÅû¶£¬Æą̈Íå×Ó¹«Ë¾Nidec Chaun Choung TechnologyÓÚ2026Äê6ÔÂ22ÈÕÔâ·êÀÕË÷Èí¼þ¹¥»÷£¬²¿ÃÅ·þÎñÆ÷±»Ï°È¾¡£ÊÂÎñ²úÉúºó£¬¹«Ë¾Á¢¼´²ÉÈ¡´¹Î£´ëÊ©£¬¹Ø¹ØÊÜÓ°Ïì·þÎñÆ÷¼°ÍøÂçÒÔÔ¤·ÀÇÖº¦À©É¢£¬²¢ÈϿɴæÔÚ"ÐÅϢй¶µÄ¿ÉÄÜÐÔ"£¬µ«½ØÖÁĿǰÉÐδȷÈÏÈκÎÓ×ÎÒ»ò»úÃÜÐÅÏ¢±»¹«¿ªÐ¹Â¶¡£¹«Ë¾°µÊ¾ÔÚÆÀ¹ÀÕâ´Î¹¥»÷¶Ô³ö²ú¡¢ÔËÊäµÈÒµÎñÔËÓªµÄÓ°Ï죬Ԥ¼Æ²»»á²¨¼°ÆäËûNidec¼¯ÍÅÆóÒµ¡£BlackfieldÀÕË÷Èí¼þÍÅ»ïÒÑÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü£¬²¢ÏòNidecÌá³ö200ÍòÃÀÔªµÄÊê½ðÒªÇó£¬ÍþвÈô²»Ôڹ水ʱÏÞÄÚ»ØÓ¦½»É棬½«°ä²¼»òÏúÊÛ±»µÁÊý¾Ý¡£¸ÃÍŻﻹÌṩÁËÒ»ÏîÌØÊâ"·þÎñ"£ºÖ§¸¶5000ÃÀÔª¿É½«Ð¹Â¶×îºóÆÚÏÞµ¢¸éÒ»Ì죬ͬʱÒÔ40ÍòÃÀÔªµÄ¼ÛÖµÌṩÊý¾ÝµÄ¼´Ê±ÏÂÔØÁ´½Ó¡£ÎªÖ¤Ã÷¹¥»÷µÄÕæÊµÐÔ£¬BlackfieldÒѹ«¿ªÁËÔ̺¬Îļþ½á¹¹¼°²¿ÃÅÎĵµµÄÊý¾ÝÑù±¾¡£


https://www.bleepingcomputer.com/news/security/blackfield-ransomware-asks-nidec-corporation-for-2-million-ransom/


3. GameStopÒÉÔâÊý¾Ýй¶£¬³¬5400Íò±Ê¼Í¼±»½ÐÂô


6ÔÂ30ÈÕ£¬È«Çò×î´óµç×ÓÓÎÏ·ÁãÊÛÉÌÖ®Ò»GameStopÒÉËÆÔâ·êÊý¾Ýй¶ÊÂÎñ¡£Ò»Ãû¹¥»÷ÕßÔÚ·¸·¨ÍøÂç·¸×ïÂòÂôƽ̨ÉÏ·¢Ìû£¬Ðû³ÆÒÑ»ñÈ¡Ô̺¬³¬¹ý5400ÍòÌõ¿Í»§¼Í¼µÄÖØ´óÊý¾Ý¿â£¬²¢ÌṩÁË86ÌõÑù±¾¼Í¼×÷Ϊ×ôÖ¤¡£Æ¾¾Ý×êÑÐÍŶӵķÖÎö£¬Ð¹Â¶Ñù±¾Ô̺¬´óÁ¿¿Í»§ÕË»§Ãô¸ÐÐÅÏ¢£¬Ô̺¬Óû§ID¡¢È«Ãû¡¢µ®ÉúÈÕÆÚ¡¢µç×ÓÓʼþµØÖ·¡¢µç»°ºÅÂë¡¢¼Òͥסַ¼°ÓÊÕþ±àÂë¡¢ÕË»§×´Ì¬¡¢ÕË»§´´½¨ÈÕÆÚÒÔ¼°×îºó²É°ì¼Í¼µÈ¡£ÖµÍ×ÌùÐĵÄÊÇ£¬²¿ÃÅй¶µÄ²É°ì¼Í¼¿É×·ÒäÖÁ2026Ä꣬Åú×¢ÖÁÉÙ²¿ÃÅÊý¾ÝÏà¶ÔÐÂÏÊ£¬¶ø·ÇÆëÈ«À´×Ôº¹Çàй¶ÊÂÎñ£¬Õâ½øÒ»²½¼Ó¾çÁËÕâ´ÎÊÂÎñµÄÕæÊµÐԺͽôÆÈÐÔ¡£È»¶ø£¬ÓÉÓÚ¹¥»÷Õß½ö¹«¿ªÁËÉÙÁ¿Ñù±¾¶øÎ´ÌṩÆëÈ«Êý¾Ý¼¯£¬Ä¿Ç°ÉÐÎÞ·¨ºËʵÂô·½Ðû³ÆµÄ×ÜÌåÊý¾Ý¹æÄ££¬Ò²ÎÞ·¨È·ÈÏÊÇ·ñ´æÔÚ¸ü¶àÀàÐ͵ÄÃô¸ÐÐÅÏ¢±»ÇÔÈ¡¡£ÈôÕâ´ÎÊý¾Ýй¶Êôʵ£¬½«¶ÔGameStop¿Í»§×é³É¶à³ÁÍþв¡£×êÑÐÈËÔ±ÖҸ棬й¶µÄÓ×ÎÒÐÅÏ¢Óë²É°ìº¹ÇàÏà½áºÏ£¬¼«Ò×±»ÍøÂç·¸×ï·Ö×ÓÓÃÓÚ¾«×¼µÄÉç»á¹¤³Ì¹¥»÷ºÍ»­Ïñ·ÖÎö¡£


https://cybernews.com/security/gamestop-customer-data-breach/


4. ΢ÈíAzure CLIÔâ´ó¹æÄ£ÃÜÂëÅçÈ÷¹¥»÷


7ÔÂ1ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Huntress½üÈÕÅû¶£¬Ò»³¡´ó¹æÄ£¡¢³ÖÐøÐÔµÄ×Ô¶¯»¯ÃÜÂëÅçÈ÷¹¥»÷ÕýÕë¶Ô΢ÈíAzureºÅÁîÐнçÃæ£¨CLI£©·¢Õ¹£¬Òѵ¼ÖÂÖÁÉÙ64¸ö×éÖ¯µÄ78¸öÕË»§±»³É¹¦ÈëÇÖ¡£¹¥»÷»î¶¯²úÉúÔÚ2026Äê6ÔÂ12ÈÕÖÁ26ÈÕÆÚ¼ä£¬Ä»ºó¹¥»÷Õßͨ¹ý»¥ÁªÍø»ù´¡ÉèÊ©ÌṩÉÌLSHIY LLC½ÚÔìµÄIPv6µØÖ·ÁìÓòÌáÒéÁ˳¬¹ý8100Íò´ÎµÇ¼³¢ÊÔ¡£ÖµÍ×ÌùÐĵÄÊÇ£¬ºÜ¶àÊܺ¦×éÖ¯ÏÖʵÉÏÒÑÆôÓÃÁËǰÌá½Ó¼ûÕ½Êõ£¬µ«¹¥»÷ÕßÀûÓÃÁËÒ»ÖÖÃûΪ"×ÊÔ´ËùÓÐÕßÃÜÂëÆ¾Ö¤"µÄÒÑÆúÓÃOAuth 2.0Á÷³Ì£¬³É¹¦ÈƹýÁËÕâЩ°²È«·À»¤¡£¹¥»÷½ÚÅÄÏÔʾ³öÏÔÖøµÄ½×¶ÎÐÔÌØµã£º6ÔÂ12ÈÕÖÁ21ÈÕÆÚ¼ä£¬Ã¿Ìì½öÓÐÉÙÁ¿ÕË»§±»³É¹¦ÈëÇÖ£¬¾ùÔÈÿÌì2µ½4¸ö£¬µ«6ÔÂ19ÈÕµ±ÌìÓÐ12¸öÓû§ÕË»§±»µÁÓ㻹¥»÷ÔÚ6ÔÂ22ÈÕÖèÈ»Éý¼¶£¬µ¥ÈÕÓ°Ïì23¼ÒÆóÒµµÄ30¸öÉí·Ý¡£×îÖÕͳ¼ÆÏÔʾ£¬Õâ´Î¹¥»÷¹²µ¼ÖÂ64¸ö×éÖ¯µÄ78¸öÓû§ÕË»§±»ÈëÇÖ¡£HuntressÖ¸³ö£¬Õâ½öÊǸü´ó¹æÄ£Æ¾Ö¤ÅçÈ÷¹¥»÷µÄÒ»²¿ÃÅ£¬Æä¿Í»§ÈºÖдËÀ๥»÷ÊýÁ¿¼¤Ôö³¬¹ý155±¶£¬5ÔÂÏÂÑ®ÖÁ6Ô³õÓÈΪ¾çÁÒ£¬Ä¿Ç°¾ùÔÈÿ¸öÊܱ£»¤µÄ×⻧ÿÔÂÔâ·êÔ¼1964´Îʧ°ÜµÇ¼³¢ÊÔ¡£


https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html


5. Adobe´¹Î£½¨¸´Á½Æ½Ì¨Æß¸öÑϳÁ·ì϶


7ÔÂ1ÈÕ£¬AdobeÓÚ½üÈÕ°ä²¼´¹Î£°²È«¸üУ¬Õë¶ÔColdFusion WebÀûÓ÷¨Ê½¿ª·¢Æ½Ì¨ºÍCampaign ClassicÓªÏú×Ô¶¯»¯Æ½Ì¨ÖÐµÄÆß¸öµÚÒ»Á÷±ð·ì϶½øÐÐÁ˽¨¸´¡£ËùÓÐÕâЩ·ì϶¾ù¿ÉÔÚÎÞÐèÓû§½»»¥µÄµÍ¸´ÔӶȹ¥»÷Öб»ÀûÓã¬Adobe½«ÆäÏóÕ÷ΪÓÅÏȼ¶1£¬Òâζ×Å´æÔÚ¼«¸ßµÄ±»¹¥»÷·çÏÕ£¬²¢½¨ÒéÖÎÀíÔ±ÔÚ72Ó×ʱÄÚ¾¡¿ìʵÏÖ×°Öá£ÆäÖÐÁù¸öÑϳÁ·ì϶ӰÏìColdFusion 2025.9¡¢2023.20¼°¸üÔç°æ±¾£¬¹¥»÷Õß¼´±ãÎÞÐèȨÏÞÒ²¿ÉÔÚδ´ò²¹¶¡µÄϵͳÉÏÔ¶³ÌÖ´ÐдúÂ룻ÁíÒ»¸ö×î¸ßÑϳÁÐÔ·ì϶ӰÏìCampaign Classic 7.4.3 build 9396¼°¸üÔç°æ±¾£¬³É¹¦ÀûÓúó¿ÉÔÚµ±Ç°Óû§¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂë¡£AdobeÇ¿µ÷£¬¸ÃCampaign·ì϶½öÓ°Ïì±¾µØ²¿ÊðÊ·ý£¬ÆäÍйÜÊ·ýÉϵķì϶Òѱ»Ìáǰ½¨¸´¡£Ö»¹ÜAdobe°µÊ¾ÉÐδ·¢ÏÖÕë¶ÔÕâЩÒѽ¨¸´·ì϶µÄÏÖʵÀûÓð¸Àý£¬µ«¼øÓÚÆäÑϳÁÐÔ£¬ÊµÊ±´ò²¹¶¡ÈÔÊÇ·ÀÓù¹Ø¼ü¡£


https://www.bleepingcomputer.com/news/security/adobe-patches-seven-max-severity-coldfusion-campaign-flaws/


6. ¾Ã±£Ìï±±ÃÀÔâÈëÇÖ£¬Ô±¹¤Êý¾Ýй¶


7ÔÂ1ÈÕ£¬ÈÕ±¾¹¤ÒµÔì×÷¾ÞÍ·¾Ã±£ÌKubota£©±±ÃÀ·Ö¹«Ë¾ÓÚ½üÈÕÅû¶£¬Æä²¿ÃÅÍøÂçϵͳÔÚ½ñÄêÔçЩʱ³½Ôâ·êÁËÒ»´Î³ÖÐøÐԵĺڿÍÈëÇÖ£¬¹¥»÷ÕßÂñ·ü¹¦·ò³¤´ïÒ»¸ö¶àÔ¡£Æ¾¾Ý¹«Ë¾¹Ù·½µ÷²éÁ˾Ö£¬ÔÚ2026Äê3ÔÂ16ÈÕÖÁ4ÔÂ20ÈÕÆÚ¼ä£¬Î´¾­ÊÚȨµÄÍþвÐÐΪÕ߳ɹ¦½Ó¼ûÁËÔ̺¬´óÁ¿Ô±¹¤¼°Æä¾ìÊôÓ×ÎÒÐÅÏ¢µÄÄÚ²¿Îļþ¡£Æ¾¾Ý¾Ã±£ÌïÃÀ¹ú¹«Ë¾¹ÙÍø°ä²¼µÄ²¼¸æ£¬Õâ´Îй¶µÄÊý¾ÝÁìÓò¼«Îª¿í·º£¬¾ßÌå¿ÉÄÜÉæ¼°Ô±¹¤µÄÆëÈ«ÐÕÃû£¨º¬¾ìÊôÐÕÃû£©¡¢Éç»á°²È«ºÅÂë¡¢µ®ÉúÈÕÆÚ¡¢ÄÉ˰È˼ø±ðºÅ¡¢¼ÝÊ»ÅÆÕÕ»òÆäËûµ±¾ÖÐû¸æµÄÉí·ÝÖ¤¼þºÅÂë¡¢ÓÃÓÚÖ±½Ó´æ¿îµÄÒøÐÐÕË»§ÐÅÏ¢¡¢ÆóÒµÖ§¸¶¿¨ÐÅÏ¢£¬ÒÔ¼°¸£ÀûµÇ¼Ç¼Í¼ºÍÓÐÏÞµÄÒ½ÁÆÀíÅâÊý¾Ý£¨¾ùÔ̺¬¾ìÊôÐÅÏ¢£©¡£ÓÉÓÚÿλԱ¹¤Ëùй¶µÄÊý¾Ý×éºÏ²»¾¡Ò»Ñù£¬¾Ã±£Ìï×Ô6ÔÂ30ÈÕÆðÒÑͨ¹ýµç×ÓÓʼþÏòËùÓÐÊÜÓ°ÏìÈËÔ±·¢Ë͸öÐÔ»¯Í¨Öª£¬Ã÷È··î¸æÆä¾ßÌ屻й¶µÄÐÅÏ¢Àà±ð¡£ÎªÔ®ÊÖÊܺ¦Õß½µµÍDZÔÚ·çÏÕ£¬¹«Ë¾ÔÚ֪ͨº¯Öи½´øÁË×¢²áKrollÉí·Ý±£»¤·þÎñµÄ¾ßÌåÖ¸Òý£¬Í¬Ê±³ö¸ñÌáÐÑÔ±¹¤¼°¾ìÊôÎñ±ØÇ×êǹØ×¢Ò½ÁƱ£½¡Õ˵¥¼°ÒøÐÐÕË»§µÄÒì³£¶¯Ì¬£¬Ò»µ©·¢ÏÖ¿ÉÒɻӦÁ¢¼´ÏòÓйز¿ÃŻ㱨¡£¾Ã±£Ìïͬʱǿµ÷£¬ÒÑÔÚÊÂÎñ²úÉúºó²¿ÊðÁ˶î±íµÄ°²È«¼Ó¹Ì´ëÊ©£¬ÒÔÔ¤·ÀδÀ´ÔٶȲúÉúͬÀàÈëÇÖÊÂÎñ¡£


https://www.bleepingcomputer.com/news/security/kubota-says-hackers-had-month-long-access-to-network-systems/