D-LinkÍ£²ú·ÓÉÆ÷ÏÖ¸ßΣºÅÁî×¢Èë·ì϶

°ä²¼¹¦·ò 2026-01-07

1. D-LinkÍ£²ú·ÓÉÆ÷ÏÖ¸ßΣºÅÁî×¢Èë·ì϶


1ÔÂ6ÈÕ £¬½üÆÚ £¬¶à¿îÒÑÍ£²úµÄD-Link DSLÍø¹ØÂ·ÓÉÆ÷±»·¢ÏÖ´æÔÚ¸ßΣºÅÁî×¢Èë·ì϶CVE-2026-0625¡£¸Ã·ì϶ԴÓÚCGI¿âÖÐÊäÈëËãÕʲ»µ± £¬µ¼ÖÂdnscfg.cgi¶ËµãÒ×Êܹ¥»÷ £¬Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÀûÓÃDNSÅäÖòÎÊýÖ´ÐÐÔ¶³ÌºÅÁî £¬×îÖÕʵÏÖÔ¶³Ì´úÂëÖ´ÐС£·ì϶µý±¨¹«Ë¾VulnCheckÓÚ2025Äê12ÔÂ15ÈÕÏòD-Link»ã±¨´ËÎÊÌâ £¬´ËǰShadowserver»ù½ð»áÃÛ¹ÞÒѲ¶»ñµ½Óйع¥»÷¼£Ïó £¬ÇÒ¹¥»÷¼¼Êõδ¼û¹«¿ª¼Í¼¡£¾­È·ÈÏ £¬ÊÜÓ°ÏìÉ豸Ðͺż°¹Ì¼þ°æ±¾Ô̺¬£ºDSL-526B£¨¡Ü2.01£©¡¢DSL-2640B£¨¡Ü1.07£©¡¢DSL-2740R£¨<1.17£©¡¢DSL-2780B£¨¡Ü1.01.14£©¡£ÕâЩ²úÆ·×Ô2020ÄêÆðÒÑÖÕ³¡ÏúÊÛ £¬D-LinkÃ÷È·°µÊ¾²»»áΪÆäÌṩ¹Ì¼þ¸üн¨¸´·ì϶ £¬½¨ÒéÓû§µ±¼´Í£Óò¢´úÌæÎªÊÜÖ§³ÖÐͺÅ¡£D-LinkÇ¿µ÷ £¬Í£²úÉ豸½«²»Ôٽӹܹ̼þ¸üС¢°²È«²¹¶¡»òÊØ»¤ £¬½¨ÒéÓû§½«ÒÑÍ£²úÉ豸¸ü»»Îª¹©¸øÉÌ»ý¼«Ö§³ÖµÄÐͺŠ£¬»ò²¿ÊðÔڷǹؼüÍøÂç £¬²¢Ê¹ÓÃ×îпÉÓù̼þ¼°Ñϸñ°²È«ÉèÖà £¬ÒÔ½µµÍ°²È«·çÏÕ¡£


https://www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/


2. ÐÂÐÍVVS Stealer¶ñÒâÈí¼þ³ÖÐøÍþвDiscordÓû§


1ÔÂ6ÈÕ £¬Ò»ÖÖÃûΪVVS Stealer£¨»òVVS $tealer£©µÄÐÂÐÍPython¶ñÒâÈí¼þ×Ô2025Äê4ÔÂÆð³ÖÐøÕë¶ÔDiscordÓû§ÌáÒé¹¥»÷ £¬ÆäÄÚ²¿ÔË×÷»úÔì½üÆÚÓÉPalo Alto Networks Unit 42ÍŶӳõ´ÎÅû¶¡£¸Ã¶ñÒâÈí¼þÒÔPyInstaller°ü´ó¾Ö´«²¼ £¬¿ÉÔÚËÁÒâWindowsÉ豸ÎÞÒÀÀµÔËÐÐ £¬ÎÞÐè¶î±íÅäÖ᣹¥»÷Ö÷Ìâ¾Û½¹ÓÚÇÔÈ¡DiscordÁîÅÆ £¬ÕâÖÖÊý×ÖÃÜÔ¿¿ÉÈúڿÍÈÆ¹ýÃÜÂëÖ±½Ó½Ó¼ûÓû§ÕË»§ £¬½ø¶ø¶Áȡ˽ÐÅ¡¢»ñÈ¡Õ˵¥¼°ÐÅÓþ¿¨ÐÅÏ¢¡£Æä¹¥»÷Á÷³Ì¼«¾ß¹Æ»óÐÔ£ºÍ¨¹ýαÔì"ÖÂÃüÃýÎó"µ¯´°ÓÕµ¼Óû§³ÁÆôµçÄÔ £¬Ëæºó×¢Èë¶ñÒâ´úÂëÅú¸ÄDiscordÎļþ £¬½«¶ñÒâ¾ç±¾Ö²ÈëÀûÓÃÎļþ¼Ð £¬ÊµÏÖÊµÊ±ÍøÂçÁ÷Á¿¼à¿Ø¡£¸üΣÏÕµÄÊÇ £¬Ëü»¹Äܽػñ±¸·Ý´úÂë¡¢¶à³É·ÖÈÏÖ¤£¨MFA£©ÉèÖà £¬ÉõÖÁÔÚÓû§Åú¸ÄÃÜÂëʱÀ¹½ØµÇ¼ƾ֤¡£ËüͬʹØë¶ÔChrome¡¢Edge¡¢Brave¡¢OperaµÈÖ÷Á÷ä¯ÀÀÆ÷ £¬ÇÔÈ¡±£ÁôÃÜÂë¡¢Cookie¡¢×Ô¶¯Ìî³äÊý¾Ý £¬²¢½ØÈ¡×ÀÃæ½ØÍ¼¡£¸Ã¶ñÒâÈí¼þѡȡ¶©ÔÄÔìÏúÊÛģʽ £¬ÔÚTelegramƽ̨ÒÔÿÖÜ10Å·Ôª»òƽÉú199Å·ÔªµÄ¼ÛÖµÊÛÂô £¬±»Ðû´«Îª"ÖÕ¼«ÇÔÈ¡¹¤¾ß"¡£


https://hackread.com/vvs-stealer-malwar-discord-system-errors/


3. Ó¢¹úÎÖÀï¿Ë¿¤Ñ§ÌÃÔâÍøÂç¹¥»÷ÖÂÍ£¿Î


1ÔÂ6ÈÕ £¬Ó¢¹úÎÖÀï¿Ë¿¤Å¦Äá¶ÙµÄº£¶òÄ·ÏïѧÌÃÒòÍøÂç¹¥»÷µ¼ÖÂITÏµÍ³È«ÃæÌ±»¾ £¬±»ÆÅ×Ú2026Äê1ÔÂ5ÈÕ¼°6ÈÕÍ£¿Î £¬Ñ§ÉúÒò¶ø»ñµÃµ¢¸é°æÊ¥µ®¼ÙÆÚ¡£Õâ´ÎÊÂÎñÔì³ÉѧÌõ绰¡¢µç×ÓÓʼþ¡¢·þÎñÆ÷¼°ÖÎÀíϵͳÆëÈ«ÎÞ·¨½Ó¼û £¬Ð£·½Æ¾¾Ý±í²¿×¨¼Ò½¨Òé×÷³öÍ£¿Î¾ö¶¨ £¬Ä¿Ç°µ÷²éÈÔÔÚ½øÐÐÖС£Ð£³¤Âõ¿Ë¶û¡¤¸ÊÅ©ÔÚÖ¼ҳ¤ÐÅÖаµÊ¾ £¬Ñ§ÌöÔÓë½ÌÓý²¿ÍøÂçÊÂÎñÏìÓ¦Ó××é¼°ËùÊô¶àѧԺÐÅÈλú¹¹Ó¢¸ñÀ¼Öв¿Ñ§ÔºÐÅÈλú¹¹µÄITר¼ÒÇ×êǺÏ×÷ £¬È«Ãæµ÷²é²¢½â¾öÎÊÌâ¡£×÷ΪԤ·À´ëÊ© £¬ËùÓнÌÈËÔ±¹¤ºÍѧÉú±»ÒªÇóÔÚÁíÐÐ֪ͨǰÖÕ³¡Ê¹ÓÃѧÌÃϵͳ £¬Ô̺¬¹È¸è½²ÌúÍSharePoint¡£ÒѵǼϵͳµÄѧÉú±»·î¸æÎÞÐèÓÇÓô £¬µ«¹Ø±Õ½Ó¼ûȨÏÞÊÇÈ·±£µ÷²éÆÚ¼ä×î´ó°²È«ÐԵıØÒª´ëÊ©¡£Ñ§ÌÃÔÚ1ÔÂ3ÈÕ°ä²¼µÄÔçÆÚ֪ͨÖÐÃ÷È·Ö¸³ö £¬Õâ´ÎÊÂÎñÉæ¼°"ÈκÎÊý×Ö·þÎñ"µÄÖÐ¶Ï £¬²¢ÈϿɴæÔÚ¼à¹ÜºÏ¹æÎÊÌ⡣ƾ¾Ý2018ÄêÊý¾Ý±£»¤·¨¼°GDPRÒªÇó £¬Ñ§ÌÃÒÑÔÚ72Ó×ʱÄÚÏòÐÅϢרԱ°ì¹«ÊÒ£¨ICO£©»ã±¨ÊÂÎñ £¬²¢½«Óë±¾µØµÐÔÖÊý¾Ý±£»¤¹ÙÔ±ºÏ×÷ÍÆ¹ãʹÃü¡£


https://www.theregister.com/2026/01/06/nuneaton_school_cyberattack/


4. UAC-0184ÀûÓÃViberƽ̨¶ÔÎÚ·¢Æð¶à½×¶ÎÍøÂç¹¥»÷


1ÔÂ5ÈÕ £¬¾Ý°²È«×êÑÐÏÔʾ £¬Óë¶íÂÞ˹ÓйصÄÍþвÐÐΪÕßUAC-0184£¨±ðºÅHive0156£©Õýͨ¹ýViber¼´Ê±Í¨Ñ¶Æ½Ì¨ÏòÎÚ¿ËÀ¼¾ü·½¼°µÐÔÖʵÌåͶµÝ¼Ù×°³ÉÎĵµµÄ¶ñÒâZIPѹËõ°ü £¬³ÖÐø·¢Õ¹¸ßÇ¿¶Èµý±¨ÍøÂç»î¶¯¡£¸Ã×éÖ¯×Ô2024ËêÊ×ÓÉÎÚ¿ËÀ¼ÍÆËã»úÓ¦¼±ÏìÓ¦Ó××é³õ´Î¼Í¼ÒÔÀ´ £¬ÒÑ´ÓÀûÓÃSignal¡¢Telegram´«²¼¶ñÒâÈí¼þÑݱäΪÒÔViberΪ³õʼÈëÇÖÔØÌå £¬ÐγɸüÒñ±ÎµÄ¹¥»÷Á´¡£¹¥»÷Á÷³Ì³öÏÖ¶à½×¶ÎÌØµã£º¶ñÒâZIP°üÄÚº¬¶à¸öWindows¿ì½Ý·½Ê½Îļþ£¨.LNK£© £¬¼Ù×°³ÉMicrosoft Word/Excel¹Ù·½ÎĵµÓÕÆ­Óû§´ò¿ª¡£ÕâЩLNKÎļþ±í±íչʾµö¶üÎĵµ½µµÍÊܺ¦Õß¾¯Ìè £¬ºó¶ÜÔòͨ¹ýPowerShell¾ç±¾´ÓÔ¶³Ì·þÎñÆ÷¾²Ä¬ÏÂÔØµÚ¶þ¸öZIP°ü £¬Ö´ÐÐHijack Loader¼ÓÔØÆ÷¡£¸Ã¼ÓÔØÆ÷ѡȡDLL²à¼ÓÔØºÍÄ£¿é¶Ñµþ¼¼Êõ £¬ÔÚÄÚ´æÖгÁ¹¹²¢²¿Ê𠣬¶ã±Ü°²È«¹¤¾ß¼ì²â¡£Ëæºó £¬¼ÓÔØÆ÷ͨ¹ýCRC32¹þϣֵɨÃè»·¾³ÖеݲȫÈí¼þ£¨È翨°Í˹»ù¡¢Avast¡¢BitDefenderµÈ£© £¬²¢³ÉÁ¢´òË㹤×÷ʵÏÖÓÆ¾ÃÐÔ¡£×îÖÕ £¬Í¨¹ý×¢Èë¡°chime.exe¡±¹ý³ÌÒñ±ÎÖ´ÐÐRemcosÔ¶³Ì½Ó¼ûľÂí £¬Ê¹¹¥»÷Õß»ñµÃÖÕ¶ËÖÎÀí¡¢¸ºÔØÖ´ÐÓ×¢»î¶¯¼à¿Ø¼°Êý¾ÝÇÔÈ¡ÄÜÁ¦¡£


https://cybersecuritynews.com/whatsapp-device-fingerprinting/


5. WhatsApp¶àÉ豸¼ÓÃÜ·ì϶Ö²Ù×÷ÏµÍ³Ö¸ÎÆ¼ø±ð·çÏÕ


1ÔÂ5ÈÕ £¬MetaÆìÏÂÕ¼Óг¬30ÒÚÔ»îÔ¾Óû§µÄ¼´Ê±Í¨Ñ¶ÀûÓÃWhatsApp £¬Æä¶Ëµ½¶Ë¼ÓÃܵĶàÉ豸ְÄܳ־ôæÔÚÔªÊý¾Ýй¶Òþ»¼ £¬Ê¹¹¥»÷Õß¿ÉÄÜͨ¹ýÉè±¸Ö¸ÎÆ¼ø±ð¾«×¼Í¶µÝ¶ñÒâÈí¼þ¡£½üÆÚ×êÑÐÏÔʾ £¬Ö»¹ÜMetaÒÑÖ´Ðв¿Ãލ¸´´ëÊ© £¬µ«Í¨Ã÷¶È²»¼°µÄÎÊÌâÈÔÒý·¢°²È«ÉçÇø¹Ø×¢¡£WhatsApp¶àÉ豸¼Ü¹¹Ï £¬·¢ËÍ·½Óë½Ó¹Ü·½É豸³ÉÁ¢¶ÀÁ¢»á»° £¬Ñ¡È¡É豸±¾µØÌìÉúµÄΨһ¼ÓÃÜÃÜÔ¿¡£ÃÜÔ¿IDʵÏÖ²î¾à»á¶³öÉ豸²Ù×÷ϵͳÀàÐÍ£¨ÈçAndroid»òiOS£© £¬¹¥»÷Õ߿ɱ»¶¯²éÎÊWhatsApp·þÎñÆ÷»ñÈ¡»á»°ÃÜÔ¿ £¬ÎÞÐèÓû§½»»¥¼´¿É¼ø±ð²Ù×÷ϵͳ £¬½ø¶øÏòAndroidÉ豸¶¨Ïò²¿Êð·ì϶ÀûÓ÷¨Ê½ £¬Í¬Ê±¶ã±ÜiOSÉ豸ÒÔά³ÖÒñ±ÎÐÔ¡£ÎªÓ¦¶Ô´Ë·çÏÕ £¬WhatsAppÒѽ«AndroidÊðÃûÔ¤ÃÜÔ¿ID·ÖÅ䷽ʽ¸ÄΪÔÚÕû¸ö24λÁìÓòÄÚËæ»úȡֵ £¬×è¶Ï¸Ã¹¥»÷õè¾¶¡£È»¶ø £¬iOSÒ»´ÎÐÔÔ¤ÃÜÔ¿ÈԾ߷ֱæ¶È £¬ÆäIDÕØÊ¼Öµ½ÏµÍÇÒÿ¸ô¼¸ÌìµÝÔö £¬¶øAndroidʹÓÃÆëÈ«Ëæ»úÁìÓò £¬½¨¸´ºó¹¤¾ßÈÔÄÜ¿¿µÃס¼ì²â²Ù×÷ϵͳ¡£ÕâÖÖ²î¾àʹ¸ß¼¶³ÖÐøÐÔÍþв¿ÉÀûÓÃWhatsApp×÷ΪÒñ±Î´«²¼Çþ· £¬²éÎʹý³Ì²»´¥·¢Óû§Í¨Öª¡£


https://cybersecuritynews.com/whatsapp-device-fingerprinting/


6. EverestÀÕË÷Èí¼þ¹¥»÷BolttechÇÔÈ¡186GBÃô¸ÐÊý¾Ý


1ÔÂ5ÈÕ £¬½üÈÕ £¬Óë¶íÂÞ˹¹ØÁªµÄEverestÀÕË÷Èí¼þ×éÖ¯Ðû³ÆÒÑ´ÓÈ«Çò±£ÏÕ»ù´¡Éèʩƽ̨BolttechÇÔȡԼ186GB¸ß¶ÈÃô¸ÐÊý¾Ý £¬²¢ÒªÇó¸Ã¹«Ë¾Ö§¸¶Êê½ð¡£¸Ã×éÖ¯ÔÚ°µÍøÐ¹Â¶ÍøÕ¾°ä²¼ÐÅÏ¢³Æ £¬ÇÔÈ¡ÄÚÈÝÔ̺¬Ô±¹¤ºÍ´úÀíÕË»§£¨µç×ÓÓʼþ¡¢ÐÕÃû¡¢½ÇÉ«¡¢±êʶ·û£©¡¢¿Í»§ÐÅÏ¢¡¢ÁªÏµÏêÇé¡¢±£µ¥Êý¾Ý¡¢µÖѺ´û¿î¼Í¼¡¢µç»°ºÅÂë¡¢±»±£ÏղƸ»µØÖ·¡¢²ÆÕþ²ÎÊý¼°ÄÚ²¿ÔËÓª±êʶ·û £¬²¢¸½ÕÕÆ¬Ñù±¾×ôÖ¤¡£ÍøÕ¾ÉèÓе¹¼ÆÊ±Æ÷ £¬ÍþвÈô±¾ÖÜÍíЩʱ³½Î´»ñ»Ø¸´ £¬½«¹«¿ªÈ«ÊýÊý¾Ý¡£×êÑÐÍŶӷÖÎöºóÖ¸³ö £¬Êý¾ÝÀÄÓ÷çÏÕÑϸñ£º¿Í»§¼°Ô±¹¤µÄÓ×ÎÒÉí·ÝÐÅÏ¢¿ÉÄܱ»ÓÃÓÚÍøÂç´¹µö¡¢Éí·Ý»­Ïñ·ÖÎö£»±£µ¥±êʶ·û»ò±»ÓÃÓÚÌύڲƭÐÔË÷Åâ¡£ÈôÊý¾ÝÔ̺¬ÆëÈ«µØÖ· £¬ÈËÈâËÑË÷·çÏÕ½«½øÒ»²½¼Ó¾ç¡£Everest×éÖ¯×Ô2021Äê³õ´Î±»¼ø±ðÒÔÀ´ £¬ÒѳÉΪ×î¾ß¹¥»÷ÐÔµÄÀÕË÷Èí¼þÍÅ»ïÖ®Ò»¡£´Óǰ12¸öÔÂÄÚEverestÒÑÇÖº¦³¬100¼Ò×éÖ¯ £¬½üÆÚ»¹¹¥»÷Á˰ÍÎ÷ʯÓ;ÞÍ·°ÍÎ÷¹ú¶ÈʯÓ͹«Ë¾¼°»î¶¯Æ·ÅÆUnder Armour¡£


https://cybernews.com/security/everest-hack-bolttech-ransom-data/