NFCShare¶ñÒâÈí¼þбäÖÖ¶Ô׼ŷÖÞ½ðÈÚ»ú¹¹
°ä²¼¹¦·ò 2026-06-091. NFCShare¶ñÒâÈí¼þбäÖÖ¶Ô׼ŷÖÞ½ðÈÚ»ú¹¹
6ÔÂ8ÈÕ£¬½üÆÚ£¬Ò»ÖÖÃûΪNFCShareµÄAndroid¶ñÒâÈí¼þбäÖÖÕýͨ¹ýÍøÂç´¹µö»î¶¯£¬Õë¶ÔÅ·ÖÞ¶à¼ÒÒøÐм°½ðÈÚ»ú¹¹µÄ¿Í»§·¢Õ¹¹¥»÷£¬ÒâͼÇÔÈ¡Óû§µÄÖ§¸¶¿¨Êý¾Ý¡£¸Ã¶ñÒâÈí¼þÒÔGitHubÉÏÍйܵĺϷ¨ÒøÐÐÀûÓ÷¨Ê½µÄÐéα¸üÐÂΪµö¶ü½øÐд«²¼¡£Æä¹¥»÷¼¿Á©ÆÄ¾ß¼¼ÊõÐÔ£ºÊ×ÏÈͨ¹ýαÔìµÄÑéÖ¤ÆÁÄ»ÓÕµ¼Êܺ¦Õß½«ÒøÐп¨ÇнüÊÖ»úµÄ½ü³¡Í¨Ñ¶Ð¾Æ¬£¬ËæºóÀûÓÃAndroidϵͳµÄIsoDep½Ó¿ÚºÍEMVºÅÁî¶ÁÈ¡¿¨Æ¬ÐÅÏ¢¡£Ôڴ˹ý³ÌÖУ¬¶ñÒâÈí¼þÒÔ¡°°²È«ÑéÖ¤¡±ÎªÃû£¬ÇÔÈ¡Óû§ÊäÈëµÄ¿¨ºÅ¡¢¿¨Æ¬ÀàÐÍ¡¢µ½ÆÚÈÕÆÚÒÔ¼°4λPINÂ룬²¢Í¨¹ýWebSocketͨ·½«Êý¾Ýй¶ÖÁ¹¥»÷ÕߵĺÅÁîÓë½ÚÔìÖ÷»ú¡£ÕâЩ±»ÇÔÈ¡µÄÐÅÏ¢ºóÐø¿ÉÄܱ»ÓÃÓÚNFCÖ§¸¶Öм̹滮£¬ÀýÈçNGate¡¢SuperCard XºÍRelayNFCµÈÒÑÖª¶ñÒâÈí¼þ¹¥»÷ÖС£NFCShare×îÔçÓÚ2026Äê1ÔÂÓÉD3Lab×êÑÐÈËÔ±¼Í¼²¢³ÖÐø¸ú×Ù¡£×î½üÒ»²¨¹¥»÷×Ô5ÔÂ14ÈÕÒÔÀ´£¬ÖØÒªÍ¨¹ý´¹µöÍøÕ¾ÓÕµ¼Êܺ¦ÕßÊäÈëÒøÐÐÆ¾Ö¤£¬ËæºóÒÔ¡°¸üÐÂÒøÐÐÀûÓá±ÎªÓÉ£¬½«Óû§³Á¶¨ÏòÖÁGitHub²Ö¿âÏÂÔØ¶ñÒâAPKÎļþ¡£´Ë±í£¬¼ÙÃ°ÒøÐдú±íµÄ¶ÌÐÅ»òµç»°Ò²¿ÉÄܱ»ÓÃ×÷Éç»á¹¤³Ìѧ¹¥»÷µÄÒ»²¿ÃÅ¡£×Ô4ÔÂ10ÈÕÒÔÀ´£¬ÓÃÓÚ·Ö·¢NFCShareµÄGitHub²Ö¿âÒÑÍйÜÁË56¸ö·ÂÕÕÒâ´óÀûºÍÎ÷°àÑÀ¶à¼ÒÒøÐеĶñÒâAPK£¬Ô̺¬Intesa Carte¡¢CaixaBankµÈ¡£
https://www.bleepingcomputer.com/news/security/nfcshare-android-malware-spreads-via-fake-banking-app-updates-on-github/
2. SoFiÏã¸ÛÒò¹©¸øÉÌÊý¾Ý¿âÔâÈëÇÖµ¼ÖÂÊý¾Ýй¶
6ÔÂ8ÈÕ£¬ÃÀ¹ú½ðÈڿƼ¼¹«Ë¾SoFi½üÈÕÏòÏã¸Û¿Í»§·¢³öÖҸ棬³ÆÆäÔâ·êÊý¾Ýй¶ÊÂÎñ£¬ºÚ¿ÍÈëÇÖÁ˵ÚÈý·½¹©¸øÉ̵ÄÊý¾Ý¿â£¬¸ÃÊý¾Ý¿âÖÐÔ̺¬¿Í»§ÐÅÏ¢¡£SoFi×ܲ¿Î»ÓÚÃÀ¹ú£¬ÖØÒªÌá¹©ÒøÐÓעͶ×Ê¡¢´û¿î¼°ÆäËûÓ×ÎÒ½ðÈÚ·þÎñ£¬Í¬Ê±ÔËÓªSoFiÏã¸Û·Ö¹«Ë¾£¬ÎªÏã¸Û¿Í»§ÌṩͶ×ʺÍ֤ȯ·þÎñ¡£¸Ã¹«Ë¾ÓÚ2026Äê4ÔÂ30ÈÕ·¢ÏÖ¸ÃÊÂÎñ£¬Æäʱͨ¹ýÆäÒ»¼Ò¹©¸øÉ̼ì²âµ½ÓÐÈËδ¾ÊÚȨ½Ó¼ûÁËSoFi Securities (Hong Kong) LimitedµÄÊý¾Ý¿â¡£·¢ÏÖÊÂÎñºó£¬SoFiµ±¼´ÀñƸµÚÈý·½ÍøÂ簲ȫ¹«Ë¾½øÐÐÓ¦¶Ô¡£¸Ã¹«Ë¾°µÊ¾£¬µ÷²éÈÔÔÚ½øÐÐÖУ¬Ä¿Ç°ÈÔ²»Ã÷ÏÔÄÄЩ¾ßÌåÊý¾Ý¿ÉÄÜÒѱ»Ð¹Â¶¡£Ö»¹ÜSoFiδÃ÷È·¿ÉÄÜй¶µÄÐÅÏ¢ÀàÐÍ£¬µ«¹«Ë¾ÖÒ¸æ¿Í»§Òª¶ÔÍøÂç´¹µö¹¥»÷¡¢¿ÉÒÉͨѶºÍÒì³£ÕË»§»î¶¯Î¬³Ö¾¯Ìè¡£½¨Òé¿Í»§¸üÐÂÃÜÂ룬¾¡¿ÉÄÜÆôÓÃË«³É·ÖÉí·ÝÑéÖ¤£¬¼à¿Ø²ÆÕþÕË»§ÊÇ·ñ´æÔÚ¿ÉÒɻ£¬²¢Ô¤·À´ò¿ªÎ´¾ÒªÇóµÄÓʼþ»òÐÂÎÅÖеÄÁ´½Ó»ò¸½¼þ¡£SoFi°µÊ¾£¬ÒѶÔÊÜÓ°ÏìµÄÕË»§Ôö³¤Á˶î±íµÄ°²È«±£ÏÕºÍ¼à¿Ø´ëÊ©£¬²¢¿ÉÄÜÒªÇóÁªÏµ¿Í·þ»ò½øÐÐÕË»§¸ü¸ÄµÄ¿Í»§Ìṩ¶î±íµÄÑéÖ¤ÐÅÏ¢¡£
https://www.bleepingcomputer.com/news/security/sofi-confirms-third-party-data-breach-at-hong-kong-subsidiary/
3. PyPIÔ⹩¸øÁ´¹¥»÷£º19¸öÈí¼þ°ü±»Ö²Èë¶ñÒâ´úÂë
6ÔÂ8ÈÕ£¬ºÚ¿Í½üÆÚÈëÇÖÁËPython°üË÷Òý£¨PyPI£©ÉϵÄ19¸öÈí¼þ°ü£¬¹²37¸ö¶ñÒâ°æ±¾£¬ÀۼƱ»ÏÂÔØÊýÊ®Íò´Î¡£ÕâÊÇÃûΪ¡°Shai-Hulud¡±µÄ¹©¸øÁ´¹¥»÷»î¶¯µÄ×îÐÂÒ»²¨£¬Ö¼ÔÚ´«²¼ÇÔÈ¡¿ª·¢Õß»úÃܵĶñÒâÈí¼þ¡£ÊÜϰȾµÄÈí¼þ°ü¶àΪʢÐеÄÉúÎïÐÅϢѧ¹¤¾ß£¬Ô̺¬Dynamo¡¢Spateo¡¢CoolBox¡¢U-FISHºÍNapari-UFISHµÈ£¬ÕâЩÈí¼þ°üËÆºõ¾ùÀ´×ÔÍ³Ò»ÊØ»¤Õß¡£¸Ã¹¥»÷ÓÉÀûÓ÷¨Ê½°²È«¹«Ë¾Socket·¢ÏÖ²¢»ã±¨¡£¶ñÒ⹤¼þÖÐÔ̺¬Ò»¸ö¡°*-setup.pth¡±ÎļþºÍÒ»¸öÃûΪ¡°_index.js¡±µÄ»ìºÏJavaScriptÓÐÐ§ÔØºÉ¡£Óû§Æô¶¯Pythonʱ¼´¿É´¥·¢PTHÎļþÖ´ÐУ¬¸ÃÎļþ»á³¢ÊÔ´ÓGitHubÏÂÔØBun JavaScriptÔËÐÐʱÀ´ÔËÐа󸿾籾¡£ÕâÒâζ×ÅÒ»¸ö±»´Û¸ÄµÄwheelÎļþÄܽ«Õý±¾±»¶¯µÄÒÀÀµ×°ÖÃÔì³ÉÑÓ³¤Ö´Ðд¥·¢Æ÷£¬ÏÂÒ»´ÎÆô¶¯Python¡¢pip¡¢²âÊÔÔËÐÓ×¢±Ê¼Ç±¾Äںˡ¢CI×÷Òµ»ò°üÖÎÀíºÅÁîʱ£¬¶¼¿ÉÄÜ´¥·¢¶ñÒâ.pthÎļþÖ´ÐС£Socket½«Õâ´Î¹¥»÷¹éÒòÓÚ¸ü¿í·ºµÄShai-Hulud»î¶¯£¬Ä¿Ç°Óë¸Ã»î¶¯ÓйصĶñÒ⹤¼þ×ÜÊýÒÑ´ï453Ïî¡£¹¥»÷Ö¸±êÓëÒÔÍùShai-HuludÐж¯Ò»Ö£¬¼´·ÛËéÈí¼þ¿ª·¢¹¤×÷Á÷³ÌÒÔ½øÒ»²½´«²¼¶ñÒâÈí¼þ¡£
https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/
4. WhatsApp×èÖ¹NSO¼¯ÍÅÐÂÒ»ÂÖ´¹µö¹¥»÷
6ÔÂ8ÈÕ£¬WhatsApp½üÈÕÔÚµ÷²éÓû§¾Ù±¨µÄÉç½»¹¤³Ì¹¥»÷ºó£¬³É¹¦¼ì²â²¢×èÖ¹Á˾ݳÆÓÉÒÔÉ«ÁÐóÒ×¼äµýÈí¼þ¹©¸øÉÌNSO¼¯ÍÅÌáÒéµÄÒ»ÂÖÍøÂç´¹µö¹¥»÷»î¶¯¡£NSO¼¯ÍÅÒÔÆäÏȽøµÄ¡°·ÉÂí¡±¼äµýÈí¼þ¹¤¾ß¶øÎÅÃû£¬¸Ã¹¤¾ß³Ö¾Ã±»ÓÃÓÚÕë¶ÔÕþÖμҡ¢»î¶¯¼Ò¡¢¼ÇÕß¡¢Ñ§Õߵȡ°±¸ÊܹØ×¢¡±µÄÓ×ÎÒ¡£×Ô2021Äê11ÔÂÒÔÀ´£¬NSOÒòÏò±í¹úµ±¾ÖÌṩÓÃÓÚÕë¶ÔÃÀ¹ú¾³ÄÚÈËÔ±¼°×éÖ¯µÄÈí¼þ²úÆ·£¬Òѱ»ÁÐÈëÃÀ¹úÔì²ÃʵÌåÃûµ¥¡£Ö»¹ÜÃæ¶ÔÔì²ÃºÍ˾·¨Ôì²Ã£¬NSOÈÔ³ÖÐøÒÔWhatsAppÓû§ÎªÖ¸±ê£¬ÂÅ´ÎÀûÓÃÁãÈÕ·ì϶ÌáÒé¹¥»÷¡£WhatsAppĸ¹«Ë¾Meta´ËǰÔÚÃÀÍõ·¨ÔºÓëNSO¼¯ÍÅ·¢Õ¹Ë¾·¨·Ü¶·£¬²¢ÓÚ2025Äê»ñµÃÓÀÔ¶½ûÁ²»ÈÝNSOÕë¶ÔWhatsApp»òÆäÓû§Ö´ÐмäµýÈí¼þ¹¥»÷¡£ÔÚÕâ´Î±»×èÖ¹µÄ¹¥»÷ÖУ¬¹¥»÷ÕßÊÔͼÓÕÆÖ¸±êµã»÷³Á¶¨ÏòÖÁ±í²¿ÍøÕ¾µÄ¶ñÒâÁ´½Ó£¬ÊÖ·¨Óë´Ëǰ¼Í¼µÄNSOÓйء°Ò»¼üʽ¡±ÍøÂç´¹µö»î¶¯ÀàËÆ¡£Meta°µÊ¾£¬ÔÚµ÷²éÓû§»ã±¨ºó³É¹¦×èÖ¹ÁËÕâЩ¹¥»÷£¬²¢·¢ÏÖ¹¥»÷ÕßÔÚWhatsAppÉÏ´´½¨Á˲âÊÔÕ˺źÍȺ×飬Òѽ«ÆäÈ«Êýɾ³ý¡£MetaÒÔΪ£¬NSO´Ë¾ÙÃ÷È·Î¥·´ÁË·¨Ôº°ä²¼µÄÓÀÔ¶½ûÁî¡£
https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/
5. À¼ÐÁÉçÇøÑ§ÔºÊý¾Ýй¶£¬³¬17.4ÍòÈËÐÅÏ¢ÔâÇÔ
6ÔÂ8ÈÕ£¬ÃÜЪ¸ùÖÝÀ¼ÐÁÉçÇøÑ§Ôº(LCC)½üÈÕ֪ͨ³¬¹ý17.4ÍòÈË£¬³ÆËûÃǵÄÓ×ÎÒÐÅÏ¢ÔÚÒ»Äê¶àǰ²úÉúµÄÊý¾Ýй¶ÊÂÎñÖÐÔ⵽й¶¡£¸Ã¹«Á¢ÉçÇøÑ§ÔºÔÚ·¢¸øÊÜÓ°ÏìÓ×ÎÒµÄ֪ͨÐÅÖаµÊ¾£¬Õâ´ÎÊÂÎñÓÚ2025Äê2Ô±»·¢ÏÖ£¬Ô¼Äª²úÉúÔÚºÚ¿ÍʹÓñ»µÁƾ֤ÈëÇÔì䲿ÃÅϵͳһÖÜÖ®ºó¡£ÕâÒâζ×Å£¬ºÚ¿Í¿ÉÄÜÔÚϵͳÖÐÂñ·üÁËÊýÔÂÉõÖÁ¸ü³¤¹¦·ò²Å±»¾õ²ì¡£ÊÂÎñ·¢ÏÖºó£¬LCCµ±¼´ÓëµÚÈý·½ÍøÂ簲ȫר¼ÒºÏ×÷·¢Õ¹µ÷²é¡£µ÷²éÈ·¶¨£¬ºÚ¿Í»ñÈ¡ÁËÔ̺¬ÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢¼ÝÊ»ÅÆÕÕ¾ßÌåÐÅÏ¢ÒÔ¼°Éç»á±£ÏÕºÅÂëÔÚÄÚµÄÓ×ÎÒÐÅÏ¢¡£LCC°µÊ¾£¬Ìṩ¸ø¸ÃѧԺµÄÆäËûÓ×ÎÒÐÅÏ¢Ò²¿ÉÄÜÊܵ½Ó°Ï죬µ«¾ßÌåй¶µÄÊý¾ÝÀàÐÍÒòÈ˶øÒ졣ƾ¾ÝLCCÏòÃåÒòÖÝ×ܼì²ì³¤°ì¹«ÊÒÌá½»µÄ»ã±¨£¬Õâ´ÎÊý¾Ýй¶ÊÂÎñ¹²Ó°Ïì174,307ÈË¡£×÷ΪӦ¶Ô´ëÊ©£¬Ñ§Ôº½«ÎªÊÜÓ°ÏìÓ×ÎÒÌṩ24¸öÔµÄÃâ·ÑÐÅÓþ¼à¿ØºÍÉí·Ý±£»¤·þÎñ¡£LCC»¹°µÊ¾£¬³ý½ÚÔìºÍ½â¾ö¸ÃÊÂÎñ±í£¬ÒѸĽø°²È«´ëÊ©ÒÔÔ¤·ÀÀàËÆÊÂÎñÔٴβúÉú¡£
https://www.securityweek.com/174000-impacted-by-lansing-community-college-data-breach/
6. Baker DistributingÔâShinyHunters¹¥»÷
6ÔÂ5ÈÕ£¬ÀÕË÷Èí¼þ×éÖ¯ShinyHunters½üÈÕÔÚÆä°µÍøÐ¹Â¶ÍøÕ¾Éϰ䲼ÁËÃÀ¹ú³ÛÃû·ÖÏúÉÌBaker Distributing CompanyµÄ¹«Ë¾Êý¾Ý£¬Ô̺¬ÊýÊ®ÍòÌõSalesforceºÍSharePoint¼Í¼£¬Éæ¼°Ô±¹¤¡¢¿Í»§¼°ÄÚ²¿ÔËÓªµÈÃô¸ÐÐÅÏ¢¡£Baker DistributingÊÇÃÀ¹ú×î´óµÄHVAC¡¢ÔìÀä¼°²ÍÒûÉ豸·ÖÏúÉÌÖ®Ò»£¬ÒµÎñ¸²¸Ç¿í·ºµÄ¹¤Òµ¹©¸øÁ´¡£¸Ã×éÖ¯Ðû³Æ£¬ÔÚÓ빫˾µÄ½»ÉæÊ§°Üºó£¬Òѽ«Êý¾Ý¹«¿ª°ä²¼µ½ÍøÉÏ£¬²¢°ä²¼ÁËУÑéºÍ¼°ÏÂÔØÁ´½Ó¡£×êÑÐÈËÔ±¶Ôй¶µÄÊý¾Ý¼¯½øÐÐÁËÉó²é£¬È·ÈÏ´ó²¿ÃÅ×ÊÁÏÀ´×ÔSharePoint´æ´¢¿â£¬Ô̺¬¸÷ÀàÄÚ²¿ÒµÎñÎĵµ¡£ÈËÁ¦×ÊÔ´·½ÃæÐ¹Â¶ÁËÔ±¹¤ÊֲᡢÕþ²ßÄ£°å¡¢½¡È«±£ÏÕÎļþµÈ£¬½ÒʾÁËÄÚ²¿ÐÐÕþÁ÷³Ì£»»¹ÓÐÓªÏúÕ½ÊõÎļþ¡¢µç×ÓÉÌÎñÐû´«²á¼°ÃæÏò¿Í»§µÄ³£¼ûÎÊÌâ½â´ð×ÊÁÏÒ²±»ÆØ¹â¡£¸üÖµµÃ¹Ø×¢µÄÊÇSalesforce²¿ÃŵÄÊý¾Ý£¬×êÑÐÈËÔ±´ÓÖмø±ð³öÔ¼1100ÌõÔ±¹¤¼Í¼£¬Ô̺¬ÐÕÃû¡¢µç×ÓÓʼþµØÖ·¡¢µç»°ºÅÂ롢ְλ¡¢²¿Ãż°ÕË»§¹¦·ò´Á¡£´Ë±í£¬Ò»¸öÔ̺¬Ô¼3400ÌõÏúÊÛÏßË÷µÄÊý¾Ý¼¯½ÒʾÁËDZÔÚ¿Í»§µÄÁªÏµ·½Ê½ºÍ»¥¶¯¼Í¼¡£ÔÚй¶ÎļþÖУ¬×êÑÐÈËÔ±»¹·¢ÏÖÁËÒ»¸öÔ¼11.1Íò±Ê¼Í¼µÄ¿Í»§ÁªÏµÈËÊý¾Ý¿â£¬Ô̺¬ÐÕÃû¡¢µç×ÓÓʼþ¡¢µç»°ºÅÂë¡¢¹«Ë¾´ÓÊô¹ØÏµ¼°µØÖ·µÈÓ×ÎÒÉí·ÝÐÅÏ¢¡£¸üÁîÈËÓÇÓôµÄÊÇ£¬Ô¼30.2Íò¸öITÖ§³Ö¹¤µ¥Ò²±»Ò»²¢Ð¹Â¶£¬ÆäÖÐÔ̺¬¹¦·ò´Á¡¢Óû§Éí·Ý¼°¼¼ÊõÎÊÌâµÄ¾ßÌåÃèÊö¡£
https://cybernews.com/security/baker-distributing-ransomware-salesforce-sharepoint-leak/


¾©¹«Íø°²±¸11010802024551ºÅ