KyberÀÕË÷Èí¼þ˫ƽ̨¹¥»÷ £¬ºÅ³ÆºóÁ¿×Ó¼ÓÃÜ

°ä²¼¹¦·ò 2026-04-23

1. KyberÀÕË÷Èí¼þ˫ƽ̨¹¥»÷ £¬ºÅ³ÆºóÁ¿×Ó¼ÓÃÜ


4ÔÂ22ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾Rapid7ÔÚ2026Äê3ÔµÄÒ»´Î°²È«ÊÂÎñÏìÓ¦ÖÐ £¬·¢ÏÖ²¢·ÖÎöÁËÒ»ÖÖÃûΪKyberµÄÐÂÐÍÀÕË÷Èí¼þ¡£¸ÃÀÕË÷Èí¼þͬʱ¾ß±¸Õë¶ÔWindowsϵͳºÍVMware ESXiÐé¹¹»¯Æ½Ì¨µÄÁ½¸ö·ÖÆç±äÖÖ £¬ÇÒÓÉͳһ¸öÀÕË÷Èí¼þ¹ØÁª×éÖ¯²¿ÊðÔÚÍ³Ò»ÍøÂçÖÐ £¬Òâͼͨ¹ýͬ²½¼ÓÃÜËùÓзþÎñÆ÷ÒÔ×î´ó»¯·ÛËé³ÉЧ¡£Á½¸ö±äÖÖ¹²ÏíÒ»ÑùµÄ»î¶¯IDºÍ»ùÓÚTorµÄÀÕË÷»ù´¡ÉèÊ©¡£ÆäÖÐ £¬ESXi±äÖÖרÃÅÕë¶ÔVMware»·¾³¹¹½¨ £¬¿ÉÄÜö¾ÙËùÓÐÐé¹¹»ú¡¢¼ÓÃÜÊý¾Ý´æ´¢Îļþ £¬²¢ÓÃÀÕË÷ÐÅ´Û¸ÄESXiÖÎÀí½çÃæ £¬Êèµ¼Êܺ¦ÕßʵÏÖÊê½ðÖ§¸¶Á÷³Ì¡£¸Ã±äÖÖÐû³ÆÑ¡È¡ÁËKyber1024ºóÁ¿×Ó¼ÓÃܼ¼Êõ £¬µ«Rapid7·ÖÎö·¢ÏÖÕâһ˵·¨²¢²»Êôʵ £¬ESXi±äÖÖÏÖʵʹÓÃChaCha8½øÐÐÎļþ¼ÓÃÜ £¬²¢Ê¹ÓÃRSA-4096½øÐÐÃÜÔ¿·â×°¡£Ïà±È֮Ϡ£¬Windows±äÖÖÓÃRust±àд £¬¼¼ÊõʵÏÖ¸üΪ³ÉÊì¡£ËüµÄÈ·ÇÐÏÖÁËKyber1024ºÍX25519ÃÜÔ¿±£»¤»úÔì £¬ÓëÀÕË÷ÐÅÖеÄÉêÃ÷Ò»Ö¡£¾ßÌå¶øÑÔ £¬Kyber1024ÓÃÓÚ±£»¤¶Ô³ÆÃÜÔ¿×ÊÁÏ £¬¶øAES-CTRÔòÕÆ¹ÜÅúÁ¿Êý¾Ý¼ÓÃÜ¡£


https://www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/


2. HarvesterÓÃGoGraºóÃÅÀÄÓÃ΢ÈíÔÆAPIÖ´Ðй¥»÷


4ÔÂ22ÈÕ £¬ÍþвÐÐΪÕßHarvester±»Ö§Ê¹ÓÃÁËаæLinux°æ±¾µÄGoGraºóÃÅ £¬×êÑÐÈËÔ±ÔÚVirusTotalƽ̨ÉÏ·¢ÏÖÁËÀ´×ÔÓ¡¶ÈºÍ°¢¸»º¹µÄ¶ñÒâÈí¼þÑù±¾ £¬Åú×¢ÕâÁ½¸ö¹ú¶È¿ÉÄÜÊǼäµý»î¶¯µÄÖ¸±ê¡£×îз¢ÏÖÅú×¢ £¬HarvesterÔÚ³ÖÐøÀ©´óÆä¹¤¾ß¼¯ £¬Ê¹Æä²»ÔÙ¾ÖÏÞÓÚWindowsϵͳ £¬¶øÊÇÀûÓÃͳһºóÃÅ·¨Ê½µÄбäÖÖϰȾLinuxϵͳ¡£¹¥»÷ÀûÓÃÉç»á¹¤³Ìѧ¼¿Á©ÓÕÆ­Êܺ¦Õß´ò¿ª¼Ù×°³ÉPDFÎĵµµÄELF¶þ½øÔìÎļþ¡£¹¥»÷ÕßËæºó»áÏÔʾµö¶üÎĵµ £¬Í¬Ê±ÍµÍµÔËÐкóÃÅ·¨Ê½¡£ÓëWindows°æ±¾ÀàËÆ £¬Linux°æGoGraÒ²ÀÄÓÃ΢ÈíµÄÔÆ»ù´¡ÉèÊ© £¬Ê¹ÓÃÊ¢¿ªÊý¾ÝºÍ̸²éÎÊ £¬Ã¿Á½ÃëÖÓÏòÒ»¸öÃûΪ¡°Zomato Pizza¡±µÄÌØ¶¨OutlookÓÊÏäÎļþ¼Ð·¢ËÍÒ»´ÎÒªÇ󡣸úóÃÅ·¨Ê½»áɨÃèÊÕ¼þÏä £¬²éÕÒÖ÷ÌâÐÐÒÔ¡°Input¡±¿ªÍ·µÄµç×ÓÓʼþ¡£Ò»µ©ÊÕµ½ÇкÏǰÌáµÄÓʼþ £¬·¨Ê½»á½âÃÜBase64±àÂëµÄÓʼþÕýÎÄ £¬²¢Ê¹Óá°/bin/bash¡±½«Æä×÷ΪshellºÅÁîÖ´ÐС£Ö´ÐÐÁ˾ֻáÒÔÖ÷ÌâΪ¡°Output¡±µÄµç×ÓÓʼþ´ó¾Ö·¢Ë͸ø²Ù×÷Ô±¡£Êý¾ÝÇÔȡʵÏÖºó £¬Ö²È뷨ʽ»á¶Ï¸ùԭʼ¹¤×÷ÓʼþÒÔ¸²¸ÇºÛ¼£¡£


https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html


3. RitualsÔâºÚ¿Í¹¥»÷ £¬³¬4100Íò»áÔ±Êý¾Ýй¶


4ÔÂ22ÈÕ £¬×ܲ¿Î»ÓÚºÉÀ¼µÄ»¯×±Æ·¾ÞÍ·Rituals½üÈÕ֤ʵ £¬ºÚ¿Í´ÓÆä»áÔ±Êý¾Ý¿âÖÐÇÔÈ¡ÁË´óÁ¿Êý¾Ý £¬µ¼Ö¿ͻ§Ó×ÎÒÐÅϢй¶¡£Rituals°µÊ¾ £¬ËûÃÇÔÚ4Ô·ݷ¢ÏÖÁËһ·¡°Î´¾­ÊÚȨÏÂÔØ¡±»áÔ±Êý¾ÝµÄÊÂÎñ £¬±»ÇÔÐÅÏ¢Ô̺¬¿Í»§µÄÈ«Ãû¡¢µ®ÉúÈÕÆÚ¡¢ÐÔ±ð¡¢ÓÊÕþµØÖ·¡¢µç×ÓÓʼþµØÖ·¡¢µç»°ºÅÂë £¬ÒÔ¼°ËûÃÇÆ«ºÃµÄRitualsÉ̵êºÍÕË»§ÀàÐÍ¡£Rituals½²»°ÈËEline van MalssenÈ·ÈÏ £¬ºÚ¿ÍÇÔÈ¡µÄÊÇÅ·ÖÞºÍÓ¢¹ú¿Í»§µÄ»áÔ±Êý¾Ý £¬Í¬Ê±²¿ÃÅÃÀ¹ú¿Í»§Ò²Êܵ½Ó°Ïì¡£½ØÖÁĿǰ £¬RitualsÉÐδÃèÊöÕâ´ÎÍøÂç¹¥»÷µÄ¾ßÌåÐÔÖÊ £¬Ò²Î´×¢Ã÷Êý¾Ýй¶²úÉúµÄ¾ßÌ巽ʽ £¬Í¬Ê±»Ø¾ø¾Í¹«Ë¾ÊÇ·ñÊÕµ½ºÚ¿ÍµÄÈκÎÐÅÏ¢¡¢¸ü¾«È·µÄÊÂÎñ¹¦·òÏß»òÊÜÓ°Ïì»áÔ±¼òÖ±ÇÐÈËÊý°ä·¢ÆÀÂÛ £¬ÀíÓÉΪ¡°°²È«Ô­Òò¡±¡£¾ÝÆä¹ÙÍøÏÔʾ £¬RitualsµÄ»áÔ±Êý¾Ý¿âÕ¼Óг¬¹ý4100Íò¿Í»§ £¬Õâ¼ÒÁãÊÛ¾ÞÍ·ÔÚ2025ÄêµÄÊÕÈë´ïµ½24ÒÚÅ·Ôª£¨Ô¼28ÒÚÃÀÔª£©¡£


https://techcrunch.com/2026/04/22/cosmetics-giant-rituals-confirms-data-breach-of-customer-membership-records/


4. Î÷°àÑÀµ·»Ù×î´óÎ÷ÓïÂþ»­µÁ°æÆ½Ì¨Tu Manga Online


4ÔÂ22ÈÕ £¬Î÷°àÑÀ¾¯·½½üÈÕµ·»ÙÁËËûÃÇËù³ÆµÄ¹æÄ£×î´óµÄÎ÷°àÑÀÓïÂþ»­µÁ°æÆ½Ì¨¡£¸Ãƽ̨×Ô2014ÄêÆðÍ·ÔËÓª £¬Ã¿ÔÂΪȫÇòÊý°ÙÍòÓû§Ìṩ·þÎñ £¬Í¨¹ýÃâ·ÑÌṩÊܰæÈ¨±£»¤µÄÎÄÕ £¬²¢ÀûÓòúÉúµÄÍøÂçÁ÷Á¿»ñÈ¡¸æ°×ÊÕÈë¡£¾¯·½²¼¸æÖÐδÃ÷È·Ìἰƽ̨Ãû³Æ £¬µ«¾ÝTorrentFreak±¨Â· £¬¸Ãƽ̨ÕýÊdzÛÃûµÄÎ÷°àÑÀÓïÂþ»­ÍøÕ¾Tu Manga Online£¨TMO£©¡£ÔÚÔ̺¬º«¹ú֪ʶ²úȨ³ÖÓÐÕßÔÚÄÚµÄ˾·¨Ñ¹Á¦Ï £¬¸Ãƽ̨Òѱ»ÆÈÏÂÏß¡£¾¯·½ÓÚ2025Äê6Ô·¢Õ¹µ÷²é £¬·¢ÏÖ¸ÃÆ½Ì¨Í¨¹ýÆÌÌì¸ÇµØµÄµ¯´°¸æ°×IJÀû³¬¹ý470ÍòÃÀÔª¡£ÆäÖдó²¿ÃŸæ°×ΪɫÇéÄÚÈÝ £¬¼øÓÚ¸ÃÍøÕ¾ºÜ¶à½Ó¼ûÕßΪδ³ÉÄêÈË £¬ÕâÒ»Çé¿öÁîÈËÓÇÓô¡£Óû§ÔÚÍøÕ¾ÉϽøÐеÄÿ¸ö²Ù×÷Ô̺¬Ñ¡ÔñÄÚÈÝ¡¢ÔĶÁÃèÊö»òä¯ÀÀĿ¼³ÇÊд¥·¢µ¯´° £¬´Ó¶ø×î´ó»¯¸æ°×ÆØ¹âÂÊ¡£¾¯·½²¼¸æ³Æ £¬×Ô2014ÄêÒÔÀ´ £¬¸Ã×éÖ¯Ò»µÕϵͳµØ¡¢Ãâ·ÑÇÒδ¾­ÊÚȨµØÌṩ´óÁ¿ÊÜ֪ʶ²úȨ±£»¤µÄÎÄÕµĽӼûȨÏÞ¡£¸ÃÃÅ»§ÍøÕ¾ÒѳÉΪÎ÷°àÑÀÓïÂþ»­µÁ°æµÄÖØÒª²Î¿¼µã £¬Ã¿Ô½ӼûÁ¿´ïÊý°ÙÍò £¬ÓµÓÐÏÔÖøµÄ¹ú¼ÊÓ°ÏìÁ¦ £¬¶Ô°æÈ¨ËùÓÐÕß¡¢³ö°æÉÌ¡¢·­ÒëÈËÔ±¼°Õû¸öÎÄ»¯²úÒµÔì³ÉÁËÑϳÁÇÖº¦¡£


https://www.bleepingcomputer.com/news/security/spain-dismantles-major-47m-manga-piracy-platform-arrests-four/


5. Mirai½©Ê¬ÍøÂç¶Ô×¼ÒÑÍ£²úD-Link·ÓÉÆ÷


4ÔÂ22ÈÕ £¬Akamai×îл㱨ָ³ö £¬Mirai½©Ê¬ÍøÂçÔÚ¹¥»÷ÒÑÍ£²úµÄD-Link·ÓÉÆ÷ £¬ÀûÓõÄÊÇÒ»ÄêǰÅû¶µÄºÅÁî×¢Èë·ì϶CVE-2025-29635¡£¸Ã·ì϶´æÔÚÓÚD-Link DIR-823XϵÁзÓÉÆ÷ÖÐ £¬Ó°Ïì¹Ì¼þ°æ±¾240126ºÍ24082¡£·ì϶³ÉÒòÊǹ¥»÷Õ߿ɽÚÔìµÄº¯ÊýÖµÔÚδ¾­ÑéÖ¤µÄÇé¿öϱ»¸´Ôì £¬²¢ÇÒÄܹ»Í¨¹ý¾«ÐÄ»ú¹ØµÄPOSTÒªÇó¼ÓÒÔÀûÓá£AkamaiÚ¹ÊͳÆ £¬Â·ÓÉÆ÷´ÓÒªÇóÕýÎÄÖÐÌáÈ¡×îÖÕ½øÈëºÅÁ³åÇøµÄÖµ £¬¶ø²»²é³­ËüÀ´×ÔÄĸö±íµ¥×ֶΡ£¹Û²ìµ½µÄ¹¥»÷³¢ÊÔÕë¶ÔµÄÊÇÒ»ÑùµÄ´úÂë £¬²¢´¥·¢ÁËÒ»ÑùµÄϵͳŲÓà £¬ÕâÓëÈ¥ÄêÔÚGitHubÉϰ䲼ºóÒѱ»É¾³ýµÄ¸ÅÏëÑéÖ¤·ì϶ÀûÓ÷¨Ê½ÆëȫһÖ¡£×÷ΪִÐÐõè¾¶µÄÒ»²¿ÃÅ £¬¹¥»÷Õß¼ÓÔØÁËÒ»¸öshell½ÅÕý±¾ÏÂÔØ²¢ÔËÐÐÓÐÐ§ÔØºÉ £¬¸ÃÔØºÉÓµÓкܶàMiraiÌØµã £¬Ô̺¬XOR±àÂë¡¢Ó²±àÂëµÄ½ÚÔįִ̀ÐÐ×Ö·û´®ºÍÓ²±àÂëµÄÏÂÔØÆ÷IP¡£ÊÜÓ°ÏìµÄD-Link DIR-823XϵÁзÓÉÆ÷ÒÑÓÚÈ¥ÄêÍ£²ú £¬ÇÒ²»ÔÙ´Ó¹©¸øÉÌ´¦»ñµÃÈí¼þ¸üС£D-LinkÔçÔÚ9Ô·ݾÍÒÑ·¢³öÖÒ¸æ £¬Ç¿ÁÒ½¨ÒéÓû§Í£ÓøòúÆ· £¬²¢Ö¸³ö³ÖÐøÊ¹ÓÿÉÄÜ»á¶ÔÏνӵ½¸ÃÉ豸µÄÆäËûÉ豸Ôì³É·çÏÕ¡£


https://www.securityweek.com/mirai-botnet-targets-flaw-in-discontinued-d-link-routers/


6. npmÈ䳿¹¥»÷£º16¸öNamastex°üÔâͶ¶¾ÇÔȡƾ֤


4ÔÂ22ÈÕ £¬Ò»ÖÖÕë¶ÔnpmÉú̬ϵͳµÄÐÂÐ͹©¸øÁ´¹¥»÷ÔÚÇÔÈ¡¿ª·¢Õ߯¾Ö¤ £¬²¢Í¨¹ý´Ó±»µÁÕË»§°ä²¼µÄ¶ñÒâÈí¼þ°ü½øÐÐÀàËÆÈ䳿µÄ´«²¼¡£¸ÃÍþвÓÉSocketºÍStepSecurityµÄ×êÑÐÈËÔ±ÔÚNamastex LabsµÄ¶à¸öÈí¼þ°üÖз¢ÏÖ¡£½ØÖÁ·¢¸åʱ £¬ÒÑÈ·Èϱ»¹¥ÆÆµÄNamastexÈí¼þ°ü¹²ÓÐ16¸ö¡£ÕâЩÈí¼þ°üÖØÒªÓÃÓÚAI´úÀí¹¤¾ßºÍÊý¾Ý¿â²Ù×÷ £¬Òò¶ø¹¥»÷Ö¸±êΪ¸ß¼ÛÖµÖÕ¶Ë £¬¶ø·Ç´ó¹æÄ£Ï°È¾¡£×¢ÈëµÄ¶ñÒâ´úÂë»áÍøÂçÓë¸÷Àà»úÃÜÓйصÄÃô¸ÐÊý¾Ý £¬Ô̺¬ÁîÅÆ¡¢APIÃÜÔ¿¡¢SSHÃÜÔ¿¡¢ÔÆ·þÎñƾ֤¡¢CI/CDϵͳƾ֤¡¢×¢²á±í¼°LLMƽ̨ƾ֤ £¬ÒÔ¼°Kubernetes/DockerÅäÖá£´Ë±í £¬Ëü»¹»á³¢ÊÔÌáÈ¡ChromeºÍFirefoxä¯ÀÀÆ÷Öд洢µÄÃô¸ÐÊý¾Ý £¬º­¸ÇMetaMask¡¢Exodus¡¢Atomic WalletºÍPhantomµÈ¼ÓÃÜÇ®±ÒÇ®°ü¡£StepSecurityÖ¸³ö £¬¸Ã¶ñÒâÈí¼þÐÔÖÊÉÏÊÇÒ»ÖÖ¡°¹©¸øÁ´È䳿¡±¡£Ëü¿ÉÄÜѰÕÒÓÃÓÚnpm°ä²¼µÄÁîÅÆ £¬²¢½«×ÔÉí×¢Èëµ½¸ÃÁîÅÆÓÐȨ°ä²¼µÄÿһ¸öÈí¼þ°üÖÐ £¬´Ó¶øÊµÏÖ½øÒ»²½´«²¼¡£


https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/