Cisco Unified CM·ì϶Õý±»»ý¼«ÀûÓÃ

°ä²¼¹¦·ò 2026-06-25
1. Cisco Unified CM·ì϶Õý±»»ý¼«ÀûÓÃ


6ÔÂ23ÈÕ£¬½üÈÕ£¬Ë¼¿ÆÍ³Ò»Í¨Ñ¶ÖÎÀíÆ÷£¨Unified CM£©¼°»á»°ÖÎÀí°æ£¨Unified CM SME£©±»ÆØ´æÔÚÒ»¸ö¸ßΣ·þÎñÆ÷¶ËÒªÇóαÔ죨SSRF£©·ì϶£¬±àºÅΪCVE-2026-20230£¬ÇҸ÷ì϶ĿǰÒѱ»¹¥»÷Õß»ý¼«ÀûÓà ¡£Ë¼¿ÆÓÚ6ÔÂ3ÈÕ°ä²¼Á˰²È«¸üУ¬²¢ÖÒ¸æ³Æ£¬¸Ã·ì϶ԴÓÚ¶ÔÌØ¶¨HTTPÒªÇóµÄÊäÈëÑéÖ¤²»³ä·Ö£¬Î´¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õß¿Éͨ¹ýÏòÊÜÓ°ÏìÉ豸·¢Ë;«ÐÄ»ú¹ØµÄHTTPÒªÇó£¬ÀûÓø÷ì϶Ïòµ×²ã²Ù×÷ϵͳдÈë¶ñÒâÎļþ£¬½ø¶ø½«È¨ÏÞÌáÉýÖÁRoot¼¶±ð£¬ÊµÏÖÆëÈ«½ÚÔìÉ豸 ¡£¸Ã·ì϶ÓÉSSD SecureÍŶÓÏò˼¿ÆÅû¶£¬Æð³õδ¹«¿ª¼¼Êõϸ½Ú£¬µ«Íþвµý±¨¹«Ë¾DefusedÔÚ½üÈÕ·¢³ö¾¯±¨£¬³ÆÆäÔÚÖÜÄ©¼à²âµ½À´×Ôµ¥Ò»IPµØÖ·µÄ»îÔ¾¹¥»÷ÐÐΪ£¬¹¥»÷ÕßʹÓûú¹ØµÄfile://ºÍÌ¸ÔØºÉ³¢ÊÔÔÚÉ豸ÉÏдÈë²âÊÔÎļþ£¬Åú×¢µ±Ç°¹¥»÷ÖØÒª´¦ÓÚ¿úËÅ»ò·ì϶̽²â½×¶Î£¬Ö¼ÔÚ¼ø±ðÒ×Êܹ¥»÷µÄÖ¸±ê£¬ÉÐδ´ó¹æÄ£Í¶·ÅWebShell»ò½øÐÐÉî¶ÈÉøÈë ¡£Ëæºó£¬SSD Secure°ä²¼Á˾ßÌåµÄ¼¼Êõ×¢Ã÷ºÍ¸ÅÏëÑéÖ¤£¨PoC£©ÀûÓôúÂ룬¸Ã·ì϶ºÜ¿ÉÄÜѸËÙ±»¸ü¶àÍþвÐÐΪÕß¶¢ÉÏ£¬Õë¶Ô˼¿ÆÍ³Ò»Í¨Ñ¶ÖÎÀíÆ÷µÄ¹¥»÷·çÏÕ½«¼±¾çÉÏÉý ¡£


https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/


2. LastPassÒòKlue¹©¸øÁ´¹¥»÷ÖÂCRMÊý¾Ýй¶


6ÔÂ23ÈÕ£¬½üÈÕ£¬ÃÜÂëÖÎÀí·þÎñÉÌLastPassÈ·ÈÏÊܵ½µÚÈý·½Êг¡µý±¨Æ½Ì¨Klue¹©¸øÁ´°²È«ÊÂÎñµÄ²¨¼°£¬Î´¾­ÊÚȨµÄ¹¥»÷ÕßÀûÓôÓKlueϵͳÖÐÇÔÈ¡µÄOAuthÁîÅÆ£¬³É¹¦½Ó¼ûÁËLastPass´æ´¢ÔÚSalesforce»·¾³ÖеĿͻ§¹ØÏµÖÎÀíÊý¾Ý ¡£ÕâÒ»ÊÂÎñÔÙ´Î͹ÏÔÁËSaaSÉú̬ÖеÚÈý·½¼¯³É¹¤¾ß´øÀ´µÄÁ¬Ëø°²È«·çÏÕ ¡£¾ÝLastPassÅû¶£¬ÆäÊг¡ÍƹãÍŶÓËùʹÓõÄKlueƽ̨ÓÚ2026Äê6ÔÂ12ÈÕÏò¿Í»§´«µÝÁË×ÔÉíϵͳÔâ·êδ¾­ÊÚȨ»î¶¯µÄÇé¿ö£¬LastPassËæ¼´»ñϤ´ËÊ ¡£Klue×÷ΪÊг¡µý±¨¾ÛºÏ¹¤¾ß£¬ÓëSalesforce¡¢GongµÈóÒׯ½Ì¨Éî¶È¼¯³É£¬Æä±»µÁµÄOAuthÁîÅÆ¼ÛÖµ¼«¸ß£¬ÓÉÓÚ¹¥»÷Õ߿ɽè´ËÈÆ¹ýͨÀýµÇ¼ƾֱ֤½Ó½ÓÈëÒÑÏνӵĿͻ§ÏµÍ³ ¡£¾­µ÷²é£¬Õâ´Îй¶µÄÊý¾ÝÁìÓò½öÏÞÓÚLastPassµÄSalesforceÄÚ²¿CRMÐÅÏ¢£¬¾ßÌåÔ̺¬¿Í»§ÐÕÃû¡¢µç»°ºÅÂë¡¢µç×ÓÓʼþµØÖ·¡¢ÏÖʵµØÖ·¡¢Ö§³Ö°¸Àý¼Í¼ÒÔ¼°ÓëÏúÊÛÓйصÄÒµÎñÊý¾Ý ¡£LastPassÇ¿µ÷£¬ÆäÖ÷Ìâ²úÆ·¡¢·þÎñ¡¢»ù´¡ÉèÊ©ÒÔ¼°Óû§ÃÜÂë¿â¾ùδÊܵ½ÈκÎÓ°Ï죬ϵͳÕûÌ尲ȫÌìǵά³ÖÆëÈ« ¡£


https://hackread.com/lastpass-customer-data-breach-klue-oauth-token/


3. ¶íÂÞ˹ºÚ¿ÍÀûÓÃAI¸¨Öú¹¤¾ß¹¥ÏÂסËÞÆ½Ì¨


6ÔÂ23ÈÕ£¬½üÈÕ£¬×êÑÐÍŶӷ¢ÏÖһ·ÓɶíÂÞ˹ºÚ¿ÍÖ´ÐеÄÈËΪÖÇÄܸ¨ÖúÍøÂç¹¥»÷ÊÂÎñ ¡£¸Ã¹¥»÷ÕßÀûÓü¯³É´óÐÍ˵»°Ä£Ð͵ĿªÔ´¹¤¾ßHexStrike AI£¬²¢½áºÏAnthropic¹«Ë¾¿ª·¢µÄClaude AI·¨Ê½£¬¶Ô¶à¼ÒסËÞÐÐÒµ¹«Ë¾ÌáÒéÉøÈ룬³É¹¦ÇÔÈ¡Á˳¬¹ý200Íò¸öµç×ÓÓʼþµØÖ·ÒÔ¼°´óÁ¿Éæ¼°¿ÍÈËÓ×ÎÒÉí·ÝÐÅÏ¢£¨PII£©µÄÔ¤Ô¼Êý¾Ý ¡£¸ÃÊÂÎñʼÓÚ2026Äê4ÔÂ16ÈÕ£¬×êÑÐÈËÔ±·¢ÏÖÁËÒ»¸öÒòÅäÖÃÃýÎó¶ø¿É¹«¿ª½Ó¼ûµÄ·þÎñÆ÷£¬¸Ã·þÎñÆ÷ÊôÓÚÕâ´Î¹¥»÷µÄÍþвÐÐΪÕß ¡£ÔÚ·þÎñÆ÷ÄÚ²¿£¬ÍŶӷ¢ÏÖÁËÕë¶ÔסËÞÐÐÒµ¶à¼Ò¹«Ë¾ÌáÒéµÄ¹¥»÷µÄ¾ßÌåÎĵµ¡¢Ô´´úÂëÒÔ¼°Êý¾Ýй¶µÄÆëÈ«ÁË¾Ö ¡£¹¥»÷ÕßʹÓõÄHexStrike AIÊÇÒ»¿îÔÊÐíÓû§ÄäÃûÔËÐÐÍøÂ簲ȫ¹¤¾ß¡¢³äÈÎ×Ô¶¯»¯ÉøÈë²âÊÔÆ½Ì¨µÄ¿ªÔ´Èí¼þ£¬µ«Æä·ì϶ɨÃèÄÜÁ¦Ò»µ©±»ÀÄÓ㬼«Ò×ÑݱäΪδ¾­ÊÚȨµÄ·¸·¨½Ó¼û ¡£Õâ´Î¹¥»÷ÖУ¬ºÚ¿Í½«HexStrikeÓëClaude AI½áºÏʹÓ㬲¢½èÖúÈËΪÖÇÄÜÔì×÷ÁËÖÁÉÙ50·ÝÕë¶ÔÖ¸±ê¹«Ë¾µÄÉøÈë²âÊԻ㱨 ¡£¹¥»÷Õßͨ¹ý½«¶ñÒâ¹¥»÷¼Ù×°³ÉºÏ·¨µÄÉøÈë²âÊÔÀ´¸²¸ÇÕæÊµÒâͼ£¬´Ó¶øÈƹýÁËAIÄ£Ð͵ݲȫ·À»¤»úÔì ¡£ClaudeÅäÖÃÎļþÖÐÔ̺¬µÄ¹¥»÷ÕßÓ×ÎÒµç×ÓÓʼþµØÖ·½øÒ»²½Â¶³öÁËÆä¶íÂÞ˹¹«ÃñµÄÉí·Ý ¡£


https://cybernews.com/security/claude-ai-exploited-breach-hotel-booking-platforms/


4. ±ÈÀûʱ¹ú¶È°²È«¾ÖÔâIvanti·ì϶¹¥»÷


6ÔÂ23ÈÕ£¬½üÈÕ£¬±ÈÀûʱ¹ú¶È°²È«¾Ö£¨VSSE£©±»ÆØÔâ·êÒ»´Î³ÖÐø¹¦·ò³¤´ï½üÒ»ÄêµÄÍøÂç¹¥»÷£¬¹¥»÷ÕßÀûÓð²È«Èí¼þIvanti Endpoint Manager Mobile£¨EPMM£©µÄÒÑÖª·ì϶£¬³É¹¦ÇÔÈ¡Á˸ûú¹¹Ô±¹¤µÄÓ×ÎÒÃô¸ÐÐÅÏ¢ ¡£¾Ý±ÈÀûʱýÌåRTBFÔ®ÒýÄäÃûÐÂÎÅÈËÊ¿±¨Â·£¬Õâ´Î¹¥»÷»î¶¯Ê¼ÓÚ2025Äê5Ô£¬Ö±ÖÁ2026Äê´º¼¾²Å±»·¢ÏÖ£¬ÆÚ¼äºÚ¿Í»ñÈ¡ÁËÔ̺¬Ô±¹¤ÐÕÃû¡¢µç»°ºÅÂë¡¢µç×ÓÓʼþµØÖ·¡¢ÊÖ»úÉ豸IDÒÔ¼°GPSµØÎ»Êý¾ÝÔÚÄڵĴóÁ¿·Ç»úÃÜÐÅÏ¢ ¡£Ö»¹ÜÕâЩÊý¾ÝÊôÓÚÓ×ÎÒÉí·ÝÐÅÏ¢ÁìÓò£¬µ«±ÈÀûʱ¹ú¶È°²È«¾ÖÇ¿µ÷£¬¹¥»÷ÕßʼÖÕδÄÜÍ»ÆÆÆäÖ÷ÌâÄÚ²¿ÍøÂ磬Òò¶ø¸Ã»ú¹¹Ëù°ÑÎյĹú¶È»úÃܺ͵ý±¨»¥»»ÄÚÈݲ¢Î´Ð¹Â¶ ¡£Õâ´Î¹¥»÷µÄ³É¹¦Ö´ÐÐÖØÒªÒÀ¸½ÓÚIvanti EPMMÈí¼þÖдæÔÚµÄÁ½¸ö¸ßΣ°²È«·ì϶ ¡£2026Äê1Ô£¬Ivanti¹«Ë¾°ä²¼ÁËÕë¶ÔÕâÁ½¸ö·ì϶µÄ°²È«¸üУ¬ËüÃÇÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÔÚδ´ò²¹¶¡µÄ·þÎñÆ÷ÉÏÖ´ÐÐËÁÒâ´úÂ룬ÇÒÑϳÁˮƽÆÀ·Ö¾ù¸ß´ï9.8·Ö£¬Òâζ׏¥»÷Õß¿ÉÄÜ»ñµÃÓÆ¾Ã½Ó¼ûȨÏÞ²¢¿ÉÄÜÆëÈ«½ÚÔìϵͳ ¡£·ì϶¹«¿ªºó£¬Ô̺¬±ÈÀûʱºÍºÉÀ¼ÔÚÄڵĶà¸öÅ·ÖÞ¹ú¶ÈµÄÍøÂ簲ȫ»ú¹¹Ôø´¹Î£ÖÒ¸æËùÓÐʹÓÃIvanti EPMMµÄÆóÒµºÍ×éÖ¯£¬Ó¦¼Ù¶¨Æä·þÎñÆ÷Òѱ»ÈëÇÖ£¬²¢¶½´ÙÁ¢¼´×°Öò¹¶¡ ¡£


https://cybernews.com/security/belgian-state-security-data-breach/


5. CISA¶½´ÙËÙ½¨UbiquitiÓëLantronix·ì϶


6ÔÂ24ÈÕ£¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ°ä²¼´¹Î£ÖҸ棬ָ³öºÚ¿ÍÕý»ý¼«ÀûÓÃÓ°ÏìUbiquiti UniFi²Ù×÷ϵͳºÍLantronix´®ÐÐתÒÔÌ«Íø·þÎñÆ÷µÄ¶à¸ö¸ßΣ·ì϶£¬´ºÁª¹ú»ú¹¹¼°¿í´óÆóÒµ×é³ÉÑϳÁÍþв ¡£Æ¾¾ÝÓµÓÐÔ¼ÊøÁ¦µÄ²Ù×÷Ö¸ÁîBOD 26-04£¬Áª¹úÃñÊÂÐÐÕþ²¿ÃÅÐëÔÚÈýÌìÄÚʵÏÖ°²È«¸üлòÖ´Ðй©¸øÉÌÍÆ¼öµÄ»º½â´ëÊ©£¬²»È»½«Ãæ¶Ôϵͳ±»Ô¶³ÌÈëÇֵķçÏÕ ¡£ÔÚUbiquiti·½Ã棬CISAÒѽ«ÈýÏî·ì϶ÄÉÈëÆäÒÑÖªÒÑÀûÓ÷ì϶Ŀ¼£ºCVE-2026-34908Ϊ½Ó¼û½ÚÔìÈÆ¹ý·ì϶£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¶ÔUniFi OSϵͳ×ö³öδÊÚȨ¸ü¸Ä£¬¿ÉÄܵ¼ÖÂÉ豸Æëȫʧ¿Ø £»CVE-2026-34909ÊôĿ¼±éÀú·ì϶£¬¹¥»÷Õ߿ɶÁÈ¡µ×²ã²Ù×÷ϵͳÖеÄÃô¸ÐÎļþ£¬Ô̺¬ÅäÖòÎÊýºÍµÇ¼ƾ֤£¬½ø¶ø½Ù³ÖºÏ·¨ÕË»§ £»CVE-2026-34910ÔòÒòÊäÈëÑéÖ¤²»ÑÏ£¬Ê¹¹¥»÷ÕßµÃÒÔ×¢Èë²¢Ö´ÐÐËÁÒâ²Ù×÷ϵͳºÅÁ×îÖÕʵÏÖÔ¶³Ì´úÂëÖ´ÐкÍϵͳȫȨÊÕÊÜ ¡£Óë´Ëͬʱ£¬Lantronix´®ÐÐתÒÔÌ«Íø·þÎñÆ÷²úÆ·Ò²ÆØ³öÑϳÁ°²È«ÎÊÌ⣬±àºÅΪCVE-2025-67038£¬·ì϶±¾Ô­ÔÚÓÚHTTP RPCÄ£¿éÖ´ÐÐshellºÅÁîÒԼͼʧ°ÜµÄÉí·ÝÑéÖ¤³¢ÊÔʱ£¬½«Óû§ÌṩµÄÓû§Ãûδ¾­ÈκÎËãÕÊÖ±½ÓÆ´½ÓÖÁºÅÁîÖУ¬Ê¹µÃ¹¥»÷Õß¿ÉÄÜ×¢ÈëËÁÒâ²Ù×÷ϵͳºÅÁ´Ó¶ø»ñµÃ×î¸ßȨÏÞ ¡£


https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/


6. ¹ú¼Ê¡°ÖÕ¾ÖÐж¯¡±³Á´´AmadeyÓëStealC


6ÔÂ24ÈÕ£¬×÷Ϊ´úºÅ¡°ÖÕ¾ÖÐж¯¡±µÄ×îйú¼Ê·¨ÂÉЭͬսÕù£¬Î¢Èí¡¢Å·ÖÞÐ̾¯×éÖ¯¼°¶à¹ú·¨ÂÉ»ú¹¹Óë˽Ӫ°²È«¹«Ë¾ÁªÊÖ£¬³É¹¦µ·»ÙÁËAmadeyºÍStealCÁ½´ó¶ñÒâÈí¼þ¼Ò×åµÄÖ÷Ìâ»ù´¡ÉèÊ©£¬´Ë¾ÙÖ¼Ôڶ½ØÍøÂç·¸×ï·þÎñºÍÀÕË÷Èí¼þÍÅ»ïÀµÒÔÉú¼ÆµÄ¹¥»÷Á´Ìõ ¡£Õâ´ÎÐж¯»ã¼¯Á˼ÓÄô󡢵¤Â󡢵¹ú¡¢ºÉÀ¼¡¢Ó¢¹úºÍÃÀ¹úµÈ¹úµÄ·¨ÂÉÁ¦Á¿£¬²¢ÓÉÅ·ÖÞÐ̾¯×éÖ¯ºÍÅ·ÖÞ˾·¨×éÖ¯Á½È«Ð­µ÷£¬Î¢Èí¡¢ESET¡¢Proofpoint¡¢IBM X-Force¡¢Bitsight¡¢Infoblox¡¢Orange Cyberdefense¡¢Shadowserver¡¢Have I Been Pwned¡¢SpamhausµÈÊ®Óà¼Ò˽ӪÆóÒµÌṩÁ˵ý±¨·ÖÎö¡¢¶ñÒâÈí¼þÄæÏòºÍ»ù´¡ÉèʩӳÉäµÈ¹Ø¼üÖ§³Ö ¡£Æ¾¾ÝÅ·ÖÞÐ̾¯×éÖ¯°ä²¼µÄÕ½±¨£¬½áºÏÐж¯¹²ÒÔÖÁ326̨·þÎñÆ÷ºÍ142¸öÓë¶ñÒâÈí¼þ¹ØÁªµÄÓòÃûÏÝÈë̱»¾£¬µ÷²éÈËԱͬʱ²é»ñÁ˼ÛÖµ³¬¹ý4100ÍòÅ·Ôª£¨Ô¼ºÏ4700ÍòÃÀÔª£©µÄ¼ÓÃÜÇ®±Ò£¬²¢´Ó³¬¹ý38.5Íò¸ö±»ÈëÇÖϵͳÖгɹ¦×·»ØÔ¼2700ÍòÌõ±»µÁƾ֤£¬ÕâЩÊý¾ÝÕý±¾Õý±»µØÏÂÊг¡ÓÃÓÚ³õʼ½Ó¼û´úÀíÂòÂô»òÀÕË÷Èí¼þ²¿Êð ¡£


https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/