Nginx UIÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶Òѱ»¶ñÒâÀûÓÃ

°ä²¼¹¦·ò 2026-04-16

1. Nginx UIÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶Òѱ»¶ñÒâÀûÓÃ


4ÔÂ15ÈÕ £¬Nginx UI ÖÐÒ»¸öÖ§³ÖÄ£Ð͸ߵÍÎĺÍ̸£¨MCP£©µÄÑϳÁ°²È«·ì϶£¨±àºÅCVE-2026-33032£©Ä¿Ç°ÕýÔâµ½¶ñÒâÀûÓà £¬¹¥»÷ÕßÎÞÐèÈκÎÉí·ÝÑéÖ¤¼´¿ÉÆëÈ«½ÚÔìÖ¸±ê·þÎñÆ÷¡£¸Ã·ì϶µÄµ××ÓÔ­ÒòÔÚÓÚnginx-uiδÄܶÔ/mcp_message¶ËµãÖ´ÐÐÓÐЧ±£»¤ £¬Ê¹µÃÔ¶³Ì¹¥»÷Õß¿ÉÄÜÔÚÎÞÍ´´¦µÄÇé¿öÏÂŲÓÃÌØÈ¨MCP²Ù×÷¡£ÓÉÓÚÕâЩ²Ù×÷Éæ¼°Ð´Èë¡¢Åú¸Ä¼°³ÁмÓÔØnginxÅäÖÃÎļþ £¬Ò»¸öµ¥Ò»µÄδÈÏÖ¤ÒªÇó¼´¿ÉŤת·þÎñÆ÷ÐÐΪ £¬ÊµÏÖWeb·þÎñÆ÷µÄÈ«ÃæÊÕÊÜ¡£ÃÀ¹ú¹ú¶È³ß¶ÈÓë¼¼Êõ×êÑÐÔº£¨NIST£©ÔÚ¹ú¶È·ì϶Êý¾Ý¿â£¨NVD£©ÖÐÃ÷È·Ö¸³ö £¬ÈκÎÍøÂç¹¥»÷Õß¾ù¿Éδ¾­ÈÏ֤ŲÓÃËùÓÐMCP¹¤¾ß £¬Ô̺¬³ÁÆônginx¡¢´´½¨»òÅú¸ÄÅäÖÃÎļþÒÔ¼°´¥·¢×Ô¶¯³ÁÔØ¡£Nginx UI¹Ù·½ÓÚ3ÔÂ15ÈÕ°ä²¼2.3.4°æ±¾½¨¸´¸Ã·ì϶ £¬´ËǰһÌìÓÉPluto Security AIµÄ×êÑÐÈËÔ±»ã±¨¡£È»¶ø £¬·ì϶±êʶ·û¡¢¼¼Êõϸ½Ú¼°¸ÅÏëÑéÖ¤£¨PoC£©´úÂëÖ±ÖÁÔµײŹ«¿ªÅû¶¡£±¾ÖÜÔçЩʱ³½ £¬Recorded FutureÔÚCVE¸ÅÀÀ»ã±¨ÖÐÈ·Èϸ÷ì϶Õý±»»ý¼«ÀûÓá£Pluto Securityͨ¹ýShodanɨÃè·¢ÏÖ £¬Ä¿Ç°Ô¼ÓÐ2600¸ö¹«¿ªÂ¶³öµÄÊ·ý¿ÉÄÜ´æÔÚ·ì϶ £¬ÖØÒªÉ¢²¼ÔÚÖйú¡¢ÃÀ¹ú¡¢Ó¡¶ÈÄáÎ÷ÑÇ¡¢µÂ¹úºÍÏã¸Û¡£


https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/


2. ÐÂÐͶñÒâÈí¼þAgingFlyÕý¹¥»÷µ±¾ÖÓëÒ½Ôº


4ÔÂ15ÈÕ £¬Ò»ÖÖÃûΪ¡°AgingFly¡±µÄÐÂÐͶñÒâÈí¼þ¼Ò×åÕý±»ÓÃÓÚ¹¥»÷´¦Ëùµ±¾Ö¡¢Ò½ÔºÉõÖÁ¹ú·À¶ÓÁгÉÔ± £¬¸ÃÈí¼þרÃÅ´Ó»ùÓÚChromiumµÄä¯ÀÀÆ÷ºÍWindows°æWhatsAppÖÐÇÔÈ¡Éí·ÝÑéÖ¤Êý¾Ý¡£CERT-UAÒѽ«¹¥»÷Ðж¯¹éÒòÓÚÆä×·×ÙµÄÍøÂçÍþв¼¯ÈºUAC-0247¡£¹¥»÷Á´Ê¼ÓÚÖ¸±êÊÕµ½¼Ù×°³ÉÈË·Ö÷ÒåÔöÔ®µÄµç×ÓÓʼþ £¬ÓÕµ¼µã»÷ǶÈëÁ´½Ó £¬¸ÃÁ´½Ó»á³Á¶¨Ïòµ½Òò¿çÕ¾¾ç±¾£¨XSS£©·ì϶ÔâÈëÇֵĺϷ¨ÍøÕ¾ £¬»òʹÓÃAI¹¤¾ßÌìÉúµÄÐéÎ±ÍøÕ¾¡£Ëæºó £¬Êܺ¦ÕßÊÕµ½Ô̺¬¿ì½Ý·½Ê½Îļþ£¨LNK£©µÄ¹éµµÎļþ £¬¸ÃÎļþÆô¶¯ÄÚÖõÄHTA´¦Ö÷¨Ê½ £¬ÏνÓÔ¶³Ì×ÊÔ´¼ìË÷²¢Ö´ÐÐHTAÎļþ¡£HTAÏÔʾµö¶ü±íµ¥ÒÔ·ÖÉ¢°ÑÎÈÁ¦ £¬Í¬Ê±´´½¨´òË㹤×÷ÏÂÔØ²¢ÔËÐÐEXEÓÐÐ§ÔØºÉ £¬½«shellcode×¢ÈëºÏ·¨¹ý³Ì¡£½Ó׏¥»÷Õß²¿ÊðÁ½½×¶Î¼ÓÔØÆ÷ £¬×îÖÕÓÐÐ§ÔØºÉ¾­Ñ¹ËõºÍ¼ÓÃܺó¿ªÊÍ¡£µäÐ͵ÄTCP·´Ïòshell»òÀàËÆRAVENSHELLµÄ¹¤¾ß±»ÓÃ×÷Ìø°å £¬³ÉÁ¢ÓëÖÎÀí·þÎñÆ÷µÄTCPÏνÓ £¬Ê¹ÓÃXORÃÜÂë¼ÓÃܵÄTCPͨ·ÓëC2·þÎñÆ÷ͨѶ £¬Í¨¹ýWindowsºÅÁîÌáÐÑ·ûÖ´ÐкÅÁî¡£Ö®ºóAgingFly±»½»¸¶²¿Ê𠣬ͬʱÀûÓÃPowerShell¾ç±¾£¨SILENTLOOP£©Ö´ÐкÅÁî¡¢¸üÐÂÅäÖò¢´ÓTelegramƵ·»ñÈ¡C2µØÖ·¡£


https://www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/


3. EssentialPluginÈýÊ®Óà¿î²å¼þÔâºóÃÅÈëÇÖ


4ÔÂ15ÈÕ £¬EssentialPluginÈí¼þ°üÖеÄ30¶à¿îWordPress²å¼þÒѱ»¶ñÒâ´úÂëÈëÇÖ £¬¹¥»÷Õß¿ÉÔÚδ¾­ÊÚȨµÄÇé¿öϽӼû²¢½ÚÔìÔËÐÐÕâЩ²å¼þµÄÍøÕ¾¡£¸ÃÊÂÎñÓÉÍйÜWordPressÖ÷»úÌṩÉÌAnchor HostingµÄÊ×´´ÈËAustin Ginder·¢ÏÖ £¬ËûÔÚÊÕµ½Ä³²å¼þÔ̺¬ÔÊÐíµÚÈý·½½Ó¼û´úÂëµÄÏßË÷ºó·¢Õ¹µ÷²é £¬Á˾ÖÏÔʾ£º×Ô2025Äê8Ô¸ÃÏîÄ¿±»Ð¶«¼ÒÒÔÁùλÊý¼ÛÖµÊÕ¹ºÒÔÀ´ £¬EssentialPluginÈí¼þ°üÖеÄËùÓвå¼þ¾ù´æÔÚºóÃÅ¡£ºóÃÅ×î³õ´¦ÓÚ²»»î¶¯×´Ì¬ £¬Ö±µ½½üÆÚ²Å±»¼¤»î £¬Ëü¾²Ä¬ÏÎ½Ó±í²¿»ù´¡ÉèÊ©»ñȡһ¸öÃûΪ¡°wp-comments-posts.php¡±µÄÎļþ £¬½ø¶ø½«¶ñÒâÈí¼þ×¢ÈëÖ÷ÌâÅäÖÃÎļþ¡°wp-config.php¡±¡£¸Ã¶ñÒâÈí¼þ¶ÔÍøÕ¾ËùÓÐÕß²»Ë½¼û £¬²¢ÀûÓûùÓÚÒÔÌ«·»µÄC2µØÖ·½âÎö½øÐжã±Ü £¬¿Éƾ¾ÝÖ¸Áî»ñÈ¡À¬»øÁ´½Ó¡¢³Á¶¨ÏòºÍÐéÎ±Ò³Ãæ¡£WordPress.orgѸËÙÏìÓ¦ £¬¹Ø¹ØÁËÓйزå¼þ²¢Ç¿ÔìÍøÕ¾¸üР£¬ÒԶ½غóÃÅͨѶ²¢½ûÓÃÆäÖ´ÐÐõè¾¶¡£½¨ÒéʹÓÃÊÜÓ°Ïì²å¼þµÄÍøÕ¾ÖÎÀíÔ±Á¢¼´²é³­²¢ÊÖ¶¯ËãÕÊÅäÖÃÎļþÖеĶñÒâ´úÂë¡£


https://www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/


4. Mirax¶ñÒâÈí¼þ¹¥»÷»î¶¯²¨¼°22ÍòÕË»§


4ÔÂ15ÈÕ £¬Ò»ÖÖÃûΪMiraxµÄÐÂÐͰ²×¿Ô¶³Ì½Ó¼ûľÂí£¨RAT£©Õýͨ¹ýMetaƽ̨£¨FacebookºÍInstagram£©Éϵĸæ°×´ó¹æÄ£´«²¼ £¬ÖØÒªÕë¶ÔÎ÷°àÑÀÓïÓû§ £¬Ä¿Ç°ÒÑÓг¬¹ý22Íò¸öÕË»§±»Ï°È¾¡£¸Ã¶ñÒâÈí¼þ²»½öÔÊÐí¹¥»÷ÕßʵʱÆëÈ«½ÚÔìÊÜϰȾÉ豸 £¬»¹Äܽ«É豸ת»¯ÎªSOCKS5´úÀí½Úµã £¬Í¨¹ýÊܺ¦ÕßµÄIPµØÖ·Â·ÓɶñÒâÁ÷Á¿¡£MiraxÒÔ¶ñÒâÈí¼þ¼´·þÎñ£¨MaaS£©´ó¾ÖÏúÊÛ £¬µ«Ñ¡È¡¸ß¶È¹Ü¿ØµÄ¶À¼Ò·Ö·¢Ä£Ê½ £¬½öÏÞÉÙÊýÁªÃ˳ÉÔ±½Ó¼û £¬Õâ±êÖ¾È¡ÒÆ¶¯ÍþвÕý´Ó¿í·ºµÄMaaSÏò¸üÒñ±ÎµÄ¡°Ë½ÓÐMaaS¡±Ñݱä¡£×Ô2025Äê12ÔÂ19ÈÕÆð £¬MiraxÆðÍ·ÔÚµØÏÂÂÛ̳¹«¿ªÍƹã £¬CleafyÍþвµý±¨ÍŶÓ×Ô2026Äê3ÔÂÆð¶ÔÆä½øÐлý¼«¼à¿Ø¡£¹¥»÷ͨ¹ý¶à½×¶ÎÓªÏú»î¶¯Ö´ÐÐ £¬ÀûÓÃMeta¸æ°×ÓÕÆ­Óû§ÏÂÔØ¶ñÒâÀûÓ÷¨Ê½¡£Êܺ¦Õß±»³Á¶¨Ïòµ½ÌṩÐéα·þÎñ£¨Èç·¸·¨ÌåÓýÖ±²¥ÀûÓ㩵Ĵ¹µöÍøÕ¾ £¬ÀûÓÃÓû§²àÔØAPKÎļþµÄϰ¹ß½øÐй¥»÷¡£¶ñÒâÈí¼þͨ¹ýÍйÜÔÚGitHub ReleasesÉϵÄͶ·ÅÆ÷´«²¼ £¬ÕâЩͶ·ÅÆ÷ƵÈÔ¸üкͳÁдò°üÒÔÈÆ¹ý°²È«²é³­¡£×°Öúó £¬Í¶·ÅÆ÷½âѹÓÐÐ§ÔØºÉ²¢ÀûÓÃÇ¿»ìºÏ¼¼Êõ £¬Í¨¹ýWebSocket³ÉÁ¢ÏνÓ¡£


https://securityaffairs.com/190842/uncategorized/mirax-malware-campaign-hits-220k-accounts-enables-full-remote-control.html


5. CISA¸üÐÂKEVĿ¼£ºÐÂÔöSharePoint¼°Excel·ì϶


4ÔÂ15ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ½«Ó°ÏìMicrosoft SharePoint ServerºÍMicrosoft Office ExcelµÄ·ì϶Ôö³¤µ½ÆäÒÑÖª¿ÉÀûÓ÷ì϶£¨KEV£©Ä¿Â¼ÖÐ £¬ÒªÇóÁª¹ú»ú¹¹ÔÚ2026Äê4ÔÂ28ÈÕǰʵÏÖ½¨¸´¡£ÆäÖÐ £¬±àºÅΪCVE-2009-0238£¨CVSSÆÀ·Ö9.3£©µÄ·ì϶ӰÏì¶à¸ö°æ±¾µÄMicrosoft Excel¼°Óйز鿴Æ÷¡£µ±Óû§´ò¿ªÌØÔìµÄExcelÎļþʱ £¬¸Ã·ì϶»áµ¼ÖÂÀûÓ÷¨Ê½½Ó¼ûÄÚ´æÖеÄÎÞЧ¶ÔÏó £¬Ôì³ÉÄÚ´æ°Ü»µ £¬´Ó¶øÊ¹Ô¶³Ì¹¥»÷Õß¿ÉÄÜÒÔµ±Ç°Óû§È¨ÏÞÔÚÊÜÓ°ÏìϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£¸Ã·ì϶ÔçÔÚ2009Äê2Ô¾ͱ»»ý¼«ÀûÓà £¬³ö¸ñÊÇͨ¹ýTrojan.Mdropper.AC¶ñÒâÈí¼þ´«²¼ £¬ÊÇÆäʱ³Á´óÏÖʵÍþв֮һ¡£µÚ¶þ¸ö±»²ÎÓëĿ¼µÄ·ì϶±àºÅΪCVE-2026-32201£¨CVSSÆÀ·Ö6.5£© £¬Éæ¼°Microsoft SharePoint ServerÖеĺýŪ·ì϶ £¬¿ÉÄÜÓë¿çÕ¾¾ç±¾¹¥»÷£¨XSS£©ÓйØ¡£Î¢Èí»ã±¨³Æ¸ÃÁãÈÕ·ì϶Òѱ»»ý¼«ÓÃÓÚÏÖʵ¹¥»÷ÖС£°²È«²¼¸æÖ¸³ö £¬SharePointÖв»ÕýÈ·µÄÊäÈëÑéÖ¤ÔÊÐíδ¾­ÊÚȨµÄ¹¥»÷Õßͨ¹ýÍøÂçÖ´ÐкýŪ²Ù×÷ £¬³É¹¦ÀûÓúó¿É²é¿´²¿ÃÅÃô¸ÐÐÅÏ¢ £¬»ò¸ü¸ÄÒÑÅû¶ÐÅÏ¢¡£


https://securityaffairs.com/190852/hacking/u-s-cisa-adds-microsoft-sharepoint-server-and-microsoft-office-excel-flaws-to-its-known-exploited-vulnerabilities-catalog.html


6. CISAÖÒ¸æWindows¹¤×÷Ö÷»úȨÏÞÌáÉý·ì϶Õý±»ÀûÓÃ


4ÔÂ15ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ·¢³öÖÒ¸æ £¬ÒªÇóÃÀ¹úµ±¾Ö»ú¹¹¾¡¿ì±£»¤ÆäϵͳÃâÊÜWindows¹¤×÷Ö÷»úȨÏÞÌáÉý·ì϶£¨CVE-2025-60710£©µÄÇÖº¦¡£¸Ã·ì϶ÔÊÐí±¾µØ¹¥»÷ÕßÔÚ½ö¾ß±¸¸ù»ùÓû§È¨ÏÞµÄÇé¿öÏ £¬Í¨¹ýµÍ¸´ÔӶȵĹ¥»÷·½Ê½»ñµÃSYSTEMȨÏÞ £¬´Ó¶øÆëÈ«½ÚÔìÊÜϰȾµÄÉ豸¡£¹¤×÷Ö÷»úÊÇWindowsϵͳµÄÖ÷Ìâ×é¼þ £¬×÷Ϊ»ùÓÚDLLµÄ¹ý³ÌµÄÈÝÆ÷ £¬ÔÊÐíËüÃÇÔÚºó¶ÜÔËÐÐ £¬²¢È·±£ÔڹػúÆÚ¼äÕýÈ·¹Ø¹ØÒÔÔ¤·ÀÊý¾Ý°Ü»µ¡£¸Ã·ì϶ԴÓÚÓ°ÏìWindows 11ºÍWindows Server 2025É豸µÄÁ´½Ó¸ú×ÙÈõµã £¬¾ßÌå²û·¢ÎªWindows¹¤×÷Ö÷»ú¹ý³ÌÔÚÎļþ½Ó¼û֮ǰµÄÁ´½Ó½âÎö²»µ± £¬µ¼ÖÂÊÚȨ¹¥»÷Õß¿ÉÄÜÔÚ±¾µØÌáÉýȨÏÞ¡£Î¢ÈíÒÑÓÚ2025Äê11Ô°䲼ÁËÕë¶Ô¸Ã·ì϶µÄ°²È«¸üС£±¾ÖÜÒ» £¬CISA½«CVE-2025-60710ÕýʽÁÐÈëÆä¡°ÒÑÖª¿ÉÀûÓ÷ì϶¡±£¨KEV£©Ä¿Â¼¡£Æ¾¾Ý2021Äê11Ô°䲼µÄÓµÓÐÔ¼ÊøÁ¦µÄ²Ù×÷Ö¸ÁBOD£©22-01 £¬Áª¹úÃñÊÂÐÐÕþ²¿ÃÅ£¨FCEB£©»ú¹¹±»´ÍÓëÁ½Öܹ¦·òÀ´ÊµÏÖ·ì϶½¨¸´ £¬ÒÔ±£»¤ÆäÍøÂçÃâÊܹ¥»÷¡£


https://www.bleepingcomputer.com/news/security/cisa-flags-windows-task-host-vulnerability-as-exploited-in-attacks/