½¿ÔÏÊ«ÔâEverestÀÕË÷Èí¼þ¹¥»÷ÖÂ60Íò¿Í»§Êý¾Ýй¶

°ä²¼¹¦·ò 2025-09-17

1. ½¿ÔÏÊ«ÔâEverestÀÕË÷Èí¼þ¹¥»÷ÖÂ60Íò¿Í»§Êý¾Ýй¶


9ÔÂ15ÈÕ £¬ÀÕË÷Èí¼þ¼¯ÍÅEverestÐû³Æ¶Ô·¨¹úÉݳ޻¤·ôÆ·¾ÞÍ·½¿ÔÏÊ«¼¯ÍÅÌáÒé¹¥»÷ £¬²¢½«ÆäÊý¾ÝÉÏ´«ÖÁ°µÍø²©¿Í¡£¸ÃÍÅ»ïÐû³Æ»ñÈ¡Á˽¿ÔÏÊ«³¬¹ý60ÍòÃû¿Í»§µÄ¾ßÌåÐÅÏ¢ £¬Éæ¼°ÃÀ¹ú¡¢·¨¹ú¡¢¼ÓÄôóµÈµØÓò £¬Êý¾ÝÔ̺¬ÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢µØÖ·¡¢µç»°ºÅÂë¡¢µç×ÓÓʼþµØÖ·¼°»¤·ôÆ·/»¯×±Æ·²É°ìº¹ÇàµÈÃô¸ÐÄÚÈÝ¡£½¿ÔÏÊ«×÷Ϊ×ܲ¿Î»ÓÚ°ÍÀèµÄÉÝ»ª»¤·ôÆ·Ôì×÷ÉÌ £¬ÄêÊÕÈëÔ¼20ÒÚÅ·Ôª £¬Ô±¹¤¹æÄ£Ô¼8000ÈË £¬ÔÚÅ·ÃÀÊг¡Õ¼¾Ý³ÁҪְλ¡£¾ÝCybernewsÍŶӵ÷²é £¬EverestÔÚ°µÍø°ä²¼µÄÌû×Ó½öÔ̺¬²¿ÃÅÊý¾Ý½ØÍ¼×÷Ϊ֤¾Ý £¬Î´ÌṩÆëÈ«Ñù±¾ £¬µ«Ñù±¾Êý¾ÝÒÉËÆÀ´×Ô½¿ÔÏÊ«·ÖÆçµØÓòµÄÔÚÏßÉ̵ê¡£×êÑÐÈËÔ±Ö¸³ö £¬´ËÀà´ó¹æÄ£Ó×ÎÒÉí·ÝÐÅÏ¢¿ÉÄܱ»ÓÃÓÚÍøÂç´¹µö¡¢À¬»øÓʼþ¹¥»÷ £¬»ò×÷ΪÉí·Ý͵ÇԵŤ¾ß¡£


https://cybernews.com/security/clarins-user-data-breach-everest/


2. Phoenix RowHammer¹¥»÷ÔÚ109ÃëÄÚÈÆ¹ý¸ß¼¶DDR5ÄÚ´æ±£»¤


9ÔÂ16ÈÕ £¬ËÕÀèÊÀÁª¹úÀí¹¤Ñ§ÔºÓë¹È¸è½áºÏ×êÑз¢ÏÖ £¬Õë¶ÔSK Hynix DDR5ÄÚ´æÐ¾Æ¬µÄÐÂÐÍRowHammer¹¥»÷±äÖÖ"Phoenix"£¨CVE-2025-6202 £¬CVSSÆÀ·Ö7.1£©ÒÑÍ»ÆÆÏÖÓзÀ»¤»úÔì¡£¸Ã¹¥»÷ͨ¹ý·´¸´½Ó¼ûÌØ¶¨ÄÚ´æÐд¥·¢ÏàÁÚÐÐλ·­×ª £¬¿ÉÔÚ109ÃëÄÚʵÏֳ߶ÈDDR5×ÀÃæÏµÍ³µÄrootȨÏÞÌáÉý £¬Ó°ÏìÁìÓò¸²¸Ç2021-2024Äê³ö²úµÄ15¿îDDR5оƬ¡£×êÑÐ֤ʵ £¬Ö»¹ÜDDR5ÄÚÖÃÆ¬ÉÏECC¾À´íºÍTRRÖ¸±êÐÐˢеȷÀ»¤´ëÊ© £¬ÈÔÎÞ·¨ÓÐЧÕмÜPhoenix¹¥»÷¡£¹¥»÷Õß¿Éͨ¹ýλ·­×ª·ÛËéSSHÉí·ÝÑéÖ¤£¨ÈçÇÔȡͬµØÐé¹¹»úRSA-2048ÃÜÔ¿£©»òÀûÓÃsudo¶þ½øÔìÎļþÌáȨ¡£³¢ÊÔÏÔʾ £¬ECCºÍTRRµÈ´«Í³·ÀÓù¼¿Á©¶ÔSMASH¡¢Half-DoubleµÈ¸´ÔÓ¹¥»÷ͬÑùʧЧ £¬¶øPhoenix¸ü³õ´ÎÔÚ³ö²ú¼¶DDR5ϵͳʵÏֶ˵½¶ËÌáÈ¨ÊÆÓá£×êÑÐÍŶÓÖ¸³ö £¬DRAMÃܶÈÀ©´óµ¼ÖÂÉè±¸ÌØµã³ß´çËõÓ× £¬·´¶ø½µµÍÁË´¥·¢RowHammerËùÐèµÄ¼¤»î´ÎÊý £¬Ê¹ÐÂÐÍоƬ¸üÒ×Êܹ¥»÷¡£·ìϼûô¸ÐÐÔÉæ¼°Î¶ȡ¢µçѹ¡¢¹¤Òձ䶯¡¢Êý¾ÝģʽµÈ¶àά¶È±äÁ¿¡£×÷ΪӦ¶Ô £¬½¨Ò齫ÄÚ´æË¢ÐÂÂÊÌáÉýÖÁ3±¶ÒÔ×èֹλ·­×ª¡£


https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html


3. SlopAds£ºÈ«ÇòAndroid¸æ°×ڲƭÐж¯±»¸æ·¢²¢´ì°Ü


9ÔÂ16ÈÕ £¬ÃûΪ"SlopAds"µÄ´ó¹æÄ£Android¸æ°×ڲƭÐж¯±»HUMANµÄSatoriÍþвµý±¨ÍŶӸ淢²¢´ì°Ü¡£¸ÃÐж¯Í¨¹ýGoogle PlayÉϵÄ224¸ö¶ñÒâÀûÓÃÖ´ÐÐ £¬ÖðÈÕÌìÉú23Òڴθæ°×ÒªÇó £¬ÀÛ¼ÆÏÂÔØÁ¿³¬3800Íò´Î £¬¸²¸ÇÈ«Çò228¸ö¹ú¶È¼°µØÓò £¬ÆäÖÐÃÀ¹úÒÔ30%µÄ¸æ°×չʾÁ¿¾ÓÊ× £¬Ó¡¶ÈºÍ°ÍÎ÷·ÖÁжþ¡¢Èýλ¡£SlopAdsѡȡ¶à²ã¶ã±ÜÕ½Êõ £¬ÀûÓûìºÏºÍÒþдÊõ°µ²Ø¶ñÒâÐÐΪ £¬ÌÓ±ÜGoogleÉóºË¼°°²È«Èí¼þ¼ì²â¡£ÈôÓû§Í¨¹ýÌìÈ»õè¾¶×°ÖÃÀûÓà £¬Æä²û·¢ÈçͨÀýÀûÓ㻵«Èôͨ¹ýÍþвÕ߸æ°×»î¶¯×°Öà £¬Ôò´¥·¢¶ñÒâÄ£¿éÏÂÔØ¡£ÀûÓÃÀûÓÃFirebase Remote Config»ñÈ¡¼ÓÃÜÅäÖÃÎļþ £¬Ô̺¬¸æ°×ڲƭÄ£¿é¡¢ÌáÏÖ·þÎñÆ÷¼°JavaScript¸ºÔØURL £¬²¢ÑéÖ¤É豸ÊÇ·ñΪºÏ·¨Óû§ËùÓÐ £¬Ô¤·À±»×êÑÐÈËÔ±»ò°²È«Èí¼þ·ÖÎö¡£Ò»µ©Í¨¹ý²é³­ £¬ÀûÓÃÏÂÔØËÄÕź¬ÒþдÊõµÄPNGͼÏñ £¬½âÃܳÁ×éΪ"FatModule"¶ñÒâÈí¼þ¡£¼¤»îºó £¬¸ÃÈí¼þͨ¹ý°µ²ØµÄWebViewsÍøÂçÉ豸ÐÅÏ¢ £¬µ¼º½ÖÁ¹¥»÷Õß½ÚÔìµÄڲƭÓò £¬ÖðÈÕ²úÉú³¬20ÒÚ´Îڲƭ¸æ°×չʾ¼°µã»÷ £¬Îª¹¥»÷Õß´´Ôì·¸·¨ÊÕÈ롣Ŀǰ £¬GoogleÒÑ´ÓPlay StoreÒÆ³ýËùÓÐSlopAdsÀûÓà £¬²¢¸üÐÂPlay ProtectÖ°ÄÜ £¬ÖÒ¸æÓû§Ð¶ÔØÉ豸ÉϵĶñÒâÀûÓá£


https://www.bleepingcomputer.com/news/security/google-nukes-224-android-malware-apps-behind-massive-ad-fraud-campaign/


4. npm¹©¸øÁ´Ôâ´ó¹æÄ£ÈëÇÖ £¬187¸ö°ü±»Ä¾Âí»¯


9ÔÂ16ÈÕ £¬½üÈÕ £¬Ò»³¡ÃûΪ"Shai-Hulud"µÄЭͬÈä³æÊ½¹©¸øÁ´¹¥»÷ÔÚnpmƽ̨·¢×÷ £¬ÖÁÉÙ187¸öÈí¼þ°üÔâÈëÇÖ²¢Ö²Èë×Ô´«²¼¶ñÒâ¸ºÔØ¡£¸Ã¹¥»÷ʼÓÚ@ctrl/tinycolor°ü£¨ÖÜÏÂÔØÁ¿³¬200Íò´Î£© £¬ËæºóѸËÙÀ©´óÖÁCrowdStrikeµÈ³ÛÃûÆóÒµµÄnpm¶¨Ãû¿Õ¼ä £¬ÐγɿçÊØ»¤ÕßµÄ×Ô¶¯Ä¾Âí»¯´«²¼Á´¡£¹¥»÷»úÔìÏÔʾ £¬¶ñÒâÈí¼þͨ¹ýÅú¸Äpackage.jsonÎļþ×¢Èëbundle.js¾ç±¾ £¬ÀûÓÃTruffleHog¹¤¾ßɨÃèÖ÷»úÁîÅÆºÍÔÆÆ¾Ö¤ £¬ÑéÖ¤ºó´´½¨GitHub Actions¹¤×÷Á÷ £¬½«Ãô¸ÐÊý¾Ýй¶ÖÁÓ²±àÂëwebhook¶Ëµã¡£ÕâÖÖ"×ÔÎÒ×ÌÉú"¸öÐÔʹ¹¥»÷ÄÜ×Ô¶¯Ï°È¾Í³Ò»ÊØ»¤ÕߵįäËûÈí¼þ°ü £¬Ðγɼ¶ÁªÐ§Ó¦¡£ÊÜÓ°ÏìÆóÒµ·½Ãæ £¬CrowdStrikeѸËÙɾ³ý¶ñÒâ°ü²¢ÂÖ»»ÃÜÔ¿ £¬Ç¿µ÷ÆäÖ÷ÌâÆ½Ì¨Î´ÊÜÓ°Ï죻¹È¸èGemini CLIËäÔ´´úÂ밲ȫ £¬µ«Óû§Ðè²é³­×°Öû·¾³¡£ÊÂÎñ¶³ö³öÏÖ´úÈí¼þ¹©¸øÁ´µÄ´àÈõÐÔ £¬µ¥¸öÊØ»¤ÕßÕË»§Ð¹Â¶¼´¿É²¨¼°Êý°ÙÏîÄ¿¡£


https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/


5. ÐÂÐÍFileFix¹¥»÷ÀûÓÃÒþдÊõÖ²ÈëStealC¶ñÒâÈí¼þ


9ÔÂ16ÈÕ £¬½üÈÕ £¬Acronis·¢ÏÖÒ»ÖÖÃûΪFileFixµÄÐÂÐÍÉç»á¹¤³Ì¹¥»÷ £¬¸Ã¹¥»÷¼ÙÒâMetaÕË»§ÔÝÍ£ÖÒ¸æ £¬Í¨¹ý¾«ÐÄÉè¼ÆµÄÍøÂç´¹µöÒ³ÃæÓÕÆ­Óû§½«¶ñÒâPowerShellºÅÁîÕ³ÌùÖÁÎļþ×ÊÔ´ÖÎÀíÆ÷µØÖ·À¸ £¬´Ó¶øÔÚ²»ÖªÇéµÄÇé¿öÏÂ×°ÖÃStealCÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ¡£¹¥»÷Á÷³ÌÏÔʾ £¬´¹µöÒ³Ãæ»áÌáÐÑÓû§µã»÷¡°¸´Ô족°´Å¥»ñÈ¡¿´ËÆÎļþõè¾¶µÄ¡°ÊÂÎñ»ã±¨¡± £¬ÏÖʵ¸´ÔìµÄÊÇÔö³¤Á˿ոñµÄ¶ñÒâPowerShellºÅÁî¡£µ±Óû§½«´ËºÅÁîÕ³ÌùÖÁÎļþ×ÊÔ´ÖÎÀíÆ÷µØÖ·À¸Ê± £¬½öÏÔʾÎļþõè¾¶ £¬°µ²ØµÄ¶ñÒâºÅÁîÔò±»Ö´ÐС£¸ÃºÅÁî»á´ÓBitbucketÏÂÔØ°µ²ØÔÚJPGͼÏñÖеĵڶþ½×¶Î¾ç±¾ £¬Í¨¹ýÒþдÊõÌáÈ¡²¢½âÃÜÄÚ´æÖеÄÓÐÐ§ÔØºÉ £¬×îÖÕ²¿ÊðStealC¶ñÒâÈí¼þ¡£StealC¿ÉÇÔÈ¡Óû§É豸ÖеÄÃô¸ÐÊý¾Ý £¬Ô̺¬Chrome¡¢FirefoxµÈä¯ÀÀÆ÷µÄƾ֤ºÍÉí·ÝÑéÖ¤cookie £¬Discord¡¢TelegramµÈͨѶÀûÓÃµÄÆ¾Ö¤ £¬±ÈÌØ±Ò¡¢ÒÔÌ«·»µÈ¼ÓÃÜÇ®±ÒÇ®°üÐÅÏ¢ £¬AWS¡¢AzureµÈÔÆÆ¾Ö¤ £¬ÒÔ¼°ProtonVPN¡¢Battle.netµÈVPNºÍÓÎÏ·ÀûÓÃÊý¾Ý £¬Í¬Ê±¾ß±¸½ØÈ¡»î¶¯×ÀÃæÆÁÄ»½ØÍ¼µÄÄÜÁ¦¡£


https://www.bleepingcomputer.com/news/security/new-filefix-attack-uses-steganography-to-drop-stealc-malware/


6. °¢À­Ë¹¼ÓANHCÊý¾Ýй¶ £¬Ó°Ïì6ÍòÃû»¼Õß


9ÔÂ16ÈÕ £¬°¢À­Ë¹¼ÓÖݰ²¿ËÀׯæÉçÇø½¡¿µÖÐÐÄ£¨ANHC£©½üÈÕÔâ·ê´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ £¬ºÚ¿Í×éÖ¯Ðû³ÆÒÑй¶6Íò·Ý»¼Õ߼ͼ¡£ÃÀ¹úÁª¹úµ÷²é¾Ö£¨FBI£©°²¿ËÀ×Ææ´¦Ê´¦ÒѰÑÎȵ½¸ÃÖ¸¿Ø £¬²¢°µÊ¾½«¶Ëׯ¶Ô´ý´ËÀàÊÂÎñ £¬µ«Æ¾¾ÝÕþ²ßÎÞ·¨Ð¹Â©µ÷²éϸ½Ú¡£ANHC¹ÙÍøÖ¤ÊµÍøÂç´æÔÚ°²È«ÊÂÎñ £¬ÒÑÆô¶¯È¡Ö¤µ÷²é²¢ÏÂÏßÊÜÓ°Ïìϵͳ £¬Í¬Ê±ÓëµÚÈý·½ÍøÂ簲ȫר¼ÒºÏ×÷ £¬²¢Í¨Öª·¨Âɲ¿ÃÅ¡£ÊÂÎñÓ°Ïì·½Ãæ £¬»¼ÕßÒÁÀöɯ°×й©ÆäÓ×ÎÒÐÅÏ¢£¨Ô̺¬Éç±£ºÅ¡¢µØÖ·¡¢µç»°µÈ£©±»ºÚ¿Íͨ¹ýµç×ÓÓʼþÖ±½Óй¶¡£ANHC»ØÓ¦³ÆÒÑÏòÊÜÓ°Ï컼ÕßÌṩÃâ·ÑÐÅÓþ¼à¿ØºÍÉí·Ý±£»¤·þÎñ £¬²¢³ÐŵһÄêºó³ÖÐøÌṩÉí·Ý͵ÇÔ±£»¤ £¬µ«²¿ÃÅ»¼Õß·´Ó³»ñÈ¡·þÎñÐè×Ô¶¯ÕùÈ¡¡£°¢À­Ë¹¼ÓÐÂÎÅÔ´¡¢Öݹ«¹²°²È«ÊýµÈ¶à·½ÒÑÊÕµ½ºÚ¿ÍÓʼþ¸±±¾ £¬ANHC»¹Òâʶµ½Î´¾­ÊÚȨ·½ÁªÏµÁËÉçÇø²¿ÃÅÓ×ÎÒ¡£


https://www.alaskasnewssource.com/2025/09/16/fbi-aware-anchorage-health-clinic-data-breach-hackers-claim-60k-patients-impacted/