ºÚ¿ÍÕýÀûÓÃWordPress Kirki²å¼þ·ì϶½Ù³ÖÍøÕ¾ÕË»§
°ä²¼¹¦·ò 2026-06-036ÔÂ2ÈÕ£¬½üÆÚ£¬WordPressÉú̬ÖÐ¿í·ºÊ¹ÓõÄKirki²å¼þ±»ÆØ³öÒ»¸öÑϳÁµÄȨÏÞÌáÉý·ì϶£¨CVE-2026-8206£©£¬ÕýÔâµ½ºÚ¿ÍµÄ»ý¼«ÀûÓ᣸òå¼þÈ«³ÆÎª¡°Kirki - Freeform Page Builder, Website Builder & Customizer¡±£¬ÊÇÒ»¿î×ÔÓÉʽ¿ÉÊÓ»¯½¨Õ¾¹¤¾ßÓë¸ß¼¶Ö÷ÌⶨÔìÆ÷£¬×°ÖÃÔÚ³¬¹ý50Íò¸öÍøÕ¾ÉÏ¡£°²È«¹«Ë¾Defiantͨ¹ýÆäWordfence·À»ðǽ¼ì²âµ½£¬ÔÚ´Óǰ24Ó×ʱÄÚÒÑÀ¹½ØÁË222´ÎÕë¶ÔÆä¿Í»§µÄÏÖʵ¹¥»÷³¢ÊÔ¡£¸Ã·ì϶ӰÏì²å¼þ6.0.0ÖÁ6.0.6°æ±¾£¬Æ¾¾ÝWordPress.orgµÄÏÂÔØÍ³¼Æ£¬ÕâЩ°æ±¾µÄʹÓÃÂÊÔ¼Õ¼¸Ã²å¼þÓû§×ÜÁ¿µÄ40%¡£·ì϶±¾ÔÔÚÓÚ²å¼þͨ¹ýhandle_forgot_password()º¯Êý¶³öÁËÒ»¸öÓÃÓÚÃÜÂë³ÁÖõÄ×Ô½ç˵REST API¶Ëµã¡£ÎÊÌâÖ÷ÌâÊÇ£º¸Ã¶ËµãÔÚ´¦ÖÃÃÜÂë³ÁÖÃÒªÇóʱ£¬»á½ÓÊܹ¥»÷ÕßÌṩµÄËÁÒâµç×ÓÓʼþµØÖ·¡£µ±¹¥»÷ÕßÌá½»Ò»¸öÒÑÖªµÄÓû§Ãû£¨ÈçÖÎÀíÔ¹ØË»§£©Ê±£¬²å¼þ»áΪ¸ÃÕË»§ÌìÉúÒ»¸öÓÐЧµÄÃÜÂë³ÁÖÃÁ´½Ó£¬È´½«Á´½Ó·¢Ë͵½¹¥»÷ÕßÖ¸¶¨µÄÓÊÏ䣬¶ø·ÇÕË»§ËùÓÐÈ˵ÄÔʼע²áÓÊÏä¡£ÕâÒ»Éè¼ÆÈ±µãʹµÃδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»´¹ÊֿɵõØÎªÍøÕ¾ÉÏÈκÎ×¢²áÓû§£¨Ô̺¬ÖÎÀíÔ±£©»ñÈ¡ÃÜÂë³ÁÖÃÁ´½Ó£¬²¢·¢Ë͵½×Ô¼º½ÚÔìµÄÓÊÏäÖУ¬´Ó¶øÆëÈ«ÊÕÊÜÖ¸±êÕË»§¡£²å¼þ¿ª·¢ÉÌ5ÔÂ18ÈÕ°ä²¼Á˽¨¸´°æ±¾6.0.7¡£
https://www.bleepingcomputer.com/news/security/critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts/
2. WeedHack½èMinecraftÄ£×éϰȾ³¬11.6Íòϵͳ
6ÔÂ2ÈÕ£¬Ò»³¡ÃûΪWeedHackµÄ´ó¹æÄ£¶ñÒâÈí¼þ¹¥»÷»î¶¯ÕýÒÔMinecraftÍæ¼ÒΪָ±ê£¬×Ô1ÔÂÒÔÀ´ÒÑϰȾ³¬¹ý116,000¸öϵͳ¡£¸Ã¶ñÒâÈí¼þͨ¹ýÓëMinecraftÓйصĶñÒâÄ£×é¡¢¿Í»§¶Ë¡¢Îè±×·¨Ê½ºÍʵÓù¤¾ß½øÐд«²¼£¬ÕâЩ·¨Ê½Í¨¹ýYouTubeÊÓÆµºÍSEOͶ¶¾¼¿Á©½øÐÐÍÆ¹ã¡£WeedHackÊÇÒ»¿î¶ñÒâÈí¼þ¼´·þÎñ£¨MaaS£©ÐÅÏ¢ÇÔÈ¡¹¤¾ß£¬Îª²Ù¿ØÕßÌṩÁËÒ»¸öÒDZí°å£¬ÓÃÓڲ鿴±»µÁƾ֤ºÍÊÜϰȾϵͳµÄÐÅÏ¢¡£ÍøÂ簲ȫ¹«Ë¾McAfeeµÄÒ£²âÊý¾ÝÏÔʾ£¬WeedHackÒÑÓ°Ïì116,464¸öϵͳ£¬¾ùÔÈÿÌìϰȾ2,000ÖÁ3,000̨É豸£¬´óÎÞÊýÊܺ¦ÕßλÓÚÃÀ¹ú¡¢µÂ¹ú¡¢Ó¡¶ÈºÍÓ¢¹ú¡£Õâ´Î¹¥»÷µÄ¹æÄ£»¹Ìå´Ë¿Ì³¬¹ý240¸ö·Ö·¢URLºÍ3,820¸ö¹ÖÒìµÄ¶ñÒâJARÎļþÉÏ¡£¹¥»÷ÕßÖØÒªÍ¨¹ýÁ½ÖÖ·½Ê½É¢²¼¶ñÒâÈí¼þ£ºÒ»ÊÇÔÚYouTubeÉϰ䲼չʾMinecraftÓйع¤¾ßµÄÊÓÆµ£¬²¢ÔÚÃèÊöºÍÆÀÂÛÖÐÖ²ÈëÏÂÔØÁ´½Ó£¬²¿ÃÅÊÓÆµÔì×÷Á¼ºÃÉõÖÁÅäÓÐÅÔ°×ÒÔ¼ÓÇ¿ÕæÊµ¸Ð£¬ÀÛ¼ÆÅÔ¹Û´ÎÊýÒѳ¬¹ý7,500´Î£»¶þÊÇÀûÓÃSEOͶ¶¾¼¼Êõ£¬Õë¶ÔMeteor Client¡¢Wurst Client¡¢LiquidBounceµÈÈȵãMinecraft¹¤¾ßµÄ¹Ø¼ü´Ê£¬½«¶ñÒâÍøÕ¾ÍÆÖÁËÑË÷Á˾ÖǰÁС£ºÜ¶àÕâÀàºÏ·¨ÏîÄ¿±¾ÎÞ¹Ù·½ÍøÕ¾£¬½öÓÐGitHubÒ³Ãæ£¬Õâ¸ø¹¥»÷Õ߿ɳËÖ®»ú¡£
https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/
3. CISA½«Oracle WebLogic¸ßΣ·ì϶ÁÐÈëÒÑÖªÀûÓÃĿ¼
6ÔÂ2ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©ÓÚÖÜÒ»½«Ó°ÏìOracle WebLogic ServerµÄÒ»¸ö¸ßΣ°²È«·ì϶ÄÉÈëÆäÒÑÖªÀûÓ÷ì϶£¨KEV£©Ä¿Â¼£¬ÔÒòÊǸ÷ì϶Òѱ»·¢ÏÖÔâµ½»ý¼«ÀûÓ᣸÷ì϶±àºÅΪCVE-2024-21182£¬CVSSÆÀ·ÖΪ7.5·Ö£¬ÔÊÐíδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õßͨ¹ýÍøÂç½Ó¼ûȨÏÞÖ±½Ó½ÚÔìÒ×Êܹ¥»÷µÄ·þÎñÆ÷¡£OracleÒÑÓÚ2024Äê7Ô°䲼ÁËÕë¶Ô¸Ã·ì϶µÄ½¨¸´²¹¶¡£¬µ«Ê±¸ô½üÁ½Ä꣬¹¥»÷»î¶¯ÈÔÔÚ³ÖÐø£¬´ÙʹCISA²ÉÈ¡´¹Î£Ðж¯¡£CISAÔÚ²¼¸æÖÐÖ¸³ö£¬Oracle WebLogic´æÔÚÒ»¸öδ¾ßÌåÖ¸Ã÷µÄ·ì϶£¬Î´¾Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýT3¡¢IIOPµÈÍøÂçºÍ̸½Ó¼û·þÎñÆ÷£¬´Ó¶ø¶ÔOracle WebLogic ServerÔì³ÉÑϳÁ·çÏÕ¡£³É¹¦ÀûÓø÷ì϶¿ÉÄܵ¼ÖÂδ¾ÊÚȨ½Ó¼û¹Ø¼üÊý¾Ý£¬ÉõÖÁÆëÈ«»ñÈ¡ËùÓпÉͨ¹ý¸Ã·þÎñÆ÷½Ó¼ûµÄÊý¾Ý¡£Ä¿Ç°ÉÐÎÞ¹«¿ª»ã±¨¾ßÌå×¢Ã÷¸Ã·ì϶ÔÚÏÖʵ¹¥»÷ÖÐÊÇÈôºÎ±»ÀûÓõġ£È»¶ø£¬WebLogic Server´ËǰµÄ¶à¸ö°²È«È±µãÔøÂŴα»¸÷ÀàÍþвÐÐΪÕßÀûÓã¬ÓÃÓÚ×齨½©Ê¬ÍøÂç¡¢ÍÚ¾ò¼ÓÃÜÇ®±ÒÒÔ¼°²¿ÊðÀÕË÷Èí¼þ£¬Òò¶ø±¾´Î·ì϶µÄÏÖʵ·çÏÕ²»ÈݺöÊÓ¡£
https://thehackernews.com/2026/06/oracle-weblogic-cve-2024-21182-added-to.html
4. ΢ÈíExchange OnlineÔâ·ê´ó¹æÄ£ÓʼþÑÓ³¤¹ÊÕÏ
6ÔÂ2ÈÕ£¬Î¢ÈíÔÚ´¹Î£´¦ÖÃһ·ӰÏì±±ÃÀ¡¢ÑÇÌ«µØÓòºÍÅ·ÖÞExchange Online¿Í»§ÓʼþÁ÷¹Ü·µÄÆÕ±é·þÎñÎÊÌâ¡£¸Ã¹«Ë¾ÓÚÃÀ¹ú¶«²¿¹¦·ò6ÔÂ2ÈÕÉÏÎç10:33³õ´ÎÈ·ÈϸÃÊÂÎñ£¨¸ú×Ù±àºÅΪEX1331830£©£¬ÆäʱÒÑÆðÍ·µ÷²éÉ罻ýÌåÉÏ´óÁ¿Óû§Ìá½»µÄ»ã±¨¡£ÊÜÓ°ÏìµÄÓû§ÔÚ·¢ËÍ»ò½Ó¼ûµç×ÓÓʼþʱÓöµ½ÑϳÁÑÓ³¤»òʧ°Ü£¬²¿ÃÅÓû§¿´µ½Ò»Ê±SMTPÑÓ³¤ÃýÎó£¬ÌáÐÑ¡°Ã¿¸ö×ÊÔ´ÁÖµÄ×î´ó²¢·¢ÏνÓÊýÒѳ¬¹ýÏÞ¶È£¬Ôڹعش«Êäͨ·¡±£¬ÁíһЩÓû§ÔòÊÕµ½¡°ÏνӺöÈ»¹Ø¹Ø£¨¿ÉÒɵÄÔ¶³Ì·þÎñÆ÷ÃýÎ󣩡±µÄÐÂÎÅ¡£Î¢Èí°µÊ¾£¬ÓÐЩµç×ÓÓʼþ³¬¹ýÒ»¸öÓ×ʱÈÔδͶµÝ£¬¹¤³ÌʦÔÚÉó²éÓйػ㱨ÒÔÕÒ³öµ××ÓÔÒò¡£¸Ã¹«Ë¾Òѽ«Õâ´ÎÊÂÎñ¹éÀàΪ¡°ÊÂÎñ¡±£¬ÕâÒ»¼¶±ðͨ³£ºÏÓÃÓÚ¶ÔÓû§Ôì³ÉÏÔÖøÓ°ÏìµÄ¹Ø¼ü·þÎñÎÊÌâ¡£Ëæ×ŹÊÕϳÖÐø£¬Î¢Èí²»ÐÝÀ©´óÓ°ÏìÁìÓòµÄÆÀ¹À¡£×î³õ¼¯ÖÐÔÚ±±ÃÀºÍµÂ¹úµØÓòµÄ»ã±¨´Ùʹ¹«Ë¾À©´óµ÷²é£¬ËæºóÈ·ÈÏÑÇÌ«µØÓòºÍÅ·ÖÞµÄÓû§Í¬ÑùÊܵ½²¨¼°¡£Î¢ÈíÔÚÖÎÀíÖÐÐÄ·þÎñ¾¯±¨ÖаµÊ¾£¬ÔÚ·ÖÎöÊÜÓ°ÏìµØÓòµÄÓʼþ¶ÓÁлýѹÇé¿ö£¬ÒÔ½øÒ»²½Ïàʶµ±Ç°Ó°Ïì²¢ÕÒ³öDZÔÚ¹ÊÕϵ㡣½ØÖÁĿǰ£¬¸Ã¹«Ë¾ÒÑÀ©´ó¹µÍ¨ÁìÓòÒÔ¸²¸ÇËùÓпÉÄÜÊÜÓ°ÏìµÄÓû§£¬µ«ÉÐδ°ä²¼ÆëÈ«¸´ÔµÄ¹¦·ò±í¡£
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/
5. ºÚ¿ÍÀûÓÃMeta AI¿Í·þ³É¹¦½Ù³ÖInstagramÕË»§
6ÔÂ2ÈÕ£¬¶àÃûInstagramÓû§½üÈÕÔâ·êÕË»§±»µÁ£¬¹¥»÷Õß²ÉÈ¡ÁËÒ»ÖÖÐÂÏʶøµ¥Ò»µÄ¼¿Á©£¬³É¹¦Ëµ·þÁËMetaµÄÈËΪÖÇÄÜÖ§³Ö¹¤¾ß£¬Ê¹ÆäÏàÐÅ×Ô¼º¾ÍÊǺϷ¨µÄÕË»§ËùÓÐÕß¡£ÊÜÓ°ÏìµÄÓû§ÖÐÔ̺¬ÔøÊôÓڰ°ÍÂí°×¹¬ÍŶӵľÉÕ˺š¢ÀûÓÃ×êÑÐÔ±Jane Manchun WongµÄÕË»§£¬ÒÔ¼°@heyºÍ@kornµÈº±¼û¸ß¼ÛÖµÕË»§¡£¸üÁîÈËÓÇÓôµÄÊÇ£¬ºÜ¶àÊܺ¦ÕßÎÞ·¨¸´Ô½Ó¼ûȨÏÞ£¬ÓÉÓÚMetaƽ̨½öÒÀÀµ×Ô¶¯»¯AI»ò̸Ìì»úеÈËÌṩÐÖú£¬ÏÕЩûÓÐÈËΪ֧³ÖÈËԱȾָ¡£ÕË»§½Ù³Ö¹ý³Ì²¢²»¸´ÔÓ¡£¹¥»÷ÕßÊ×ÏÈÀûÓá°½¡ÍüÃÜÂ롱ְÄÜ£¬´¥·¢InstagramµÄAI¸±ÊÖÒªÇóÓû§ÉÏ´«×ÔÅÄÊÓÆµ½øÐÐÉí·ÝÑéÖ¤¡£´Ëʱ£¬¹¥»÷Õß´ÓÖ¸±êÕË»§ÖлñÈ¡¹«¿ªÕÕÆ¬£¬Í¨¹ýAIÊÓÆµÌìÉúÆ÷½«ÆäÔì×÷³É¶¯Ì¬ÊÓÆµ£¬¶øºóÉÏ´«¸øMetaµÄϵͳ¡£ÓÉÓÚMetaµÄAIÎÞ·¨ÓÐЧ·Ö±æÕæÊµ×ÔÅÄÓëÈËΪÖÇÄÜÌìÉúµÄαÔìÃæ²¿ÊÓÆµ£¬ÑéÖ¤±ã˳Àûͨ¹ý¡£Ñé֤ͨ¹ýºó£¬¹¥»÷ÕßÄܹ»¸ü¸ÄÕË»§¹ØÁªµÄµç×ÓÓʼþµØÖ·¡£Ëæºó£¬ËûÃÇÔÙ´ÎÌáÒéÃÜÂë³ÁÖÃÁ÷³Ì£¬°²È«´úÂë±ã»á·¢Ë͵½¹¥»÷Õß½ÚÔìµÄÓÊÏäÖУ¬´Ó¶ø³¹µ×ÊÕÊÜÕË»§¡£²¿ÃŹ¥»÷Õß»¹»áʹÓÃVPN¼Ù×°³ÉÖ¸±êÓû§³£ÓõĵØÀíµØÎ»£¬ÒÔ´¥·¢¸ü¸´ÔӵĵǼÁ÷³Ì²¢¼ÓÇ¿ºýŪÐÔ¡£
https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/
6. GrindrÓû§Êý¾ÝÔâÇÔ£¬ÂÛ̳±ê¼Û400ÃÀÔªÏúÊÛ
6ÔÂ2ÈÕ£¬¾Ý³ÆÔ̺¬´óÁ¿GrindrÓû§Ó×ÎÒÐÅÏ¢µÄÊý¾Ý¼¯½üÈճʴ˿ÌÍøÂç·¸×ïÂÛ̳ÉÏ£¬¹¥»÷ÕßÐû³ÆÒÑÇÔÈ¡´óÁ¿Ãô¸ÐÊý¾Ý²¢Õý¹ÒÅÆÏúÊÛ¡£ÍøÂçÐÂÎÅ×êÑÐÈËÔ±ÒÑÉó²éÁ˹¥»÷Õß·ÖÏíµÄ18ÌõÑù±¾¼Í¼£¬È·ÈÏй¶ÐÅÏ¢Ô̺¬£ºÈ«Ãû¡¢µ®ÉúÈÕÆÚ¡¢Óû§Ãû¡¢bcryptÃÜÂë¹þÏ£¡¢¾SHA256¹þÏ£´¦Öõĵ绰ºÅÂë¡¢¾ßÌåµÄÓ×ÎÒ×ÊÁÏÃèÊö¡¢µØÀíµØÎ»Êý¾Ý¡¢ÕË»§¹¦·ò´ÁÒÔ¼°É豸ÐÅÏ¢¡£Ñù±¾ÖеIJ¿Ãʦ·ò´Á¼«¶Èнü£¬×îÐÂÌõ¿î¿É×·ÒäÖÁ2026Äê5Ô£¬Åú×¢¸ÃÊý¾Ý¼¯¿ÉÄܲ¢·Ç´¿ÕýµÄº¹ÇàÊý¾Ý£¬¿ÉÄÜÔ̺¬ÔÚ¸üлò×î½üÌìÉúµÄ¼Í¼¡£×êÑÐÈËÔ±»¹°ÑÎȵ½£¬Ñù±¾ÖеĴóÎÞÊýµç×ÓÓʼþµØÖ·ËƺõÓÐЧ£¬ÇÒûÓм£ÏóÏÔʾÀàËÆÊý¾Ý¼¯ÒÑÔÚÆäËû´¦Ëù¿í·º´«²¼¡£¹¥»÷Õß²¢Î´Ð¹Â©Êý¾Ý¼¯ÖÐÔ̺¬µÄ¼Í¼×ÜÊý£¬µ«¸ÃÊý¾Ý¼¯µÄ±ê¼Û½öΪԼ400ÃÀÔª¡£×êÑÐÈËÔ±ÒÔΪ£¬ÕâÒ»Ïà¶Ô½ÏµÍµÄ¼ÛÖµ¿ÉÄܰµÊ¾Êý¾Ý¼¯¹æÄ£½ÏÓ×»òÁìÓò½ÏÕ£¬¶ø·Ç´ó¹æÄ£Êý¾Ýй¶¡£Êý¾Ý¿ÉÄÜÆðÔ´ÓÚÒѱ»µÁÓõÄÕË»§£¬»ò´Ó´¦ÖÃGrindrÊý¾ÝµÄµÚÈý·½·þÎñÉÌ´¦»ñÈ¡¡£ÃÜÂë¹þÏ£ÖµµÄ´æÔÚÏÔÖøÔö³¤ÁËй¶ÊÂÎñµÄ·çÏÕ£¬¹¥»÷Õß¿Éͨ¹ýÀëÏßÆÆ½â³¢ÊÔ»¹ÔÃÜÂ룬ÌáÒéײ¿â¹¥»÷¡£
https://cybernews.com/security/grindr-user-data-leak-claims/


¾©¹«Íø°²±¸11010802024551ºÅ