ÈÕ²úÆû³µÔâÊý¾Ýй¶£¬Ô±¹¤Ãô¸ÐÐÅÏ¢»ò±»ÇÔÈ¡

°ä²¼¹¦·ò 2026-06-30
1. ÈÕ²úÆû³µÔâÊý¾Ýй¶£¬Ô±¹¤Ãô¸ÐÐÅÏ¢»ò±»ÇÔÈ¡


6ÔÂ29ÈÕ£¬ÈÕ²úÆû³µ½üÈÕ·¢³öÖҸ棬³ÆÆäÔâ·êÁËÑϳÁµÄÊý¾Ýй¶ÊÂÎñ£¬¿ÉÄܵ¼Ö´óÁ¿ÏÖÈκÍǰÈÎÔ±¹¤µÄÓ×ÎÒÐÅÏ¢±»·¸·¨»ñÈ¡¡£Õâ´Î¹¥»÷ÓëÀÕË÷×éÖ¯ShinyHuntersÓйØ£¬¸Ã×éÖ¯ÀûÓÃÁ˼׹ÇÎĹ«Ë¾PeopleSoftÈí¼þÖеÄÒ»¸öÁãÈÕ·ì϶£¬¶ÔÔ̺¬ÈÕ²úÔÚÄÚµÄÊý°Ù¼Ò¹«Ë¾·¢ÆðÁË´ó¹æÄ£Êý¾ÝÇÔÈ¡¹¥»÷¡£¾ÝÈÕ²úÏò¼ÓÖÝ×ܼì²ì³¤°ì¹«ÊÒÌá½»µÄй¶֪ͨÏÔʾ£¬ÈÕ²úÃÀÖÞ¹«Ë¾³Ö¾ÃʹÓü׹ÇÎÄPeopleSoftϵͳÀ´ÖÎÀíÔ±¹¤¹¤×Ê¡¢Ë°Îñ¼°ÈËʵµ°¸µÈÖ÷ÌâÐÅÏ¢¡£¼×¹ÇÎĹ«Ë¾ÔÚÊÂÎñ²úÉúºó·î¸æÈÕ²ú£¬º±¼û°Ù¼Ò¹«Ë¾µÄÔ±¹¤µµ°¸¿ÉÄÜÒѱ»ÍøÂç¹¥»÷Õß»ñÈ¡£¬¶øÈÕ²úÕýÊÇÕâ´Î¹¥»÷µÄÌØ¶¨Ö¸±êÖ®Ò»¡£Ä¿Ç°µ÷²éÈÔ´¦ÓÚÔçÆÚ½×¶Î£¬ÈÕ²úÉÐδÆëȫȷ¶¨Ð¹Â¶ÁìÓò£¬µ«ÏàÐŹ¥»÷Õß¿ÉÄÜ»ñÈ¡µÄÐÅÏ¢¼«Îª¿í·º£¬Ô̺¬Ô±¹¤µÄÁªÏµ·½Ê½¡¢ÒøÐÐÕË»§¡¢Éç»á±£ÏÕºÅÂë¡¢Éí·ÝÖ¤¼þ¡¢²ÆÕþ˰Îñ×ÊÁÏ£¬ÉõÖÁÊÜ·öÑøÈ˺ÍÊÜÒæÈ˵ÄÓйØÐÅÏ¢¡£ÊÜÓ°ÏìµÄÔ±¹¤É¢²¼ÔÚÃÀ¹ú¡¢¼ÓÄôó¡¢Ä«Î÷¸çºÍ°ÍÎ÷µÈ¶à¸ö¹ú¶È¡£ÊÂÎñ²úÉúºó£¬ÈÕ²úѸËÙÆô¶¯ÁËÓ¦¼±ÏìÓ¦»úÔ죬ÀñƸÁË±í²¿ÍøÂ簲ȫר¼Ò£¬²¢Á¢¼´¶ÔÊÜÓ°ÏìµÄϵͳ½øÐÐÁ˸ôÀëºÍ±£»¤¡£¹«Ë¾Óë¼×¹ÇÎÄÇ×êǺÏ×÷£¬²ÉÈ¡´ëÊ©ÔìÖ¹ÁËδ¾­ÊÚȨµÄ½øÒ»²½½Ó¼û£¬²¢´òËãÔÚǰÌáÔÊÐíʱÏòÊÜÓ°ÏìÓ×ÎÒÌṩÃâ·ÑµÄÐÅÓþ¼à¿ØºÍ°µÍø¼à¿Ø·þÎñ¡£


https://www.bleepingcomputer.com/news/security/nissan-discloses-employee-data-breach-linked-to-oracle-zero-day-attacks/


2. Millenium RATËÁŰ160¹ú£¬6ÍòÉ豸ÂÙÏÝ


6ÔÂ29ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Group-IB½üÆÚÅû¶£¬Ò»¿îÃûΪMillenium RATµÄÁ®¼ÛÔ¶³Ì½Ó¼ûľÂíÔÚÈ«ÇòÁìÓòÄÚ´ó¹æÄ£À©É¢£¬ÒÑϰȾ³¬¹ý160¸ö¹ú¶ÈµÄ62,000¶ą̀WindowsÉ豸£¬ÆäÖÐÔ¼64%µÄϰȾÊÂÎñ²úÉúÔÚ2026ÄêµÚÒ»¼¾¶È¡£¸Ã¶ñÒâÈí¼þÒÔ¶ñÒâÈí¼þ¼´·þÎñ£¨MaaS£©Ä£Ê½Á®¼ÛÏúÊÛ£¬Æä×îÏÔÖøµÄÌØµãÊÇÆëÈ«ÒÀ¸½Telegram Bot API½Ó¹Ü½ÚÔìÖ¸ÁʹµÃÔËÓªÕßÎÞÐè×Ô½¨ºÅÁîÓë½ÚÔì·þÎñÆ÷£¬´Ó¶ø´ó·ù½µµÍÁ˱»×·×ٺͷâ¶ÂµÄ·çÏÕ¡£Millenium RAT×î³õÓÚ2023ÄêÒÔ.NET¿ò¼Ü·¨Ê½µÄ´ó¾Ö³öÏÖ£¬¶ø×îеĵÚËÄ´ú°æ±¾Òѱ»¹¥»÷Õß³¹µ×³ÁдΪԭÉúC++ÀûÓ÷¨Ê½£¬²¢Ê¹ÓÃlibcurl¿âÓëTelegram½øÐÐͨѶ¡£Ö°ÄÜ·½Ã棬Millenium RATÊÇÒ»¿îÖ°ÄÜÆëÈ«µÄÔ¶³Ì½Ó¼ûľÂí¡£Ëü¿ÉÄÜ´Ó¸÷Ààä¯ÀÀÆ÷ÖÐÇÔÈ¡´æ´¢µÄµÇ¼ƾ֤¡¢¼Í¼¼üÅÌÊäÈë¡¢½ØÈ¡ÆÁÄ»»­ÃæÒÔ¼°Â¼ÔìÖܱßÒôƵ¡£³ý´ËÖ®±í£¬Ëü»¹ÄÜÏÂÔØ²¢Ö´ÐÐÆäËû¶ñÒâÎļþ£¬²¿ÃÅÖ¸ÁîÉõÖÁ¾ß±¸¼ÓÃÜÎļþ»òÖ±½Ó´¥·¢ÏµÍ³À¶ÆÁµÄÄÜÁ¦¡£ÖµÍ×ÌùÐĵÄÊÇ£¬¸Ã¶ñÒâÈí¼þ²¢Î´ÀûÓÃÈκÎϵͳ·ì϶£¬¶øÊÇÆëÈ«ÒÀÀµ³ß¶ÈWindowsÖ°ÄܺÍÉç½»¹¤³Ì¼¿Á©¡£Group-IB½«Õâ´Î´ó¹æÄ£¹¥»÷»î¶¯¹éÒòÓÚÆä×·×Ù±àºÅΪY2KµÄ¹¥»÷Õß¼¯Èº¡£


https://www.infosecurity-magazine.com/news/millenium-rat-telegram-60000/


3. Djinn Stealer½èSimpleHelp·ì϶¹¥»÷¿ª·¢Õß


6ÔÂ29ÈÕ£¬½üÈÕ£¬ºÚ¿ÍÕý»ý¼«ÀûÓÃÔ¶³ÌÖÎÀíÆ½Ì¨SimpleHelpµÄÒ»¸öÑϳÁÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶£¨CVE-2026-48558£©£¬²¿ÊðÒ»¿î´Ëǰδ±»¼Í¼µÄÐÂÐÍ¿çÆ½Ì¨ÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þDjinn Stealer¡£¸Ã¶ñÒâÈí¼þ¿ÉÄÜͬʱϰȾWindows¡¢macOSºÍLinuxϵͳ£¬ÓÈÆäÕë¶ÔÈí¼þ¿ª·¢ÕߺÍÔËάÈËÔ±¡£Djinn StealerµÄÖ¸±êÁìÓò¼«Îª¿í·º£¬³ö¸ñ¾Û½¹ÓÚAI¿ª·¢¹¤¾ß¼°Óйػù´¡ÉèÊ©¡£Ëü¿ÉÄÜÇÔÈ¡¸÷ÀàÔÆÌṩÉÌÆ¾Ö¤¡¢Éí·Ý·þÎñÁîÅÆ¡¢GitÅäÖá¢GitHub CLIƾ֤¡¢SSHÃÜÔ¿¡¢Dockerƾ֤£¬ÒÔ¼°Terraform¡¢PulumiµÈ»ù´¡ÉèÊ©¼´´úÂ빤¾ßµÄÈÏÖ¤ÐÅÏ¢¡£Í¬Ê±£¬Õë¶Ônpm¡¢Yarn¡¢pip¡¢Maven¡¢GradleµÈ°üÖÎÀíÆ÷ºÍ¹¹½¨¹¤¾ßµÄÉí·ÝÑéÖ¤Êý¾ÝÒ²ÔÚ½Ù¶áÖ®ÁУ¬Õâ¿ÉÄܵ¼Ö¹¥»÷Õß½Ó¼û˽ÓÐÈí¼þ°üÉõÖÁ¶ñÒâ°ä²¼´Û¸ÄºóµÄÈí¼þ°ü¡£ÓÈÆäÖµµÃ¾¯ÌèµÄÊÇ£¬Djinn Stealer³ÁµãÕë¶ÔAI±àÂ븱Êֵı¾µØÅäÖÃÎļþ¡¢Éí·ÝÑéÖ¤ÁîÅÆºÍÄ£Ð͸ߵÍÎĺÍ̸ÅäÖá£Ò»µ©ÕâЩÎļþ±»ÇÔÈ¡£¬¹¥»÷Õß±ãÄÜ»ñµÃ¿ª·¢ÕßÊÚÓèÆäAI´úÀíµÄËùÓÐÏÂÓνӼûȨÏÞ£¬ÍþвÁìÓòÔ¶³¬AI·þÎñ×ÔÉí¡£´Ë±í£¬¸ÃÇÔÃÜÈí¼þ»¹¿í·º¶Ô×¼±ÈÌØ±Ò¡¢ÒÔÌ«·»¡¢ÃÅÂÞ±ÒµÈÖ÷Á÷¼ÓÃÜÇ®±ÒµÄÇ®°üÎļþºÍÃÜÔ¿¿â¡£


https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/


4. Oracle EBSÑϳÁ·ì϶ÔâÔÚÒ°ÀûÓÃ


6ÔÂ29ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Defused½üÈÕ·¢³öÖҸ棬¹¥»÷ÕßÒÑÆðÍ·»ý¼«ÀûÓÃOracle E-Business Suite£¨EBS£©²ÆÕþÀûÓ÷¨Ê½ÖеÄÒ»¸öÑϳÁ°²È«·ì϶£¨CVE-2026-46817£©¡£¸Ã·ì϶´æÔÚÓÚOracle Payments²úÆ·µÄÎļþ´«Êä×é¼þÖУ¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¶ñÒâ¹¥»÷Õßͨ¹ýHTTPÍøÂç½Ó¼û£¬ÒԵ͸´ÔӶȼ¿Á©Ö±½Ó¹ÜÊÜÒ×Êܹ¥»÷µÄϵͳ£¬ÆäCVSSÆÀ·Ö¸ß´ï9.8£¬ÊôÓÚ×î¸ß·çÏյȼ¶¡£ÔçÔÚ2026Äê5Ô£¬OracleÒѰ䲼¹Ø¼ü°²È«²¹¶¡¸üÐÂÀ´½â¾ö´Ë·ì϶£¬²¢º±¼û½â·¢³öÑϸñÖҸ棬³Æ¹«Ë¾³ÖÐøÊÕµ½ÓйضñÒâÀûÓ÷ì϶µÄ»ã±¨£¬¶ø¹¥»÷ÕߵóѵÄÔ­ÒòÍùÍùÔÚÓÚÖ¸±ê¿Í»§Î´ÄÜʵʱÀûÓÿÉÓõݲȫ²¹¶¡¡£OracleÆäʱǿÁÒ¶½´ÙËùÓпͻ§Á¢¼´¸üÐÂÊÜÖ§³Ö°æ±¾¡£DefusedÔÚÖÜÒ»Ã÷È·°µÊ¾£¬¸Ã·ì϶ÔÚ±»¹¥»÷Õß»ý¼«ÀûÓã¬ÆäÃÛ¹ÞϵͳÔÚÉÏÖÜÄ©ÒѲ¶»ñµ½³õ´Î¹¥»÷³¢ÊÔ¡£Defused³ö¸ñÖ¸³ö£¬¸Ã·ì϶´Ëǰδ±»¹«¿ªÀûÓùý£¬Ä¿Ç°ÒàÎÞ¹«¿ªµÄ¸ÅÏëÑéÖ¤´úÂ룬ÕâÒâζ׏¥»÷ÕߺܿÉÄÜÊÇ×ÔÐÐÄæÏò¹¤³ÌÁ˲¹¶¡ÄÚÈÝ£¬¿ª·¢³öÁËÕë¶Ôδ´ò²¹¶¡ÏµÍ³µÄÀûÓò½Öè¡£¾Ý»¥ÁªÍø°²È«¼à¶½×éÖ¯ShadowserverµÄ×·×ÙÊý¾Ý£¬Ä¿Ç°È«ÇòÓг¬¹ý450¸öOracle EBSÊ·ý¶³öÓÚ»¥ÁªÍø£¬ÆäÖнü200¸öλÓÚÃÀ¹úºÍÅ·ÖÞµØÓò¡£


https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/


5. ÃÀ¹ú˾·¨²¿²é·â½ü400¸öÊÀ½ç±­µÁ²¥ÓòÃû


6ÔÂ29ÈÕ£¬ÃÀ¹ú˾·¨²¿ÐÌÊÂ˾½üÈÕ°ä·¢£¬ÒѲé·â½ü400¸öÓÃÓÚ·¸·¨Ö±²¥FIFAÊÀ½ç±­½ÇÖðµÄÍøÕ¾ÓòÃû¡£ÕâÐ©ÍøÕ¾Ïò½Ó¼ûÕßÌṩδ¾­ÊÚȨµÄ2026ÄêÊÀ½ç±­ÊµÊ±½ÇÖðÖ±²¥£¬ÑϳÁÎ¥·´ÁËÃÀ¹ú°æÈ¨·¨¡£Õâ´ÎÐж¯´úºÅΪ¡°Ô½Î»Ðж¯¡±£¬ÓÉÃÀ¹ú¹ú¶È֪ʶ²úȨЭµ÷ÖÐÐÄǣͷ£¬Í¨¹ý¼ì²ì¹Ù¹ú¼ÊÍÆËã»úºÚ¿ÍºÍ֪ʶ²úȨ£¨ICHIP£©ÍøÂçÓë¶à¹ú·¨ÂÉ»ú¹¹Ð­µ÷·¢Õ¹£¬µ±¾Ö³ÁµãÕë¶ÔλÓÚÃØÂ³¡¢±£¼ÓÀûÑÇ¡¢¿ËÂÞµØÑÇ¡¢ÂÞÂíÄáÑÇ¡¢²¨À¼ºÍ¸çÂ×±ÈÑǵȹúµÄ·þÎñÆ÷ºÍÓòÃû¡£±»²é·âµÄÓòÃûÒ³ÃæÏÖÒÑÏÔʾ·¨Âɲ¿ÃŹ«¸æºá·ù£¬Åú×¢¸ÃÐж¯Ö¼ÔÚ±£»¤Ïû·ÑÕßȨÀû²¢ÔÚÈ«ÇòÁìÓòÄÚÊØ»¤ÖªÊ¶²úȨ¡£·¨ÂÉÈËÔ±ÔÚËø¶¨Ö¸±ê¹ý³ÌÖлñµÃÁ˹ú¼Ê×ãÁª£¨FIFA£©¡¢beINýÌ弯ÍÅ¡¢NBC»·Çò¡¢ÃÀ¹úµçӰЭ»áÆìϵĴ´ÒâÓëÓéÀÖÁªÃË£¨ACE£©¡¢ÖÕ¼«Èⲫ¹Ú¾üÈü£¨UFC£©¼°»ªÄÉÐֵܵÈÈ¨ÊÆ·½ºÍÐÐÒµ×éÖ¯µÄЭÖú¡£Õâ´Î´ó¹æÄ£²é·âÐж¯ÕýÖµ2026ÄêÊÀ½ç±­ÈüÊÂÆÚ¼ä£¬Êǽø¹¥ÌåÓýµÁ°æ¹ú¼ÊЭµ÷µÄ³ÁÒªÒ»»·¡£


https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/


6. FBIÓëSBU¸æ·¢¶í·½´ó¹æÄ£Signal¹¥»÷


6ÔÂ29ÈÕ£¬ÎÚ¿ËÀ¼°²È«¾Ö£¨SSU£©ÓëÃÀ¹úÁª¹úµ÷²é¾Ö£¨FBI£©½üÈÕ½áºÏÅû¶£¬¶íÂÞË¹ÌØÇÚ²¿ÃÅÕýÕë¶ÔÎÚ¿ËÀ¼¡¢Å·ÖÞ¼°ÃÀ¹ú¸÷µØÈ·µ±¾Ö¹ÙÔ±¡¢¾ü·½ÈËÔ±¡¢ÕþÖÎÈËÎïºÍ»î¶¯ÈËÊ¿µÄ¼´Ê±Í¨Ñ¶ÕË»§£¬·¢ÆðÒ»³¡³ÖÐøÇÒϵͳÐԵĵý±¨ÍøÂçÐж¯¡£¸ÃÐж¯²¢·ÇÒÔÇÖÈÅ»ò·ÛËéΪָ±ê£¬Ö÷±êÌâ±êÔÚÓÚÉøÈëÖ¸±ê¶ÔÏóµÄ¸öÈËͨѶ£¬ÒÔ»ñÈ¡Éæ¼°¾üʲ¿Êð¡¢ÕþÖξö²ßºÍ¾­¼Ã¶¯Ì¬µÄÃô¸ÐÐÅÏ¢£¬Í¬Ê±´ó¹æÄ£ÇÔÈ¡Ó×ÎÒÊý¾Ý¡£¾ÝÎÚ¿ËÀ¼°²È«¾Ö°ä²¼µÄ¾¯±¨£¬Õâ´Î¸æ·¢µÄ¡°ºÚ¿Í¹¥»÷¡±ÔÚÊÀÊÖ·¨Ëä¼¼Êõº¬Á¿½ÏµÍ£¬È´¼«¾ßºýŪÐÔÇÒ³ÉЧÏÔÖø¡£¹¥»÷Õßͨ³£¼Ù×°³É¼´Ê±Í¨Ñ¶Æ½Ì¨µÄ¿Í·þ»úеÈË£¬ÏòÖ¸±êÓû§·¢ËÍ´¹µö¶ÌÐÅ£¬ÓÕÆ­Æä½»³öÕË»§µÇ¼ƾ֤¡¢Ò»´ÎÐÔÑéÖ¤Âë¡¢PINÂë»òÕË»§¸´Ô­ÃÜÔ¿¡£ÖµÍ×ÌùÐĵÄÊÇ£¬ÕâЩ´¹µöÐÅÏ¢ÍùÍùÑ¡ÔñÔÚÔ糿ʱ¶Î·¢ËÍ£¬ÀûÓÃÖ¸±êÓû§ÉíÐÄÉÐδÆëÈ«¾¯ÌèµÄ»úÓöÌá¸ß³É¹¦ÂÊ£¬ÏÔʾ³ö¾«ÐÄÉè¼ÆµÄÉç½»¹¤³ÌÕ½Êõ¡£ÆäÖ¸±êÁìÓò¼«Îª¿í·º£¬²»½öº­¸Çµ±¾Ö¸ß²ãºÍ¹«¼ÒÈËÎ¸üÑÓ³¤ÖÁͨ³£¹«ÃñµÄÓ×ÎÒÕË»§£¬ÐγÉÒ»ÖÖ·Ö²ãʽµÄ´ó¹æÄ£ÐÅÏ¢ÍøÂçϵͳ£º¸ß¼ÛÖµÖ¸±ê¿ÉÄÜÃæ¶Ô¸ü¸´Ôӵļ¼Êõ¼¿Á©£¬¶øÍ¨³£Óû§ÔòÖØÒªÔâ·ê¶ÌÐżÙÒâ¹¥»÷¡£Õâ´Î½áºÏ¸æ·¢ÖУ¬FBI³ö¸ñÖ¸³ö¹¥»÷ÕßÕ½ÊõÉϵijÁ´óÉý¼¶£¬Æä³ÁµãÒÑ´ÓÇÔȡһ´ÎÐÔÑéÖ¤ÂëתÏòרÃÅÕë¶ÔSignalÀûÓõı¸·Ý¸´Ô­ÃÜÔ¿¡£


https://securityaffairs.com/194399/intelligence/ssu-and-fbi-uncover-russian-cyber-espionage-operation-against-officials-and-military-personnel.html