KDDIÈí¼þ©¶´ÖÂ1420ÍòÓÊÏäÕË»§Ôâй¶
·¢²¼Ê±¼ä 2026-06-291. KDDIÈí¼þ©¶´ÖÂ1420ÍòÓÊÏäÕË»§Ôâй¶
6ÔÂ28ÈÕ£¬ÈÕ±¾µçОÞÍ·KDDIÖêʽ»áÉçÓÚ2026Äê6ÔÂ17ÈÕ¼ì²âµ½Ò»ÆðÑÏÖØµÄÊý¾Ýй¶Ê¼þ£¬µ¼ÖÂÆäÏòÁù¼Ò»¥ÁªÍø·þÎñÌṩÉÌÌṩµÄµç×ÓÓʼþϵͳÖУ¬¶à´ï1420Íò¸öÕË»§ÐÅÏ¢¿ÉÄܱ»Íⲿ·Ç·¨»ñÈ¡¡£¸Ã¹«Ë¾ÓµÓг¬6ÍòÃûÔ±¹¤£¬ÄêÓªÒµ¶îÔ¼400ÒÚÃÀÔª£¬ÒµÎñº¸ÇÒÆ¶¯¡¢¹ÌÍø¡¢ÔƼÆËã¼°ÎïÁªÍøµÈ¶à¸öÁìÓò£¬´Ë´ÎʼþÖ÷ÒªÓ°ÏìÆä¹úÄÚ·þÎñÉÌÍøÂç¡£¾ÝKDDIµ÷²é£¬¹¥»÷ÕßÀûÓÃÁ˵ç×ÓÓʼþϵͳËùʹÓõĵÚÈý·½Èí¼þ©¶´ÊµÊ©ÁËÈëÇÖ£¬¹«Ë¾ÔÚ·¢ÏÖºóÁ¢¼´½øÐм¼Êõ¸ÉÔ¤ÒÔ×è¶Ï½øÒ»²½Ë𺦣¬²¢ÒѶ¨Î»µ½Î´¾ÊÚȨµÄ·ÃÎʵ㡣ÊÜÓ°ÏìµÄ·þÎñḚ́üÀ¨STNet¡¢KDDI Web Communications¡¢JCOM¡¢Öв¿µçÐÅ¡¢Nifty¼°BIGLOBE£¬Ð¹Â¶µÄÊý¾Ý·¶Î§º¸Çµç×ÓÓʼþµØÖ·¼°ÃÜÂ룬ËäÈ»ÃÜÂë¾¹ý¹þÏ£»ò¼ÓÃÜ´¦Àí£¬µ«¹«Ë¾ÈÔ¾¯¸æ´æÔÚ±»ÆÆ½âµÄ·çÏÕ¡£Ä¿Ç°£¬KDDIÒÑÏòÈÕ±¾Òþ˽ºÍµçÐżà¹Ü»ú¹¹±¨¸æ´Ëʼþ£¬²¢Õýе÷¸÷·þÎñÉ̹²Í¬Ó¦¶Ô£¬Í¬Ê±¶Ø´ÙËùÓÐÊÜÓ°ÏìÓû§Á¢¼´¸ü¸ÄÃÜÂ룬ÒÔ·À·¶Ç±ÔڵݲȫÍþв¡£¹«Ë¾³Ðŵ½«¼ÌÐøÓëISPºÏ×÷£¬È·±£Óû§¼°Ê±»ñµÃ֪ͨ²¢²ÉÈ¡Êʵ±·À»¤´ëÊ©¡£
https://securityaffairs.com/194387/data-breach/kddi-data-breach-impacts-up-to-14-2-million-email-accounts-at-six-isps.html
2. ΢Èí½Ò¾ÆµêÒµÔ⸴ÔÓµöÓã¹¥»÷
6ÔÂ27ÈÕ£¬Î¢ÈíÍþвÇ鱨Åû¶£¬×Ô2026Äê4ÔÂÆðÓкڿͳÖÐøÕë¶ÔÈ«Çò¾ÆµêÒµ·¢Æð¾«Ãܹ¥»÷¡£¹¥»÷Õßͨ¹ýɸѡº¬¡°reception¡±¡¢¡°frontdesk¡±µÈ¹Ø¼ü´ÊµÄÉ豸£¬Ëø¶¨¾Æµêǰ̨¼°Ô¤¶©²¿ÃÅ£¬ÀûÓÃCalendlyÓë¹È¸èURLÖØ¶¨Ïò¹¹½¨ÄÜͨ¹ýÓʼþÉí·ÝÑéÖ¤µÄ¡°¶àÌø¡±Í¶µÝÁ´¡£ÓÕ¶üÓʼþð³ä¡°Booking Manager¡±£¬ÒÔ´²Ê¡¢ÎÀÉú¼ì²éµÈ½ô¼±ÄÚÈÝÓÕʹÊܺ¦Õßµã»÷£¬¾¶àÖØÖØ¶¨Ïò¼°Cloudflare¹ýÂ˺ó£¬ÏÂÔØÎ±×°³ÉͼƬµÄ.lnkÎļþ£¬Æô¶¯¾Æß²ã»ìÏýµÄPowerShell½Å±¾£¬×îÖÕ´Ó¹Ù·½Ô´ÏÂÔØNode.js²¢Ö´ÐС°TonRAT¡±¶ñÒâ³ÌÐò¡£Æä×îÍ»³öµÄÌØµãÊÇÈßÓà³Ö¾Ã»¯»úÖÆ£º¼Èͨ¹ýHKCU\Run½¨Á¢³£¹æ×ÔÆô£¬ÓÖÀûÓÃHKCU\RunOnce·´¸´ÖØÐ´ÔغÉÐγÉÑ»·£¬È·±£µ¥µãÇå³ýºóÈÔÄָܻ´¡£Î¢ÈíEDRÔøÀ¹½ØPEÔØºÉ£¬µ«ÒòNode.jsÆô¶¯Ïî²ÐÁô£¬Á½Ììºó³ÌÐò¾ÐÂC2·þÎñÆ÷ÖØÐ¼¤»î¡£²¿·ÖʧÏÝÖ÷»ú»¹Ïò·Ç±ê×¼¶Ë¿Ú·¢Ðűꡢ½øÐеØÀíλÖüì²éÉõÖÁÇ¿ÖÆ¹Ø»ú¡£¹¥»÷Õß×îÖÕÒâͼÉв»Ã÷È·£¬µ«ÆäÇ¿´óµÄ³Ö¾Ã»¯ÄÜÁ¦ÖµµÃ¾¯Ìè¡£³¹µ×Çå³ýÐèÒÆ³ýRunÓëRunOnceÏà¹Ø×¢²áÏɾ³ýNode.jsÔËÐÐʱ¼°½Å±¾£¬²¢ÓÅÏÈÅŲéǰ̨ϵͳ£¬¶Ô´æÔÚNode.js½ø³ÌµÄÉ豸±£³Ö¸ß¶È»³ÒÉ¡£
https://securityaffairs.com/194349/uncategorized/hospitality-sector-hit-by-phishing-campaign-using-fake-guest-complaint-emails.html
3. AI±àÂëÖúÊÖÔâ¹¥»÷£ºÎÞ¶ñÒâ´úÂë²Ö¿â¿ÉÖ²ÈëºóÃÅ
6ÔÂ27ÈÕ£¬MozillaÁãÈÕµ÷²éÍøÂ磨0DIN£©½üÈÕÅû¶£¬¹¥»÷Õß¿ÉÀûÓÃAI±àÂëÖúÊÖ£¨ÈçClaude Code£©µÄ¹¤×÷Á÷³Ì£¬Í¨¹ýÒ»¸ö±íÃæÎÞº¦µÄGitHub²Ö¿â£¬ÔÚ¿ª·¢ÕßÉ豸ÉÏÖ²Èë·´Ïòshell£¬Õû¸ö¹ý³Ì²»°üº¬Èκδ«Í³¶ñÒâ´úÂ룬¶Ô°²È«É¨ÃèÆ÷¡¢AI´úÀíÄËÖÁÈ˹¤Éó²é¾ù±£³Ö¡°ÒþÉí¡±¡£ÕâÖÖ¹¥»÷·½Ê½²»ÒÀÀµÂ©¶´»ò¿ÉÒÉÃüÁ¶øÊÇͨ¹ýÈý¸ö¹ÂÁ¢À´¿´ºÁÎÞÍþвµÄ»·½Ú¹¹³É¹¥»÷Á´£ºÊ×ÏÈ£¬¹¥»÷ÕßÌṩһ¸ö±ê×¼µÄGitHub²Ö¿â£¬°üº¬Õý³£µÄ°²×°ËµÃ÷£»Æä´Î£¬ÆäÖеÄPython°ü±»Éè¼ÆÎªÔÚ³õʼ»¯Ê±¹ÊÒⱨ´í£¬²¢ÌáʾÓû§Ö´ÐÐpython3 -m axiom init£¬Claude Code½«´ËÊÓΪÆÕͨÉèÖÃÎÊÌâ¶ø×Ô¶¯ÔËÐн¨ÒéÃüÁ×îºó£¬¸Ã³õʼ»¯ÃüÁîµ÷ÓÃÒ»¸öshell½Å±¾£¬´Ó¹¥»÷Õß¿ØÖƵÄDNS TXT¼Ç¼Öж¯Ì¬»ñÈ¡ÅäÖÃÖµ²¢Ö±½ÓÖ´ÐС£0DINÑо¿ÈËԱǿµ÷£¬Claude Code´ÓδÖ÷¶¯¾ö¶¨´ò¿ªshell£¬Ö»ÊÇÔÚ¡°ÐÞ¸´Ò»¸ö´íÎó¡±£¬¶ø·´ÏòshellµÄ´¥·¢ÓëAIʵ¼ÊÆÀ¹ÀµÄÄÚÈÝÖ®¼ä¸ôÁËÈý²ã¼ä½Ó¹ØÏµ£¬Ò»ÌõÊÜÐÅÈεĴíÎóÏûÏ¢¡¢Ò»¸ö»ñȡֵµÄ½Å±¾£¬ÒÔ¼°Ò»Ìõ´Óδ±»AI¼û¹ýµÄDNS¼Ç¼¡£Ò»µ©³É¹¦£¬¹¥»÷Õß¼´¿É»ñµÃÒÔ¿ª·¢ÕßȨÏÞÔËÐеĽ»»¥Ê½shell£¬´Ó¶ø·ÃÎÊ»·¾³±äÁ¿¡¢APIÃÜÔ¿¡¢ÅäÖÃÎļþ²¢½¨Á¢³Ö¾Ã»¯¡£
https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/
4. ÐÂÐÍMisticºóÃŽèÔ±¹¤Éç»á¹¤³ÌÈëÇÖÆóÒµ
6ÔÂ26ÈÕ£¬°²È«Ñо¿ÈËÔ±·¢ÏÖÒ»¿îÃûΪBackdoor.Mistic£¨Òà±»×·×ÙΪMLTBackdoor£©µÄÐÂÐÍÔ¶³Ì·ÃÎÊľÂí£¬×Ô2026Äê4ÔÂÆð±»Ìض¨×éÖ¯ÓÃÓÚÔÚÆóÒµÄÚ²¿½¨Á¢Òþ±ÎÈë¿Ú£¬³äµ±³õʼ·ÃÎÊ´úÀí£¬½«ÉøÍ¸ºóµÄÍøÂçȨÏÞ³öÊÛ¸øQilin¡¢Rhysida¡¢AkiraµÈÖ÷Á÷ÀÕË÷Èí¼þÍŻ¸Ã»î¶¯¹ØÁªÖÁ×Ô2024Äê5ÔÂÆð»îÔ¾µÄºÚ¿Í×éÖ¯Woodgnat£¨ÓÖÃûKongTuke£©£¬Æä¹¥»÷Ä¿±êËæ»ú¸²¸ÇѧУ¡¢±£ÏÕ¹«Ë¾¼°IT·þÎñ»ú¹¹¡£¹¥»÷ÊÖ·¨ÒÔÉç»á¹¤³ÌΪºËÐÄ£ºÔçÆÚͨ¹ý½Ù³ÖWordPressÍøÕ¾ÍÆËÍÐé¼Ù¼¼Êõ¾¯±¨£¬×Ô2026Äê4ÔÂÆðÔòÉý¼¶ÎªÍ¨¹ýMicrosoft Teamsð³äIT·þÎñֱ̨½ÓÏòÔ±¹¤·¢ËÍÏûÏ¢£¬ÓÕÆÆäÔËÐжñÒâÖ¸Áî¡£Ò»µ©µÃÊÖ£¬¶à½×¶ÎPowerShellÁ´¼´ÏÂÔØMisticºóÃÅ£¬¸ÃľÂí¾ß±¸Îļþ¹ÜÀí¡¢Ðé¼ÙµÇ¼½çÃæÃÜÂëÇÔÈ¡µÈ¹¦ÄÜ£¬²¢ÀûÓÃWindowsÄÚÖù¤¾ß½øÐÐÄÚÍøÕì²ì£¬Í¨¹ýCurlÍâ´«Êý¾Ý¡£ÆäÍ»³öÌØµãÔÚÓÚ¼«¸ßµÄÒþ±ÎÐÔ£ºÒÀÀµDLL²à¼ÓÔØ¼¼ÊõÀûÓÿÉÐÅWindowsÎļþÈÆ¹ý°²È«Èí¼þ£¬ÇÒÍêÈ«ÔÚ¼ÆËã»úÁÙʱÄÚ´æÖÐÔËÐУ¬²»Ð´ÈëÓ²ÅÌ£¬ÏÔÖøÔö¼Ó¼ì²âÄѶȣ¬Í¬Ê±ÄÚÖÃÖÕÖ¹¿ª¹Ø¿ÉÔÚ±»·¢ÏÖʱÁ¢¼´×Ô»Ù¡£
https://hackread.com/woodgnat-hackers-mistic-rat-access-ransomware-gangs/
5. ·¨¹ú¹ú¼Òͳ¼Æ¾ÖÔâ¹¥»÷£¬1.28ÍòÔ±¹¤ÐÅϢй¶
6ÔÂ26ÈÕ£¬·¨¹ú¹ú¼Òͳ¼ÆÓë¾¼ÃÑо¿Ëù£¨Insee£©½üÈÕ֤ʵÔâÊÜÍøÂç¹¥»÷£¬µ¼ÖÂÆäÄÚ²¿Ô±¹¤Ãû¼ÖÐÔ¼12,800ÃûÏÖÈκÍǰÈÎÔ±¹¤¼°Ïà¹Ø¹«ÎñÔ±µÄ¸öÈËÊý¾ÝÔ⵽й¶¡£¾ÝInsee¹Ù·½ÉùÃ÷£¬Ð¹Â¶ÐÅÏ¢½öÏÞÓÚÉí·Ý×ÊÁϺÍÖ°ÒµÁªÏµ·½Ê½£¬²»º¬ÃÜÂë¡¢¼Òͥסַ¡¢ÒøÐÐÕË»§¡¢Éç»á±£ÕϺÅÂë»òÒ½ÁƼǼµÈ¸ß¶ÈÃô¸ÐÊý¾Ý¡£È»¶ø£¬¾Ý·¨ÓïÍøÂ簲ȫýÌåCyberattaque±¨µÀ£¬»¯Ãû¡°Saturne¡±µÄºÚ¿ÍÒÑÔÚÍøÂç·¸×ïÂÛ̳ÉϹ«¿ªÁ˾ݳÆÀ´×ÔInseeÄÚ²¿Ä¿Â¼£¨trombi.insee.fr£©µÄÊý¾Ý¿â£¬¸ÃĿ¼Ö÷ÒªÓÃÓÚÔ±¹¤¼ä²éѯרҵÁªÏµ·½Ê½¡¢¹¤×÷°²Åż°ÐÐÕþÏêÇé¡£´Ë´Îй¶Ê¼þÓë·¨¹úÕþ¸®½üÆÚƵ·¢µÄÍøÂ簲ȫʹÊÐγɺôÓ¦£º´ËǰÕþ¸®¼´Ê±Í¨Ñ¶¹¤¾ßTchapÔâÈëÇÖ£¬ÖÂ73,467ÃûÓû§Êý¾ÝÁ÷Ïò°µÍø£»½ñÄê4Ô£¬·¨¹úÕþ¸®ÓÃÓÚ±£»¤Éí·ÝÎļþµÄÊý¾Ý¿âÒ²±»¹¥ÆÆ£¬Ô¼1,900ÍòÌõ°üº¬»¤ÕÕ¡¢Éí·ÝÖ¤¼°¼ÝÕÕÐÅÏ¢µÄ¼Ç¼Íâй¡£ÏµÁÐʼþ͹ÏÔ·¨¹ú¹«¹²²¿ÃÅÔÚÊý¾Ý°²È«±£»¤·½ÃæÃæÁÙµÄÑϾþÌôÕ½¡£
https://cybernews.com/security/france-statistics-agency-insee-cyberattack-taff-data/
6. ÃÀ±£ÏÕ¼à¹Ü»ú¹¹NAICÔâÁãÈÕ¹¥»÷£¬3.1TBÊý¾Ýй¶
6ÔÂ26ÈÕ£¬ÃÀ¹úÈ«¹ú±£Ïռල¹ÙлᣨNAIC£©½üÈÕ֤ʵ£¬±¾ÔÂÔçЩʱºòÒòOracle PeopleSoftÈí¼þÁãÈÕ©¶´Ôâ¹¥»÷µ¼ÖÂÊý¾Ý±»µÁ£¬³ôÃûÕÑÖøµÄÀÕË÷ÍÅ»ïShinyHuntersËæºóÔÚ°µÍø·¢²¼Á˾ݳƴï3.1TBµÄ»º´æÊý¾Ý¡£NAICÓÚ6ÔÂ11ÈÕÊ״η¢Ïָð²È«Ê¼þ£¬²¢±íʾ±»µÁÊý¾ÝÒѱ»Ïà¹Ø×éÖ¯¹«¿ª¡£NAIC¹Ù·½ÉùÃ÷³Æ£¬¸öÈËÉí·ÝÐÅÏ¢¡¢Ö§¸¶ÐÅÏ¢¡¢¸÷Öݱ£ÏÕ²¿ÃÅϵͳ¼°ºËÐÄϵͳ£¨ÈçSERFF¡¢OPTins¡¢UCAAµÈ£©Î´ÊÜÓ°Ï죬Ա¹¤¸öÈËÊý¾Ý¡¢±£µ¥³ÖÓÐÈËÐÅÏ¢µÈÒàδ±»·ÃÎÊ¡£È»¶ø£¬ShinyHuntersÅû¶µÄÊý¾Ý¼¯Ô¶³¬ÆÕͨ±£ÏÕÎļþ£¬¾Ý³Æ°üº¬2017ÖÁ2024Äê¼ä³¬¹ý26.4Íò·Ý±£ÏÕ¹«Ë¾¼à¹Ü±¸°¸PDF¡¢Ô¼2,000Ìõ¿Í»§ÓëÅúÁ¿¶©µ¥¼Ç¼£¨º¬ÐÕÃû¡¢ÓÊÏä¼°Ö§¸¶½»Ò×±êʶ·û£©¡¢À´×Ôĵϡ¢»ÝÓþ¡¢±êÆÕµÈÖ÷ÒªÆÀ¼¶»ú¹¹µÄÔ¼4.5Íò·ÝÎļþ¡¢±£ÏÕ¹«Ë¾·¨¶¨Äê¶È¼°¼¾¶È²ÆÎñ±¨±í£¬ÒÔ¼°Éú²ú»·¾³AWS»ù´¡ÉèÊ©ÈÕÖ¾¡¢ÔÆÅäÖÃÎļþ¡¢SQL½Å±¾ºÍÓëSERFFµÈϵͳ¹ØÁªµÄ´æ´¢Æ¾¾Ý¡£°²È«×¨¼Ò¾¯¸æ£¬»ù´¡ÉèÊ©Îļþ¡¢ÅäÖÃÊý¾ÝºÍÉú²ú±¸·Ý¿ÉÄÜΪ¹¥»÷ÕßÌṩNAICÄÚ²¿»·¾³µÄ·Ïßͼ£¬±©Â¶ÏµÍ³Á¬½ÓÓëÊý¾ÝÁ÷ת·½Ê½£¬ÍþвÃô¸Ðƾ֤Óë¹ÜÀí¹¦ÄÜ¡£NAIC±íʾÔËÓªÒÑ»ù±¾»Ö¸´£¬½öÔÚÏß·¢Æ±Ö§¸¶µÈÁ½ÏîÀýÍâÈÔÔÚ´¦ÀíÖУ¬²¢ÕýµÈ´ýµÚÈý·½ÐÅÓÃÆÀ¼¶»ú¹¹È·ÈÏϵͳ°²È«¡£
https://cybernews.com/news/naic-breach-shinyhunters-3tb-insurance-systems-data/


¾©¹«Íø°²±¸11010802024551ºÅ