AryStinger½©Ê¬ÍøÂçÈëÇÖËÄǧÓą̀ÀϾÉ·ÓÉÆ÷
·¢²¼Ê±¼ä 2026-06-236ÔÂ21ÈÕ£¬ÍøÂ簲ȫÑо¿ÍŶÓǧÐÅXLab½üÈÕÅû¶ÁËÒ»¸ö´Ëǰδ±»¼Ç¼µÄ¶ñÒâÈí¼þ½©Ê¬ÍøÂçAryStinger¡£¸Ã¶ñÒâÈí¼þÒѳɹ¦ÈëÇÖ³¬¹ý4000̨¹ýʱµÄ·ÓÉÆ÷£¬½«Æäת±äΪԶ³Ì¿ØÖƵġ°Ö´ÐÐÆ÷¡±£¬ÓÃÓÚ´úÀí¶ñÒâÁ÷Á¿¡¢Ö´ÐÐɨÃè¡¢ËíµÀͨÐż°ÃüÁîÔËÐеȲÙ×÷¡£¹¥»÷ÕßÀûÓ÷ֲ¼Ê½Éè¼Æ£¬½«´ó¹æÄ£É¨ÃèÈÎÎñ²ð·ÖΪ¶à¸öС¿é£¬·Ö·¢¸ø²»Í¬Ö´ÐÐÆ÷²¢ÐÐÖ´ÐУ¬´Ó¶ø¸ßЧÍê³ÉÔçÆÚ¡°×ã¼£ÊÕ¼¯¡±£¬ÎªºóÐøÉîÈëÈëÇֵ춨»ù´¡¡£¸üΣÏÕµÄÊÇ£¬AryStinger²»½öÄÜÀûÓñ»¿ØÉ豸×÷ÎªÌø°å£¬»¹ÄÜ´Û¸ÄDNSÉèÖ㬽ٳÖÓû§ä¯ÀÀ»î¶¯£¬²¢¾²Ä¬¼à¿ØÉõÖÁÇÔÈ¡ËùÓÐÈëÕ¾ºÍ³öÕ¾ÍøÂçÁ÷Á¿£¬¶ÔÓû§Òþ˽ºÍÍøÂ簲ȫ¹¹³ÉÑÏÖØÍþв¡£¸Ã¶ñÒâÈí¼þÖ÷ÒªÀûÓÃCVE-2013-3307¡¢CVE-2016-5681ºÍCVE-2025-11837µÈ½ÏÔç©¶´£¬ÖصãÕë¶ÔD-Link DIR-850LºÍDIR-818LWÁ½¿îÒÑÍ£²úµÄ·ÓÉÆ÷Ðͺţ¬ÕâÁ½¿îÉ豸´ËÇ°Ò²ÔøÊÇAVrecon½©Ê¬ÍøÂçµÄ¹¥»÷Ä¿±ê¡£XLabÑо¿ÈËÔ±·¢ÏÖÁËAryStingerµÄÁ½¸ö±äÖÖ£º»ùÓÚCÓïÑԵİ汾Ö÷ÒªÕë¶ÔÀϾÉ·ÓÉÆ÷£¬¶ø»ùÓÚGoÓïÑԵİ汾ÔòרעÓÚÍøÂ總¼Ó´æ´¢£¨NAS£©ÏµÍ³¡£
https://www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/
2. ΢ÈíÈ·ÈÏSapphire SleetÖ÷µ¼Mastra AI¹©Ó¦Á´¹¥»÷
6ÔÂ20ÈÕ£¬Î¢Èí½üÈÕÕýʽ½«Ò»Æð²¨¼°140Óà¸önpmÈí¼þ°üµÄ´ó¹æÄ£¹©Ó¦Á´¹¥»÷ʼþ£¬¹é¾ÌÓÚ³¯Ïʹú¼ÒÖ§³ÖµÄºÚ¿Í×éÖ¯Sapphire Sleet£¨ÓÖÃûBlueNoroff£©¡£¾Ý΢ÈíÅû¶£¬¹¥»÷ʼÓÚÒ»Ãû³Æ×÷¡°ehindero¡±µÄnpmά»¤ÕßÕË»§±»¹¥ÆÆ£¬¸ÃÕË»§ÓµÓжÔ@mastra×÷ÓÃÓòÄÚÈí¼þ°üµÄ·¢²¼È¨ÏÞ¡£¹¥»÷ÕßÀûÓôËȨÏÞÅúÁ¿·¢²¼Á˳¬¹ý140¸ö¶ñÒâ¸üа汾£¬²¢ÔÚÆäÖÐ×¢ÈëÁËÒ»¸öÃûΪ¡°easy-day-js¡±µÄÒÀÀµÏî¡£Ò»µ©¿ª·¢Õß°²×°±»¸ÐȾµÄ°ü£¬¶ñÒâÒÀÀµÏî±ã»á´¥·¢°²×°ºó¹³×Ó£¬Ö´ÐÐÒ»¶Î»ìÏýµÄͶµÝ½Å±¾£¬¸Ã½Å±¾Ê×ÏȽûÓô«Êä²ã°²È«£¨TLS£©Ö¤ÊéÑéÖ¤£¬ËæºóÁ¬½ÓÖÁ¹¥»÷Õß¿ØÖƵÄÃüÁîÓë¿ØÖÆ£¨C2£©·þÎñÆ÷£¬ÏÂÔØ²¢Ö´Ðеڶþ½×¶ÎµÄÓÐÐ§ÔØºÉ£¬ÇÒÒÔ·ÖÀëµÄÒþ²Ø½ø³ÌÔËÐÐÒÔ¹æ±Ü¼ì²â¡£µÚ¶þ½×¶ÎµÄÓÐÐ§ÔØºÉ±»È·ÈÏΪһ¿î¹¦ÄÜÇ¿´óµÄ¿çƽ̨ÐÅÏ¢ÇÔÈ¡³ÌÐò£¬×¨ÃÅÕë¶ÔWindows¡¢LinuxºÍmacOSϵͳ¡£¸Ã³ÌÐò»áÈ«ÃæÊÕ¼¯Ö÷»úÐÅÏ¢¡¢ä¯ÀÀÆ÷ÀúÊ·¼Ç¼¡¢ÒѰ²×°Ó¦ÓóÌÐòºÍÕýÔÚÔËÐеĽø³Ì£¬²¢ÖصãɨÃè166ÖÖ¼ÓÃÜ»õ±ÒÇ®°üä¯ÀÀÆ÷À©Õ¹¡£ÎªÊµÏÖ³Ö¾ÃפÁô£¬¶ñÒâÈí¼þ¸ù¾Ý²»Í¬²Ù×÷ϵͳ²¿ÊðÁËÏàÓ¦µÄ×ÔÆô¶¯»úÖÆ¡£
https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
3. µÃÖÝÕþ¸®Êý¾Ýй¶²¨¼°³¬300Íò¼ÝÕÕ³ÖÓÐÕß
6ÔÂ21ÈÕ£¬ÃÀ¹úµÃ¿ËÈøË¹Öݹ«Ô°ÓëÒ°Éú¶¯Îï¹ÜÀí¾Ö£¨TPWD£©½üÈÕÅû¶һÆðÖØ´óÊý¾Ýй¶Ê¼þ£¬ÒòÍⲿÐí¿É֤ϵͳ¹©Ó¦ÉÌÔâδÊÚȨ·ÃÎÊ£¬µ¼Ö³¬¹ý308ÍòÃûá÷ÁÔ¼°µöÓãÐí¿ÉÖ¤³ÖÓÐÕߵĸöÈËÐÅÏ¢±©Â¶¡£´Ë´ÎÈëÇÖÓɵÃÖÝÍøÂç˾ÁÂÊÏÈ·¢ÏÖ²¢Õ¹¿ªµ÷²é£¬È·ÈÏÉç±£ºÅÂë¡¢³öÉúÈÕÆÚ¼°ÐÅÓÿ¨µÈ²ÆÎñÊý¾ÝδÊÜÓ°Ï죬µ«¹¥»÷Õß¿ÉÄÜ»ñÈ¡Á˶à´ï3,087,721Ãû¿Í»§µÄ¼ÝÕÕÐÅÏ¢¡¢»¤ÕÕºÅÂë¡¢µç×ÓÓÊÏä¡¢µç»°ºÅÂ뼰סլµØÖ·¡£TPWDÇ¿µ÷£¬ÔÝÎÞÖ¤¾Ý±íÃ÷18ËêÒÔÏÂδ³ÉÄêÈË»òÌØ¶¨ÈºÌå±»Õë¶Ô£¬µ«±©Â¶µÄÃô¸ÐÉí·ÝÐÅÏ¢ÈÔΪºóÐøÍøÂçµöÓ㡢ð³äթƼ°¶ñÒâÈí¼þͶµÝÌṩÁ˿ɳËÖ®»ú¡£¸ÃʼþÔ´ÓÚTPWDͨ¹ýÍⲿ¹©Ó¦ÉÌ·¢·ÅÐí¿ÉÖ¤£¬¶øÂ©¶´·¢ÉúÔÚ¹©Ó¦É̹ØÁªµÄÐí¿É֤ϵͳ»·¾³ÖС£Ê·¢ºó£¬TPWDÕýÓ빩ӦÉÌÃÜÇкÏ×÷£¬ÊµÊ©Ðµİ²È«·À»¤´ëÊ©²¢¼ÓÇ¿¼à¿Ø·þÎñ£¬Í¬Ê±ÎªÊÜÓ°Ïì¸öÈËÌṩΪÆÚÒ»ÄêµÄÃâ·ÑÐÅÓÃ¼à¿Ø¡£¹Ù·½½¨ÒéÓû§¶¨ÆÚºË²éÐÅÓñ¨¸æºÍ²ÆÎñÕ˵¥£¬¿¼ÂÇÉèÖÃÐÅÓö³½á»òÆÛÕ©¾¯±¨£¬²¢¶ÔµöÓãÓʼþºÍð³äÐÐΪ±£³Ö¾¯Ìè¡£
https://securityboulevard.com/2026/06/texas-government-data-breach-exposes-over-3-million-drivers-licenses/
4. Splunk Enterprise¸ßΣ©¶´ÔâÔÚÒ°ÀûÓÃ
6ÔÂ19ÈÕ£¬Splunk Enterprise½üÈÕÆØ³öÒ»¸ö±àºÅΪCVE-2026-20253µÄÑÏÖØ°²È«Â©¶´£¬¸Ã©¶´ÔÚ¹«¿ªÅû¶½öÊýÈÕºó±ãÒÑÔâÔÚÒ°ÀûÓ᣸é¶´CVSSÆÀ·ÖΪ9.8·Ö£¨¸ßΣ£©£¬Ó°ÏìSplunk Enterprise 10.2.4֮ǰµÄ10.2°æ±¾ÒÔ¼°10.0.7֮ǰµÄ10.0°æ±¾¡£Â©¶´¸ùÔ´ÔÚÓÚSplunk EnterpriseÖÐPostgreSQL Sidecar ServiceµÄ±¸·ÝÓë»Ö¸´¶Ëµãȱ·¦Éí·ÝÈÏÖ¤¿ØÖÆ¡£ÈκÎÄܹ»Í¨¹ýÍøÂç·ÃÎʸ÷þÎñµÄδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õߣ¬¾ù¿ÉÎÞÐèÆ¾¾ÝÖ±½Óµ÷ÓÃÎļþ²Ù×÷£¬´´½¨»ò½Ø¶ÏÈÎÒâÎļþ¡£¸Ã©¶´µÄÍþвԶ²»Ö¹ÓÚÎļþ²Ù×÷¡£ÍøÂ簲ȫ¹«Ë¾WatchTowrÔÚ©¶´¹«¿ªÁ½Ììºó£¨6ÔÂ12ÈÕ£©·¢²¼ÁËÏêϸµÄ¼¼Êõ·ÖÎöºÍ¸ÅÄîÑéÖ¤£¨PoC£©´úÂ룬֤ʵ¹¥»÷Õß¿Éͨ¹ýÁ´Ê½ÀûÓÃʵÏÖδ¾Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©¡£SplunkÒÑÓÚ6ÔÂ18ÈÕÈ·Èϸé¶´ÒÑÔâÓÐÏÞÔÚÒ°ÀûÓá£ÃÀ¹úÍøÂ簲ȫÓë»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©ÒÑÓÚͬÈÕ½«¸Ã©¶´ÄÉÈëÒÑÖªÒÑÀûÓé¶´£¨KEV£©Ä¿Â¼£¬²¢ÒªÇóÁª°îÃñÓûú¹¹ÔÚ6ÔÂ21ÈÕǰÍê³ÉÐÞ¸´¡£
https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/
5. IcarusÀûÓÃKlue©¶´£¬ÇÔÈ¡¶à¼Ò¿Í»§SalesforceÊý¾Ý
6ÔÂ19ÈÕ£¬Êг¡Ç鱨ƽ̨Klue½üÈÕ¹«¿ªÈ·ÈÏÁËÒ»Æð°²È«Ê¼þ£¬¹¥»÷ÕßÇÔÈ¡ÁËÓÃÓÚÁ¬½Ó¿Í»§Salesforce»·¾³µÄOAuthÁîÅÆ£¬²¢ÒÔ´Ë·ÃÎÊÁ˶à¼Ò¿Í»§»·¾³ÖеÄÊý¾Ý¡£KlueÊ×ϯִÐйÙÔÚÉùÃ÷Öбíʾ£¬¹«Ë¾ÓÚ6ÔÂ12ÈÕ·¢ÏÖÓ°Ï첿·Ö¼¯³É»ù´¡ÉèÊ©µÄδÊÚȨ»î¶¯£¬Ëæ¼´ÁªºÏÍøÂ簲ȫר¼ÒÕ¹¿ªµ÷²é£¬Í¬Ê±Ö§³Ö¿Í»§²¢»Ö¸´ÊÜÓ°ÏìµÄÁ¬½Ó¡£µ÷²éÈ·¶¨£¬¹¥»÷Õßͨ¹ýÒ»¸öÓ뼯³É·þÎñÏà¹ØµÄÒÑй¶µÄ¾Éƾ¾Ý»ñµÃ·ÃÎÊȨÏÞ£¬½ø¶ø»ñÈ¡ÁËÓÃÓÚÁ¬½ÓKlueÓëµÚÈý·½Æ½Ì¨£¨°üÀ¨Salesforce£©µÄOAuthÁîÅÆ£¬Ëæºó·ÃÎÊÁ˶à¸öÒÑÁ¬½Ó¿Í»§»·¾³ÖеÄÊý¾Ý¡£Ä¿Ç°ÉÐÎÞÖ¤¾Ý±íÃ÷Klueƽ̨ÄÚ²¿Ö±½Ó´æ´¢µÄ¿Í»§ÄÚÈÝÊܵ½Ó°Ï죬ʼþ½öÏÞÓÚµÚÈý·½¼¯³É·¶Î§¡£KlueÒÑÁ¢¼´³·ÏúÊÜÓ°ÏìµÄƾ¾ÝºÍÁîÅÆ¡¢É¾³ýδÊÚȨ´úÂë¡¢½ûÓÃÊÜÓ°ÏìµÄ¼¯³É¡¢Æô¶¯µ÷²é²¢Í¨ÖªÖ´·¨²¿ÃÅ£¬Í¬Ê±Æ¸ÇëCrowdStrikeÐÖúÓ¦¼±ÏìÓ¦¡£Óë´Ëͬʱ£¬Icarus×éÖ¯ÔÚÆäÊý¾ÝÐ¹Â¶ÍøÕ¾ÉϹ«¿ªÐû³Æ¶Ô´Ë´Î¹¥»÷¸ºÔð£¬Éù³ÆÒÑ´ÓKlueµÄ¶à¼ÒºÏ×÷»ï°é¹«Ë¾ÖÐÇÔÈ¡ÁËSalesforceʵÀýÊý¾Ý£¬²¢ÍþвÊÜÓ°Ï췽ͨ¹ýSession¼´Ê±Í¨Ñ¶Æ½Ì¨ÁªÏµ£¬ÒÔ·ÀÖ¹Êý¾Ý±»¹«¿ªÐ¹Â¶¡£
https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/
6. Gravity SMTP©¶´Ôâ´ó¹æÄ£ÀûÓ㬹¥»÷³¬1700Íò´Î
6ÔÂ19ÈÕ£¬WordPress°²È«¹«Ë¾Defiant½üÈÕ·¢³ö¾¯¸æ£¬ºÚ¿ÍÕýÔÚ»ý¼«ÀûÓÃGravity SMTP²å¼þÖеÄÒ»¸öδÊÚȨÐÅϢй¶©¶´£¨CVE-2026-4020£©¡£¸Ã²å¼þ»îÔ¾ÓÚ10Íò¸öÍøÕ¾£¬Â©¶´Ó°Ïì2.1.4¼°¸üÔç°æ±¾£¬ÒÑÓÚ3ÔÂ17ÈÕ·¢²¼µÄ2.1.5°æ±¾ÖÐÐÞ¸´¡£¸Ã©¶´Ô´ÓÚ²å¼þ±©Â¶µÄREST API¶Ëµã/wp-json/gravitysmtp/v1/tests/mock-data£¬Æäpermission_callbackʼÖÕ·µ»Øtrue£¬µ¼ÖÂδ¾Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿Éͨ¹ýGETÇëÇó»ñÈ¡²å¼þÉú³ÉµÄÍêÕûJSON¸ñʽ¡°ÏµÍ³±¨¸æ¡±¡£ËäÈ»¸Ã©¶´±»ÆÀ¼¶Îª¡°ÖÐΣ¡±£¬µ«±©Â¶µÄÐÅÏ¢¼«ÎªÃô¸Ð£¬°üÀ¨£ºÅäÖÃÓʼþ¼¯³ÉµÄAPIÃÜÔ¿¡¢ÃÜÔ¿ºÍOAuthÁîÅÆ£»µÚÈý·½Óʼþ·þÎñ£¨ÈçAmazon SES¡¢Google¡¢Mailjet¡¢Resend¡¢Zoho£©µÄƾ¾Ý£»WordPressÅäÖÃÏêÇ飨ÒѰ²×°²å¼þ¡¢Ö÷Ìâ¼°°æ±¾£©£»·þÎñÆ÷ºÍPHP»·¾³ÐÅÏ¢£»Êý¾Ý¿âÅäÖ㨰汾¼°±íÃû£©µÈ¡£¹¥»÷ÕßÀûÓÃÕâЩƾ¾Ý¿Éð³äÊܺ¦Õß·ÃÎʵÚÈý·½Óʼþ·þÎñ£¬Í¬Ê±Í¨¹ýÏêϸµÄϵͳ±¨¸æÇáËÉÕÆÎÕÍøÕ¾Èí¼þÕ»£¬ÎªºóÐø¶¨Ïò¹¥»÷µì¶¨»ù´¡¡£DefiantÆìÏÂWordfence·À»ðǽÒÑÀ¹½Ø³¬¹ý1700Íò´ÎÕë¶ÔÊܱ£»¤¿Í»§µÄ¹¥»÷³¢ÊÔ¡£¹¥»÷»î¶¯ÓÚ6ÔÂ7ÈÕ´ïµ½¸ß·å£¬µ±ÈÕµ¥ÈÕÀ¹½ØÇëÇó´ï400Íò´Î£¬ËæºóÊýÈÕ³ÖÐøÓдóÁ¿¹¥»÷¼Ç¼¡£
https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/


¾©¹«Íø°²±¸11010802024551ºÅ