˼¿ÆSD-WANÔÙÆØÁãÈÕ·ì϶ £¬ÉÐÎÞ²¹¶¡¿É½¨¸´

°ä²¼¹¦·ò 2026-06-11
1. ˼¿ÆSD-WANÔÙÆØÁãÈÕ·ì϶ £¬ÉÐÎÞ²¹¶¡¿É½¨¸´


6ÔÂ9ÈÕ £¬Ë¼¿Æ¿Í»§ÕýÃæ¶ÔÓÖÒ»¸ö±»»ý¼«ÀûÓõÄÁãÈÕ·ì϶ £¬¸Ã·ì϶ӰÏìÆäSD-WANÖÎÀíÈí¼þ £¬½øÒ»²½¼Ó¾çÁËÆóÒµ°²È«Ñ¹Á¦¡£¸Ã·ì϶±àºÅΪCVE-2026-20245 £¬ÊǽñÄê˼¿ÆSD-WAN²úÆ·ÖÐµÚÆß¸ö±»»îÔ¾ÀûÓõÄÁãÈÕ·ì϶¡£Ë¼¿Æ°µÊ¾ £¬±¾Ô³õ³õ´Î·¢Ïָ÷ì϶Òѱ»»ý¼«ÀûÓà £¬²¢ÓÚÖÜËÄÕýʽÅû¶¡£¸Ã·ì϶×î³õÓÉMandiant·¢ÏÖ £¬Ä¿Ç°ÉÐδ°ä²¼°²È«²¹¶¡ £¬Ò²Ã»ÓÐÈκÎһʱ»º½â¹æ»®¡£Ë¼¿Æ½²»°È˳ƽ«ÔÚ½«À´Ä³¸öÈÕÆÚÌṩ²¹¶¡¡£¾Ý˼¿Æ½éÉÜ £¬¸Ã·ì϶ÊÇÒ»¸öÓ°ÏìCisco Catalyst SD-WANÖÎÀíÆ÷µÄÑéÖ¤ÃýÎóȱµã £¬ÔÊÐí¾­¹ýÉí·ÝÑéÖ¤»ò±¾µØ¹¥»÷ÕßÒÔrootȨÏÞÖ´ÐкÅÁî £¬´Ó¶øÖ´ÐкÅÁî×¢Èë¹¥»÷¡£²»Íâ £¬Ç±ÔÚÓ°ÏìÁìÓò¿ÉÄÜÓÐÏÞ £¬ÓÉÓÚÀûÓø÷ì϶±ØÒªÓÐЧƾ֤»òͨ¹ýÆäËûõè¾¶»ñµÃÌØÈ¨½Ó¼û¡£Ë¼¿ÆÖ¸³ö £¬¹¥»÷Õß¿ÉÄÜÀûÓÃÆä½ñÄêÔçЩʱ³½Åû¶µÄÁ½¸öÁãÈÕ·ì϶£¨CVE-2026-20182ºÍCVE-2026-20127£©»ñÈ¡ËùÐèµÄ½Ó¼ûȨÏÞ¡£Ë¼¿Æ°µÊ¾¡°ÉÐδ·¢ÏÖͨ¹ýÆäËû·½Ê½³É¹¦ÀûÓø÷ì϶µÄÇé¿ö¡± £¬µ«¹Û²ìµ½²¿Ã۸ÀýÖÐ £¬ÀûÓø÷ì϶µ¼ÖÂÅäÖøü¸Ä±»ÍÆËÍÖÁ±ßÔµÉ豸¡£


https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/


2. ¹È¸è´¹Î£½¨¸´½ñÄêµÚÎå¸öChromeÁãÈÕ·ì϶


6ÔÂ9ÈÕ £¬¹È¸è½üÈÕ°ä²¼ÁË´¹Î£¸üР£¬½¨¸´ÁËÒ»¸öÒѱ»»ý¼«ÀûÓõÄChromeä¯ÀÀÆ÷ÁãÈÕ·ì϶ £¬ÕâÊǽñÄêÒÔÀ´½¨¸´µÄµÚÎå¸ö´ËÀà·ì϶¡£¸Ã·ì϶±àºÅΪCVE-2026-11645 £¬¹È¸èÔÚÖÜÒ»µÄ°²È«²¼¸æÖÐÈ·ÈÏÒÑÒâʶµ½¸Ã·ì϶Òѱ»ÀûÓá£ÔÚһλÄäÃû°²È«×êÑÐÈËÔ±Ïò¹È¸è»ã±¨·ì϶Á½Öܺó £¬¹«Ë¾Îª²»±ä×ÀÃæÆµÂ·Óû§½¨¸´Á˸÷ì϶ £¬²¢½«Òѽ¨¸´°æ±¾Öð²½ÍƹãÖÁWindows£¨149.0.7827.102£©¡¢Mac£¨149.0.7827.103£©ºÍLinux£¨149.0.7827.102£©ÏµÍ³¡£¹ÌÈ»¹È¸è°µÊ¾°²È«¸üпÉÄܱØÒª¼¸Ììµ½¼¸ÖÜÄÜÁ¦¸²¸ÇËùÓÐЧ»§ £¬µ«¾ÝÏÖʵ¼ì²â £¬¸Ã¸üÐÂÒѵ±¼´¿ÉÓᣲ»ÏëÊÖ¶¯¸üеÄÓû§¿ÉÒÀ¸½Chrome±ÉÈË´ÎÆô¶¯Ê±×Ô¶¯²é³­²¢×°ÖøüС£¸Ã¸ßΣÁãÈÕ·ì϶ԴÓÚChrome V8 JavaScriptÒýÇæÖеÄÔ½½ç¶ÁÈ¡ºÍдÈëÈõµã £¬Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý¾«ÐÄ»ú¹ØµÄHTMLÒ³Ãæ £¬ÔÚWebä¯ÀÀÆ÷µÄɳÏäÄÚÖ´ÐÐËÁÒâ´úÂë¡£³É¹¦ÀûÓ÷ì϶ºó £¬¹¥»÷Õß¿ÉÄÜͨ¹ý¶Ñ°Ü»µ½Ó¼ûÄڴ滺³åÇøÖ®±íµÄÊý¾Ý £¬´Ó¶øÂ¶³öÃô¸ÐÐÅÏ¢»òÒý·¢ä¯ÀÀÆ÷±ÀÀ£¡£´Ë±í £¬¸Ã·ì϶»¹¿É±»ÀûÓÃÀ´ÈƹýASLRµÈÄÚ´æ± £»¤»úÔì £¬´Ó¶ø¸üÈÝÒ×ͨ¹ýÆäËûÈõµãʵÏÖ´úÂëÖ´ÐС£


https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/


3. Langflow¸ßΣ·ì϶CVE-2026-5027Õý±»ÀûÓÃ


6ÔÂ10ÈÕ £¬½üÆÚ £¬¹¥»÷ÕßÔÚ»ý¼«ÀûÓÿªÔ´AI¿ª·¢Æ½Ì¨LangflowÖеÄÒ»¸ö¸ßΣõè¾¶±éÀú·ì϶£¨CVE-2026-5027£© £¬ÔÚ¶³öµÄ·þÎñÆ÷ÉÏʵÏÖËÁÒâÎļþдÈë¡£LangflowÊÇÒ»¸ö¹ãÊÜÓ­½ÓµÄ¿ÉÊÓ»¯Æ½Ì¨ £¬Í¨¹ýÍϷŽçÃæÔ®ÊÖ¿ª·¢ÍŶӹ¹½¨AIÀûÓᢴúÀí¼°¼ìË÷¼ÓÇ¿ÌìÉúϵͳ £¬ÆäÔÚGitHubÉÏÒÑ»ñµÃ³¬¹ý14.9Íò¸öÐDZêºÍ9200¸ö·ÖÖ§¡£¸Ã·ì϶´æÔÚÓÚÎļþÉÏ´«Ö°Äܵġ°POST /api/v2/files¡±¶ËµãÖÐ £¬ÓÉÓÚδÄÜÕýÈ·ËãÕÊÓû§ÌṩµÄ¡°filename¡±²ÎÊý £¬¹¥»÷Õß¿Éͨ¹ýõè¾¶±éÀúÐòÁн«ÎļþдÈëÎļþϵͳÉϵÄËÁÒâµØÎ»¡£ÍøÂ簲ȫ¹«Ë¾TenableÓÚ2026ÄêËêÊ×·¢ÏÖ´ËÎÊÌâ £¬²¢ÓÚ3ÔÂ27ÈÕ¹«¿ªÅû¶ £¬´ËǰÁ½¸ö¶àÔµĻ㱨δ»ñLangflowÍŶӻØÓ¦¡£Ö»¹ÜTenableµÄ²¼¸æÎ´ÌὨ¸´¹æ»® £¬µ«Snyk SecurityÔÚ3ÔÂ30ÈÕÖ¸³ö £¬¸Ã·ì϶ÒÑÔÚlangflow-base°ü0.8.3°æºÍLangflowÀûÓÃ1.9.0°æÖÐʵÏÖ½¨¸´¡£¸üÁîÈ˾¯ÌèµÄÊÇ £¬VulnCheck°²È«×êÑÐÔ±Caitlin Condon°µÊ¾ £¬ÆäÃÛ¹ÞÒѼì²âµ½¹¥»÷ÕßÀûÓø÷ì϶Ͷ·Å²âÊÔÎļþ¡£


https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/


4. ¿ªÔ´Æ¾Ö¤ÇÔÈ¡¿ò¼ÜMiasmaÔ´Âëй¶


6ÔÂ10ÈÕ £¬½üÆÚ £¬Ò»¸öÃûΪMiasmaµÄƾ֤ÇÔÈ¡¹¥»÷¿ò¼Üͨ¹ý¹©¸øÁ´¹¥»÷¶Ô×¼¿ªÔ´Éú̬ϵͳ £¬ÆäÔ´´úÂëÔøÔÚGitHubÉ϶ÌÔݹ«¿ª¡£¸Ã¶ñÒâÈí¼þ±»ÒÔΪÊÇÔçÆÚShai-HuludÈ䳿µÄ½ø»¯°æ±¾ £¬Á½ÕßÔÚÖ°ÄÜ¡¢¼¼Êõ¼°´úÂë²ãÃæ´æÔÚ´óÁ¿ÀàËÆÖ®´¦¡£SafeDepµÄ×êÑÐÈËÔ±½üÈջ㱨³Æ £¬MiasmaµÄÔ´´úÂëͨ¹ý¶à¸ö±»µÁÓõĿª·¢ÕßÕË»§ÔÚGitHubÉÏй¶ £¬Ã¿¸öÕË»§¾ù´´½¨ÁËÃûΪ¡°Miasma-Open-Source-Release¡±µÄ²Ö¿â¡£ÕâÅú×¢¹¥»÷ÕßÊÇÓÐÒ⹫¿ª´úÂë £¬¶ø·ÇÒâ±íй¶¡£´úÂë·ÖÎöÏÔʾ £¬¸Ã¹¤¾ß°üÎÞÐ贫ͳµÄºÅÁîÓë½ÚÔ죨C2£©»ù´¡ÉèÊ© £¬¶øÊÇÀûÓÃGitHub×ÔÉíÀ´ÊµÏÖ½ÚÔìÖ°ÄÜ¡£MiasmaÄÜ´ÓÔÆ·þÎñÉÌ¡¢CI/CDϵͳ¡¢ÃÜÂëÖÎÀíÆ÷¡¢Kubernetes¼°ÃÜÔ¿´æ´¢ÖÐ¿í·ºÍøÂçÆ¾Ö¤ £¬²¢ÀÄÓÃÕâЩƾ֤·ÛËénpm¡¢PyPI¡¢RubyGems°üÒÔ¼°GitHub²Ö¿â¡¢Actions¹¤×÷Á÷ºÍJFrog ArtifactoryÊ·ý¡£´Ë±í £¬Ëü»¹ÄÜͨ¹ýSSHºÍAWS Systems Manager½øÐкáÏòÒÆ¶¯ £¬²¢·ÛËéClaude¡¢Gemini¡¢Cursor¡¢Copilot¡¢KiroºÍClineµÈAI±àÂ빤¾ßµÄÅäÖá£


https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/


5. ShinyHunters¹¥»÷Oracle PeopleSoft·þÎñÆ÷


6ÔÂ10ÈÕ £¬Oracle PeopleSoft·þÎñÆ÷Õý³ÉΪShinyHuntersÀÕË÷ÍÅ»ï³ÖÐøÊý¾ÝÇÔÈ¡¹¥»÷µÄ³ÁµãÖ¸±ê¡£¸ÃÍÅ»ïÐû³ÆÒѳɹ¦´Ó100¶à¸ö×éÖ¯µÄ300¸öÊ·ýÖÐÇÔÈ¡ÁËÊý¾Ý¡£PeopleSoft×÷Ϊһ¿îÆóÒµ¼¼û³Ò×Èí¼þÌ×¼þ £¬±»´óÐÍ×éÖ¯¿í·ºÓÃÓÚÖÎÀíÈËÁ¦×ÊÔ´¡¢¹¤×Ê¡¢²ÆÕþ¡¢¹©¸øÁ´¼°Ñ§ÉúÖÎÀíµÈÖ÷ÌâÒµÎñ¡£¾Ý±¨Â· £¬Õë¶ÔÔÆ¶ËºÍ±¾µØ²¿ÊðµÄPeopleSoft¿Í»§µÄ´ó¹æÄ£Êý¾ÝÇÔÈ¡¹¥»÷½üÆÚƵ·¢ £¬Êܺ¦Õß¾ùÊÕµ½ÁËÊðÃûΪShinyHuntersµÄÀÕË÷ÐÅ¡£¹¥»÷ÕßÏòýÌå֤ʵÁËÆäÉí·Ý £¬²¢Ðû³ÆÀûÓÃÁËÒ»¸öÓɾɷì϶ºÍÁãÈÕ·ì϶×é³ÉµÄ¡°¹¤¾ßÁ´¡±ÌáÒé¹¥»÷ £¬µ«Í¬Ê±Ò²Ö¸³ö¹¥»÷²¢·ÇÔÚËùÓÐϵͳÉ϶¼Äܳɹ¦ £¬¾ßÌåÈ¡¾öÓÚÊ·ýµÄÅäÖ÷½Ê½¡£½ØÖÁĿǰ £¬Oracle¹«Ë¾ÉÐδ¾ÍÓйØÁãÈÕ·ì϶µÄѯÎÊ×÷³ö¹«¿ª»ØÓ¦¡£¾Ý¹¥»÷Õßй© £¬ÊÜÓ°ÏìµÄ×éÖ¯¶à¼¯ÖÐÓÚ½ÌÓýÁìÓò £¬ÆäÖкܶà´Ëǰ¾ÍÒÑÔâ·ê¹ý¸ÃÍÅ»ïµÄÀÕË÷¡£Ö»¹ÜOracleδ¹«¿ªÅû¶¹¥»÷ϸ½Ú £¬ÍøÂ簲ȫ×êÑÐÔ±¡°Michael R¡±·¢ÏÖÁ˶à¸ö¶³öµÄÔÚÏßĿ¼ £¬ÆäÖÐÔ̺¬Óë´Ë¹¥»÷ÓйصŤ¾ß¡£ÕâЩĿ¼½ÒʾÁËÕë¶ÔPeopleSoft»·¾³µÄ³ÖÐø¹¥»÷ £¬ÏÖ³¡»¹ÁôÓÐMeshCentral´úÀí·¨Ê½¡¢ÓÃÓÚÍøÒ³´Û¸ÄµÄ¾ç±¾ÒÔ¼°Î±ÔìÆ¾Ö¤µÄÅçÆá¾ç±¾µÈ¹¤¾ß¡£


https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/


6. OkCupid±»ÆØÊý¾Ýй¶ £¬3500ÍòÓû§×ÊÁÏÒÉÔâÇÔ


6ÔÂ9ÈÕ £¬³ÛÃûÃÀ¹úÔ¼»áÍøÕ¾OkCupidµÄÔ¼3500ÍòÓû§Ó×ÎÒÐÅÏ¢Òѱ»ºÚ¿ÍÇÔÈ¡ £¬ÓйØÊý¾ÝÑù±¾Òѳʴ˿ÌÒ»¸öÈȵãÊý¾Ýй¶ÂÛ̳ÉÏ¡£¹¥»÷ÕßÔÚ·¢ÌûÖÐÐû³Æ £¬ËûÃÇÓëͬÊÂͨ¹ýijÖÖ·½Ê½»ñµÃÁ˶ÔOkCupidÄÚ²¿APIµÄÌØÈ¨½Ó¼ûȨÏÞ £¬´Ó¶ø³É¹¦×¥È¡Á˸ÃÀûÓ÷¨Ê½ËùÓÐЧ»§µÄÓ×ÎÒ×¢²áÐÅÏ¢ £¬²¢¸´ÔìÁ˺ó¶ËϵͳÖеÄÈ«ÊýÄÚÈÝ¡£OkCupid¹Ù·½Ðû³ÆÆäÓû§¹æÄ£³¬¹ý3000Íò £¬ÕâÓë¹¥»÷ÕßËù³ÆµÄ3500Íò±Ê¼Í¼¸ù»ùÎǺÏ¡£×êÑÐÍŶӶԹ¥»÷ÕßµÄ˵·¨½øÐÐÁ˳õ²½ÑéÖ¤ £¬¹¥»÷ÕßÔÚÂÛ̳ÉϽö¸½ÉÏÁËÒ»¸öÔ̺¬8±Ê¼Í¼µÄÊý¾ÝÑù±¾¡£ÕâЩÑù±¾ÖÐÔ̺¬Á˾ßÌåµÄÔ¼»á×ÊÁÏÐÅÏ¢¡¢Ó×ÎÒÉí·ÝÐÅÏ¢ÒÔ¼°bcryptÃÜÂë¹þÏ£Öµ¡£×êÑÐÍŶÓÈ·ÈÏ £¬Ñù±¾ÖгöÏÖµÄËùÓеç×ÓÓʼþµØÖ·¾ùΪºÏ·¨ÇÒÔøÔÚ¹ýÍùÆäËû·þÎñµÄÊý¾Ýй¶ÊÂÎñÖгöÏÖ¹ý¡£È»¶ø £¬ÓÉÓÚÎÞ·¨ºËʵ¹¥»÷ÕßÊÇ·ñÕæµÄ»ñÈ¡ÁË3500Íò±Ê¼Í¼ £¬ÇÒÑù±¾Êý¾Ý¿ÉÄÜÔ´ÓÚ´ËǰÂÅ´Îй¶ÊÂÎñµÄ»ã×Ü £¬×êÑÐÍŶÓĿǰÈÔ¶Ô¹¥»÷ÕßµÄ˵·¨³Ö±£Áô̬¶È¡£


https://cybernews.com/security/okcupid-user-data-breach-claims/