Centers LaboratoryÊý¾Ýй¶ÊÂÎñÓ°Ïì54ÍòÈË

°ä²¼¹¦·ò 2026-07-15
1. Centers LaboratoryÊý¾Ýй¶ÊÂÎñÓ°Ïì54ÍòÈË


7ÔÂ13ÈÕ£¬ÃÀ¹úÒ½ÁÆÕï¶Ï¹«Ë¾Centers Laboratory½üÈÕÏòµ±¾Ö´«µÝ£¬Ò»Â·²úÉúÔÚ½üÒ»ÄêǰµÄÊý¾Ýй¶ÊÂÎñÏÖʵӰÏ쳬¹ý54ÍòÈË¡£Æ¾¾Ý¸Ã¹«Ë¾ÍøÕ¾°ä²¼µÄ֪ͨ£¬Õâ¼Ò×ܲ¿Î»ÓÚÐÂÔóÎ÷Öݵļì²âºÍ³¢ÊÔÊÒ·þÎñÌṩÉÌÓÚ2025Äê8Ô·¢ÏÔìäIT»·¾³Ôâµ½ÈëÇÖ£¬µ÷²éÏÔʾÍþвÐÐΪÕßÔÚ8ÔÂ9ÈÕÖÁ14ÈÕÆÚ¼ä»ñµÃÁ˶ÔϵͳµÄ¡°ÓÐÏÞ½Ó¼ûȨÏÞ¡±£¬ÇÔÈ¡ÁËÔ̺¬ÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢Éç»á±£ÏÕºÅÂë¡¢¼ÝÊ»ÅÆÕÕ»òÉí·ÝÖ¤ºÅÂë¡¢»¤ÕÕºÅÂëÒÔ¼°½¡È«±£ÏÕºÍÒ½ÁÆÐÅÏ¢ÔÚÄÚµÄÓ×ÎÒ¼°Êܱ£»¤½¡È«ÐÅÏ¢¡£ÃÀ¹úÎÀÉúÓ빫¼Ò·þÎñ²¿µÄÊý¾Ýй¶׷×ÙÆ÷ÏÔʾ£¬Õâ´ÎÊÂÎñ¹²Ó°Ïì542,377ÈË¡£¸ÃÊÂÎñ±»Ö¤ÊµÓëÍøÂç·¸×ï×éÖ¯WorldLeaksÓйØ£¬¸Ã×éÖ¯ÓÚ2025Äê10ÔÂÔÚÆäÍøÕ¾ÉϹ«¿ªÁËCenters LabµÄ±»µÁÊý¾Ý£¬Ð¹Â¶Îļþ³¬¹ý160Íò¸ö£¬×ܼÆ720GB¡£


https://www.securityweek.com/centers-laboratory-data-breach-affects-540000-individuals/


2. CISA½«Ë¼¿Æ16ÄêǰCSRF·ì϶ÁÐÈë±Ø½¨½¨¸´Ä¿Â¼


7ÔÂ13ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö½üÈÕ½«Ò»Ã¶Ó°ÏìCisco IOSµÄ¿çÕ¾ÒªÇóαÔì·ì϶£¨±àºÅCVE-2008-4128£©ÄÉÈëÆäÒÑÖª±»ÀûÓ÷ì϶Ŀ¼£¬²¢ÒªÇóÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ»ú¹¹ÔÚ2026Äê7ÔÂ13ÈÕǰʵÏÖ½¨¸´¡£¸Ã·ì϶´æÔÚÓÚÔËÐÐCisco IOS 12.4°æ±¾µÄCisco 871¼¯³É·þÎñ·ÓÉÆ÷µÄHTTPÖÎÀí½çÃæÖУ¬Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý»ú¹Ø¶ñÒâÒªÇó£¬ÓÕÆ­ÒÑͨ¹ýÉí·ÝÑéÖ¤µÄÖÎÀíÔ±Ö´ÐÐËÁÒâºÅÁÔ̺¬È¨ÏÞÌáÉýºÅÁîºÍÅäÖÃÅú¸ÄºÅÁ´Ó¶øÆëÈ«½ÚÔìÖ¸±êÉ豸¡£°²È«²¼¸æÖ¸³ö£¬¹¥»÷õè¾¶ÖØÒªÓÐÁ½Ìõ£ºÒ»ÊÇͨ¹ý½Ó¼ûÌØ¶¨URIÖ´ÐÓ×°show privilege¡±ºÅÁî»ñȡȨÏÞÐÅÏ¢£¬¶þÊǽèÖúÌØ¶¨URI¹²Í¬¡°alias exec¡±ºÅÁîÖ´ÐÐËÁÒâÅäÖÃÖ¸Áî¡£Ö»¹Ü¸Ã·ì϶ÓÚ2008Äê±ã±»¹«¿ªÅû¶£¬¾à½ñÒÑÓâ16Ä꣬µ«ÆäÀûÓÃǰÌáÏà¶Ôµ¥Ò»£¬Ö»ÐèÓÕʹÒѵǼµÄÖÎÀíÔ±µã»÷¶ñÒâÁ´½Ó¼´¿ÉʵÏÖÉ豸ÊÕÊÜ£¬Òò¶øÖÁ½ñÈÔÓµÓÐÏÖʵÍþв¡£


https://securityaffairs.com/195262/security/u-s-cisa-adds-a-cisco-ios-flaw-to-its-known-exploited-vulnerabilities-catalog.html


3. ÀÕË÷Èí¼þ½èSynopsysÇÔ²©ÊÀÃô¸Ð¹¤³ÌÊý¾Ý


7ÔÂ13ÈÕ£¬ÀÕË÷Èí¼þ×éÖ¯D1RÐû³ÆÍ¨¹ýÈëÇÖÃÀ¹ú¿Æ¼¼¹«Ë¾Synopsys£¬ÇÔÈ¡Á˵¹ú¹¤Òµ¾ÞÍ·²©ÊÀµÄ´óÁ¿Ãô¸Ð¹¤³ÌÊý¾Ý£¬Òý·¢Òµ½ç¶ÔרÓÐÓ²¼þÉè¼ÆÐ¹Â¶µÄÓÇÓô¡£D1RÔÚÆä°µÍøÐ¹Â¶ÍøÕ¾´ó½«²©ÊÀÁÐΪÊܺ¦Õߣ¬²¢ÉèÖÃÁË11ÌìµÄ½»Éæµ¹¼ÆÊ±£¬Í¬Ê±°ä²¼ÁËÊý¾ÝÑù±¾×÷Ϊ×ôÖ¤¡£Ñù±¾ÖÐÔ̺¬Ò»ÕŽÚÔìÆ÷¾ÖÓòÍø£¨CAN£©Óû§ÊÖ²áÊ×Ò³µÄ½ØÍ¼£¬CANºÍ̸ÕýÊDz©ÊÀÓÚ1983Äê×ÔÖ÷Ñз¢²¢ÒѳÉΪÆû³µ¡¢º½¿Õ¼°¹¤Òµ½ÚÔìÁìÓò¿í·ºÑ¡È¡µÄÐÐÒµ³ß¶ÈͨѶºÍ̸¡£¸üÁîÈËÓÇÓôµÄÊÇ£¬¹¥»÷Õß»¹Õ¹Ê¾Á˱»µÁÎļþµÄĿ¼Çåµ¥£¬ÆäÖÐÔ̺¬´óÁ¿.vhdÎļþ£¬ÕâÀàÎļþͨ³£³ÐÔØVHDLÓ²¼þÃèÊö˵»°Ô´´úÂ룬ÓÃÓÚͨ¹ý´úÂëÂß¼­Éè¼ÆÊý×ֵ緺ÍоƬ¡£ÈôÎļþÊôʵ£¬²©ÊÀÔÚÆû³µµç×Ó¡¢¼ÒÓõçÆ÷¼°¹¤ÒµÉ豸µÈÁìÓòÓ²¼þÉè¼ÆµÄµ×²ã¼¼Êõϸ½Ú¿ÉÄÜÃæ¶Ôй¶·çÏÕ£¬¶Ô¾ºÕùµÐÊÖ¼°Ó²¼þ°²È«×êÑÐÈËÔ±¶øÑÔ¾ùÓµÓм«¸ß¼ÛÖµ¡£


https://cybernews.com/security/bosch-synopsys-data-breach-claim/


4. SonicWall SMA1000ÁãÈÕ·ì϶Ôâ»îÔ¾¹¥»÷


7ÔÂ14ÈÕ£¬SonicWall½üÈÕ°ä²¼´¹Î£°²È«²¼¸æ£¬È·ÈÏÍþвÐÐΪÕßÔÚÀûÓÃSMA1000ϵÁÐÉ豸ÖеÄÁ½¸ö¸ßΣÁãÈÕ·ì϶£¨CVE-2026-15409ºÍCVE-2026-15410£©Ö´ÐÐ×Ô¶¯¹¥»÷£¬²¢Ç¿ÁÒ¶½´Ù¿Í»§µ±¼´×°ÖÃ×îÐÂÈȽ¨¸´°æ±¾¡£ÆäÖУ¬CVE-2026-15409ΪSMA1000É豸¹¤×÷³¡Ëù½Ó¿ÚÖеķþÎñÆ÷¶ËÒªÇóαÔ죨SSRF£©·ì϶£¬CVSSÆÀ·Ö´ï10.0£¨ÑϳÁ¼¶£©£¬ÔÊÐíÔ¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÇ¿ÔìÉ豸Ïò·ÇÔ¤ÆÚµØÎ»ÌáÒéÒªÇó£»CVE-2026-15410ÔòÊÇÖÎÀí½ÚÔį̀ÖеÄÉí·ÝÑéÖ¤ºóÊÀÂë×¢Èë·ì϶£¬CVSSÆÀ·ÖΪ7.2£¨¸ßΣ¼¶£©£¬¿ÉÁîÔ¶³Ì¾­ÈÏÖ¤µÄÖÎÀíÔ±Ö´ÐÐËÁÒâ²Ù×÷ϵͳºÅÁֻ¹Ü¸Ã·ì϶±ØÒªÖÎÀíԱȨÏÞ£¬SonicWallÈÔ½«Æä×ۺϷçÏÕÆÀΪ10.0¡£¸Ã¹«Ë¾Òѵ÷²é¶àÆðÊÂÎñ²¢È·ÈÏÁ½¸ö·ì϶¾ù´¦ÓÚ±»»ý¼«ÀûÓÃ״̬£¬µ«ÉÐδй©¹¥»÷ÕßÊÇ·ñ½«¶þÕß´®Áª³É¹¥»÷Á´¡£ÎªÔ®ÊÖÖÎÀíÔ±×Բ飬SonicWallÌṩÁ˶àÏîÈëÇÖÖ¸±ê£¨IOC£©¡£Èô·¢ÏÖÈëÇÖ¼£Ï󣬹«Ë¾½¨Òéµ±¼´³ÁÐÂÓ³ÏñÎïÀíÉ豸»ò³Áв¿ÊðÐé¹¹É豸£¬¸ü»»ËùÓÐЧ»§ºÍÖÎÀíÔ±ÃÜÂë²¢³ÁÖÃTOTPÁîÅÆ¡£SonicWallÃ÷È·°µÊ¾£¬³ý×°ÖÃÈȽ¨¸´·¨Ê½±íÔÝÎÞÆäËû»º½â´ëÊ©¿ÉÓá£


https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/


5. ÐÂÐÍ´¹µö¹¤¾ß°üJaliscoÓëOmegaLordÇ¿ÊÆÀ´Ï®


7ÔÂ14ÈÕ£¬½üÆÚ£¬ÍøÂ簲ȫ×êÑÐÈËÔ±·¢ÏÖÁ½¸ö±ðÀëºÅΪJaliscoºÍOmegaLordµÄÐÂÐÍÍøÂç´¹µö¹¤¾ß°üÕý±»ÓÃÓÚÕë¶ÔMicrosoft 365ÕË»§µÄ´ó¹æÄ£¹¥»÷£¬¶þÕß¾ùѡȡÁËÈÆ¹ý¶à³É·ÖÈÏÖ¤£¨MFA£©µÄÏȽø¼¼Êõ£¬¶ÔÆóÒµºÍÓ×ÎÒÓû§×é³ÉÑϳÁÍþв¡£ÆäÖУ¬Jalisco¹¤¾ß°üÀûÓÃOAuth 2.0É豸ÊÚȨÊÚÓèÁ÷³ÌÖеÄÉ豸´úÂë´¹µö²½Ö裬ͨ¹ýÉç»á¹¤³Ìѧ¼¿Á©ÓÕÆ­Êܺ¦ÕßÔںϷ¨Î¢ÈíµÇÂ¼Ò³ÃæÊäÈë¹¥»÷ÕßÌìÉúµÄÉ豸ÊÚȨÂ룬´Ó¶øÔÚÎÞÐè»ñÈ¡Óû§ÃûºÍÃÜÂëµÄÇé¿öÏÂÖ±½ÓÊÚȨ¹¥»÷Õß½ÚÔìµÄÉ豸½Ó¼ûÖ¸±êÕË»§¡£¸Ã¹¤¾ß°üµÄ¹ÖÒìÖ®´¦ÔÚÓÚ¿ÉÄÜ×Ô¶¯ÊµÊ±ÌìÉúеÄMicrosoft OAuthÉ豸´úÂ룬ÓÐÐ§ÈÆ¹ýÁË΢ÈíΪ½ø¹¥´ËÀ๥»÷¶øÉèÖõÄ15·ÖÖÓ´úÂëÓÐЧÆÚÏÞ¶È£¬Í¬Ê±ÎªÔËÓªÕßÌṩÖÎÀíÃÅ»§£¬±ãÓÚÆä¼¯ÖÐÖÎÀí²¶»ñµÄ»á»°ºÍ±»µÁÕË»§¡£ÓëÖ®Ïà¶Ô£¬OmegaLordÔòѡȡ¸üΪ´«Í³µÄαÔìPDFÔĶÁÆ÷µÇÂ¼Ò³ÃæµÄ·½Ê½£¬ÓÕµ¼Êܺ¦ÕßÊäÈëµç×ÓÓʼþµØÖ·¡¢ÃÜÂë¼°¹ØÁªµç»°ºÅÂ룬¹¥»÷Õß»ñÈ¡ÕâЩÐÅÏ¢ºó¿ÉÀ¹½Ø»ò½Ù³ÖMFAÒªÇóÓëÑéÖ¤Â룬´Ó¶øÈƹýÕË»§µÄ¶þ´ÎÈÏÖ¤±£»¤¡£


https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/


6. ÐéαGitHub¿â·ºÀÄ£¬ÇÔÃÜľÂí½è¡°ÐÅÀµ¡±À©É¢


7ÔÂ14ÈÕ£¬½üÆÚ£¬ÍøÂ簲ȫ¹«Ë¾Arctic Wolf·¢ÏÖÁËÒ»³¡´ó¹æÄ£¶ñÒâ¹¥»÷»î¶¯£ºÍþвÐÐΪÕß´´½¨ÁËÖÁÉÙ292¸öÐéαGitHub´úÂë¿â£¬¼ÙÒâºÏ·¨µÄÈí¼þºÍ°²È«ÏîÄ¿£¬ÀûÓÃÓû§¶Ô³ÛÃûÆ·ÅÆµÄÐÅÀµ´«²¼ÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ¡£ÕâЩαÔì²Ö¿âº­¸ÇÁ˰²È«²úÆ·¡¢¼ÓÃÜÇ®±Ò·þÎñ¡¢½ðÈÚ¹¤¾ß¡¢¿ª·¢Õß¹¤¾ß¡¢°²È«µç×ÓÓʼþÌṩÉÌ¡¢macOS¹¤¾ß¼°ÓÎÏ·Èí¼þµÈ¶à¸öÈȵãÁìÓò£¬Í¨¹ýËÑË÷ÒýÇæÓÅ»¯ºÍ¶¨ÏòÒýÁ÷ÎüÒýDZÔÚÊܺ¦Õß¡£Ã¿¸öÐéα²Ö¿â¾ùÔ̺¬READMEÎļþ£¬ÄÚÖÃÏÂÔØÁ´½Ó½«½Ó¼ûÕßÊèµ¼ÖÁ¾«ÐÄÉè¼ÆµÄ¶ñÒâ׎ҳ£¬¸ÃÒ³ÃæÊ¹Óá°ÏÂÔØ°²È«ÄÚÈÝ¡±µÅ×ÕÈ˰´Å¥ºÍαÔìµÄÐÅÀµ»ÕÕ£¬ËùÓзÂÃ°Æ·ÅÆ¹²ÏíͳһÌ×Ä£°å»¯µÄHTML/JS´úÂ룬¿Í»§¶Ë¾ç±¾Í¨¹ý½âÎöURLõè¾¶¶¯Ì¬ÌìÉú¿´ËÆ¿ÉÐŵį·ÅƱêʶ¡£Óû§µã»÷ÏÂÔØºó£¬»á»ñµÃÒ»¸öԼÿ·ÖÖÓ¸ü¸ÄÒ»´ÎÃû³ÆºÍÔØºÉµÄ´óÐÍZIPѹËõ°ü£¬ÄÚº¬±»Ö²ÈëºóÃŵÄlibcurl.dllÎļþºÍÒ»¸öºÏ·¨µÄ¡¢ÒÑÊðÃûµÄWinGUP¸üз¨Ê½£¨ÎļþÃûËæ¼ÙÒâ²úÆ·±ä¶¯£©¡£µ±¿ÉÖ´ÐÐÎļþÔËÐУ¬gup.exe±ã»á²àÔØ¶ñÒâlibcurl.dll£¬ºóÕßÔÚÄÚ´æÖнâÂë²¢·´ÉäÖ´ÐÐǶÈëʽÐÅÏ¢ÇÔÈ¡·¨Ê½£¬¾­·ÖÎöΪBoryptGrab¼Ò×åµÄÒ»¸ö±äÖÖ¡£


https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/