ºÉÀ¼²ÆÕþ²¿ÔâÍøÂç¹¥»÷²¿ÃÅÔ±¹¤Êý¾Ýй¶

°ä²¼¹¦·ò 2026-03-26

1. ºÉÀ¼²ÆÕþ²¿ÔâÍøÂç¹¥»÷²¿ÃÅÔ±¹¤Êý¾Ýй¶


3ÔÂ24ÈÕ £¬ºÉÀ¼²ÆÕþ²¿½üÈÕÅû¶ £¬ÔÚ3ÔÂ19ÈÕ¼ì²âµ½ÍøÂç¹¥»÷ºó £¬²¿ÃÅÔ±¹¤µÄÄÚ²¿ÏµÍ³±»¹¥Ï £¬Êý¾Ýй¶ÊÂÎñÔÚµ÷²éÖС£¸Ã²¿ÔÚµÚÈý·½¾¯±¨ºó·¢ÏÖÁËδ¾­ÊÚȨ½Ó¼ûÆäÕþ²ß²¿ÃŶà¸öÖØÒª¹ý³ÌϵͳµÄÐÐΪ¡£ºÉÀ¼²ÆÕþ²¿ÔÚÉêÃ÷ÖаµÊ¾£º"²ÆÕþ²¿ICT°²È«ÊýÃÅÓÚ3ÔÂ19ÈÕÐÇÆÚËļì²âµ½¶ÔÕþ²ß²¿ÃŶà¸öÖØÒª¹ý³ÌϵͳµÄδ¾­ÊÚȨ½Ó¼û¡£¾¯±¨·¢³öºóµ±¼´Æô¶¯µ÷²é £¬×Ô½ñÈÕÆðÒÑ×èÖ¹¶ÔÕâЩϵͳµÄ½Ó¼û¡£ÕâÓ°ÏìÁ˲¿ÃÅÔ±¹¤µÄ¹¤×÷¡£"×÷ΪÏìÓ¦ £¬²ÆÕþ²¿µ±¼´Æô¶¯µ÷²é £¬²¢×èÖ¹Á˶ÔÊÜÓ°ÏìϵͳµÄ½Ó¼û¡£¹«Ë¾Ö¸³ö £¬Ë°ÎñºÍº£¹ØÖÎÀí¾Ö¡¢º£¹ØºÍ¸£Àû¾ÖÏò¹«ÃñºÍÆóÒµÌṩµÄ·þÎñδÊÜÓ°Ïì¡£ºÉÀ¼²ÆÕþ²¿Î´Åû¶¹¥»÷µÄ¼¼Êõϸ½Ú £¬Ä¿Ç°ÉÐÎÞÍøÂç·¸×ï×éÖ¯Ðû³Æ¶Ô´ËÕÆ¹Ü¡£µ÷²éÈÔÔÚ³ÖÐø £¬ÊÂÎñµÄÆëȫӰÏìÉÐδȷ¶¨¡£


https://securityaffairs.com/189929/data-breach/data-breach-at-dutch-ministry-of-finance-impacts-staff-following-cyberattack.html


2. TeamPCP¹¥ÏÂLiteLLM Python°üÇÔÈ¡50ÍòÉ豸Êý¾Ý


3ÔÂ24ÈÕ £¬TeamPCPºÚ¿Í×éÖ¯½üÈÕ¹¥ÏÂÁËÊ¢ÐеÄPython°üLiteLLM £¬ÔÚPyPIÉϰ䲼¶ñÒâ°æ±¾1.82.7ºÍ1.82.8 £¬²¿ÊðÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ¡£LiteLLMÊÇ¿ªÔ´Python¿â £¬×÷ΪͨÍù¶à¸ö´óÐÍ˵»°Ä£ÐÍÌṩÉ̵ÄÍø¹Ø £¬ÖðÈÕÏÂÔØÁ¿³¬¹ý340Íò´Î £¬´Óǰһ¸öÔÂÏÂÔØÁ¿³¬¹ý9500Íò´Î¡£Endor Labs×êÑÐÈËÔ±°µÊ¾ £¬ÍþвÐÐΪÕß¹¥ÏÂÁ˸ÃÏîÄ¿ £¬°ä²¼µÄ¶ñÒâ°æ±¾Ô̺¬°µ²ØÓÐÐ§ÔØºÉ £¬ÔÚµ¼Èë°üʱִÐС£¶ñÒâ´úÂë×¢Èëµ½litellm/proxy/proxy_server.pyÎļþÖÐ £¬×÷Ϊbase64±àÂëµÄÓÐÐ§ÔØºÉ £¬Ã¿´Îµ¼ÈëÄ£¿éʱ½âÂë²¢Ö´ÐС£°æ±¾1.82.8ÒýÈëÁ˸ü¼¤½øµÄÖ°ÄÜ £¬½«ÃûΪlitellm_init.pthµÄÎļþ×°Öõ½Python»·¾³¡£ÓÉÓÚPythonÔÚÚ¹ÊÍÆ÷Æô¶¯Ê±×Ô¶¯´¦ÖÃËùÓÐ.pthÎļþ £¬¶ñÒâ´úÂë»áÔÚÔËÐÐPythonʱִÐÐ £¬¼´±ãδspecificallyʹÓÃLiteLLM¡£Ö´Ðкó £¬ÓÐÐ§ÔØºÉ×îÖÕ²¿ÊðºÚ¿ÍµÄTeamPCP Cloud Stealer±äÌåºÍÓÆ¾Ã»¯¾ç±¾¡£Ò»µ©´¥·¢ £¬ÓÐÐ§ÔØºÉÔËÐÐÈý½×¶Î¹¥»÷£ºÍøÂçÍ´´¦ £¬³¢ÊÔ¿çKubernetes¼¯ÈººáÏòÒÆ¶¯ £¬ÔÚÿ¸ö½Úµã²¿ÊðÌØÈ¨pod £¬²¢×°ÖÃÓÆ¾Ã»¯systemdºóÃÅÂÖѯ¶î±í¶þ½øÔìÎļþ¡£


https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/


3. CISA½«Langflow´úÂë×¢Èë·ì϶²ÎÓëKEVĿ¼


3ÔÂ25ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö(CISA)½üÈÕ½«Ò»¸öзì϶Ôö³¤µ½ÆäÒÑÖª±»ÀûÓ÷ì϶(KEV)Ŀ¼ÖÐ £¬»ùÓÚ»îÔ¾ÀûÓõÄÖ¤¾Ý¡£¸Ã·ì϶ΪCVE-2026-33017Langflow´úÂë×¢Èë·ì϶¡£LangflowÊÇÊ¢ÐеĿÉÊÓ»¯¹¹½¨´óÐÍ˵»°Ä£ÐÍÀûÓõĿªÔ´Æ½Ì¨¡£´úÂë×¢Èë·ì϶ÔÊÐí¹¥»÷ÕßÔÚÖ¸±êϵͳÉÏÖ´ÐÐËÁÒâ´úÂë £¬¿ÉÄܵ¼ÖÂÆëÕûϵͳ¹¥Ï¡¢Êý¾ÝÇÔÈ¡ºÍºáÏòÒÆ¶¯¡£´ËÀà·ì϶ÊǶñÒâÍøÂçÐÐΪÕߵįµÈÔ¹¥»÷ÔØÌå £¬´ºÁª¹úÆóÒµ×é³É³Á´ó·çÏÕ¡£CISAµÄ°ó¶¨²Ù×÷Ö¸Áî(BOD)22-01³ÉÁ¢ÁËKEVĿ¼ £¬×÷ΪÒÑ֪ͨÓ÷ì϶ºÍ¶³ö(CVE)µÄʵʱÁбí £¬ÕâЩ·ì϶´ºÁª¹úÆóÒµ×é³É³Á´ó·çÏÕ¡£BOD22-01ÒªÇóÁª¹úÃñÊÂÐÐÕþ·ÖÖ§(FCEB)»ú¹¹ÔÚ½ØÖ¹ÈÕÆÚǰ½¨¸´ÒÑʶ´ËÍâ·ì϶ £¬ÒÔ±£»¤FCEBÍøÂçÃâÊÜ»îÔ¾Íþв¡£Ö»¹ÜBOD22-01½öºÏÓÃÓÚFCEB»ú¹¹ £¬µ«CISAÇ¿ÁÒ½¨ÒéËùÓÐ×é֯ͨ¹ýÓÅÏÈʵʱ½¨¸´KEVĿ¼·ì϶×÷Ϊ·ì϶ÖÎÀíʵ¼ÊµÄÒ»²¿ÃÅ £¬Ï÷¼õÍøÂç¹¥»÷¶³öÃæ¡£


https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog


4. Torg Grabber¶ñÒâÈí¼þÕë¶Ô850¿îä¯ÀÀÆ÷À©´óÇÔÈ¡Êý¾Ý


3ÔÂ25ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾GenDigital½üÈÕ·¢ÏÖÃûΪTorgGrabberµÄÐÂÐÍÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ £¬¸ÃÈí¼þ´Ó850¸öä¯ÀÀÆ÷À©´óÇÔÈ¡Ãô¸ÐÊý¾Ý £¬ÆäÖг¬¹ý700¸öΪ¼ÓÃÜÇ®±ÒÇ®°üÀ©´ó¡£³õʼ½Ó¼ûͨ¹ýClickFix¼¼Êõ»ñµÃ £¬½Ù³Ö¼ôÌù°å²¢ÓÕÆ­Óû§Ö´ÐжñÒâPowerShellºÅÁî¡£GenDigital×êÑÐÈËÔ±°µÊ¾ £¬TorgGrabberÔÚ»ý¼«¿ª·¢ÖÐ £¬Èý¸öÔÂÄÚ±àÒëÁË334¸öΨһÑù±¾ £¬Ã¿ÖÜ×¢²áеĺÅÁî½ÚÔ죨C2£©·þÎñÆ÷¡£³ý¼ÓÃÜÇ®±ÒÇ®°ü±í £¬TorgGrabber»¹´Ó103¸öÃÜÂëÖÎÀíÆ÷ºÍË«³É·ÖÉí·ÝÑéÖ¤¹¤¾ßÒÔ¼°19¸ö±Ê¼ÇÀûÓÃÇÔÈ¡Êý¾Ý¡£TorgGrabberµÄ³õʼ°æ±¾Ê¹ÓûùÓÚTelegramµÄºÍ̸ £¬¶øºóʹÓÃ×Ô½ç˵¼ÓÃÜTCPºÍ̸½øÐÐÊý¾Ý±íй¡£2025Äê12ÔÂ18ÈÕ £¬ÕâÁ½ÖÖ»úÔì±»ÉÕ»Ù £¬×ª¶øÊ¹ÓÃͨ¹ýCloudflare»ù´¡Éèʩ·ÓɵÄHTTPSÏνÓ¡£¸Ã²½ÖèÖ§³Ö·Ö¿éÊý¾ÝÉÏ´«ºÍÓÐÐ§ÔØºÉ´«µÝ¡£¶ñÒâÈí¼þÓµÓжàÖÖ·´·ÖÎö»úÔì¡¢¶à²ã»ìºÏ £¬²¢Ê¹ÓÃÖ±½ÓϵͳŲÓúͷ´Éä¼ÓÔØ½øÐжã±Ü £¬ÆëÈ«ÔÚÄÚ´æÖÐÔËÐÐ×îÖÕÓÐÐ§ÔØºÉ¡£¶ñÒâÈí¼þ»¹¿É·ÖÎöÖ÷»ú¡¢´´½¨Ó²¼þÖ¸ÎÆ¡¢¼Í¼ÒÑ×°ÖÃÈí¼þ¡¢½ØÈ¡Óû§×ÀÃæ½ØÍ¼ £¬²¢´Ó×ÀÃæºÍÎĵµÎļþ¼ÐÇÔÈ¡Îļþ¡£


https://www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/


5. Citrix½¨¸´NetScalerÀàËÆCitrixBleedµÄ¸ßΣ·ì϶


3ÔÂ25ÈÕ £¬Citrix½üÈÕ½¨¸´ÁËÓ°ÏìNetScalerADCÍøÂçÉ豸ºÍNetScalerGateway°²È«Ô¶³Ì½Ó¼û½â¾ö¹æ»®µÄÁ½¸ö·ì϶ £¬ÆäÖÐÒ»¸öÓë½üÄêÀ´ÔÚÁãÈÕ¹¥»÷Öб»ÀûÓõÄCitrixBleedºÍCitrixBleed2ȱµã¼«¶ÈÀàËÆ¡£¸Ã¹Ø¼ü°²È«·ì϶£¨×·×ÙΪCVE-2026-3055£©Ô´ÓÚÊäÈëÑéÖ¤²»¼° £¬¿ÉÄܵ¼ÖÂÅäÖÃΪSAMLÉí·ÝÌṩÉÌ£¨IDP£©µÄCitrixADC»òCitrixGatewayÉ豸²úÉúÄÚ´æ¹ý¶È¶ÁÈ¡ £¬Ê¹ÎÞÌØÈ¨µÄÔ¶³Ì¹¥»÷Õß¿ÉÄÜÇÔÈ¡»á»°ÁîÅÆµÈÃô¸ÐÐÅÏ¢¡£¹«Ë¾»¹·ÖÏíÁ˼ø±ðºÍ½¨¸´Ò×ÊÜCVE-2026-3055¹¥»÷µÄNetScalerÊ·ýµÄ¾ßÌåÖ¸ÄÏ¡£¹«Ë¾»¹½¨¸´ÁËÓ°ÏìÅäÖÃÎªÍø¹Ø£¨SSLVPN¡¢ICAProxy¡¢CVPN¡¢RDPproxy£©»òAAAÐé¹¹·þÎñÆ÷µÄÉ豸µÄCVE-2026-4368·ì϶ £¬¸Ã·ì϶¿Éʹָ±êϵͳÉÏÓµÓеÍÌØÈ¨µÄÍþвÐÐΪÕßÀûÓþºÕùǰÌá½øÐе͸´ÔӶȹ¥»÷ £¬¿ÉÄܵ¼ÖÂÓû§»á»°»ìºÏ¡£ÍøÂ簲ȫ×éÖ¯ShadowserverĿǰ׷×Ùµ½³¬¹ý3Íò¸öNetScalerADCÊ·ýºÍ2,300¶à¸öGatewayÊ·ýÔÚÏß¶³ö¡£Ä¿Ç°Éв»Ã÷ÏÔÆäÖÐÓм¸¶àʹÓÃÒ×Êܹ¥»÷µÄÅäÖûòÒÑÕë¶Ô¹¥»÷½øÐн¨¸´¡£¶à¼ÒÍøÂ簲ȫ¹«Ë¾Ö¸³ö £¬CVE-2026-3055Óë2023Äê±»¿í·ºÀûÓõÄCitrixBleed·ì϶ºÍ2025ÄêÅû¶µÄCitrixBleed2±äÌå´æÔÚÏÔÖøÀàËÆÐÔ¡£


https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/


6. TP-Link½¨¸´Archer NXϵÁзÓÉÆ÷¶à¸ö¸ßΣ·ì϶


3ÔÂ25ÈÕ £¬TP-Link½üÈÕ½¨¸´ÁËÆäArcherNXϵÁзÓÉÆ÷ÖеĶà¸ö·ì϶ £¬Ô̺¬Ò»¸öÑϳÁ¼¶´ËÍâȱµã £¬¿ÉÄÜÔÊÐí¹¥»÷ÕßÈÆ¹ýÉí·ÝÑéÖ¤²¢ÉÏ´«Ð¹̼þ¡£×·×ÙΪCVE-2025-15517µÄ°²È«·ì϶ӰÏìArcherNX200¡¢NX210¡¢NX500ºÍNX600ÎÞÏß·ÓÉÆ÷ £¬Ô´ÓÚȱʧÉí·ÝÑéÖ¤Èõµã £¬¹¥»÷Õß¿ÉÔÚÎÞÌØÈ¨Çé¿öÏÂÀûÓá£TP-Link»¹ÒƳýÁËÅäÖûúÔìÖеÄÓ²±àÂë¼ÓÃÜÃÜÔ¿£¨CVE-2025-15605£© £¬¸ÃÃÜÔ¿ÔÊÐí¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß½âÃÜÅäÖÃÎļþ¡¢Åú¸Ä²¢³ÁмÓÃÜ¡£´Ë±í £¬¹«Ë¾½¨¸´ÁËÁ½¸öºÅÁî×¢Èë·ì϶£¨CVE-2025-15518ºÍCVE-2025-15519£© £¬ÕâЩ·ì϶ʹӵÓÐÖÎÀíÔ±ÌØÈ¨µÄÍþвÐÐΪÕß¿ÉÄÜÖ´ÐÐËÁÒâºÅÁî¡£¹«Ë¾Ç¿ÁÒ½¨Òé¿Í»§ÏÂÔØ²¢×°ÖÃ×îй̼þ°æ±¾ÒÔ×èÖ¹ÀûÓÃÕâЩ·ì϶µÄDZÔÚ¹¥»÷¡£


https://www.bleepingcomputer.com/news/security/tp-link-warns-users-to-patch-critical-router-auth-bypass-flaw/