ShadowLeak¹¥»÷£ºChatGPT·þÎñÆ÷¶ËÊý¾ÝÇÔÈ¡µÄÐÂÍþв

°ä²¼¹¦·ò 2025-09-22

1. ShadowLeak¹¥»÷£ºChatGPT·þÎñÆ÷¶ËÊý¾ÝÇÔÈ¡µÄÐÂÍþв


9ÔÂ18ÈÕ £¬Radware×êÑÐÈËÔ±·¢ÏÖÃûΪShadowLeakµÄÐÂÐ͹¥»÷ £¬ÀûÓÃChatGPTµÄDeep Research´úÀíʵÏÖÁãµã»÷·þÎñÆ÷¶ËÊý¾ÝÇÔÈ¡¡£¸Ã¹¥»÷ͨ¹ý¾«ÐÄÉè¼ÆµÄµç×ÓÓʼþÖаµ²ØHTMLÖ¸Áî £¬ÔÚÓû§ÎÞ²Ù×÷»ò¿É¼û½çÃæÌáÐѵÄÇé¿öÏ £¬´¥·¢´úÀí´ÓGmailÊÕ¼þÏäÌáÈ¡Ó×ÎÒÉí·ÝÐÅÏ¢£¨PII£©²¢¾²Ä¬·¢ËÍÖÁ¹¥»÷Õß½ÚÔìµÄ·þÎñÆ÷¡£Çø±ðÓÚÒÀÀµ¿Í»§¶ËͼÏñäÖȾµÄ¿Í»§¶Ë¹¥»÷ £¬ShadowLeakÖ±½Ó´ÓOpenAIÔÆ»ù´¡Éèʩй¶Êý¾Ý £¬Ê¹ÆóÒµ·ÀÓùϵͳÄÑÒÔ¼ì²â £¬Óû§ÒàÎÞ¸ÐÖª¡£Deep ResearchÔÊÐíChatGPT×ÔÖ÷ä¯ÀÀÍøÒ³5-30·ÖÖÓÌìÉú¾ßÌå»ã±¨ £¬²¢ÓëGmailµÅצÓü¯³É¡£¹¥»÷Á÷³ÌÖÐ £¬¹¥»÷Õß·¢ËÍÔ̺¬Éç»á¹¤³ÌÕ½ÊõµÄÓʼþ £¬´úÀí¶ÁÈ¡¶ñÒâÄÚÈݺóÖ´Ðаµ²ØÖ¸Áî £¬½«PII×¢Èë¹¥»÷ÕßURL £¬ÊµÏÖ¾²Ä¬Êý¾ÝÉøÈë¡£¸Ã¹¥»÷²»½öÏÞÓÚGmail £¬ÈκÎDeep ResearchÏÎ½ÓÆ÷¾ù¿É³ÉÎªÔØÌå £¬¹¥»÷Õß¿ÉÇÔÈ¡ºÏͬ¡¢»áÒé¼Í¼µÈÃô¸ÐÊý¾Ý¡£·þÎñ¶Ë¹¥»÷·çÏÕ¸ü¸ß £¬ÒòÊý¾Ýй¶Դ×ÔÌṩÉÌ»ù´¡ÉèÊ© £¬ÆóÒµÎÞ·¨Í¨¹ý¿Í»§¶Ë·À»¤À¹½Ø £¬ÇÒ´úÀí×÷Ϊ¿ÉÐÅÖнé¿ÉÈÆ¹ýURLÏÞ¶È £¬½«Êý¾Ýµ¼³öÖÁËÁÒâÖ÷ÕŵØ¡£


https://securityaffairs.com/182334/hacking/shadowleak-radware-uncovers-zero-click-attack-on-chatgpt.html


2. ¶íºÚ¿Í×éÖ¯GamaredonÓëTurlaÁªÊÖ¹¥»÷ÎÚ¿ËÀ¼


9ÔÂ19ÈÕ £¬Ë¹Âå·¥¿ËÍøÂ簲ȫ¹«Ë¾ESETÅû¶ £¬¶íÂÞ˹ºÚ¿Í×éÖ¯GamaredonÓëTurla×Ô2025ÄêÆðÔÚÎÚ¿ËÀ¼·¢Æð½áºÏ¹¥»÷ £¬Í¨¹ý¹¤¾ßÁ´Ð­Í¬²¿ÊðºóÃÅ·¨Ê½¡£ESET¹Û²ìµ½ £¬2025Äê2Ô £¬GamaredonµÄPteroGraphin¹¤¾ßÔÚÎÚ¿ËÀ¼¶Ëµã³ÁÆôTurlaµÄKazuar v3ºóÃÅ £¬ÓÃÓÚ¸´Ô­±ÀÀ£»òδ×Ô¶¯Æô¶¯µÄ¶ñÒⷨʽ£»4ÔºÍ6Ô £¬PteroOddºÍPteroPaste¹¤¾ß½øÒ»²½²¿ÊðKazuar v2 £¬Ðγɡ°³õʼ½Ó¼û-ÔØºÉͶµÝ-ºóÃÅÖ²È롱µÄÆëÈ«¹¥»÷Á´¡£Á½¸ö×éÖ¯¾ùÓë¶íÂÞ˹Áª¹ú°²È«¾Ö£¨FSB£©¹ØÁª£ºGamaredon£¨±ðºÅAqua Blizzard£©×Ô2013ÄêÆðÖØÒªÕë¶ÔÎÚ¿ËÀ¼µ±¾Ö»ú¹¹£»Turla£¨±ðºÅVenomous Bear£©×Ô2004Äê»îÔ¾ £¬ÉÆÓÚ¼äµý»î¶¯¡£Õâ´ÎºÏ×÷ÖÐ £¬GamaredonÌṩ³õʼ½Ó¼ûȨÏÞ £¬TurlaÔòͨ¹ýKazuarºóÃÅÍøÂçϵͳÐÅÏ¢ £¬²¢Í¨¹ýCloudflare Workers×ÓÓò»ò¼Ù×°³ÉESETºÏ·¨ÎļþµÄÓòÃû´«ÊäÊý¾Ý¡£¹¥»÷Á´ÏÔʾ £¬GamaredonÀûÓÃPteroGraphinºÍPteroOddÏÂÔØÆ÷ £¬´ÓTelegraph API»ñÈ¡ÓÐÐ§ÔØºÉÖ´ÐÐKazuar¡£2025Äê1ÔÂÖÁ6Ô £¬ÎÚ¿ËÀ¼¹²7̨»úе¼ì²âµ½TurlaÓйØÖ¸±ê £¬ÆäÖÐ4̨ÓÚ1Ô±»Gamaredon¹¥ÆÆ £¬2Ôµײ¿ÊðKazuar v3¡£


https://thehackernews.com/2025/09/russian-hackers-gamaredon-and-turla.html


3. ¶íÂÞ˹ÀÕË÷Èí¼þÍŶÓÀûÓÃCountLoaderÀ©´ó¹¥»÷ÁìÓò


9ÔÂ18ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±·¢ÏÖÒ»¿î´úºÅΪ¡°CountLoader¡±µÄÐÂÐͶñÒâÈí¼þ¼ÓÔØÆ÷ £¬Òѱ»¶íÂÞ˹ÀÕË÷Èí¼þÍŻÈçLockBit¡¢Black Basta¡¢Qilin£©ÓÃÓÚͶ·ÅºóÐøÉøÈ빤¾ß£¨Cobalt Strike¡¢AdaptixC2£©¼°¡°PureHVNC RAT¡±Ô¶³Ì½Ó¼ûľÂí¡£¸Ã¼ÓÔØÆ÷´æÔÚ.NET¡¢PowerShellºÍJavaScriptÈý¸ö°æ±¾ £¬Í¨¹ýαÔìÎÚ¿ËÀ¼¹ú¶È¾¯Ô±¾ÖÉí·ÝµÄ´¹µöPDFÎļþ¹¥»÷ÎÚ¿ËÀ¼Ó×ÎÒÓû§ £¬ÆäPowerShell°æ±¾ÔøÍ¨¹ýÓëDeepSeekÓйصĵö¶üÎļþ´«²¼ £¬×îÖÕ²¿Êð¡°BrowserVenom¡±Ö²È뷨ʽÒÔ²Ù¿ØÍøÂçÁ÷Á¿²¢ÍøÂçÊý¾Ý¡£CountLoaderÖ°ÄÜ׳´ó£ºJavaScript°æ±¾Ö§³ÖÁùÖÖÎļþÏÂÔØ·½Ê½ºÍÈýÖÖ¶ñÒâÈí¼þÔËÐв½Öè £¬¿ÉÍøÂçϵͳÐÅÏ¢²¢´´½¨¼Ù×°³É¹È¸èChrome¸üй¤×÷µÄ´òË㹤×÷ʵÏÖÓÆ¾Ã»¯£»ÆäÀûÓá°ÒôÀÖÎļþ¼Ó×±×÷Ϊ¶ñÒâÈí¼þÔÝ´æÇø £¬.NETÓëJavaScript°æ±¾ËäÖ°ÄܳÁµþ £¬µ«½öÖ§³ÖÁ½ÖÖºÅÁîÀàÐÍ £¬Êô¾«¼ò°æ¡£¸Ã¼ÓÔØÆ÷ÒÀ¸½20Óà¸öÓòÃûµÄ»ù´¡ÉèÊ©ÔËÐÐ £¬Ö÷Ìâ×÷Ϊ´«Êäͨ·Ͷ·ÅºóÐø¶ñÒâÈí¼þ¡£


https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html


4. ¿ÂÁÖ˹ÓÔâÍøÂç¹¥»÷ÖÂÅ·ÖÞ¶à»ú³¡ÏµÍ³Ì±»¾


9ÔÂ20ÈÕ £¬ÃÀ¹úº½¿Õ¼¼Êõ¾ÞÍ·¿ÂÁÖ˹Ó£¨´ÓÊôRTX¼¯ÍÅ £¬Ç°ÉíΪÀ×Éñ¼¼Êõ¹«Ë¾£©Ôâ·êÍøÂç¹¥»÷ £¬µ¼ÖÂÆäMuseÈí¼þϵͳ¹ÊÕÏ £¬Òý·¢Å·ÖÞÈý´óÊàŦ»ú³¡¡ª¡ªÂ×¶ØÏ£Ë¼ÂÞ¡¢²¼Â³Èû¶ûºÍ°ØÁÖ»ú³¡µÄµÇ»úÓëÖµ»úÏµÍ³È«ÃæÖжÏ¡£Õâ´ÎÊÂÎñÔì³É´ó¹æÄ£º½°àÑÓÎó¼°È¡µÞ £¬ÆÈʹº½¿Õ¹«Ë¾ÆôÓÃÈËΪ²Ù×÷ģʽ £¬ÊýǧÃû´î¿ÍÖÍÁô»ú³¡ÊýÓ×ʱ £¬Áжӳ¤ÁúÊæÕ¹ÖÁº½Õ¾Â¥±í¡£¿ÂÁÖ˹×÷Ϊº½¿Õµç×ÓÉ豸¡¢ÄÚÊμ°¹¤×÷ϵͳµÄÖ÷Ì⹩¸øÉÌ £¬ÆäMuseÈí¼þÖ§³Ö×ÅÅ·ÖÞ¶à»ú³¡µÄµç×ÓÖµ»úÓëÐÐÀîÍÐÔËÁ÷³Ì¡£¹¥»÷²úÉúºó £¬RTX¼¯ÍŰ䷢ÉêÃ÷³ÆÎÊÌâ½öÏÞÓÚµç×Ó·þÎñ £¬¿Éͨ¹ýÈËΪֵ»ú»º½â £¬²¢Ç¿µ÷ÕýÈ«Á¦½¨¸´ÏµÍ³¡£È»¶ø £¬²¼Â³Èû¶û»ú³¡ÖÒ¸æ³Æ¹¥»÷Ó°Ï콫³ÖÐøÖÁÖÜÁù £¬°ØÁÖ»ú³¡ºò»ú¹¦·òÏÔÖøµ¢¸é £¬Ï£Ë¼ÂÞ»ú³¡ÔòºôÓõ´î¿Í³öÐÐǰȷÈϺ½°à״̬¡£¾Ýº½¿ÕÊý¾ÝÉÌCiriumͳ¼Æ £¬Èý»ú³¡ÀÛ¼ÆÈ¡µÞ29¸öº½°à £¬ÖÜÁùÏÖʵÔËÓªº½°àÁ¿±ðÀëΪ651¼Ü´Î£¨Ï£Ë¼ÂÞ£©¡¢228¼Ü´Î£¨²¼Â³Èû¶û£©ºÍ226¼Ü´Î£¨°ØÁÖ£©¡£Å·ÃËίԱ»á½²»°È˰µÊ¾ £¬Ä¿Ç°ÎÞÖ¤¾ÝÏÔʾÕâ´ÎΪ¡°´ó¹æÄ£ÑϳÁÏ®»÷¡± £¬ÆðÒòÈÔÔÚµ÷²éÖС£


https://securityaffairs.com/182363/hacking/a-cyberattack-on-collins-aerospace-disrupted-operations-at-major-european-airports.html


5. CISAÖÒ¸æÀûÓÃIvanti EPMM·ì϶²¿Êð¶ñÒâÈí¼þ


9ÔÂ20ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©°ä²¼¼¼Êõ»ã±¨ £¬½ÒʾÕë¶ÔIvanti Endpoint Manager Mobile£¨EPMM£©Èí¼þµÄCVE-2025-4427£¨Éí·ÝÑéÖ¤ÈÆ¹ý·ì϶ £¬CVSSÆÀ·Ö5.3£©ºÍCVE-2025-4428£¨Ô¶³Ì´úÂëÖ´Ðзì϶ £¬CVSSÆÀ·Ö7.2£©µÄ¶ñÒâ¹¥»÷ϸ½Ú¡£¹¥»÷Õßͨ¹ý´®ÁªÕâÁ½¸ö·ì϶ʵÏÖÎÞÐèÈÏÖ¤µÄÔ¶³Ì´úÂëÖ´ÐÐ £¬ÈëÇÖijδ¾ßÃû×éÖ¯ÍøÂç²¢²¿ÊðÁ½×é¶ñÒâÈí¼þ¡£µÚÒ»×é¶ñÒâÈí¼þÀûÓüÙ×°³ÉApache×é¼þµÄReflectUtil.class¼ÓÔØÆ÷ £¬½«SecurityHandlerWanListener¼àÌýÆ÷×¢ÈëTomcat·þÎñÆ÷ £¬Í¨¹ýÀ¹½ØÌض¨HTTPÒªÇó½âÃܰµ²ØµÄÓÐЧ¸ºÔØ £¬¶¯Ì¬´´½¨JavaÀàÒÔÖ´ÐÐËÁÒâ´úÂ롢ά³ÖÓÆ¾ÃÐÔ²¢ÇÔÈ¡Êý¾Ý¡£µÚ¶þ×éÔò¼Ù×°³ÉMobileIron·þÎñµÄWebAndroidAppInstaller.class¼ÓÔØÆ÷ £¬Í¨¹ýÀ¹½Ø±íµ¥±àÂëµÄHTTPÒªÇó £¬Ê¹ÓÃÓ²±àÂëAESÃÜÔ¿½âÃܲÎÊý²¢Ö´ÐжñÒâ´úÂë £¬ÊµÏÖϵͳÊÕÊÜ¡£Ivanti¹«Ë¾ÒÑÓÚ5ÔÂÖÐÑ®½¨¸´·ì϶ £¬²¢È·ÈÏ·ì϶ԴÓÚµÚÈý·½¿ªÔ´¿â¶ø·Ç×ÔÉí´úÂë¡£CISA·ÖÎöÏÔʾ £¬¹¥»÷Õßͨ¹ý/mifs/rs/api/v2/¶ËµãÖ´ÐкÅÁî £¬½øÐÐϵͳÊý¾ÝÍøÂç¡¢¶ñÒâÈí¼þÏÂÔØ¡¢ÍøÂçÓ³Éä¼°LDAPÍ´´¦ÇÔÈ¡ £¬²¢Í¨¹ý/tmpĿ¼дÈë¶ñÒâÎļþά³ÖÓÆ¾ÃÐÔ¡£


https://securityaffairs.com/182350/malware/cisa-warns-of-malware-deployed-through-ivanti-epmm-flaws.html


6. ¼ÓÄôó»Ê¼ÒÆï¾¯ÆÆ»ñÊ×Àý¼ÓÃÜÇ®±ÒÂòÂôËù¹Ø¹Ø°¸


9ÔÂ20ÈÕ £¬¼ÓÄôó»Ê¼ÒÆï¾¯£¨RCMP£©Æ¾¾ÝÅ·ÖÞÐ̾¯×éÖ¯ÌṩµÄÏßË÷ £¬½áºÏÏ´Ç®µ÷²é×飨MLIT£©¶ÔרһÓÚÒþÖÔÂòÂôµÄÓ×ÐͼÓÃÜÇ®±Òƽ̨TradeOgre·¢Õ¹×¨ÏîÐж¯ £¬×îÖճɹ¦¹Ø¹Ø¸ÃÂòÂôËù²¢²é»ñ³¬¹ý4000ÍòÃÀÔª×ʽ𠣬¾ÝÐÅÕâЩ×ʽð¶àÔ´ÓÚÍøÂç·¸×ï»î¶¯¡£Õâ´ÎÐж¯²»½öÊǼÓÄôó·¨Âɲ¿Ãųõ´Î¹Ø¹Ø¼ÓÃÜÇ®±ÒÂòÂôËù £¬¸ü´´Ï¸ùúº¹ÇàÉÏ×î´ó¹æÄ£×ʲú¿ÛѺ¼Í¼¡£TradeOgreƽ̨ÒòÖ§³ÖÓ×¶àɽկ±Ò¼°ÄÑÒÔ×·×ÙµÄÃÅÂÞ±Ò£¨Monero£©ÂòÂô¶øÎÅÃû £¬ÆäÔËӪģʽ´æÔÚÑϳÁ˾·¨·ì϶ £¬Î´ÒªÇóÓû§Í¨¹ýKYC£¨ÏàʶÄúµÄ¿Í»§£©Õþ²ß½øÐÐÉí·ÝÑéÖ¤ £¬ÇÒδÏò¼ÓÄôó½ðÈÚÂòÂôºÍ»ã±¨·ÖÎöÖÐÐÄ£¨FINTRAC£©×¢²áΪǮ±Ò·þÎñÆóÒµ £¬Î¥·´Á˼ÓÄôó·´Ï´Ç®ÂÉÀý¡£µ÷²éÏÔʾ £¬¸Ãƽ̨ÒòÄäÃûÐÔÌØµã±»ÍøÂç·¸×ï·Ö×Ó¿í·ºÓÃÓÚÏ´Ç®²Ù×÷ £¬ÀýÈ绥»»ÀÕË÷Èí¼þÊÕÒæ¡¢Ö´ÐÐSIM¿¨»¥»»Ú¿Æ­µÈ¡£Æ½Ì¨ÏÂÏߺó £¬²¿ÃÅÓû§ÖÊÒɴ˾ÙΪ¡°Í˳öȦÌס± £¬µ«·¨ÂÉ»ú¹¹Ã÷È·°µÊ¾¹Ø¹ØÐж¯»ùÓںϷ¨µ÷²é¡£¶ÔÓÚ·Ç·¸×ïÓû§Ìá³öµÄ×·Ë÷ȨÎÊÌâ £¬¾¯·½Ö¸³ö¿Éͨ¹ý¼ÓÄôó·¨ÔºÏµÍ³×·Çó¾ÈÖú¡£


https://www.bleepingcomputer.com/news/security/canada-dismantles-tradeogre-exchange-seizes-40-million-in-crypto/