SolarWinds WHD·ì϶±»ÓÃÓÚ²¿Êð¶à½×¶ÎÍøÂç¹¥»÷Á´

°ä²¼¹¦·ò 2026-02-10

1. SolarWinds WHD·ì϶±»ÓÃÓÚ²¿Êð¶à½×¶ÎÍøÂç¹¥»÷Á´


2ÔÂ9ÈÕ £¬Huntress Security×êÑÐÈËÔ±Åû¶ºÚ¿ÍÕýÀûÓÃSolarWinds Web Help Desk£¨WHD£©·ì϶²¿ÊðºÏ·¨¹¤¾ßÖ´ÐжñÒâ¹¥»÷¡£¹¥»÷ÕßÕë¶ÔÖÁÉÙÈý¸ö×éÖ¯ £¬Í¨¹ýCVE-2025-40551ºÍCVE-2025-26399Á½¸ö¸ßΣ·ì϶»ñÈ¡³õʼ½Ó¼ûȨÏÞ £¬Ëæºó´ÓCatboxƽ̨ÏÂÔØMSIÎļþ×°ÖÃZoho ManageEngine Assist´úÀí £¬ÅäÖÃÎÞÈËÖµÊØ½Ó¼û²¢½«ÊÜϰȾÖ÷»ú×¢²áÖÁÄäÃûProton Mail¹ØÁªµÄZohoÕË»§¡£¸Ã¹¤¾ß±»ÓÃÓÚÖ±½Ó¼üÅ̲Ù×÷¡¢AD¿úËż°²¿ÊðVelociraptor £¬ºóÕß´ÓSupabase´æ´¢Í°»ñÈ¡ £¬×÷ΪC2¿ò¼Üͨ¹ýCloudflare WorkersÓë¹¥»÷ÕßͨѶ¡£¹¥»÷Á´ÏÔʾ £¬ÍþвÐÐΪÕßѡȡ¶à¼¿Á©Î¬³ÖÓÆ¾Ã»¯£º²¿Êð¹ýÆÚVelociraptor 0.73.4°æ¡¢×°ÖÃCloudflared³ÉÁ¢C2ÈßÓàËí·¡¢Í¨¹ý´òË㹤×÷TPMProfiler½áºÏQEMU¿ªÆôSSHºóÃÅ £¬²¢Åú¸Ä×¢²á±í½ûÓÃWindows Defender¼°·À»ðǽÒÔ¶ã±Ü¼ì²â¡£×êÑÐÈËÔ±¹Û²ìµ½¹¥»÷Õß¶ÌÔݽûÓÃDefenderºóÏÂÔØVS Codeи±±¾ £¬È·±£ºóÐøÔØºÉ˳ÀûÖ´ÐС£


https://www.bleepingcomputer.com/news/security/threat-actors-exploit-solarwinds-wdh-flaws-to-deploy-velociraptor/


2. SmarterToolsÔâWarlockÀÕË÷Èí¼þ¹¥»÷


2ÔÂ9ÈÕ £¬½üÈÕ £¬SmarterTools¹«Ë¾Ôâ·êWarlockÀÕË÷Èí¼þÍÅ»ïÍøÂç¹¥»÷ £¬ÆðÒòϵԱ¹¤²¿ÊðµÄδ¸üÐÂSmarterMailÐé¹¹»ú£¨VM£©´æÔÚCVE-2026-23760Éí·ÝÑéÖ¤ÈÆ¹ý·ì϶¡£¸Ã·ì϶ÔÊÐí¹¥»÷Õß³ÁÖÃÖÎÀíÔ±ÃÜÂë²¢»ñÈ¡ÆëȫȨÏÞ £¬½ø¶øÍ¨¹ýActive DirectoryºáÏòÉøÈëÖÁ12̨Windows·þÎñÆ÷¼°¸¨ÖúÊý¾ÝÖÐÐÄ¡£Ö»¹Ü¹«Ë¾Linux·þÎñÆ÷δÊܲ¨¼° £¬ÇÒSentinel One°²È«²úÆ·³É¹¦À¹½Ø×îÖÕ¼ÓÃÜÔØºÉ £¬ÊÜÓ°ÏìϵͳÒѸôÀë²¢´Ó±¸·Ý¸´Ô­ £¬µ«Õâ´ÎÊÂÎñÈÔ¶³ö³öÑϳÁ°²È«·çÏÕ¡£¾ÝÊ×ϯÉÌÎñ¹ÙµÂÀï¿Ë¡¤¿ÂµÙ˹й© £¬¹«Ë¾ÍøÂçÖÐÔ¼30̨SmarterMail·þÎñÆ÷/Ðé¹¹»úÖдæÔÚµ¥µã·ì϶ £¬¹¥»÷ÕßÀûÓôËȱ¿Ú²¿ÊðVelociraptor¡¢SimpleHelp¼°´æÔÚ·ì϶µÄWinRAR°æ±¾ £¬½áºÏÆô¶¯ÏîÓë´òË㹤×÷ʵÏÖÓÆ¾Ã»¯¡£Cisco Talos´ËǰÒѻ㱨Velociraptor±»ÀÄÓÃÓÚÀÕË÷Èí¼þ¹¥»÷µÄ°¸Àý £¬¶øÕâ´Î¹¥»÷ÖÐ £¬WarlockÍÅ»ï¸üͨ¹ýSmarterMailÄÚÖõġ°¾í¹ÒÔØ¡±Ö°ÄÜÇ¿»¯ÏµÍ³½ÚÔìȨ¡£


https://www.bleepingcomputer.com/news/security/hackers-breach-smartertools-network-using-flaw-in-its-own-software/


3. BeyondTrust½¨¸´¸ßΣCVE-2026-1731·ì϶


2ÔÂ9ÈÕ £¬BeyondTrust°ä²¼´¹Î£°²È«¸üР£¬½¨¸´Ó°ÏìÔ¶³ÌÖ§³Ö£¨RS£©¼°ÌØÈ¨Ô¶³Ì½Ó¼û£¨PRA£©²úÆ·µÄ¸ßΣ·ì϶CVE-2026-1731¡£¸Ã·ì϶±»¹éÀàΪ²Ù×÷ϵͳºÅÁî×¢Èë·ì϶ £¬CVSSÆÀ·Ö¸ß´ï9.9 £¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õßͨ¹ý·¢Ë;«ÐÄ»ú¹ØµÄÒªÇó £¬ÔÚÍøÕ¾Óû§¸ßµÍÎÄÖÐÖ´ÐвÙ×÷ϵͳºÅÁî £¬½ø¶øµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÓעδÊÚȨ½Ó¼û¡¢Êý¾Ýй¶¼°·þÎñÖжÏ¡£BeyondTrustÇ¿µ÷ £¬×ÔÍйܿͻ§ÈôδÆôÓÃ×Ô¶¯¸üР£¬ÐèÊÖ¶¯ÀûÓò¹¶¡£»ÔËÐеÍÓÚ21.3°æ±¾µÄRS»òµÍÓÚ22.1°æ±¾µÄPRAÓû§ÐèÏÈÉý¼¶ÖÁ¼æÈݰ汾ÔÙ´ò²¹¶¡¡£¸Ã·ì϶Óɰ²È«×êÑÐÔ±Harsh JaiswalÓÚ2026Äê1ÔÂ31ÈÕͨ¹ýAIÇý¶¯µÄ±äÖÖ·ÖÎö·¢ÏÖ¡£¾ÝÆäÅû¶ £¬È«ÇòÔ¼11,000¸öBeyondTrustÊ·ý¶³öÓÚ»¥ÁªÍø £¬ÆäÖÐ8,500¸öΪ±¾µØ²¿Ê𠣬Èôδʵʱ´ò²¹¶¡ £¬ÈÔ´æÔÚÑϳÁ°²È«·çÏÕ¡£Ä¿Ç° £¬·ì϶ϸ½ÚÉÐδÆëÈ«¹«¿ª £¬ÒÔÁô³öÓû§Éý¼¶¹¦·ò¡£


https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html


4. Phorpiex´«²¼Global GroupÀÕË÷Èí¼þ´¹µöÐÂÊÖ·¨


2ÔÂ9ÈÕ £¬Forcepoint X-Labs×êÑÐÈËÔ±·¢ÏÖһ·ÀûÓÃPhorpiex¶ñÒâÈí¼þ´«²¼Global GroupÀÕË÷Èí¼þµÄ´ó¹æÄ£ÍøÂç´¹µö»î¶¯¡£¸Ã¹¥»÷ͨ¹ý¼Ù×°³É¡°Document.doc¡±µÄWindows¿ì½Ý·½Ê½Îļþ£¨.lnk£©Ö´ÐÐ £¬ÀûÓÃË«À©´óÃûºýŪÓû§µã»÷ £¬ÏÖʵÎļþΪ.lnkÌåʽ £¬µ«WindowsĬÈϰµ²Ø×îºóÀ©´óÃû £¬µ¼ÖÂÓû§ÎóÒÔΪÊÇͨ³£WordÎĵµ¡£¹¥»÷Á´Ê¼ÓÚ´¹µöÓʼþ £¬Ö÷Ìâ¶àΪ¡°ÄúµÄÎĵµ¡±ÒÔÒý·¢Óû§ºÃÆæ»òÓÇÓô¡£µã»÷.lnkÎļþºó £¬¹¥»÷Õßѡȡ¡°½èÁ¦´òÁ¦¡±£¨Living off the Land £¬LotL£©¼¼Êõ £¬½Ù³Öϵͳ×Ô´ø¹¤¾ßÈçPowerShellºÍºÅÁîÌáÐÑ·ûÖ´ÐжñÒâºÅÁî £¬ÏÂÔØ²¢ÔËÐмÙ×°³Éϵͳ×é¼þ£¨Èçwindrv.exe£©µÄ²¡¶¾¡£Global GroupÀÕË÷Èí¼þ×÷ΪMamonaµÄÉý¼¶°æ £¬ÆäÖ÷ÌâÍþвÔÚÓÚ¡°¾²Ä¬¡±Ä£Ê½£ºËùÓвÙ×÷¾ùÔÚ±¾µØÊµÏÖ £¬ÎÞÐèÏÎ½Ó±í²¿·þÎñÆ÷»ñÈ¡¼ÓÃÜÃÜÔ¿ £¬Ö÷»ú×ÔÉíÌìÉúÃÜÔ¿ºóÖ±½Ó¼ÓÃÜÎļþ £¬Ö§³ÖÀëÏß״̬ÏÂËø¶¨Êý¾Ý¡£¸ÃÀÕË÷Èí¼þѡȡChaCha20-Poly1305¼ÓÃÜËã·¨ £¬ÎÞÊý×ÖÃÜԿʱÎļþÏÕЩÎÞ·¨¸´Ô­¡£


https://hackread.com/hackers-global-group-ransomware-offline-phishing-emails/


5. Å·ÃËίԱ»áÖÐÑëÒÆ¶¯É豸ÖÎÀíϵͳÔâÍøÂç¹¥»÷


2ÔÂ9ÈÕ £¬Å·ÃËίԱ»á¼ì²âµ½ÖÐÑëÒÆ¶¯É豸ÖÎÀí£¨MDM£©ÏµÍ³1ÔÂ30ÈÕÔâÍøÂç¹¥»÷ £¬¿ÉÄÜй¶Ա¹¤ÐÕÃû¡¢µç»°ºÅÂëµÈÓ×ÎÒÐÅÏ¢ £¬µ«ÏÖʵÊÖ³ÖÉ豸δ±»ÈëÇÖ¡£Õâ´Î¹¥»÷Ç¡·êIvanti¹«Ë¾Åû¶ÆäEndpoint Manager Mobile£¨EPMM£©Èí¼þ´æÔÚCVE-2026-1281¡¢CVE-2026-1340Á½¸ö¸ßΣ´úÂë×¢Èë·ì϶´ÎÈÕ £¬ÕâЩ·ì϶ÔÊÐíºÚ¿ÍÈÆ¹ýÈÏÖ¤Ô¶³Ì½ÚÔì·þÎñÆ÷¡£Î¯Ô±»áÔÚ·¢ÏÖ¹¥»÷ºó9Ó×ʱÄÚʵÏÖϵͳ°²È«¼Ó¹ÌÓëËãÕÊ £¬µ«ÊÂÎñÈÔÒý·¢¶ÔIvanti²¹¶¡Õ½ÊõµÄÖÊÒÉ¡£°²È«×¨¼ÒDavid NeesonÖ¸³ö £¬IvantiδÌṩÆëÈ«½¨¸´¹æ»® £¬½ö°ä²¼Ò»Ê±²¹¶¡ £¬ÇÒ²¹¶¡Òò°æ±¾ÊÊÅäÎÊÌâ´æÔÚʧЧ·çÏÕ £¬ÕâÖÖ"Ë鯬»¯½¨¸´"¿ÉÄÜ´øÀ´±ÈÈ«Ãæ¸üиü´óµÄ°²È«Òþ»¼¡£¾ÝϤ £¬Ivanti´òËãÔÚδÀ´ÊýÔ¿ª·¢È«Ã潨¸´ £¬²¢ÍƳöRPM¼ì²â¹¤¾ß¸¨Öú·ì϶ÅŲ顣ŷÃËίԱ»á³ÐÅµÈ«ÃæÉó²éÊÂÎñ £¬Ç¿»¯CERT-EUµÈ»ú¹¹24Ó×ʱÍþв¼à¿ØÄÜÁ¦¡£


https://hackread.com/cyber-attack-european-commission-staff-mobile-systems/


6. dYdX¹©¸øÁ´ÔâÐÂÐÍ¿ç˵»°¶ñÒâ°ü¹¥»÷


2ÔÂ6ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±Åû¶npmºÍPyPI²Ö¿âÖÐdYdXÓйغϷ¨°üÔ⹩¸øÁ´¹¥»÷£º@dydxprotocol/v4-client-js£¨npm£©3.4.1µÈ°æ±¾¼°dydx-v4-client£¨PyPI£©1.1.5post1°æ±¾±»Ö²Èë¶ñÒâ´úÂë¡£ÕâЩ°üÓÃÓÚdYdX v4ºÍ̸µÄ¼ÓÃÜÇ®±ÒÂòÂô¡¢Ç®°üÖÎÀíµÈ¸ßÃô¸Ð²Ù×÷ £¬ÀÛ¼ÆÂòÂôÁ¿³¬1.5ÍòÒÚÃÀÔª¡£¹¥»÷Õßͨ¹ýµÁÓÿª·¢ÕßÕË»§ÍÆËͶñÒâ¸üР£¬npmÔ̺¬Ç®°üÇÔÈ¡Æ÷ £¬¿ÉÇÔÈ¡Öú¼Ç´Ê¼°É豸ÐÅÏ¢£»PyPI°ü¶î±íÖ²ÈëÔ¶³Ì½Ó¼ûľÂí£¨RAT£© £¬ÏÎ½Ó±í²¿·þÎñÆ÷»ñȡָÁî £¬WindowsϵͳÏÂͨ¹ý¡°CREATE_NO_WINDOW¡±ÏóÕ÷ÒþÄäÖ´ÐС£¶ñÒâ´úÂë±»Ö²ÈëÖ÷ÌâÎļþ £¬ÔÚ°üÕý³£Ê¹ÓÃʱ´¥·¢ £¬PyPI°æ±¾Ñ¡È¡100ÂÖ»ìºÏ´¦Öà £¬¿çÉú̬ϵͳ¹¥»÷ЭͬÐÔÅú×¢¹¥»÷ÕßÖ±½Ó»ñÈ¡°ä²¼»ù´¡ÉèÊ©½Ó¼ûȨ¡£dYdXÔÚXƽ̨ȷÈÏÊÂÎñ £¬½¨ÒéÓû§¸ôÀëÉ豸¡¢×ªÒÆ×ʲúÖÁÐÂÇ®°ü¡¢¸ü»»APIÃÜÔ¿¼°Æ¾Ö¤¡£


https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html