¾¯ÌèFortiSandboxÈý¸ö¸ßΣ·ì϶Õý±»»ý¼«ÀûÓÃ

°ä²¼¹¦·ò 2026-06-18
1. ¾¯ÌèFortiSandboxÈý¸ö¸ßΣ·ì϶Õý±»»ý¼«ÀûÓÃ


6ÔÂ16ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Defused CyberÔڶ̶Ì24Ó×ʱÄÚÈ·ÈÏ£¬FortinetÆìÏÂɳÏä·ÖÎö²úÆ·FortiSandbox¼°ÆäÔÆºÍPaaS°æ±¾ÖÐÈý¸ö¸ßΣ·ì϶Õý±»»ý¼«ÀûÓã¬ÕâÈý¸ö·ì϶±ðÀëΪCVE-2026-39813¡¢CVE-2026-39808ºÍCVE-2026-25089£¬¾ùÉæ¼°Î´¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´Ðлòõè¾¶±éÀú·çÏÕ£¬¹¥»÷ÕßÖ»Ðè·¢Ë;«ÐÄ»ú¹ØµÄHTTPÒªÇó¼´¿ÉÈÆ¹ýÉí·ÝÑéÖ¤¡¢Ö´ÐвÙ×÷ϵͳºÅÁî»ò¶ÁÈ¡ËÁÒâÎļþ¡£Ç°Á½¸ö·ì϶CVSSÆÀ·Ö±ðÀëΪ9.1ºÍ9.8£¬²¹¶¡ÒѰ䲼Á½¸öÔ£¬µ«´óÁ¿ÏµÍ³ÈÔδ¸üУ¬µ¼Ö¹¥»÷ÕßÓлú¿É³Ë£»¶øµÚÈý¸ö·ì϶CVE-2026-25089Ó°ÏìÁìÓò¸ü¹ã£¬¸²¸ÇFortiSandbox¡¢FortiSandbox CloudºÍFortiSandbox PaaSµÄWeb UI£¬Í¬ÑùÊôÓÚOSºÅÁî×¢È루CWE-78£©£¬¹Ù·½ÉÏÖܲŰ䲼½¨¸´²¹¶¡£¬È´Òѱ»ÓÃÓÚÏÖʵ¹¥»÷³¡¾°¡£¸üÁîÈ˾¯ÌèµÄÊÇ£¬Defused Cyber×êÑÐÈËԱƾ¾Ý¹¥»÷´úÂëµÄÌØµã´§Ä¦£¬CVE-2026-25089µÄÀûÓ÷¨Ê½ºÜ¿ÉÄÜÊǽèÖúÈËΪÖÇÄÜÄ£ÐÍ¿ª·¢µÄ£¬´úÂë½á¹¹´æÔÚÏÔÖøµÄÈËΪÖÇÄÜÌìÉúºÛ¼££¬ÇÒÔ̺¬Èô¸ÉÂß¼­È±µã£¬²¢·Ç¾«ÐÄÓÅ»¯µÄÊÖ¹¤±àдÑù±¾¡£


https://securityaffairs.com/193709/ai/fortinet-warned-as-three-critical-fortisandbox-bugs-come-under-attack.html


2. FortiBleedÆØ¹âÈ«Çò³¬7Íǫ̀FortinetÉ豸ʹ´¦


6ÔÂ17ÈÕ£¬½üÆÚÆØ¹âµÄ¡°FortiBleed¡±Êý¾Ýй¶ÊÂÎñ£¬½ÒʾÁËÈ«Çò73,932¸ö×éÖ¯»ú¹¹µÄFortinetºÍFortiGate VPNÍ´´¦±»´ó¹æÄ£ÇÔÈ¡¡£¸ÃÊÂÎñÓɰ²È«×êÑÐÔ±±«²ª¡¤µÏÑÇÇÙ¿Æ£¨Bob Diachenko£©Ê×ÏÈ·¢ÏÖ£¬ËûÔÚһ̨ÒⱩ¶³öÓÚ¹«ÍøµÄ·þÎñÆ÷ÉÏ·¢ÏÖÁËÒ»¸öÔ̺¬´óÁ¿¿´ËÆÓÐЧµÄFortinet VPNÍ´´¦µÄÊý¾Ý¿â£¬ÆäÖÐÔ̺¬Óû§Ãû¡¢µç×ÓÓʼþµØÖ·ºÍÃ÷ÎÄÃÜÂë¡£¾ÝµÏÑÇÇÙ¿Æ·ÖÏíµÄÐÅÏ¢£¬ÊÜÓ°ÏìµÄÆóÒµºÍ×éÖ¯±é²¼È«Çò£¬º­¸ÇÑ©·ðÁú¡¢ÈýÐÇ¡¢¸»Ê¿¿µ¡¢¿µ¿¨Ë¹ÌØ¡¢AT&T¡¢Ã·ÈüµÂ˹-±¼ÌÚ¡¢·áÌïµÈ¶à¶à³ÛÃû¹«Ë¾¼°µ±¾Ö»ú¹¹¡£µÏÑÇÇٿƽøÒ»´ëÊ©²éºóй©£¬Õâ´Î¹¥»÷ÒÉËÆÓÉÒ»¸ö½²¶íÓïµÄ¶à×éÖ¯Íþв¼¯ÍÅÖ´ÐС£¸Ã¼¯ÍŶÔÔ¼320,777¸öFortiGateÖ¸±ê½øÐÐÁËÔ¼11.6ÒÚ´ÎÆ¾Ö¤³¢ÊÔ£¬²¢¶Ô³¬¹ý16Íò¸öMicrosoft SQL ServerϵͳÌáÒéÁËÔ¼21Òڴι¥»÷¡£¹¥»÷Õß»¹À¹½ØÁËSSL VPNÉí·ÝÑéÖ¤¹þÏ£Öµ£¬ÀûÓÃÖØ´óµÄGPU¼¯Èº½øÐÐÆÆ½â£¬²¢Ê¹Óø´Ô­µÄÍ´´¦ºáÏòÒÆ¶¯µ½ÄÚ²¿Active Directory»·¾³ÖС£Íþвµý±¨¹«Ë¾Hudson RockÔÚ·ÖÎöÊý¾Ýºó°µÊ¾£¬ÕâÊÇÒÑÖª×î´óµÄFortinetÓйØÐ¹Â¶Í´´¦¿âÖ®Ò»£¬º­¸Ç194¸ö¹ú¶È/µØÓòµÄ73,932¸ö¹ÖÒì·À»ðǽURL£¬Éæ¼°21,632¸ö¶ÀÁ¢ÓòÃû¡£


https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/


3. CISA½«Joomla JCE¸ßΣ·ì϶ÁÐÈëKEVĿ¼


6ÔÂ17ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ½«Widget Factory¿ª·¢µÄJoomlaÄÚÈݱà×ëÆ÷£¨JCE£©À©´óÖеÄÒ»¸öÑϳÁ·ì϶£¨±àºÅCVE-2026-48907£¬CVSSÆÀ·ÖΪÂú·Ö10.0£©ÄÉÈëÆäÒÑÖª¿ÉÀûÓ÷ì϶£¨KEV£©Ä¿Â¼¡£¸Ã·ì϶ÊôÓÚ½Ó¼û½ÚÔì²»µ±ÎÊÌ⣬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßΪÐÂÓû§´´½¨±à×ëÆ÷ÅäÖÃÎļþ£¬½ø¶øÏò·þÎñÆ÷ÉÏ´«ËÁÒâPHPÎļþ²¢Ö´ÐжñÒâ´úÂ룬´Ó¶øÊµÏÖÆëÈ«½ÚÔìÖ¸±êÍøÕ¾¡£CISAÔÚ°²È«²¼¸æÖÐÃ÷È·ÖҸ棬¸Ã·ì϶ӰÏìJCE°æ±¾1.0.0ÖÁ2.9.99.4£¬Ä¿Ç°Òѱ»Ò°±í»ý¼«ÀûÓ㬹ÌÈ»¾ßÌå¹¥»÷ϸ½ÚÉÐδ¹«¿ª£¬µ«¼øÓÚCVSSÆÀ·Ö´ïµ½×î¸ß·çÏյȼ¶£¬ÆäDZÔÚ·çÏÕ¼«´ó¡£¸Ã·ì϶ÒÑÓÚ2026Äê6ÔÂ3ÈÕ°ä²¼µÄ2.9.99.5°æ±¾Öеõ½½¨¸´£¬Joomla¹Ù·½Ç¿ÁÒ½¨ÒéËùÓÐЧ»§Á¢¼´¸üÐÂÖÁ¸Ã°æ±¾»ò¸ü¸ß°æ±¾¡£ÓÉÓÚ¹¥»÷Õß¿ÉÄÜÒÑÀûÓø÷ì϶ÔÚδ´ò²¹¶¡µÄÍøÕ¾ÉÏÖ²ÈëºóÃÅ»òWeb Shell£¬µ¥´¿¸üв¢²»ÄܶϸùÒѱ»ÈëÇÖµÄϵͳ£¬ÍøÕ¾ÖÎÀíÔ±»¹Ðè½áºÏÈëÇÖÖ¸±ê£¨IoC£©½øÐг¹µ×ÅŲ飬Ô̺¬²é³­Òì³£Îļþ¡¢·ÇÊÚȨÖÎÀíÔ¹ØË»§ÒÔ¼°¿ÉÒɵÄÈÕÖ¾¼Í¼µÈ¡£Æ¾¾ÝCISAÓµÓÐÔ¼ÊøÁ¦µÄ²Ù×÷Ö¸ÁBOD£©22-01£¬Áª¹úÃñÊÂÐÐÕþ·ÖÖ§£¨FCEB£©»ú¹¹±ØÐëÔÚ6ÔÂ19ÈÕ֮ǰʵÏÖ²¹¶¡²¿Êð»ò²ÉÈ¡µÈЧ»º½â´ëÊ©¡£


https://securityaffairs.com/193775/hacking/u-s-cisa-adds-widget-factory-joomla-content-editor-jce-flaw-to-its-known-exploited-vulnerabilities-catalog.html


4. ÊÀ½ç±­ÆÚ¼ä40Óà¸öÐéαÁ÷ýÌåÍøÕ¾·ºÀÄ


6ÔÂ16ÈÕ£¬°²È«¹«Ë¾MalwarebytesµÄ×êÑÐÔ±½üÈÕ·¢ÏÖ£¬ÍøÂçÉϳöÏÖÁ˳¬¹ý40¸öÏÕЩÆëȫһÑùµÄÊÀ½ç±­Æ·ÅÆÓòÃû£¬ÕâÐ©ÍøÕ¾¹²ÏíÒ»ÑùµÄÒ³ÃæÄ£°å¡¢´úÂëºÍ¸æ°×ÍøÂ磬רÃÅÕë¶Ô¼±ÓÚÅÔ¹ÛÈüʵÄÇòÃÔ¡£¹ÌÈ»¹Ù·½½¨Òé¹Û¶àʹÓÃÃâ·ÑµÄºÏ·¨¹ã²¥¹«Ë¾ºÍÁ÷ýÌå·þÎñ£¬µ«ºÜ¶à¸Ï¹¦·ò»òÉí´¦ÒìµØµÄÇòÃÔÈÝÒ×±»ÕâЩ¿´ËÆÌṩ¸ßÇåÖ±²¥¡¢¶à·þÎñÆ÷ºÍ½ÇÖ𹦷ò±íµÄÍøÕ¾ËùÎüÒý¡£È»¶ø£¬ÕâÐ©Ò³ÃæÏÖʵÉÏÖ»ÊDZêÌâµ³£¬ÒªÃ´Ç¶ÈëµÚÈý·½µÁ°æÄÚÈÝ£¬ÒªÃ´µ××ÓÎÞ·¨Ìṩ¿É²¥·ÅµÄÖ±²¥Á÷£¬Óû§Ê±Ê±ÏÝÈë¡°¼ÓÔØÁ÷¡±ºÍ¡°³ÁÊÔ¡±µÄÎÞÏÞÑ­»·ÖУ¬²»Ðݵã»÷ȴʼÖÕ¿´²»µ½½ÇÖ𡣸üΣÏÕµÄÊÇ£¬°µ²ØµÄ¿Éµã»÷µþ¼Ó²ãʹµÃ¼´±ãÓû§µã»÷ÊÓÆµ²¥·ÅÆ÷ÇøÓò£¬Ò²¿ÉÄÜ´¥·¢¶ñÒâ¸æ°×£¬¶ø·ÇÕæÕýµÄÖ±²¥ÄÚÈÝ¡£Æ­×Ó²¢²»Ö¸Íû·Ã¿ÍÏÖʵÅÔ¹Û½ÇÖ𣬶øÊÇͨ¹ýÉè¼ÆÈÃÓû§³ÖÐøµã»÷À´»ñÈ¡¸æ°×ÊÕÈë¡£Ò³ÃæÉϵĵÚÒ»´Îµã»÷ͨ³£»á±»½Ù³Ö£¬ÔÚбêǩҳÖдò¿ª¸æ°×£¬¶ûºóÿһ²½²Ù×÷³ÇÊд¥·¢¸ü¶à¸æ°×£¬ÉõÖÁ¡°²¥·Å¡±°´Å¥»¹»á͵͵¼ÓÔØ1¡Á1ÏñËØµÄ²»Ë½¼û¸æ°×£¬²¢´ò¿ªÆäËû½ö¹©²úÉú¸¶·Ñä¯ÀÀÁ¿µÄ±êǩҳ¡£ÕâÖÖÕ½ÊõÓµÓÐÏÔÖøµÄ¸æ°×Ú²Æ­ÌØµã£¬¶øÓû§³ÉÁ˾ø²»ÖªÇéµÄÁ÷Á¿Êܺ¦Õß¡£ËùչʾµÄ¸æ°×´ó¶àÓëÌåÓýÎ޹أ¬Ô̺¬¼Ù×°µÄ̸Ìì֪ͨ¡¢¼ÓÃÜÇ®±Ò´òËã¡¢¿ÕͶ¡¢È¦Ì×ÓÎÏ·ÒÔ¼°¸ß»Ø±¨Í¶×ÊÏÝÚåµÈ¡£


https://cybernews.com/security/40-world-cup-streaming-sites-serving-scams/


5. Èðµä545Íò¹«ÃñÊý¾Ý±»ÆØÐ¹Â¶


6ÔÂ16ÈÕ£¬½üÆÚ£¬µØÏºڿÍÂòÂôƽ̨ÉϳöÏÖÁËÒ»¸ö¾Ý³ÆÔ̺¬´óÁ¿Èðµä¹«ÃñÊý¾ÝµÄÊý¾Ý¼¯£¬¹¥»÷ÕßÐû³ÆÍ¨¹ý¶ÔÒ»¼ÒÆóÒµµÄºÚ¿Í¹¥»÷»ñÈ¡ÁËÕâЩÃô¸ÐÐÅÏ¢£¬ÊÜÓ°ÏìÈËÊý³¬¹ý545.2Íò£¬Ô¼Õ¼Èðµä×ÜÈ˶¡µÄÒ»°ë¡£¾Ý³ÆÐ¹Â¶Êý¾Ýº­¸ÇÓ×ÎÒÉí·ÝÐÅÏ¢¡¢µØÀíµØÎ»Êý¾ÝºÍ·¿²úÓйØÊý¾Ý£¬ÆðԴΪÌṩóÒ×ÁªÏµ·½Ê½ºÍµØÖ··Ö·¢·þÎñµÄÍøÕ¾ilait.seºÍadressfakta.se¡£¾­×êÑÐÍŶÓÉó²éÊý¾ÝÑù±¾ºóÈ·ÈÏ£¬Ð¹Â¶ÐÅÏ¢ÖØÒªÔ̺¬È«Ãû¡¢¼ÒͥסַºÍµç»°ºÅÂëµÈ¸ù»ùÓ×ÎÒÉí·ÝÐÅÏ¢¡£È»¶ø£¬¸ÃÊÂÎñµÄÏÖʵÑϳÁÐÔÈÔ´æÔڽϴóÕùÒé¡£Èðµä³Ö¾ÃÒÔÀ´·îÐÐÐÅÏ¢¹«¿ª×¼Ôò£¬ºÜ¶àÀà´ËÍâÓ×ÎÒºÍÆóÒµÊý¾Ý¾ù¿ÉºÏ·¨´Ó¹Ù·½µÇ¼Ç´¦»ò¹«¹²¼Í¼ÖлñÈ¡£¬Ô̺¬È«Ãû¡¢µÇ¼ÇµØÖ·¡¢µ®ÉúÈÕÆÚ¡¢ÊÕÈ롢˰ÎñÐÅÏ¢ºÍµç»°ºÅÂëµÈ¡£Òò¶ø£¬×êÑÐÈËÔ±Ö¸³ö£¬¹¥»÷Õß¹ØÓÚ¡°ÈëÇÖÈðµä¹«Ë¾¡±µÄ˵·¨ºÜ¿ÉÄܱ»¿ä´ó£¬ÕâЩÊý¾Ý¸ü¿ÉÄÜÀ´×Ô¹«¿ªºÏ·¨Çþ·µÄ¾ÛºÏ¶ø·Ç±í²¿ºÚ¿Í¹¥»÷¡£´Ë±í£¬Êý¾Ý¼¯ÖнöÓÐ18ÌõÑù±¾¼Í¼Ç峺¿É±æÇÒǰºóÒ»Ö£¬ÎÞ·¨¾Ý´ËºËʵËùνΥ¹æÐÐΪµÄÈ«ÊýÁìÓòºÍÕæÊµÐÔ¡£Ö»¹Üй¶ÐÅÏ¢×ÔÉíµÄÃô¸Ð¶Å×ÐÏÞ£¬µ«¾ÛºÏºóµÄÊý¾Ý¹æÄ£ÈÔ×é³ÉDZÔÚ·çÏÕ¡£


https://cybernews.com/security/sweden-data-breach-5-million-citizens/


6. 240ÒڱʼͼÔâй¶£¬Ê·ÉÏ×î´ó¹æÄ£Æ¾Ö¤Êý¾ÝÆØ¹â


6ÔÂ17ÈÕ£¬Cybernews×êÑÐÍŶÓÓÚ6ÔÂ12ÈÕ·¢ÏÖÁËÒ»¸ö¶³öÔÚ¹«ÍøµÄElasticsearch¼¯Èº£¬ÆäÖд洢Á˳¬¹ý8.3TBµÄÊý¾Ý£¬×ܼÆÔ¼240Òڱʼͼ£¬Õâ¿ÉÄÜÊÇÆù½ñΪֹ·¢ÏÖµÄ×î´ó¹æÄ£Êý¾Ýй¶ÊÂÎñÖ®Ò»¡£¾­·ÖÎö£¬¾ø´óÎÞÊýй¶¼Í¼ΪÐÅÏ¢ÇÔÈ¡ÈÕÖ¾£¬¼´ÒÔÃ÷ÎÄ´ó¾ÖÔ̺¬Óû§Ãû¡¢ÃÜÂë¼°¶ÔÓ¦·þÎñURLµÄÃô¸Ðƾ֤¡£ÓÉÓÚÊý¾ÝÒѹ«¿ªÐ¹Â¶£¬ÊýÊ®ÒÚÊÜÓ°ÏìÕË»§Ãæ¶Ô±»µÁÓ÷çÏÕ£¬ÓÈÆäÊÇδÆôÓöà³É·ÖÈÏÖ¤µÄÕË»§¡£Õâ´Îй¶µÄÊý¾ÝÀ´×Ô36¸ö·ÖÆçÆðÔ´£¬ÆäÖг¬¹ý30¸öΪÓëÍøÂç·¸×ïÓйصÄTelegramƵ·£¬¼Í¼ÊýÁ¿´ÓÊýǧµ½ÊýÒÚ²»µÈ£¬´óÎÞÊýʹÓÃÓ¢Ó²¿ÃÅʹÓöíÓï¡£¾Ý³ÆÓг¬¹ý17ÒڱʼͼÀ´×ÔÕâЩƵ·£¬ÆäÖÐÒ»¸öÒÔ¡°Darkside¡±¶¨ÃûµÄƵ·¹±Ï×Á˽ü2.6Òڱʼͼ¡£´Ë±í£¬Ô¼226ÒڱʼͼÀ´×ÔËùν¡°¼¯ÖÓ×±£¬ÕâЩ¿ÉÄÜÔ´ÓÚÒÔÍù¸÷ÀàÐÅÏ¢ÇÔÈ¡ÕßÊý¾ÝµÄ»ã×Ü£»»¹ÓÐ1.46ÒÚÌõÀ´×Ô¡°Ð¹Â¶»ã±à×éºÏ¡±£¬1.5ÒÚÌõΪ¡°±¾µØÊý¾Ý¿âת´¢¡±£¬°µÊ¾¿ÉÄÜÀ´×ÔÖ±½Ó·þÎñÆ÷µ¼³ö¡£·´¹Û¹æÄ£×îÓ׵įðÔ´¡°Redline stealer¡±½öº¬27±Ê¼Í¼¡£ÖµµÃ¹Ø×¢µÄÊÇ£¬¼¯ÈºÖл¹Ô̺¬Ô¼17,000Ìõ¼«¶È¹æ¼Í¼£¬º­¸ÇCVE·ìϼûèÊö¼°GitHubÁ´½Ó¡¢ÍøÂ簲ȫÐÂÎÅÎÄÕºÍÉ罻ýÌåÌû×Ó£¬¹¦·òÖ¸Ïò2026Äê2Ô£¬Åú×¢Êý¾ÝËùÓÐÕß³ÖÐø¸ú×Ù°²È«¾ÖÊÆÒÔÀ©³äÆäÊý¾Ý¿â¡£


https://cybernews.com/security/24-billion-credentials-data-leak/