ResecurityÃÛ¹ÞÏÝÚ叿·¢ÍøÂç¹¥»÷ÕæÏà

°ä²¼¹¦·ò 2026-01-04

1. ResecurityÃÛ¹ÞÏÝÚ叿·¢ÍøÂç¹¥»÷ÕæÏà


1ÔÂ3ÈÕ £¬½üÈÕ £¬ÍøÂ簲ȫ¹«Ë¾ResecurityÓë¡°·ÖÉ¢µÄ·ì϶ÁÔÈË¡±£¨SLH£©ÍþвÐÐΪÕßÖ®¼äµÄ¹¥·ÀÊÂÎñÒý·¢¹Ø×¢¡£SLHÐû³ÆÒѳɹ¦ÈëÇÖResecurityϵͳ²¢ÇÔȡԱ¹¤Êý¾Ý¡¢ÄÚ²¿Í¨Ñ¶¡¢Íþвµý±¨»ã±¨¼°¿Í»§ÐÅÏ¢ £¬Ô̺¬MattermostºÏ×÷Ê·ý½ØÍ¼ÏÔʾÓëPastebinµÄ¶ñÒâÄÚÈÝͨѶ £¬²¢Ðû³ÆÕâ´Î¹¥»÷ÊǶÔResecurityÉç»á¹¤³Ì¼¿Á©µÄ±¨³ð £¬Éæ¼°ShinyHunters¡¢Lapsus$µÈ×éÖ¯¡£È»¶ø £¬ShinyHunters½²»°ÈËËæºó·ñ¶¨²Î¼ÓÕâ´Î»î¶¯¡£Resecurity¶Ô´Ë»ØÓ¦³Æ £¬±»¹¥»÷µÄϵͳʵΪÓÐÒⲿÊðµÄÃÛ¹Þ £¬ÓÃÓÚ¼à¿ØÍþвÐÐΪÕ߻¡£¸Ã¹«Ë¾°µÊ¾ £¬2025Äê11ÔÂ21ÈÕ³õ´Î¼ì²âµ½ÍþвÐÐΪÕß̽²âÆä¹«¿ªÂ¶³öϵͳ £¬ËæºóÔÚ¸ôÀë»·¾³Öв¿ÊðÔ̺¬ÐéαÊý¾ÝµÄÃÛ¹ÞÕË»§ £¬Ô̺¬ÓÉStripe APIÌìÉúµÄ28,000ÌõºÏ³ÉÏû·ÑÕ߼ͼºÍ190,000ÌõºÏ³ÉÖ§¸¶ÂòÂô¼Í¼¡£¹¥»÷ÕßÔÚ12ÔÂ12ÈÕÖÁ24ÈÕÆÚ¼äͨ¹ý´óÁ¿×¡Õ¬´úÀíIPÌìÉú³¬188,000¸öÒªÇó £¬ÆÚ¼äÒò´úÀíÏνӹÊÕ϶³öÕæÊµIPµØÖ· £¬Resecurity½è´ËÍøÂç¹¥»÷ÕßÕ½Êõ¡¢¼¼Êõ¼°»ù´¡ÉèÊ©ÐÅÏ¢ £¬²¢»ã±¨·¨Âɲ¿ÃÅ¡£


https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/


2. RondoDox½©Ê¬ÍøÂç½èReact2Shell·ì϶ÌáÒéÈ«Çò¹¥»÷


12ÔÂ31ÈÕ £¬½üÈÕ £¬ÍøÂ簲ȫ×êÑнÒʾ £¬RondoDox½©Ê¬ÍøÂçÕýÀûÓÃReact2ShellÑϳÁ·ì϶£¨CVE-2025-55182£©´ó¹æÄ£Ï°È¾Next.js·þÎñÆ÷ £¬²¿Êð¶ñÒâÈí¼þ¼°¼ÓÃÜÇ®±ÒÍÚ¿ó·¨Ê½¡£¸Ã·ì϶Ϊδ¾­ÈÏÖ¤µÄÔ¶³Ì´úÂëÖ´Ðзì϶ £¬¿Éͨ¹ýµ¥¸öHTTPÒªÇó´¥·¢ £¬Ó°ÏìËùÓÐʵÏÖReact Server Components¡°Flight¡±ºÍ̸µÄ¿ò¼Ü £¬Ô̺¬Next.js¡£½ØÖÁ2025Äê12ÔÂ30ÈÕ £¬Shadowserver»ù½ð»áÒѼì²âµ½³¬94,000¸ö¶³öÓÚ»¥ÁªÍøµÄÒ×Êܹ¥»÷×ʲú¡£RondoDox×îÔçÓÉFortinetÓÚ2025Äê7Լͼ £¬ÊÇÒ»¸öÀûÓöànÌì·ì϶ÌáÒéÈ«Çò¹¥»÷µÄ´óÐͽ©Ê¬ÍøÂç¡£Æä2025ÄêÔËÓª·ÖΪÈý¸ö½×¶Î£º3ÔÂÖÁ4Ô½øÐпúËÅÓë·ì϶²âÊÔ £»4ÔÂÖÁ6ÔÂÖ´ÐÐ×Ô¶¯»¯WebÀûÓ÷ì϶ÀûÓà £»7ÔÂÖÁ½ñÔòתÏò´ó¹æÄ£ÎïÁªÍø½©Ê¬ÍøÂ粿Êð¡£11Ô £¬VulnCheck·¢ÏÔìäбäÖÖÀûÓÃXWikiƽ̨µÄCVE-2025-24893·ì϶¡£CloudSEK»ã±¨Ö¸³ö £¬RondoDox×Ô12ÔÂ8ÈÕÆðɨÃè´æÔÚ·ì϶µÄNext.js·þÎñÆ÷ £¬ÈýÌìºóÆðÍ·²¿Êð½©Ê¬ÍøÂç¿Í»§¶Ë £¬²¢ÔÚ12ÔÂÁùÌìÄÚÌáÒ鳬40´Î¹¥»÷³¢ÊÔ £¬Ã¿Ó×ʹØë¶ÔLinksys¡¢WavlinkµÈÏû·Ñ¼¶¼°ÆóÒµ¼¶Â·ÓÉÆ÷ÌáÒéÎïÁªÍø¹¥»÷º£³± £¬ÒÔÕÐļн©Ê¬½Úµã¡£


https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/


3. Covenant HealthÔâ÷è÷ëÀÕË÷Èí¼þ¹¥»÷


1ÔÂ3ÈÕ £¬Éϵ۽ÌÒ½ÁÆ»ú¹¹Covenant HealthÓÚ2025Äê5ÔÂÔâ·êÑϳÁÍøÂç¹¥»÷ £¬µ¼ÖÂ478,188ÈËÃô¸ÐÐÅϢй¶ £¬Éæ¼°ÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢Ò½ÁƼͼºÅÂë¡¢Éç»á±£ÏÕºÅÂë¡¢½¡È«±£ÏÕÐÅÏ¢¼°Ò½ÖÎÏêÇéµÈ¡£¸Ã×éÖ¯ÔÚÃåÒòÖÝ¡¢ÂíÈøÖîÈûÖÝ¡¢Ðº±²¼Ê²¶ûÖÝ¡¢±öϦ·¨ÄáÑÇÖÝ¡¢Â޵µºÖݺͷðÃÉÌØÖÝÔËÓªÈý¼ÒÒ½Ôº¼°¶à¼Ò¿µ¸´ÖÐÐÄ¡¢¸¨ÖúÉúÑÄסËùºÍÉçÇø½¡È«»ú¹¹¡£µ÷²éÏÔʾ £¬ºÚ¿ÍÓÚ5ÔÂ18ÈÕÖÁ26ÈÕÆÚ¼ä½Ó¼ûÆäITϵͳ £¬ÊÂÎñÒÑÓÚ12ÔÂ10ÈÕµ÷²éʵÏÖ²¢´«µÝÁª¹ú·¨Âɲ¿ÃÅ¡£Õâ´Î¹¥»÷¶ÔÃåÒòÖÝʥԼɪ·òÒ½Ôº¡¢Ê¥ÂêÀö½¡È«ÏµÍ³¼°Ðº±²¼Ê²¶ûÖÝʥԼɪ·òÒ½ÔºÔì³ÉÏÔÖøÓ°Ï죺ʥÂêÀöÒ½Ôº³¢ÊÔÊÒ½öÄÜ´¦ÖÃÖ½ÖÊÒ½Öö £¬Ðº±²¼Ê²¶ûÖÝʥԼɪ·òÒ½Ôº³¢ÊÔÊÒ·þÎñÊÜÏÞÇÒÐèÖ½ÖÊÒ½Öö¡£Covenant HealthÓÚ³ýϦҹÆðÍ·ÏòÊܺ¦Õß¼ÄËÍÎ¥¹æÍ¨ÖªÐÅ £¬²¢ÌṩһÄêÆÚÐÅÓþ¼à¿Ø·þÎñ¡£÷è÷ëÀÕË÷Èí¼þÍÅ»ïÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü¡£


https://therecord.media/covenant-health-breach-qilin


4. ÐÂÎ÷À¼ManageMyHealthÊý¾Ýй¶ӰÏ쳬10ÍòÓû§


1ÔÂ2ÈÕ £¬½üÈÕ £¬ÐÂÎ÷À¼Êý×Ö½¡È«Æ½Ì¨ManageMyHealth²úÉúÊý¾Ýй¶ÊÂÎñ £¬Ô¼180Íò×¢²áÓû§ÖпÉÄÜÓÐ6%ÖÁ7%£¨¼´10.8ÍòÖÁ12.6ÍòÓû§£©Êܵ½Ó°Ïì¡£Õâ´ÎÊÂÎñÉæ¼°ÔÊÐíÁÙ´²Ò½Éú½Ó¼û»¼ÕßÒ½ÁƼͼµÄÔÚÏß·þÎñ £¬ÊÜÓ°Ïì¿Í»§½«ÔÚ½«À´48Ó×ʱÄÚÊÕµ½¹«Ë¾Í¨Öª £¬Ã÷È·ÆäÐÅÏ¢ÊÇ·ñ¼°ÈôºÎ±»½Ó¼û¡£ManageMyHealthÊ×ϯִÐйÙVino RamayahÇ¿µ÷ £¬¹«Ë¾Ê¼ÖÕ½«½¡È«ÐÅÏ¢± £»¤ÊÓΪÖ÷ÌâÔðÈΡ£Ëû°µÊ¾£º¡°ÎÒÃÇÉîÖª½¡È«ÐÅÏ¢µÄ˽ÃÜÐÔÓëÃô¸ÐÐÔ £¬´ËÀàÊÂÎñ¿ÉÄÜÒý·¢Óû§½¹ÂÇ¡£Ä¿Ç°ÍŶÓÕýÈ«Á¦È·¶¨ÊÜÓ°ÏìÈËÔ± £¬²¢½«ÒÔÖ±½Ó¡¢Í¨Ã÷µÄ·½Ê½ÓëÆä¹µÍ¨¡£¡±ÒþÖÔרԱ°ì¹«ÊÒÒÑ»ñϤÊÂÎñ £¬²¢ÕýÓëÆ½Ì¨ºÏ×÷ÍÆ¹ãÒþÖÔÁ¢·¨Ê¹Ãü¡£ÐÂÎ÷À¼ÎÀÉú²¿³¤Î÷ÃÉ¡¤²¼ÀʳÆÕâ´ÎÎ¥¹æ¡°ÁîÈËÓÇÓô¡± £¬µ«Ã÷È·°µÊ¾¡°Ä¿Ç°ÎÞÖ¤¾ÝÅú×¢Ô̺¬ÎҵĽ¡È«ÕË»§ÔÚÄÚµÄÈκÎHNZ£¨ÐÂÎ÷À¼½¡È«ÍƽøÐ­»á£©ÏµÍ³Ôâµ½·ÛËé £¬ÒòManageMyHealthÕ¼ÓжÀÁ¢ÏµÍ³¡±¡£ËûÇ¿µ÷ £¬ÐÂÎ÷À¼ÎÀÉú²¿ÕýÓëÆ½Ì¨Ç×êǺÏ×÷ £¬È·±£ÊÂÎñÍ×ÉÆ´¦Öà £¬ÇÒÒ½ÁÆ·þÎñ½«³ÖÐøÕý³£ÔËÐÐ £¬ÎÞÁÙ´²Ó°Ïì¡£


https://www.1news.co.nz/2026/01/02/managemyhealth-data-breach-more-than-108k-users-potentially-affected/


5. ¶«¾©FMÊý¾Ýй¶ £¬³¬300ÍòÓû§ÐÅÏ¢ÊÜÍþв


1ÔÂ1ÈÕ £¬ÈÕ±¾³ÛÃû¹ã²¥µç̨¶«¾©FM¹ã²¥Öêʽ»áÉçÔâ·ê³Á´óÍøÂ簲ȫÊÂÎñ¡£Ò»¸ö×Գơ°Êܺ¦Õß¡±µÄ¼¯ÌåÐû³ÆÒÑÈëÇָù«Ë¾ÄÚ²¿ÍÆËã»úϵͳ £¬²¢ÇÔÈ¡³¬¹ý300ÍòÌõÓ×ÎÒ¼°¼¼·¨Êõ¾Ý¼Í¼¡£Õâ´ÎÊÂÎñÒòÉæ¼°Ãô¸ÐÐÅÏ¢Á¿ÖØ´óÇÒ²úÉúÔÚ¿çÄêÌØÊâʱ¶Î £¬Òý·¢¿í·º¹Ø×¢¡£¾Ý¹¥»÷ÕßÅû¶ £¬±»µÁÊý¾Ýº­¸ÇÓû§È«Ãû¡¢ÉúÈÕ¡¢µç×ÓÓʼþµØÖ·µÈ»ù´¡Ó×ÎÒÐÅÏ¢ £¬ÒÔ¼°IPµØÖ·¡¢Óû§´úÀí£¨¿É¼ø±ðÉ豸ÀàÐÍ£©µÈ¼¼Êõϸ½Ú¡£¸üÑϳÁµÄÊÇ £¬¹¥»÷ÕßÐû³Æ»ñÈ¡Á˹«Ë¾ÄÚ²¿ÏµÍ³µÄµÇ¼ID¼°Ô±¹¤¹¤×÷ÐÅÏ¢ £¬ÈôÊôʵ £¬¿ÉÄÜÍþвÆóÒµÔËÓª°²È«¼°Ô±¹¤ÒþÖÔ¡£Ä¿Ç° £¬Êý¾ÝÕæÊµÐÔÈÔ´¦ÓÚר¼ÒºËʵ½×¶Î £¬µ«Ç±ÔÚ·çÏÕÒÑÒý·¢°²È«»ú¹¹¾¯Ìè¡£¶«¾©FM×÷ΪÈÕ±¾×î¾ßÓ°ÏìÁ¦µÄ¹ã²¥µç̨֮һ £¬°ÑÎÕ´óÁ¿Ìý¶à¼°Ô±¹¤ÐÅÏ¢ £¬³Ö¾Ã³ÉÎªÍøÂç·¸×ï·Ö×ÓÖ¸±ê¡£Ö»¹ÜÕâ´ÎÊÂÎñ±»³õ²½¶¨ÐÔΪͨ³£ÍøÂç·¸×ï°¸¼þ £¬µ«Êý¾Ýй¶¹æÄ£¼°É漰ά¶È£¨´ÓÓ×ÎÒÒþÖÔµ½Æóҵϵͳƾ֤£©ÒÑÔ¶³¬Í¨ÀýÁìÓò¡£°²È«×¨¼ÒÌáÐÑ £¬Èô¹¥»÷Õß°ÑÎÕÕæÊµÊý¾Ý £¬¿ÉÄܵ¼Ö¾«×¼Ú¿Æ­¡¢Éí·ÝµÁÓõȴÎÉú·çÏÕ¡£


https://hackread.com/tokyo-fm-data-breach-hacker-3-million-records-stolen/


6. Google Cloud¹¤¾ß±»ÀÄÓ÷¢ÆðÐÂÐÍÍøÂç´¹µö¹¥»÷


1ÔÂ2ÈÕ £¬Check Point×êÑÐÈËÔ±·¢ÏÖ £¬ÍøÂç·¸×ï·Ö×ÓÕýÀûÓÃGoogle Cloud Application IntegrationÖеĺϷ¨Ö°ÄÜÌáÒé´ó¹æÄ£ÍøÂç´¹µö¹¥»÷¡£¸Ã¹¥»÷ͨ¹ý¶à²ã³Á¶¨Ïò¼¼ÊõÈÆ¹ý´«Í³°²È«¼ì²â £¬Á½ÖÜÄÚ·¢Ëͽü9400·âαÔìÓʼþ £¬Ó°ÏìÔ¼3200ÃûÓû§¡£¹¥»÷ÕßÀÄÓÃGoogle CloudµÄ"·¢Ë͵ç×ÓÓʼþ"×Ô¶¯»¯¹¤¾ß £¬´Ó¹Ù·½ÓòÃûmailto:noreply-application-integration@google.com·¢ËÍÓʼþ £¬ÀûÓÃÊÜÐÅÀµµÄÔÆ·þÎñ»ù´¡ÉèÊ©Ìá¸ß¿ÉÐŶÈ¡£Óʼþ¸ß¶È·ÂÕÕGoogle¹Ù·½·ç¸ñ £¬ÒÔÓïÒôÓʼþÌáÐÑ¡¢¹²ÏíÎļþ½Ó¼ûµÈͨÀý³¡¾°Îªµö¶üÓÕµ¼µã»÷¡£¹¥»÷Á´Ô̺¬Èý¸ö½×¶Î£ºÊ×ÏÈͨ¹ýstorage.cloud.google.comÁ´½Ó³ÉÁ¢³õʼÐÅÀµ £»Ëæºó³Á¶¨ÏòÖÁgoogleusercontent.comÏÔʾÐéαÑéÖ¤Âë¶ã±Ü×Ô¶¯É¨Ãè £»×îÖÕÖ¸Ïò·Ç΢ÈíÓòÃûµÄαÔì΢ÈíµÇÂ¼Ò³ÃæÇÔȡƾ֤¡£Õâ´Î¹¥»÷ÖØÒªÕë¶ÔÔì×÷ÒµºÍ¹¤ÒµÆóÒµ £¬¿Æ¼¼/SaaS¼°½ðÈÚ»ú¹¹´ÎÖ® £¬×¨Òµ·þÎñ¡¢ÁãÊÛ¡¢Ã½Ìå¡¢½ÌÓý¡¢Ò½ÁÆ¡¢ÄÜÔ´¡¢µ±¾ÖµÈÐÐÒµÒ²Êܵ½·ÖÆç³Ì¶Å×°Ïì¡£µØÓòÉ¢²¼ÏÔʾ £¬ÃÀ¹úÊܺ¦Õß×î¶à £¬ÑÇÌ«ºÍÅ·Ö޻»îÔ¾ £¬À­¶¡ÃÀÖÞÖаÍÎ÷ºÍÄ«Î÷¸çÊÜÓ°Ïì×îÑϳÁ¡£


https://securityaffairs.com/186425/cyber-crime/phishing-campaign-abuses-google-cloud-application-to-impersonate-legitimate-google-emails.html