½¡Éí¾ÞÍ·Basic-FitÔâÈëÇÖ £¬°ÙÍò¿Í»§Êý¾Ýй¶

°ä²¼¹¦·ò 2026-04-14

1. ½¡Éí¾ÞÍ·Basic-FitÔâÈëÇÖ £¬°ÙÍò¿Í»§Êý¾Ýй¶


4ÔÂ13ÈÕ £¬ºÉÀ¼½¡ÉíÁ¬Ëø¾ÞÍ·Basic-Fit½üÈÕÅû¶ £¬ÆäϵͳÔâºÚ¿ÍÈëÇÖ £¬µ¼ÖÂÔ¼100Íò¿Í»§µÄÐÅÏ¢±»ÇÔÈ¡ ¡£¸Ã¹«Ë¾ÔÚ·¢ÏÖÒì³£ºóѸ¿ì°ä²¼ÉêÃ÷ £¬³ÆÆäϵͳ¼à¿Ø·¨Ê½¼ì²âµ½ÁËδ¾­ÊÚȨµÄ½Ó¼û £¬²¢ÔÚ¼¸·ÖÖÓÄÚÓèÒÔÔìÖ¹ ¡£È»¶ø £¬ËæºóµÄµ÷²éÏÔʾ £¬¹¥»÷ÕßÈԳɹ¦»ñÈ¡Á˲¿ÃÅ»áÔ±µÄÓ×ÎÒÐÅÏ¢ £¬Ô̺¬ÐÕÃû¡¢ÏÖʵµØÖ·¡¢µç×ÓÓʼþ¡¢µç»°ºÅÂë¡¢µ®ÉúÈÕÆÚ¡¢ÒøÐÐÕË»§ÏêÇéÒÔ¼°ÆäËû»áÔ±ÓйØÊý¾Ý ¡£ÖµµÃÇìÐÒµÄÊÇ £¬ÌØÐí¾­ÓªµêµÄ¿Í»§Êý¾ÝÒò´æ´¢ÔÚ¶ÀÁ¢µÄϵͳÖÐ £¬Î´ÊÜÕâ´ÎÊÂÎñÓ°Ïì ¡£Æ¾¾Ý¹Ù·½Åû¶ £¬ºÉÀ¼¾³ÄÚÊÜÓ°ÏìµÄÈËÊýԼΪ20Íò £¬¶øÕûÌåÊÜÓ°Ïì¿Í»§×ÜÊý¿¿½ü100Íò £¬±é²¼ºÉÀ¼¡¢±ÈÀûʱ¡¢Â¬É­±¤¡¢·¨¹ú¡¢Î÷°àÑÀºÍµÂ¹úµÈ¶à¸öÅ·ÖÞ¹ú¶È ¡£Basic-FitĿǰÔÚÅ·ÖÞÕ¼ÓÐÔ¼500Íò»áÔ± £¬Õâ´Îй¶ÊÂÎñ²¨¼°ÃæÏ൱¿í·º ¡£²»Íâ £¬¹«Ë¾Ç¿µ÷ £¬Õâ´ÎÊÂÎñ²¢Î´µ¼ÖÂÈκÎÉí·ÝÖ¤Ã÷Îļþ»òÕË»§ÃÜÂë±»½Ó¼û £¬¿Ï¶¨Ë®Æ½ÉϽµµÍÁËÉí·Ý±»µÁÓõķçÏÕ ¡£


https://www.bleepingcomputer.com/news/security/european-gym-giant-basic-fit-data-breach-affects-1-million-members/


2. µÚÈý·½·ì϶ÖÂRockstar Games 7860ÍòÌõÊý¾Ýй¶


4ÔÂ13ÈÕ £¬³ÛÃûÓÎÏ·¿ª·¢ÉÌRockstar Games½üÆÚÔâ·êÊý¾Ýй¶ÊÂÎñ £¬ÆäÔ¼7860Íò±Ê¼Í¼±»ShinyHuntersÀÕË÷ÍÅ»ïÔÚ°µÍø¹«¿ª ¡£Õâ´ÎÊÂÎñµÄÔ´Í·²¢·ÇRockstar×ÔÉíϵͳµÄÖ±½ÓÈëÇÖ £¬¶øÊÇÔ´ÓÚÆäµÚÈý·½·þÎñÉÌAnodotµÄ°²È«·ì϶ ¡£AnodotÊÇÒ»¼ÒÊý¾ÝÒì³£¼ì²â¹«Ë¾ £¬¿ÉÓë¶àÖÖSaaSÔÆÆ½Ì¨¼¯³É ¡£ÔÚ´ËǰÕë¶ÔAnodotµÄ¹¥»÷ÖÐ £¬ÍþвÐÐΪÕßÇÔÈ¡ÁËÉí·ÝÑéÖ¤ÁîÅÆ £¬²¢ÀûÓÃÕâЩÁîÅÆ½Ó¼ûÁË´æ´¢ÔÚ¹ØÁªSnowflakeÊ·ýÖеĿͻ§Êý¾Ý ¡£ShinyHunters×éÖ¯Ðû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü £¬²¢°µÊ¾ÒÑÀûÓñ»µÁÓõÄÁîÅÆ´ÓÊýÊ®¼Ò¹«Ë¾ÇÔÈ¡Êý¾Ý ¡£Õë¶ÔRockstar Games £¬¹¥»÷Õß°ä²¼µÄ¾Ý³ÆÊÇÆäSnowflake»·¾³ÖеÄÖ¸±êÊý¾Ý £¬Ô̺¬³¬¹ý7860Íò±Ê¼Í¼ ¡£¾ÝÍþвÐÐΪÕßй© £¬Ð¹Â¶µÄÊý¾ÝÖØÒªÊÇÓÃÓÚ¼à¿ØRockstarÔÚÏß·þÎñºÍÖ§³Ö¹¤µ¥µÄÄÚ²¿ÃÅÎöÊý¾Ý £¬¾ßÌåÔ̺¬¡¶ÏÀµÁÁÔ³µÊÖOnline¡·ºÍ¡¶»ÄÒ°´óïÚ¿ÍOnline¡·µÄÓÎÏ·ÄÚÊÕÈëÓë²É°ìÖ¸±ê¡¢Íæ¼ÒÐÐΪ׷×Ù¡¢ÓÎÏ·¾­¼ÃÊý¾Ý £¬ÒÔ¼°¸Ã¹«Ë¾Zendesk¿Í·þϵͳµÄ¿Í»§Ö§³Ö·ÖÎöÊý¾Ý ¡£´Ë±í £¬Ò»·ÝÎļþÁбíÖл¹Ìáµ½ÁËڲƭ¼ì²âϵͳºÍ·´Îè±×Ä£ÐͲâÊÔµÄÓйØÐÅÏ¢ ¡£


https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/


3. Booking.comÖÒ¸æ¿Í»§£ºÔ¤Ô¼ÐÅÏ¢¿ÉÄÜÔâºÚ¿Í½Ó¼û


4ÔÂ13ÈÕ £¬³ÛÃûÔÚÏß¹Û¹âԤԼƽ̨Booking.com½üÈÕÏò¿Í»§·¢³öÖÒ¸æ £¬³ÆÎ´¾­ÊÚȨµÄµÚÈý·½¿ÉÄÜÒÑ»ñÈ¡²¿ÃÅÓû§µÄ¹Û¹âÔ¤Ô¼ÓйØÐÅÏ¢ ¡£Booking.comÊÇÈ«Çòµ±ÏȵÄÔÚÏß¹Û¹âÉçºÍÊý×ÖÓÎÀÀ¹«Ë¾Ö®Ò» £¬×¨ÃÅ´ÓʾƵꡢ¶È¼Ù×âÁ޺͹«Ô¢µÈסËÞÔ¤Ô¼·þÎñ ¡£Æ¾¾Ý¸Ã¹«Ë¾·¢Ë͸øÊÜÓ°ÏìÓû§µÄÊý¾Ýй¶֪ͨ £¬±»½Ó¼ûµÄÐÅÏ¢¿ÉÄÜÔ̺¬Ô¤Ô¼ÏêÇé¡¢¿Í»§ÐÕÃû¡¢µç×ÓÓʼþµØÖ·¡¢ÁªÏµµç»° £¬ÒÔ¼°ÓëסËÞ·½¹²ÏíµÄÈÎºÎÆäËûÐÅÏ¢ ¡£Booking.comÔÚ֪ͨÖаµÊ¾£º¡°ÎÒÃǽüÆÚ°ÑÎȵ½Ò»Ð©Ô¤Ô¼´æÔÚ¿ÉÒɻ £¬²¢µ±¼´²ÉÈ¡´ëÊ©½ÚÔìÊÂ̬ ¡£¡±×÷ΪӦ¶Ô´ëÊ© £¬¸Ã¹«Ë¾ÒѳÁÖÃÁËÊÜÓ°ÏìÔ¤Ô¼µÄÃÜÂë ¡£Booking.comδй©Õâ´ÎÊÂÎñµÄ¼¼Êõϸ½Ú £¬Ò²Î´×¢Ã÷¹¥»÷ÕßÊÇ·ñÖ±½ÓÈëÇÖÁËÆäÄÚ²¿ÏµÍ³ ¡£Í¬Ê± £¬¹«Ë¾Ã»Óй«¿ªÊÜÓ°ÏìÓû§µÄ¾ßÌåÊýÁ¿ £¬µ«°µÊ¾Òѳɹ¦½ÚÔìÊÂ̬²¢Í¨ÖªÁËËùÓÐÊÜÓ°ÏìµÄ¿Í»§ ¡£ÖµµÃÇìÐÒµÄÊÇ £¬Booking.comÇ¿µ÷ûÓÐÖ§¸¶Êý¾ÝÔÚÕâ´ÎÊÂÎñÖб»Ð¹Â¶ ¡£¸Ã¹«Ë¾Í¬Ê±ÌáÐѿͻ§¾¯ÌèÍøÂç´¹µö¹¥»÷ £¬Ã÷È·Ö¸³öBooking.com¾ø²»»áͨ¹ýµç×ÓÓʼþ¡¢µç»°¡¢WhatsApp»ò¶ÌÐŵȷ½Ê½Ë÷ÒªÒøÐп¨ÐÅÏ¢»òÒªÇó½øÐÐÈκÎÒ쳣תÕË ¡£


https://securityaffairs.com/190757/data-breach/hackers-access-booking-com-user-data-company-secures-systems.html


4. ÃÀÓ¡Äá½áºÏÐж¯ £¬µ·»Ù¡°W3LL¡±È«Çò´¹µöƽ̨


4ÔÂ13ÈÕ £¬ÃÀ¹úÁª¹úµ÷²é¾ÖÑÇÌØÀ¼´ó·Ö¾ÖÓëÓ¡Äáµ±¾Ö½üÈÕ½áºÏµ·»ÙÁËÃûΪ¡°W3LL¡±µÄÈ«Çò´¹µöƽ̨ £¬²é·âÁËÓйػù´¡ÉèÊ©²¢¿ÛÁôÁËÉæÏÓ¿ª·¢Õß ¡£ÕâÊÇÃÀ¹úºÍÓ¡Äá³õ´ÎÕë¶Ô´¹µö¹¤¾ß°ü¿ª·¢Õß·¢Õ¹µÄЭµ÷·¨ÂÉÐж¯ ¡£W3LLÉ̵êÊÇÒ»¸öÌṩ´¹µö¹¤¾ß°üµÄÔÚÏßÊг¡ £¬Ê¹ÍøÂç·¸×ï·Ö×Ó¿ÉÄÜÇÔÈ¡Êýǧ¸öƾ֤²¢ÊÔͼִÐг¬¹ý2000ÍòÃÀÔªµÄÚ¿Æ­»î¶¯ ¡£±»²é·âµÄÓòÃûw3ll.storeÒ³ÃæÉÏÏÔʾ £¬¸ÃÓòÃûÒÑÆ¾¾ÝÃÀ¹ú×ôÖÎÑÇÖݱ±Çø´¦Ëù·¨ÔºµÄ¿ÛѺÁî±»Áª¹úµ÷²é¾Ö¿ÛѺ ¡£W3LL´¹µö¹¤¾ß°üÊÛ¼Û500ÃÀÔª £¬¹¥»÷ÕßÄܹ»ÀûÓÃËü´´½¨ÕæÇÐµÄÆóÒµµÇ¼ÃÅ»§ÍøÕ¾ £¬´Ó¶øÇÔÈ¡Óû§Æ¾Ö¤ ¡£¸Ã¹¤¾ß°ü»¹ÔÊÐí¹¥»÷Õß²¶»ñÉí·ÝÑéÖ¤»á»°ÁîÅÆ £¬´Ó¶øÈƹý¶à³É·ÖÉí·ÝÑéÖ¤ £¬»ñµÃ¶Ô±»µÁÕË»§µÄ½Ó¼ûȨÏÞ ¡£´Ë±í £¬¸Ãƽ̨»¹ÌṩÁËÒ»¸öÃûΪW3LLSTOREµÄÊг¡ £¬ÓÃÓÚÂòÂô±»µÁƾ֤ºÍδ¾­ÊÚȨµÄÍøÂç½Ó¼ûȨÏÞ ¡£¾Ýµ±¾Ö³Æ £¬¸ÃÊг¡ÔÚ2019ÄêÖÁ2023Äê¼ä´Ù³ÉÁ˳¬¹ý2.5Íò¸ö±»µÁÕË»§µÄÏúÊÛ ¡£2023ÄêÖÁ2024Äê¼ä £¬¸Ã´¹µö¹¤¾ß°ü±»ÓÃÓÚ¹¥»÷È«Çò³¬¹ý1.7ÍòÃûÊܺ¦Õß £¬µ÷²éÈËÔ±·¢ÏÖ¿ª·¢ÕßÍøÂ粢תÊÛÁ˱»µÁÕË»§µÄ½Ó¼ûȨÏÞ ¡£


https://www.bleepingcomputer.com/news/security/fbi-takedown-of-w3ll-phishing-service-leads-to-developer-arrest/


5. Adobe´¹Î£½¨¸´ÁãÈÕ·ì϶ £¬¶ñÒâPDF¿ÉÇÔÈ¡Îļþ


4ÔÂ13ÈÕ £¬Adobe½üÈÕ°ä²¼ÁËAcrobat ReaderµÄ´¹Î£°²È«¸üР£¬ÒÔ½¨¸´Ò»¸ö±àºÅΪCVE-2026-34621µÄ·ì϶ ¡£¸Ã·ì϶ÖÁÉÙ´ÓÈ¥Äê12ÔÂÆðÒѱ»ÓÃÓÚÁãÈÕ¹¥»÷ £¬ÔÊÐí¶ñÒâPDFÎļþÈÆ¹ýɳÏäÏ޶Ȳ¢Å²ÓÃÌØÈ¨JavaScript API £¬´Ó¶øµ¼ÖÂËÁÒâ´úÂëÖ´ÐÐ ¡£¹¥»÷Öз¢ÏÖµÄÀûÓ÷½Ê½¿ÉÄܶÁÈ¡ºÍÇÔÈ¡ËÁÒâÎļþ £¬ÇÒ³ýÁË´ò¿ª¶ñÒâPDFÎļþÖ®±í £¬ÎÞÐèÈκÎÓû§½»»¥ ¡£¾ßÌå¶øÑÔ £¬¸Ã·ì϶ÀûÓÃÁËutil.readFileIntoStream()µÈAPI¶ÁÈ¡ËÁÒâ±¾µØÎļþ £¬²¢ÀûÓÃRSS.addFeed()ÇÔÈ¡Êý¾Ý¼°»ñÈ¡¹¥»÷Õß½ÚÔìµÄÆäËû´úÂë ¡£AdobeÔÚÖÜÄ©°ä²¼°²È«²¼¸æ £¬½«·ì϶±àºÅ¶¨ÎªCVE-2026-34621 ¡£¸Ã·ì϶×î³õ±»ÆÀΪÑϳÁ¼¶±ð£¨9.6£© £¬¹¥»÷õè¾¶ÎªÍøÂç¹¥»÷ £¬µ«AdobeËæºó½«¹¥»÷õè¾¶¸ÄΪ±¾µØ¹¥»÷ £¬ÑϳÁˮƽ½µÖÁ8.6 ¡£²¼¸æÖÐδÁгöÈκνâ¾ö²½Öè»ò»º½â´ëÊ© £¬Òò¶øÀûÓð²È«¸üÐÂÊÇÎ¨Ò»ÍÆ¼öµÄ·À»¤¼¿Á© ¡£Óû§Ó¦Ê¼ÖÕ¶ÔÀ´×Ôδ¾­ÒªÇóÆðÔ´µÄPDFÎļþά³Ö¾¯Ìè £¬²¢ÔÚÒÉ»óʱÔÚɳºÐ»·¾³Öдò¿ª ¡£


https://www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/


6. ³¯ÏÊAPT37ÀûÓÃFacebookÉç½»¹¤³Ì´«²¼RokRATľÂí


4ÔÂ13ÈÕ £¬³¯ÏʺڿÍ×éÖ¯APT37£¨±ðÃûScarCruft£©½üÆÚ±»Ö¸¿ØÌáÒéÁËÒ»³¡ÐµĶà½×¶ÎÉç»á¹¤³Ì¹¥»÷»î¶¯ ¡£¹¥»÷Õßͨ¹ýFacebook¿¿½üÖ¸±êÓû§²¢Ôö³¤ÎªÀÏÓÑ £¬½«³ÉÁ¢ÐÅÀµµÄ¹ý³Ìת»¯Îª´«²¼ÃûΪRokRATµÄÔ¶³Ì½Ó¼ûľÂíµÄÇþ· ¡£¾ÝGenians°²È«ÖÐÐĵļ¼Êõ·ÖÎö £¬¹¥»÷ÕßʹÓÃÁËÁ½¸öµØÎ»±ðÀëÉèÖÃΪ³¯ÏÊÆ½ÈÀºÍƽ³ÇµÄFacebookÕË»§À´¼ø±ðºÍɸѡָ±ê ¡£ÔÚͨ¹ýÀÏÓÑÒªÇó³ÉÁ¢ÐÅÀµºó £¬¹¥»÷Õß½«¶Ô»°×ªÒƵ½Messenger £¬²¢Ê¹ÓÃÌØ¶¨»°ÌâÒýÓÕÖ¸±ê £¬ÕâÊǹ¥»÷³õÆÚÉç½»¹¤³Ì½×¶ÎµÄÒ»²¿ÃÅ ¡£Õâ´Î¹¥»÷µÄÖ÷ÌâÔÚÓÚʹÓÃÁË¡°Ô¤ÉèÇé¾³¡±Õ½Êõ £¬¹¥»÷ÕßÊÔͼÓÕÆ­Óû§×°ÖÃרÓõÄPDF²é¿´Æ÷ £¬²¢Ðû³Æ¸ÃÈí¼þÊÇ´ò¿ª¼ÓÃܾüÊÂÎļþµÄ±ØÒª¹¤¾ß ¡£Ï°È¾Á´ÖÐʹÓõÄPDF²é¿´Æ÷ÊǴۻڸĵÄWondershare PDFelement°æ±¾ £¬¸ÃÈí¼þÆô¶¯ºó»á´¥·¢Ç¶ÈëʽshellcodeÖ´ÐÐ £¬Ê¹¹¥»÷Õß»ñµÃ³õʼ°²Éíµã ¡£¸Ã¹¥»÷»î¶¯»¹ÀûÓúϷ¨µ«Òѱ»ÈëÇֵĻù´¡ÉèÊ©½øÐÐÖ¸»Ó½ÚÔì £¬½«ÓëÒ»¼ÒÈÕ±¾·¿µØ²úÐÅÏ¢·þÎñ¹«Ë¾Ê×¶û·Ö²¿¹ØÁªµÄÍøÕ¾±øÆ÷»¯ £¬ÓÃÓÚ°ä²¼¶ñÒâÖ¸ÁîºÍÓÐÐ§ÔØºÉ ¡£´Ë±í £¬ÓÐÐ§ÔØºÉ¼Ù×°³É¿´ËÆÎÞº¦µÄJPGͼƬÀ´´«²¼RokRAT¶ñÒâÈí¼þ ¡£


https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html