Êê½ðÆÚÏÞÒѹý £¬ºÚ¿Íй¶°Äº½¿Í»§Êý¾Ý

°ä²¼¹¦·ò 2025-10-15

1. Êê½ðÆÚÏÞÒѹý £¬ºÚ¿Íй¶°Äº½¿Í»§Êý¾Ý


10ÔÂ12ÈÕ £¬°Ä´óÀûÑǰÄÖÞº½¿Õ¹«Ë¾£¨Qantas Airways£©½üÈÕÏÝÈë³Á´óÊý¾Ýй¶Î £»ú¡£7Ô³õ £¬°Äº½Í¨¹ýµÚÈý·½Æ½Ì¨SalesforceÏνÓϵͳÔâ·êÍøÂç¹¥»÷ £¬µ¼Ö½ü600Íò¿Í»§ÐÅÏ¢±»µÁ £¬Ô̺¬ÐÕÃû¡¢µç×ÓÓʼþµØÖ·¡¢µç»°ºÅÂë¡¢µ®ÉúÈÕÆÚ¼°³£´î¿ÍºÅÂëµÈÃô¸ÐÐÅÏ¢¡£Õâ´ÎÊÂÎñ±»ÊÓΪ°Ä´óÀûÑÇ×î¾ßÓ°ÏìÁ¦µÄÍøÂç¹¥»÷Ö®Ò» £¬ºÚ¿Í»¹Í¨¹ýͳһϵͳ»ñÈ¡Á˵ÏÊ¿Äá¡¢¹È¸è¡¢Ò˼ҡ¢·áÌï¡¢Âóµ±Àͼ°·¨º½ºÉº½µÈ40Óà¼ÒÆóÒµµÄÊý¾Ý¡£Ö»¹Ü°Äº½Ç¿µ÷¿Í»§²ÆÕþÐÅÏ¢ÈçÃÜÂë¡¢PINÂë¡¢ÐÅÓþ¿¨ºÅ¼°Éí·ÝÖ¤¼þδ±»Ð¹Â¶ £¬µ«×¨¼ÒÖÒ¸æ £¬Ð¹Â¶µÄÓ×ÎÒÐÅÏ¢ÈÔ¿ÉÄܱ»ÓÃÓÚÍøÂç´¹µö»òÉç»á¹¤³Ì¹¥»÷¡£ÍþвÐÐΪÕß¡°Scattered Lapsus$ Hunters¡±ÔÚ°µÍøÐ¹Â¶²¿ÃÅÊý¾Ý £¬²¢ÍþвÈôÊê½ðÒªÇóδ»ñÂú×ã £¬½«°ä²¼¸ü¶àÆóÒµÐÅÏ¢¡£°Äº½ÒÑÏòÐÂÄÏÍþ¶ûÊ¿ÖÝ×î¸ß·¨ÔºÉêÇë½ûÁî £¬²»ÈݵÚÈý·½Óëй¶Êý¾Ý»¥¶¯ £¬²¢¸æ×´¡°Éí·Ý²»Ã÷ÈËÔ±¡± £¬Ô̺¬Êý¾ÝÇÔÈ¡Õß¼°ÀÕË÷ÒªÇóÌá³öÕß¡£Salesforce·½ÃæÃ÷È·°µÊ¾²»»á²Î¼ÓÈκÎÀÕË÷½»Éæ»òÖ§¸¶Êê½ð¡£ÍøÂ簲ȫר¼ÒTroy Hunt֤ʵ £¬°Äº½¿Í»§Êý¾ÝÒÑÔÚ°µÍøÐ¹Â¶ £¬µ«Ä¿Ç°½öÁù¼Ò¹«Ë¾µÄ¾ßÌåÐÅÏ¢±»°ä²¼¡£


https://cybernews.com/news/hackers-leak-qantas-customers-data-as-ransom-deadline-passes/


2. ¶ñÒâ¼ÓÃÜÇÔÈ¡VSCodeÀ©´óÔÚOpenVSXÉÏÔٴγöÏÖ


10ÔÂ14ÈÕ £¬½üÆÚ £¬ÍþвÐÐΪÕßTigerJack³ÖÐøÕë¶Ô¿ª·¢ÈËÔ± £¬ÔÚ΢ÈíVisual Studio Code£¨VSCode£©Êг¡¼°¿ªÔ´´úÌæÆ½Ì¨OpenVSXÉϰ䲼¶ñÒâÀ©´ó £¬Ö´ÐмÓÃÜÇ®±ÒÇÔÈ¡¡¢ºóÃÅÖ²È뼰ʵʱ¼à¿ØµÈ¹¥»÷¡£¾Ý°²È«ÍŶÓKoi SecurityÅû¶ £¬¸Ã×éÖ¯×ÔËêÊ×ÒÑ·Ö·¢ÖÁÉÙ11¸ö¶ñÒâÀ©´ó £¬ÆäÖÐÁ½¿îÔÚVSCodeÊг¡ÏÂÔØÁ¿´ï1.7Íò´Îºó±»ÒƳý £¬µ«ÈÔ´æÓÚOpenVSX £¬ÇÒͨ¹ýÐÂÕË»§³ÁÐÂÉϼÜ¡£OpenVSX×÷ΪÉçÇøÊØ»¤µÄ¿ªÔ´À©´óÊг¡ £¬ÊÇVSCode¼æÈݱà×ëÆ÷£¨ÈçCursor¡¢Windsurf£©µÄĬÈÏÔ´ £¬Æä¶ÀÁ¢ÓÚ΢ÈíµÄ¸öÐÔ±»TigerJackÀûÓÃÒÔÀ©´ó¹¥»÷ÁìÓò¡£µäÐͶñÒâÀ©´óÔ̺¬C++ PlaygroundºÍHTTP Format£ºÇ°Õßͨ¹ý×¢²á¡°onDidChangeTextDocument¡±¼àÌýÆ÷ £¬ÔÚ±à×ëºó500ºÁÃëÄÚ½«C++Ô´Âëй¶ÖÁ±í²¿¶Ëµã £»ºóÕß±í±íÖ°ÄÜÕý³£ £¬µ«ºó¶ÜÔËÐÐÎÞ×ÊÔ´Ï޶ȵÄCoinIMP¿ó¹¤ £¬Õ¥È¡Ö÷»úËãÁ¦Íڿ󡣸üΣÏÕµÄÊǵÚÈýÀàÀ©´ó£¨Èçcppplayground¡¢httpformat£© £¬ËüÃÇ´ÓÓ²±àÂëµØÖ·Ã¿20·ÖÖÓ»ñÈ¡JavaScript´úÂë £¬ÎÞÐè¸üм´¿É¶¯Ì¬Ö´ÐÐËÁÒâ¸ºÔØ £¬ÈçÇÔȡƾ֤¡¢²¿ÊðÀÕË÷Èí¼þ»ò×¢ÈëÏîÄ¿ºóÃÅ¡£


https://www.bleepingcomputer.com/news/security/malicious-crypto-stealing-vscode-extensions-resurface-on-openvsx/


3. еÄAndroid Pixnapping¹¥»÷ÖðÏñËØÇÔÈ¡MFAÑéÖ¤Âë


10ÔÂ14ÈÕ £¬ÃÀ¹úÆßÃû×êÑÐÈËÔ±½üÈո淢һÖÖÃûΪPixnappingµÄÐÂÐÍÅÔ·¹¥»÷ £¬¿ÉʹÎÞȨÏÞµÄAndroid¶ñÒâÀûÓÃͨ¹ýÇÔÈ¡²¢³Á½¨ÆÁÄ»ÏñËØÄÚÈÝ £¬ÌáÈ¡Signal̸ÌìÐÂÎÅ¡¢GmailÓʼþ¡¢Google AuthenticatorË«³É·ÖÑéÖ¤ÂëµÈÃô¸ÐÊý¾Ý¡£¸Ã¹¥»÷ÀûÓÃAndroidÒâͼϵͳÆô¶¯Ö¸±êÀûÓûòÍøÒ³ £¬½«´°¿ÚÌá½»ÖÁϵͳ×éºÏ¹ý³ÌSurfaceFlinger £¬Í¨¹ýÂÅ´ÎͼÐβÙ×÷Ó³ÉäÏñËØÉ«²Ê£¨Èç·Ö±æ2FAÊý×ֵİ×É«/·Ç°×É«ÏñËØ£© £¬²¢½èÖú¡°ÕÚÕֻ¡±¸ôÀëÏñËØ¡¢·Å´óºóѡȡOCR¼¼Êõ¼ø±ð×Ö·û¡£×êÑÐÏÔʾ £¬¹¥»÷¿ÉÔÚ30ÃëÄÚÇÔÈ¡2FA´úÂë £¬Ó°ÏìÔËÐÐAndroid 13ÖÁ16µÄGoogle Pixel 6-9¡¢ÈýÐÇGalaxy S25µÈÉ豸 £¬ÇҾɰæAndroidÒòµ×²ã»úÔìÀàËÆ¿ÉÄÜÆÕ±éÒ×Êܹ¥»÷¡£×êÑÐÈËÔ±·ÖÎöPlay Store½ü10Íò¸öÀûÓà £¬·¢ÏÖÊýÊ®Íò¸ö¿ÉŲÓòÙ×÷ £¬Åú×¢¹¥»÷ÓµÓÐ¿í·ººÏÓÃÐÔ¡£¹È¸èÓÚ9ÔÂͨ¹ýCVE-2025-48561½¨¸´·ì϶ £¬µ«×êÑÐÈËÔ±³É¹¦Èƹý»º½â´ëÊ© £¬Ô¤¼Æ12Ô°䲼¸üÈ«Ãæ²¹¶¡¡£ÈýÐÇÒà³ÐŵÄêµ×½¨¸´ £¬µ«GPUоƬ¹©¸øÉÌÉÐδÕë¶ÔGPU.zip²àͨ·¹¥»÷Ìá³ö½¨²¹´òËã¡£¹È¸èÇ¿µ÷ £¬¹¥»÷ÐèÖ¸±êÉè±¸ÌØ¶¨Êý¾ÝÇҳɹ¦ÂÊµÍ £¬Ä¿Ç°Play Storeδ·¢ÏÖ¶ñÒâÀûÓÃÀûÓô˷ì϶¡£


https://www.bleepingcomputer.com/news/security/new-android-pixnapping-attack-steals-mfa-codes-pixel-by-pixel/


4. Gcore³É¹¦ÕмÜ6Tbps³¬´ó¹æÄ£DDoS¹¥»÷


10ÔÂ14ÈÕ £¬È«Çò±ßÔµAI¡¢ÔÆ¡¢ÍøÂç¼°°²È«½â¾ö¹æ»®ÌṩÉÌGcore½üÈճɹ¦ÕмÜÁËÒ»³¡·åÖµ´ø¿í´ï6Tbps¡¢Êý¾Ý°ü¿ìÂÊ5.3BppsµÄ³¬´ó¹æÄ£DDoS¹¥»÷ £¬´´ÏÂÒÑÖª¹¥»÷¹æÄ£¼Í¼¡£Õâ´Î¹¥»÷³ÖÐø30-45Ãë £¬ÖØÒªÑ¡È¡UDPºÍ̸ִÐÐÌå»ýºéË®¹¥»÷ £¬¹¥»÷Ô´¸ß¶È¼¯ÖÐÓÚ°ÍÎ÷£¨51%£©ºÍÃÀ¹ú£¨23.7%£© £¬¼ÆËãÕ¼×ÜÁ÷Á¿½ü75% £¬ÓëAISURU½©Ê¬ÍøÂç»î¶¯Ìصã¸ß¶ÈÎÇºÏ £¬Í¹ÏÔ³öÀûÓð²È«½ÚÔìÓÄ΢µØÓò»ù´¡ÉèÊ©µÄ¹¥»÷Ç÷Ïò¡£Gcore°²È«Ö÷¹ÜAndrey SlastenovÖ¸³ö £¬Õâ´ÎÊÂÎñÓ¡Ö¤ÁËDDoS¹¥»÷¹æÄ£Ó븴ÔÓÐԵijÖÐøÉý¼¶¡£ÆäÈ«ÇòDDoS·À»¤ÏµÍ³ÒÀ¸½210Óà¸ö½ÓÈëµãµÄÉ¢²¼Ê½»ù´¡ÉèÊ©¼°³¬200TbpsµÄ¹ýÂËÄÜÁ¦ £¬Í¨¹ýʵʱÁ÷Á¿·ÖÎöÓë×ÔÊÊÓ¦»º½â»úÔì £¬ÔÚÎÞ·þÎñÖжϵÄÇé¿öÏÂʵÏÖ¹¥»÷Á÷Á¿ÎüÊÕÓëÏ´åª £¬Õ¹Ê¾Á˱ßÔµ²ã¹ýÂËÓëµÚ7²ãÐÐΪ·ÖÎöÔÚÕмܻìºÏÔØÌå¹¥»÷ÖеĹؼü×÷Óá£


https://securityboulevard.com/2025/10/gcore-mitigates-record-breaking-6-tbps-ddos-attack/


5. µÂ¹ú¡°´óÁ¦ÉñÐж¯¡±¹Ø¹Ø1400¸öڲƭÓòÃû


10ÔÂ13ÈÕ £¬µÂ¹úÁª¹ú½ðÈÚ¼à¹Ü¾Ö£¨BaFin£©½áºÏ°ÍµÇ·ûÌÚ±¤ÖÝÐÌʾ¯Ô±¾Ö¡¢Å·ÖÞÐ̾¯×éÖ¯¼°±£¼ÓÀûÑǵ±¾Ö £¬ÓÚ½üÆÚ·¢Õ¹¡°´óÁ¦ÉñÐж¯¡± £¬³É¹¦¹Ø¹Ø¶«Å·µØÓò1400Óà¸öÉæ¼°ÍøÂçÂòÂôڲƭµÄ·¸·¨ÓòÃû¡£Õâ´ÎÐж¯ÊǼ̽ñÄê6Ô¹عØ800¸öͬÀàÓòÃûºóµÄÓÖÒ»´Î´ó¹æÄ£½ø¹¥ £¬Ö¼ÔÚ·ÛËéÀûÓ÷¸·¨ÍøÕ¾ÓÕµ¼Í¶×ÊÕßÂäÈëÚ¿Æ­ÏÝÚåµÄ·¸×ïÍøÂç¡£¾Ýµ÷²é £¬ÕâЩ·¸·¨ÓòÃûͨ¹ýÈËΪÖÇÄܼ¼ÊõÅúÁ¿ÌìÉú £¬¼Ù×°³ÉÕý¹æÍ¶×ÊÆ½Ì¨ £¬½«Óû§Êèµ¼ÖÁº£±íºô½ÐÖÐÐĵġ°¾­¼ÍÈË¡±´¦¡£ÕâЩ¡°¾­¼ÍÈË¡±»áÒԸ߻ر¨Îªµö¶ü £¬É¿¶¯Êܺ¦Õß½øÐдó¶îͶ×Ê¡£È»¶ø £¬×ʽðÏÖʵδ±»ÓÃÓÚͶ×Ê £¬ÎÞÊýÊܺ¦ÕßÔÚÊýÔºó²Å·¢¾õÊÜÆ­¡£µÂ¹úÁª¹ú½ðÈÚ¼à¹Ü¾ÖµÄ±È¶û¼ªÌØ¡¤Â³Â··òÖ¸³ö £¬·¸×ï·Ö×ÓÒÑÓú·¢×¨Òµ»¯ £¬ÀûÓÃAI¼¼Êõ¼±¾ç´´½¨´óÁ¿·¸·¨ÍøÕ¾ £¬ÐγɹæÄ £»¯¡¢Òñ±Î»¯µÄÚ¿Æ­Á´Ìõ¡£×Ô6ÔÂÐж¯ÒÔÀ´ £¬±»¹Ø¹ØµÄ800¸öÓòÃûÒÑÀۼƴ¥·¢2000Íò´Î½Ó¼û³¢ÊÔ £¬ÏÔʾ³ö´ËÀàÚ¿Æ­¼¿Á©µÄ¿í·ºÓ°ÏìÁ¦ºÍ³ÖÐø»îÔ¾ÐÔ¡£±¾´Î¹Ø¹ØµÄ1400¸öÓòÃû½øÒ»²½¼õÈõÁË·¸×ï·Ö×ӵļ¼Êõ»ù´¡ÉèÊ© £¬´ó·ù½µµÍÁËÆä×÷°¸ÄÜÁ¦¡£


https://cybernews.com/cybercrime/german-police-nix-1400-websites-cybertrading-fraud/


6. ChaosBot¶ñÒâÈí¼þ½èDiscord´«²¼


10ÔÂ13ÈÕ £¬Ò»ÖÖÃûΪChaosBotµÄÐÂÐͶñÒâÈí¼þÔÚ½ðÈÚ¹«Ë¾ÏµÍ³Öб»·¢ÏÖ £¬ÆäÓɺڿÍ×éÖ¯Chaos_00019ʹÓÃRust˵»°±àд £¬¿ÉÈÆ¹ý¸ß¼¶É±¶¾¹¤¾ß £¬Í¨¹ýDiscord̸ÌìÆ½Ì¨´«²¼²¢½ÚÔìÊÜϰȾÉ豸¡£¸Ã¶ñÒâÈí¼þÀûÓÃÐéαPDFÎļþ£¨Èç¼Ù×°³É¡°Ô½ÄÏÒøÐÓ×±ÌṩµÄÎĵµ£©´¥·¢°µ²ØµÄPowerShellºÅÁî £¬¼ÓÔØ¶ñÒâDLLÎļþʵÏÖÈëÇÖ¡£¾ÝeSentireÍøÂ簲ȫר¼Ò·ÖÎö £¬ChaosBotÖØÒªÕë¶ÔÔ½ÄÏÓïʹÓÃÕß £¬µ«²¢·ÇΨһָ±ê £¬Æäͨ¹ýDiscord´´½¨ÓëÊÜÏ°È¾ÍÆËã»úͬÃûµÄ¸öÈË̸Ìì £¬½«ºÚ¿ÍÖ±½ÓÏνӵ½Êܺ¦Õß²Ù×÷ϵͳ½ÚÔìÃæ°å £¬ÊµÏÔìÁÄ»½ØÍ¼¡¢ÎļþÇÔÈ¡¼°ËÁÒâºÅÁîÖ´ÐеÈÖ°ÄÜ £¬ÇÒËùÓл¼Ù×°³É³ß¶ÈDiscordÁ÷Á¿ £¬ÄÑÒÔ±»Í¨Àý¼à¿Ø¼¿Á©·¢ÏÖ¡£ChaosBot»¹Ô̺¬Chaos-C++±äÖÖ £¬ÐÐΪÀàËÆÀÕË÷Èí¼þ£º¼ÓÃܲ¢ÓÀԶɾ³ý´óÎļþ £¬ÆÈʹÊܺ¦ÕßÖ§¸¶¸ß¶îÊê½ð £»Í¬Ê±¿ÉÇл»±ÈÌØ±ÒÇ®°üµØÖ· £¬ÇÔÈ¡¼ÓÃÜÇ®±Ò¡£¸Ã±äÖÖ³£°µ²ØÔÚαÔìµÄ¡°AI¹¤¾ß¡±£¨ÈçChatGPT×°Ö÷¨Ê½¡¢ÏµÍ³ÓÅ»¯Æ÷£©ÖÐ £¬½øÒ»²½À©´ó¹¥»÷ÁìÓò¡£


https://cybernews.com/cybercrime/chaosbot-malware-discord-hacker/