Ubiquiti½¨¸´Æß´ó·ì϶£¬ÑÏ·ÀºÅÁî×¢Èë¹¥»÷
°ä²¼¹¦·ò 2026-07-091. Ubiquiti½¨¸´Æß´ó·ì϶£¬ÑÏ·ÀºÅÁî×¢Èë¹¥»÷
7ÔÂ8ÈÕ£¬ÍøÂçÉ豸³§ÉÌUbiquiti½üÈÕ°ä²¼°²È«¸üУ¬½¨¸´ÁËUniFi OSÖÐÆß¸öÑϳÁ°²È«·ì϶£¬ÆäÖÐ×îÑϳÁµÄÊÇCVE-2026-50746£¬¸Ã·ì϶λÓÚUniFi ConnectÀûÓ÷¨Ê½£¨3.4.16¼°¸üÔç°æ±¾£©ÖУ¬¿É±»¹¥»÷ÕßÀûÓÃÓÚºÅÁî×¢Èë¹¥»÷¡£UniFi ConnectÊÇÒ»Ì×ÓÃÓÚͳһÖÎÀíóÒ×¹¹ÖþÖÇÄÜÉ豸£¨Ô̺¬LEDÕÕÃ÷ºÍµç¶¯Æû³µ³äµçÆ÷£©µÄÈí¼þÌ×¼þ¡£UbiquitiÚ¹Êͳƣ¬Õ¼ÓÐÍøÂç½Ó¼ûȨÏ޵ĶñÒâ¹¥»÷Õß¿ÉÀûÓøÃÀûÓ÷¨Ê½µÄ²»µ±½Ó¼û½ÚÔì·ì϶£¬ÔÚÖ÷»úÉ豸ÉÏÖ´ÐжñÒâºÅÁ¹«Ë¾½¨ÒéÓû§Éý¼¶ÖÁ3.4.20»ò¸ü¸ß°æ±¾ÒÔ¶ã±Ü·çÏÕ¡£´Ë±í£¬±¾´Î½¨¸´»¹º¸ÇÁËUniFi Talk¡¢UniFi Access¡¢UniFi Protect¼°¶à¿î·ÓÉÆ÷¡¢Íø¹ØºÍNASϵͳÖеÄÁù¸ö¸ßΣ·ì϶£¨±àºÅCVE-2026-50747µÈ£©¡£Ö»¹ÜUbiquitiδй©ÕâЩ·ì϶ÊÇ·ñÒѱ»ÔÚÒ°ÀûÓ㬵«È·ÈÏÆäÖÐÁù¸ö¿É±»µÍ¸´ÔӶȹ¥»÷ÇÒÎÞÐèÓû§½»»¥¡£¾ÝCensys¼à²â£¬Ä¿Ç°»¥ÁªÍøÉ϶³ö×ų¬¹ý10Íò¸öUniFi OSÊ·ý£¬ÆäÖнü°ëÊýλÓÚÃÀ¹ú£¬µ«Éв»Ã÷ÏÔÒѽ¨¸´µÄ±ÈÀý¼°ÃÛ¹ÞÊýÁ¿¡£
https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/
2. »Ê¼Òɽ´óѧÔâºÚ¿ÍÇÔɾÊý¾Ý£¬½üÁ½ÍòʦÉúÊÜÓ°Ïì
7ÔÂ8ÈÕ£¬¼ÓÄô󿨶û¼ÓÀïµÄ»Ê¼Òɽ´óѧ£¨MRU£©½üÈÕÅû¶£¬ÆäÍøÂçϵͳ6ÔÂ17ÈÕÔâºÚ¿ÍÈëÇÖ£¬ÒÑÀñƸ±í²¿ÍøÂ簲ȫר¼Ò¼°¼¼ÊõÍŶӷ¢Õ¹µ÷²é²¢Íƶ¯¸´Ô¹¤×÷¡£Õâ´ÎÊÂÎñÑϳÁÇÖÈÅÁ˸ÃУµÄÔÚÏß·þÎñ¡¢»¥ÁªÍø½ÓÈë¼°¶à¸öÄÚ²¿ÏµÍ³¡£¾µ÷²éÈ·ÈÏ£¬¹¥»÷Õß·¸·¨½Ó¼û²¢µÁÈ¡ÁË´æ´¢ÓÚѧÉúºÍÔ±¹¤¹²Óõġ°HÅÌ¡±Ìض¨Îļþ¼ÐÖеÄÊý¾Ý£¬Éæ¼°ÏÖÈμ°Ç°ÈÎѧÉú¡¢Ô±¹¤£¬ÒÔ¼°Î´Ã÷È·Àà´ËÍâ¡°ÆäËûÈËÔ±¡±µÄÐÅÏ¢£¬¾ßÌåй¶ÄÚÈÝÒòÓ×ÎÒ¶øÒ졣ͬʱ£¬¹¥»÷Õß»¹É¾³ýÁËÁíÒ»¸ö´æ´¢²¿ÃÅÊý¾ÝµÄ¡°JÅÌ¡±£¬µ«ÔÝδ·¢ÏÖ¸ÃÅÌÊý¾Ý±»¸´Ôì»òÇÔÈ¡µÄÖ¤¾Ý£¬Ð£¸ÕÕýÖÂÁ¦¸´ÔÒÑɾÎļþ£¬µ«Ì¹ÑÔ¿ÉÄÜÎÞ·¨ÆëÈ«¸´Ô¡£ÓÉÓÚÔʼÊý¾Ý±»¶Ï¸ù£¬Ð£·½ÄÑÒÔѸ¿ì¾«×¼ÆÀ¹ÀÿλÊÜÓ°ÏìÕߵķçÏÕ£¬ÐèºÄʱÖðÒ»ºË²é£¬ºóÐø½«Í¨¹ý¸öÐÔ»¯Í¨ÖªÁªÏµÓйØÓ×ÎÒ¡£MRUÒÑÏò°¢¶û²®ËþÊ¡ÐÅÏ¢ºÍÒþÖÔרԱ°ì¹«ÊÒ¼°·¨Âɲ¿Ãű¨°¸£¬²¢ÎªËùÓÐÏÖÈÎÔ±¹¤¼°´ÓǰÎåÄêÄÚÊÜÆ¸ÕßÌṩΪÆÚÁ½ÄêµÄÐÅÓþ¼à¿ØºÍÉí·Ý͵ÇÔ±£»¤·þÎñ¡£Õâ´Î¹¥»÷ÓÉÍþв×éÖ¯CMD OrganizationÈÏÁ죬¸Ã×éÖ¯°ä²¼ÁË»¤ÕÕɨÃè¼þµÈÊý¾ÝÑù±¾×÷Ϊ×ôÖ¤£¬²¢ÏòУ·½ÀÕË÷30ö±ÈÌØ±Ò£¨Ô¼ºÏ190ÍòÃÀÔª£©£¬ÏÞʱÁùÌì»ØÓ¦£¬²»È»½«¹«¿ªÈ«Êý±»µÁÐÅÏ¢¡£
https://www.bleepingcomputer.com/news/security/mount-royal-university-confirms-breach-as-hackers-claim-attack/
3. NPMÓëPyPIÏÖ17¸öÖ§¸¶Ú¿Æ°ü£¬ÇÔÈ¡¿ª·¢ÕßÃÜÔ¿
7ÔÂ8ÈÕ£¬½üÆÚ£¬Node°üÖÎÀíÆ÷£¨npm£©ºÍPython°üË÷Òý£¨PyPI£©Éϱ»·¢ÏÖ´æÔÚ17¸ö¶ñÒâÈí¼þ°ü£¬×¨ÃÅÕë¶ÔPaysafe¡¢SkrillºÍNetellerµÈÖ§¸¶Æ½Ì¨µÄ¿ª·¢ÕߺÍÓû§£¬Ö¼ÔÚÇÔȡƾ֤Óë½Ó¼ûÁîÅÆ¡£ÕâÈý¸öÖ§¸¶Æ½Ì¨ÀûÓÃ¿í·º£¬Paysafe³£ÓÃÓÚµçÉÌ¡¢ÓÎÏ·¡¢ÓÎÀÀ¼°SaaSÁìÓò£¬¶øSkrillºÍNetellerÔò¶à·þÎñÓÚÔÚÏß²©²Ê¡¢¼ÓÃÜÇ®±Ò¼°±í»ãÂòÂô¡£¹¥»÷Õß½«¶ñÒâ°ü¼Ù×°³ÉºÏ·¨Ö§¸¶SDK£¬¹«¿ªÔ¤ÆÚAPIµ«·µ»ØÐéα³É¹¦ÏìÓ¦£¬ÊµÔòÄÚǶÇÔÃÜÄ£¿é£¬½«µÁÈ¡µÄÊý¾Ý»Ø´«ÖÁÑÇÂíÑ·AWSÉϵĺÅÁîÓë½ÚÔì·þÎñÆ÷¡£ÆäÖУ¬13¸önpm°ü°ä²¼ÁË1.0.0ÖÁ1.0.3¹²Ëĸö¶ñÒâ°æ±¾£¬4¸öPyPI°ü½ö°ä²¼1.0.0°æ¡£ÇÔȡָ±êÔ̺¬Paysafe APIÃÜÔ¿¡¢AWSÃÜÔ¿¡¢GitHubÁîÅÆ¡¢npmÁîÅÆ¡¢Ö÷»úÃû¡¢Óû§Ãû¼°APIʹÓÃÔªÊý¾Ý¡£npm°üµÄÇÔÃÜÄ£¿é½öÔÚ¼ì²âµ½Paysafe APIÃÜԿʱ¼¤»î£¬¶øPyPI°üÔÚ³õʼ»¯Ê±±ã×Ô¶¯ÔËÐС£¶ñÒâ´úÂ뻹¾ß±¸»ù´¡·´·ÖÎöÄÜÁ¦£¬Èô·¢ÏÖCPUÖ÷ÌâÉÙÓÚ2¸ö»ò»·¾³º¬Ðé¹¹»¯ÏßË÷Ôò»áÖÕ³¡Ö´ÐС£½¨Ò鿪·¢Õßµ±¼´ÂÖ»»ËùÓÐÊÜϰȾ»úеÉϵÄÃÜÔ¿£¬ËÑË÷ÒÀÀµÊ÷²¢À¹½ØÓйذüÃûÒªÇó£¬Í¬Ê±ÔÚCIϵͳÈÕÖ¾ÖÐÅŲ顰PAYSAFE_API_KEY¡±ÓëÁÐÃû°üµÄ×éºÏ³ö½ü¿ö¿ö¡£
https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/
4. Ä«Î÷¸ç½ðÈÚÔâClickFix¹¥»÷£¬Ö²ÈëPowerShellľÂí
7ÔÂ8ÈÕ£¬½üÆÚ£¬Elastic Security Labs·¢ÏÖ´úºÅΪREF6045µÄÒøÐжñÒâÈí¼þ»î¶¯£¬ÕýÕë¶ÔÄ«Î÷¸çµÄÒøÐÓ×¢½ðÈڿƼ¼¹«Ë¾¡¢Ö§¸¶´¦ÖÃÉ̼°¼ÓÃÜÇ®±ÒÂòÂôËù¿Í»§ÌáÒé¹¥»÷¡£¸Ã¹¥»÷ÀûÓÃClickFixÉç½»¹¤³Ì¼¼ÇÉ£¬Í¨¹ý¼Ù×°³ÉºÏ·¨°²È«²é³µÄÐéαÑéÖ¤ÂëÒ³Ãæ£¬ÓÕµ¼Êܺ¦Õ߸´Ôì¶ñÒâºÅÁî²¢Õ³ÌùÖÁWindowsÔËÐжԻ°¿ò£¬´Ó¶øÆô¶¯¶à½×¶ÎϰȾ¡£ÊµÏÖÑéÖ¤ºó£¬¹¥»÷Õß»áÏÔʾαÔìµÄWindows¸üнçÃæÒÔ·ÖÉ¢°ÑÎÈ£¬Í¬Ê±×°ÖûùÓÚPowerShellµÄSCMBANKER¹¤¾ß°ü£¬³ÉÁ¢ÓƾÃÐÔ¡¢¼à¿ØÍøÒø»á»°¡¢½ØÆÁ¡¢¼Í¼¼üÅÌ¡¢´Û¸Ä¼ôÌù°å¡¢³Á¶¨Ïòä¯ÀÀÆ÷ÖÁ´¹µöÍøÕ¾£¬²¢¿É²¿ÊðóÒ×Ô¶³Ì½ÚÔìÈí¼þÒÔÆëÈ«ÊÕÊÜÉ豸¡£×êÑл¹·¢ÏÖ£¬¹¥»÷Õß½èÖú´óÐÍ˵»°Ä£Ð͸¨Öú¿ª·¢²¿ÃÅ´úÂ룬µ«ÖÊÁ¿²Î²îÇÒÁôÓÐAIÌìÉúºÛ¼£¡£´Ë»î¶¯ÖØÒªÓ°ÏìÄ«Î÷¸ç¾³ÄÚµÄÓ×ÎÒ¼°×éÖ¯£¬Ö»¹ÜµØÓòÐÔÇ¿£¬µ«ÆäClickFixµö¶ü¡¢ÐéαÑéÖ¤Âë¼°PowerShell´«²¼ÊÖ·¨ÕýÈÕÒæÆÕ±é£¬½«À´¿ÉÄܱ»µ÷ÕûÓÃÓÚ¹¥»÷ÆäËûµØÓò¡£
https://securityboulevard.com/2026/07/scmbanker-malware-targets-mexicos-financial-sector-using-clickfix-lures/
5. ÓïÒô´¹µöÓÕÆM365Óû§×¢²á¹¥»÷Õß½ÚÔìµÄͨ³©ÃÜÔ¿
7ÔÂ8ÈÕ£¬½üÆÚ£¬ÍþвÐÐΪÕßÀûÓûùÓÚÓïÒôµÄÐéα°²È«ÒªÇó£¬Õë¶ÔʳƷÒûÁÏ¡¢¿Æ¼¼¡¢Ò½ÁƱ£½¡¡¢Æû³µ¡¢¹¹ÖþºÍº½¿ÕµÈ¶à¸öÐÐÒµµÄ×éÖ¯£¬ÓÕÆMicrosoft 365Óû§×¢²áеÄEntraͨ³©ÃÜÔ¿¡£¹¥»÷ÕßÀÄÓÃ΢ÈíÓÚ5ÔÂÏòÖÎÀíԱʢ¿ªµÄ¡°ÃÜÂë×¢²á»î¶¯¡±Ö°ÄÜ£¬×Ô4ÔÂÆðͨ¹ýµç»°ÁªÏµÖ¸±êÓû§£¬ÒÔ°²È«Éý¼¶ÎªÓÉ˵·þÆä×¢²áÊܹ¥»÷Õß½ÚÔìµÄͨ³©ÃÜÔ¿£¬²¢½«Êܺ¦ÕßÊèµ¼ÖÁ·ÂÕպϷ¨Î¢ÈíÃÜÂë×¢²áÁ÷³ÌµÄ´¹µö¹¤¾ß°ü¡£¸Ã¹¤¾ß°üΪ²Ù×÷Ô±½ÚÔìµÄPHPÃæ°å£¬Ñ¡È¡1ÃëÐÄÌøÂÖѯ»úÔ죬ÄÜÆ¾¾ÝÊܺ¦ÕߵĶà³É·ÖÈÏÖ¤£¨MFA£©ÒªÇó£¨ÈçTOTP¡¢ÍÆËÍ֪ͨ¡¢¶ÌÐÅÑéÖ¤Â룩ʵʱµ÷ÕûÁ÷³Ì£¬Êܺ¦ÕßÊäÈëµÄÍ´´¦ºÍMFAÏìÓ¦±»´«µÝ¸ø¹¥»÷Õߣ¬ÓÃÓÚÑéÖ¤²¢ÊÕÊÜÕË»§¡£Êܺ¦ÕßÒÔΪÔÚ×¢²áÐÂÃÜÂ룬ʵÔò¹¥»÷Õß×¢²áÁËÆä½ÚÔìµÄÃÜÔ¿£¬Ëæºó´¹µöÍøÕ¾»¹»áչʾαÔìµÄÃÜÂë×¢ÊéÒ³Ãæ£¬ÌáÐѱ£ÁôÎÞÏÖʵ×÷ÓõÄBIP-39¸´Ô¶ÌÓïÒÔ·ÖÉ¢°ÑÎÈ¡£Õâ´Î¹¥»÷ÓÉOkta×·×ÙµÄO-UNC-066ÐÐΪÕßÖ´ÐУ¬¸Ã×éÖ¯ÔËÓªÃûΪPinkµÄÀÕË÷Ðж¯£¬ÓëÈ¥ÖÐÐÄ»¯ÍþÐ²ÍøÂçThe ComÓйأ¬ÒÔÓïÒô´¹µöºÍITÉí·Ý¼ÙÒâÍøÂçÆ¾Ö¤¼°MFA´úÂëÖø³Æ£¬»ñÈ¡½Ó¼ûȨÏÞºóѸ¿ì´ÓSharePointºÍOneDriveÇÔÈ¡Êý¾Ý£¬²¢ÓÚ5ÔÂ31ÈÕÍÆ³öÀÕË÷ÍøÕ¾°ä²¼Ñù±¾Ê©Ñ¹¡£
https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/
6. AssuranceAmericaÊý¾Ýй¶£¬690Íò¼ÝÕÕÐÅÏ¢±»µÁ
7ÔÂ8ÈÕ£¬ÃÀ¹ú±£ÏÕ¹«Ë¾AssuranceAmerica½üÆÚ֤ʵ²úÉú³Á´óÊý¾Ýй¶ÊÂÎñ£¬Ô¼690ÍòÈ˵ÄÓ×ÎÒÐÅÏ¢¼°¼ÝÊ»ÅÆÕÕºÅÂëÔâÇÔ£¬³ÉΪ½ñÄêÒÑÖª¹æÄ£×î´óµÄ¼ÝÕÕÐÅϢй¶ÊÂÎñÖ®Ò»¡£¸Ã¹«Ë¾³ÉÁ¢ÓÚ1998Ä꣬ΪȫÃÀÊ®¶à¸öÖÝÌṩÆû³µºÍ×âÁÞ±£ÏÕ£¬´¦ÖôóÁ¿¿Í»§¼°Í¶±£È˵ÄÃô¸Ð×ÊÁÏ£¬Ô̺¬ÐÕÃû¡¢ÁªÏµ·½Ê½¡¢¼ÝÕÕºÅÂë¡¢Æû³µ±£µ¥¡¢ÕË»§ÐÅÏ¢¡¢¼ÝʻԱ¼°³µÁ¾ÏêÇéºÍË÷Åâ¼Í¼¡£¹¥»÷ÕßÓÚ3ÔÂ17ÈÕÈëÇÔìäϵͳ£¬Í¨¹ýÇÔȡһÃûÔ±¹¤µÄƾ֤½øÈëÍøÂ磬¹«Ë¾ÓÚ6ÔÂ15ÈÕʵÏÖµ÷²é²¢½ûÓñ»µÁƾ֤£¬µ«Î´×¢Ã÷ƾ֤¾ßÌåÇÔÈ¡·½Ê½¡£Ä¿Ç°ÉÐÎÞÖ¤¾ÝÅú×¢¹«Ë¾ÓëºÚ¿Í½Ó´¥»òÖ§¸¶Êê½ð¡£ÊÜÓ°ÏìµÄÓ×ÎÒ½«ÔÚ7ÔÂ10ÈÕÊÕµ½Í¨Öª¡£´ËÊÂÎñÊǽüÆÚ¶àÆðÉæ¼°¼ÝÕÕµÈÉí·ÝÎļþй¶µÄÒ»²¿ÃÅ£¬ÀýÈçµÂ¿ËÈøË¹Öݹ«Ô°ºÍÒ°»îÆÃÎﲿÃÅÒ²Ôø±»ÇÔÈ¡Êý°ÙÍò¼ÝÕÕÐÅÏ¢¡£Ëæ×ÅÁйú·îÐдºÇïÑé֤˾·¨£¬¸ü¶àÍøÕ¾ÒªÇóÉÏ´«Éí·ÝÖ¤Ã÷£¬´ËÀàй¶·çÏÕ³ÖÐøÉÏÉý¡£
https://techcrunch.com/2026/07/08/another-massive-data-breach-exposed-millions-of-drivers-license-numbers/


¾©¹«Íø°²±¸11010802024551ºÅ