´÷¶û²âÊÔ³¢ÊÔÊÒÆ½Ì¨ÔâWorld LeaksºÚ¿Í×éÖ¯¹¥»÷

°ä²¼¹¦·ò 2025-07-22

1. ´÷¶û²âÊÔ³¢ÊÔÊÒÆ½Ì¨ÔâWorld LeaksºÚ¿Í×éÖ¯¹¥»÷


7ÔÂ21ÈÕ £¬´÷¶û¿Æ¼¼¹«Ë¾½üÈÕÈ·ÈÏÆä¿Í»§½â¾ö¹æ»®ÖÐÐÄÆ½Ì¨Ôâ·êÍøÂ簲ȫÈëÇÖ £¬¹¥»÷ÕßΪ½üÆÚ³Á×éµÄÀÕË÷×éÖ¯World Leaks£¨Ç°ÉíΪHunters International£©¡£Õâ´ÎÊÂÎñ²úÉúÓÚ2025Äê7Ô³õ £¬Ö¸±êÖ±Ö¸´÷¶ûÓÃÓÚóÒ׿ͻ§²úÆ·ÑÝʾ¼°¸ÅÏëÑéÖ¤²âÊԵĸôÀë»·¾³¡£Ö»¹ÜÍþвÐÐΪÕ߳ɹ¦Í»ÆÆ¸Ãƽ̨ £¬µ«´÷¶ûÇ¿µ÷ÆäÑϸñµÄ°²È«¼Ü¹¹ÓÐЧÏÞ¶ÈÁËËðʧÁìÓò £¬¿Í»§ÏµÍ³¼°ÄÚ²¿ÍøÂçδÊܲ¨¼°¡£¾ÝÅû¶ £¬ÈëÇÖÊÂÎñÖб»µÁÊý¾ÝÖØÒªÔ̺¬ºÏ³É²âÊÔÊý¾Ý¡¢¹«¿ªÑÝʾÊý¾Ý¼¯¼°·ÇÃô¸ÐϵͳÐÅÏ¢ £¬Î¨Ò»Éæ¼°ÕæÊµÄÚÈݵĽöΪһ·Ý¹ýÆÚÁªÏµÈËÃûµ¥ £¬´÷¶û³ÆÆä"ÔËÓª¼ÛÖµ¼«µÍ"¡£¸Ãƽ̨×÷Ϊ¶ÀÁ¢ÔËÐеÄÑÝʾ»·¾³ £¬Óë³ö²úÍøÂç¡¢¿Í»§Êý¾Ý´æ´¢¿â¼°ºÏ×÷ͬ°éϵͳÆëÈ«¸ôÀë £¬²¢ÉèÓÐÃ÷È·²»ÈÝÉÏ´«Ãô¸ÐÊý¾ÝµÄºÍ̸¡£´÷¶û°²È«ÍŶӰµÊ¾ £¬¶à³ÁÍøÂç·Ö¶ÎºÍ¼à¿Ø»úÔìÔÚÊÂÎñÖвûÑïÁ˹ؼü×÷Óà £¬Ä¿Ç°Õý³ÖÐøµ÷²é¹¥»÷õè¾¶ £¬µ«ÉÐδ·¢ÏÖ¿Í»§Êý¾Ý»òÖ÷ÌâϵͳÊÜÓ°ÏìµÄÖ¤¾Ý¡£


https://cybersecuritynews.com/dell-data-breach/


2. µÏ°ÂÆðÍ·ÏòÃÀ¹ú¿Í»§·¢ËÍÊý¾Ýй¶֪ͨ


7ÔÂ21ÈÕ £¬·¨¹úÉÝ³ÞÆ·ÅƵϰ£¨Dior£©½üÈÕÏòÃÀ¹ú¿Í»§·¢ËÍÊý¾Ýй¶֪ͨ £¬½ÒʾÆäÓÚ2025Äê1ÔÂ26ÈÕÔâ·êÍøÂ簲ȫÊÂÎñ £¬µ¼Ö¿ͻ§Ó×ÎÒÐÅÏ¢±»Î´¾­ÊÚȨ½Ó¼û¡£×÷ΪȫÇò×î´óÉÝ³ÞÆ·¼¯ÍÅLVMHÆìÏÂÖ÷ÌâÆ·ÅÆ £¬µÏ°ÂÄêÊÕÈ볬120ÒÚÃÀÔª £¬ÔÚÈ«ÇòÔËÓªÊý°Ù¼Ò¾«Æ·µê £¬Õâ´ÎÊÂÎñÒý·¢¶ÔÆäÊý¾Ý°²È«ÖÎÀíµÄ¹Ø×¢¡£Æ¾¾Ý֪ͨ £¬µÏ°ÂÓÚ2025Äê5ÔÂ7ÈÕ·¢ÏÖÊý¾Ý¿âÔâÈëÇÖ £¬Ëæ¼´Æô¶¯ÄÚ²¿µ÷²é¡£µ÷²éÈ·ÈÏ £¬¹¥»÷Õß»ñÈ¡ÁËÔ̺¬È«Ãû¡¢ÁªÏµ·½Ê½¡¢ÏÖʵµØÖ·¡¢µ®ÉúÈÕÆÚ £¬ÒÔ¼°²¿Ãſͻ§µÄ»¤ÕÕ/µ±¾ÖÉí·ÝÖ¤ºÅÂë¡¢Éç»á°²È«ºÅÂëµÄÐÅÏ¢ £¬µ«Î´Éæ¼°ÒøÐÐÕË»§»òÖ§¸¶¿¨µÈ²ÆÕþÊý¾Ý¡£µÏ°ÂÇ¿µ÷ÒÑѸ¿ì²ÉÈ¡½ÚÔì´ëÊ© £¬Ä¿Ç°ÎÞÖ¤¾ÝÅúעϵͳ±»³ÖÐøÈëÇÖ £¬²¢ÒÑ֪ͨ·¨Âɲ¿Ãż°ÀñƸµÚÈý·½ÍøÂ簲ȫר¼ÒЭÖúÓ¦¶Ô¡£Îª»º½âÓ°Ïì £¬µÏ°ÂΪÊÜÓ°ÏìÓû§ÌṩÃâ·Ñ24¸öÔÂÐÅÓþ¼à¿ØÓëÉí·Ý͵ÇÔ±£»¤·þÎñ £¬Í¬Ê±½¨Òé¿Í»§¾¯ÌèÚ¿Æ­¡¢ÍøÂç´¹µö¼°½ðÈÚÕË»§Òì³£»î¶¯¡£


https://www.bleepingcomputer.com/news/security/dior-begins-sending-data-breach-notifications-to-us-customers/


3. Ó¡¶È¼ÓÃÜÇ®±ÒÂòÂôËùCoinDCX 4420ÍòÃÀÔª¼ÓÃÜ×ʲú±»µÁ


7ÔÂ21ÈÕ £¬Ó¡¶ÈÍ·²¿¼ÓÃÜÇ®±ÒÂòÂôËùCoinDCX½üÈÕÈ·ÈÏ £¬ÆäÒ»¸öÄÚ²¿ÔËÓªÕË»§Ôâ·ê°²È«·ì϶ £¬µ¼Ö¼ÛÖµÔ¼4420ÍòÃÀÔªµÄ¼ÓÃÜÇ®±Ò±»µÁ¡£¾ÝCoinDCX½áºÏÊ×´´È˼æÊ×ϯִÐйÙSumit GuptaÔÚXƽ̨Åû¶ £¬±»ÈëÇÖÕË»§½öÓÃÓÚÔÚºÏ×÷ÂòÂôËùÌṩÁ÷¶¯ÐÔ £¬ÊôÓÚÄÚ²¿ÔËÓªÕË»§ £¬Óë¿Í»§×ʽðÆëÈ«¸ôÀë¡£ËûÇ¿µ÷ £¬ËùÓпͻ§×ʲú¾ùδÊÜÓ°Ïì £¬·çÏÕ³¨¿ÚÓɹ«Ë¾×ÔÓÐ×ʽð´¢Ðî³Ðµ£¡£¼ÓÃܰ²È«×êÑÐÔ±ZachXBTͨ¹ýTelegramƵ·½øÒ»²½·ÖÎö £¬¹¥»÷ÕßµØÖ·×î³õͨ¹ýTornado Cash»ì±Ò·þÎñ»ñµÃ1öÒÔÌ«·»£¨ETH£©ÔÞÖú £¬Ëæºó½«²¿Ãű»µÁ×ʽð¾­Solana-ÒÔÌ«·»¿çÁ´ÇÅ×ªÒÆ £¬×îÖչ鲢Ϊ4,443öETHºÍ155,830öSolana£¨SOL£© £¬Ä¿Ç°´¦ÓÚÐÝÃß״̬¡£CoinDCX°µÊ¾ÕýÓëÓ¡¶ÈÍÆËã»úÓ¦¼±ÏìÓ¦Ó××飨CERT-In£©¼°ºÏ×÷ÂòÂôËùЭͬµ÷²é¡£Îª¼Ó¿ì×ʽð×·»Ø £¬CoinDCXÓÚÖÜÒ»Æô¶¯¡°×·»ØÉͽ𡱴òËã £¬³ÐŵÏòЭÖú×·×Ù»òÕһر»µÁ×ʲúµÄÓ×ÎÒ»ò»ú¹¹Ìṩ×î¸ß25%µÄ×·»Ø½ð¶î×÷Ϊ¼Î½±¡£


https://techcrunch.com/2025/07/21/indian-crypto-exchange-coindcx-confirms-44-million-stolen-during-hack/


4. ÒÁÀʹØÁª°²×¿¼äµýÈí¼þDCHSpy¼Ù×°³ÉVPN¼à¿ØÖ¸±êÈËÊ¿


7ÔÂ21ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±½üÈÕÅû¶һ¿îÓëÒÁÀʵý±¨Ó밲ȫÊý£¨MOIS£©ÓйصÄÐÂÐͰ²×¿¼äµýÈí¼þDCHSpy £¬¸ÃÈí¼þͨ¹ý¼Ù×°³ÉVPNÀûÓü°SpaceXÐÇÁ´£¨Starlink£©ÎÀÐÇ»¥ÁªÍø·þÎñ £¬Õë¶ÔÖж«µØÓòÓû§Ö´Ðж¨Ïò¹¥»÷¡£Òƶ¯°²È«¹©¸øÉÌLookoutÖ¸³ö £¬DCHSpyÑù±¾×îÔçÓÚ2024Äê7Ô±»·¢ÏÖ £¬Æä¿ª·¢ÕßΪÒÁÀʹú¶È²¼¾°ºÚ¿Í×éÖ¯MuddyWater£¨±ðºÅBoggy Serpens¡¢TA450µÈ£© £¬½üÆÚÔÚÒÔÉ«ÁÐ-ÒÁÀÊì¶Ü·¢×÷ºóÒ»ÖÜÄÚ³öÏÖбäÖÖ £¬°µÊ¾Æä»î¶¯ÓëµØÓò´óÊÆçÇÃܹØÁª¡£DCHSpyΪÄ£¿é»¯Ä¾Âí £¬¾ß±¸¶àÏîÊý¾ÝÇÔȡְÄÜ £¬Ô̺¬ÍøÂçWhatsAppÐÅÏ¢¡¢ÕË»§Æ¾Ö¤¡¢ÁªÏµÈË¡¢¶ÌÐÅ¡¢Í¨»°¼Í¼¡¢µØÎ»Êý¾Ý £¬²¢¿ÉÔ¶³Ì¹àÒô¡¢ÅÄÕÕ¼°ÇÔÈ¡Îļþ¡£ÔçÆÚ°æ±¾Í¨¹ýTelegramÇþ·´«²¼ £¬ÒÔ·ñ¾öÒÁÀÊÕþȨµÄÖ÷ÌâÄÚÈÝΪµö¶ü £¬Õë¶ÔÓ¢ÓïºÍ²¨Ë¹ÓïÓû§ £¬Ö¸±êȺÌåÒÉËÆÎªÒìÒéÈËÊ¿¡¢»î¶¯ÈËÊ¿¼°¼ÇÕß¡£×îбäÖÖÔò½øÒ»²½Éý¼¶´«²¼¼¿Á© £¬¼Ù×°³É¡°Earth VPN¡±¡°Comodo VPN¡±¡°Hide VPN¡±µÈ¿´ËÆÊµÓõÄVPNÀûÓà £¬ÉõÖÁÀûÓá°starlink_vpn(1.3.0).apk¡±ÎļþÃû·ÂÕÕÐÇÁ´·þÎñ½øÐзַ¢¡£ÖµÍ×ÌùÐĵÄÊÇ £¬ÐÇÁ´ÎÀÐÇ»¥ÁªÍø·þÎñÉÏÔ¸ÕÔÚÒÁÀʵÐÔÖÖ´ÐÐÍøÂç¹Ø±ÕÆÚ¼ä±»¼¤»î £¬Ëæºó¸Ã¹úÒé»á½«Æä·¸·¨»¯ £¬Õâ´Î¶ñÒâÈí¼þ½èÐÇÁ´ÃûÒå´«²¼ £¬»òÖ¼ÔÚÀûÓÃÓû§¶ÔÊÜÏÞ·þÎñµÄ»ð¼±ÐèÒª¡£


https://thehackernews.com/2025/07/iran-linked-dchspy-android-malware.html


5. ÍøÂç´¹µöÀûÓÃ.LNKÎļþÓëLOLBin¼¼Êõ´«²¼DeerStealer¶ñÒâÈí¼þ


7ÔÂ22ÈÕ £¬½üÈÕ £¬Ò»ÖÖÐÂÐ͸´ÔÓÍøÂç´¹µö»î¶¯±»ÆØ¹â £¬Æäͨ¹ý±øÆ÷»¯µÄWindows¿ì½Ý·½Ê½Îļþ£¨.LNK£©´«²¼DeerStealer¶ñÒâÈí¼þ £¬ÀûÓá°Living off the Land¡±£¨LOLBin£©¼¼ÊõŲÓúϷ¨ÏµÍ³¶þ½øÔìÎļþ £¬¹¹½¨¶à½×¶Î¹¥»÷Á´ÒÔÈÆ¹ý´«Í³°²È«·À»¤¡£¸Ã»î¶¯ÓÉLinkedIn·ÖÎöʦ¼°×êÑÐÈËÔ±·¢ÏÖ £¬ÒòÆäѡȡ¸ß½×¶ã±ÜÕ½Êõ²¢ÀÄÓÃ΢ÈíÔ­Éú¹¤¾ß £¬±»ÊÓΪ¶ñÒâÈí¼þ´«µÝ»úÔìµÄ³Á´óÑݽø¡£¹¥»÷ÒÔ¼Ù×°³É¡°Report.lnk¡±µÄºÏ·¨PDFÎĵµÎªÆðµã £¬ÏÖʵ´¥·¢¾«ÐÄÉè¼ÆµÄÎå½×¶ÎÖ´ÐÐÁ´£º.LNKÎļþÊ×ÏȰÂÃØÅ²ÓÃMicrosoft HTMLÀûÓ÷¨Ê½Ö÷»úmshta.exe £¬Í¨¹ý¶¯Ì¬½âÎöSystem32Ŀ¼õè¾¶²¢×¢Èë»ìºÏµÄBase64¾ç±¾ £¬½ûÓÃÈÕÖ¾¼Í¼Óë·ÖÎöÖ°ÄÜÒÔ½µµÍ·¨Ò½¿É¼ûÐÔ¡£Ëæºó £¬¹¥»÷Á´Ë³´Î¾­cmd.exe¡¢PowerShell²ã²ãµÝ½ø £¬×îÖÕÔÚAppDataĿ¼¾²Ä¬²¿ÊðDeerStealerÖ÷·¨Ê½¡£Îª·ÖÉ¢Êܺ¦Õß°ÑÎÈÁ¦ £¬ÏµÍ³Í¬Ê±ÏÂÔØ²¢´ò¿ªºÏ·¨PDFµö¶üÎļþ £¬¸²¸Ç¶ñÒâÈí¼þ×°ÖÃÐÐΪ¡£


https://cybersecuritynews.com/deerstealer-malware-delivered/


6. °ÙÄêÎïÁ÷¾ÞÍ·ÒòÃÜÂëй¶ÔâÀÕË÷¹¥»÷ÆÆ²ú


7ÔÂ21ÈÕ £¬Ó¢¹ú±±°²ÆÕ¶Ø¿¤°ÙÄêÔËÊäÆóÒµKNP LogisticsÒòAkiraÀÕË÷Èí¼þ¹¥»÷ÏÝÈëÆÆ²úÖÎÀí £¬µ¼ÖÂ730ÃûÔ±¹¤Ê§Òµ £¬³ÉΪ2024ÄêÓ¢¹úÆóÒµÔâ·êÍøÂç¹¥»÷µÄ±êÖ¾ÐÔ°¸Àý¡£Õâ¼Ò³ÉÁ¢ÓÚ1865ÄêµÄ¼Ò×åÆóÒµ £¬ÓÚÎôʱ6ÔÂÒòÔ±¹¤ÃÜÂëй¶±»ºÚ¿ÍÈëÇÖ £¬¹¥»÷Õßͨ¹ý²Â²âµ¥Ò»ÕË»§Æ¾Ö¤³É¹¦ÉøÈëϵͳ £¬²¿ÊðÀÕË÷Èí¼þ¼ÓÃܹؼüÊý¾Ý²¢Ë÷ÒªÔ¼500ÍòÓ¢°÷Êê½ð¡£Ö»¹ÜKNPδ֧¸¶Êê½ð £¬µ«¹¥»÷ÈÔ³¹µ×̱»¾ÆäÔËÓª¡¢²ÆÕþ¼Í¼½Ó¼û¼°ÐÂ×ʽð»ñÈ¡ÄÜÁ¦ £¬×îÖÕÆÈʹÕâ¼ÒÕ¼ÓÐ158Ä꺹ÇàµÄÆóÒµµ¹¹Ø¡£Õâ´ÎÊÂÎñ¶³öÁËÖÐÓׯóÒµÍøÂ簲ȫ·À»¤µÄÖÂÃüÈõµã¡£KNPÖ÷¹Ü±£ÂÞ¡¤°¢²©ÌØÐ¹Â© £¬ÉæÊÂÔ±¹¤ÖÁ½ñδ±»·î¸æÆäÃÜÂëй¶ֱ½Óµ¼Ö¹«Ë¾±ÀÀ£ £¬Í¹ÏÔÍøÂç¹¥»÷¶ÔÔ±¹¤ÉúÀíµÄ¶þ´ÎÖÐÉË¡£ÍøÂ簲ȫר¼ÒÇ¿µ÷ £¬»ù´¡ÃÜÂ밲ȫÈÔÊÇÊ×Òª·ÀÏß £¬96%µÄ³£ÓÃÃÜÂë¿ÉÔÚ1ÃëÄÚ±»ÆÆ½â¹¤¾ß¹¥ÆÆ £¬¶øÔ±¹¤¿çÕË»§³Á¸´Ê¹ÓÃÃÜÂëµÄϰ¹ß½øÒ»²½¼Ó¾ç·çÏÕ¡£


https://cybersecuritynews.com/weak-password-destroy-158-year-old-company/