½ÌÓý¾ÞÍ·Instructure±»ºÚ£¬2.8ÒÚÓû§Êý¾Ýй¶

°ä²¼¹¦·ò 2026-05-06

1. ½ÌÓý¾ÞÍ·Instructure±»ºÚ£¬2.8ÒÚÓû§Êý¾Ýй¶


5ÔÂ5ÈÕ£¬½üÆÚ£¬×Ô³ÆÎªShinyHuntersµÄÀÕË÷ÍÅ»ïÐû³Æ£¬Òѳɹ¦¹¥ÆÆ½ÌÓý¼¼Êõ¾ÞÍ·InstructureµÄϵͳ£¬²¢ÇÔÈ¡ÁËÔ¼2.8ÒÚÌõÓëѧÉúºÍ½ÌÖ°¹¤ÓйصÄÊý¾Ý¼Í¼£¬Éæ¼°8809Ëù¸ßУ¡¢Ñ§ÇøºÍÔÚÏß½ÌÓýƽ̨ ¡£InstructureÊÇÒ»¼ÒÒÔCanvas½ø½¨ÖÎÀíϵͳÎÅÃûµÄÔÆ½ÌÓý¼¼Êõ¹«Ë¾£¬È«Çò¶à¶àѧÌúʹóѧÒÀÀµ¸ÃϵͳÖÎÀí¿Î³Ì×÷Òµ¡¢ÆÀ·Ö¼°¹µÍ¨ ¡£ÉÏÖÜÎ壬¸Ã¹«Ë¾Åû¶ÔÚµ÷²éÒ»Â·ÍøÂç¹¥»÷ÊÂÎñ£¬ËæºóÈ·ÈϲúÉúÊý¾Ýй¶£¬Óû§ÐÕÃû¡¢µç×ÓÓʼþµØÖ·¼°¸öÈËÐÅÏ¢±»ÆØ¹â ¡£ÍþвÐÐΪÕßËæºó°ä²¼ÁËÒ»·ÝÔ̺¬8809¸öÊÜÓ°Ïì»ú¹¹µÄÃûµ¥£¬²¢¸½ÓÐÿ¸ö»ú¹¹µÄ¼Í¼ÊýÁ¿£¬ÉÙÔòÊýÍò£¬¶àÔòÊý°ÙÍò ¡£¹¥»÷ÕßÐû³Æ£¬ËûÃÇÀûÓÃÁËCanvasµÄÊý¾Ýµ¼³öÖ°ÄÜ£¬Ô̺¬DAP²éÎÊ¡¢ÅäÖû㱨¼°Óû§API£¬³É¹¦ÍøÂçÁËÊý°ÙGBµÄÓû§¼Í¼¡¢ÐÂÎż°×¢²áÊý¾Ý ¡£Ö»¹ÜInstructureδ¾ÍÂÅ´ÎÓʼþѯÎÊ×÷³ö»ØÓ¦£¬²¿ÃŸßУÒÑÆðÍ·°ä²¼ÓйØÉêÃ÷ ¡ £¿ÆÂÞÀ­¶à´óѧ²©¶ûµÂ·ÖУÖÒ¸æ³Æ£¬ÕâÊÇһ·ȫ¹úÐÔÊÂÎñ£¬²¨¼°¶à¼Ò»ú¹¹£»ÂÞ¸ñ˹´óѧ°µÊ¾ÉÐδÊÕµ½Ö±½ÓÓ°Ïì֪ͨ£¬Canvasƽ̨ÈÔÕý³£Ê¹Ó㻵ٶû±¤´óѧÔòÈ·Èϵ÷²éÔÚ½øÐÐÖУ¬ÉÐÎÞ·¨È·¶¨Ñ§ÉúºÍ½ÌÖ°¹¤Êý¾ÝÊÇ·ñÊܵ½Ó°Ïì ¡£


https://www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/


2. ¸ßγȫÇòÈ·ÈÏÊý¾Ýй¶£¬Á½´óºÚ¿Í×éÖ¯Ðû³ÆÕƹÜ


5ÔÂ5ÈÕ£¬·¿µØ²ú·þÎñ¾ÞÍ·¸ßγȫÇò£¨Cushman & Wakefield£©½üÈÕ֤ʵ²úÉúÊý¾Ýй¶ÊÂÎñ£¬´ËǰÁ½¸öÍøÂç·¸×ï×éÖ¯ShinyHuntersºÍQilin±ðÀëÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü ¡£¸Ã¹«Ë¾Ò»Î»½²»°ÈË֪ͨ¡¶×¢²á±¨¡·£¬Õâ´Î¹¥»÷ÁìÓò¡°ÓÐÏÞ¡±£¬Ô´ÓÚÒ»´ÎÓïÒô´¹µö¹¥»÷£¬Åú×¢Ò»ÃûÔ±¹¤Êܵ½ÁËÉç½»¹¤³ÌµÄºýŪ ¡£¸Ã½²»°È˰µÊ¾£¬¹«Ë¾ÒÑÆô¶¯Ó¦¶Ô¹æ»®£¬²ÉÈ¡´ëÊ©¶ôÔìδ¾­ÊÚȨµÄ»î¶¯£¬²¢ÀñƸµÚÈý·½×¨¼ÒЭÖúµ÷²é£¬Ç¿µ÷ϵͳºÍÔËÓªÈÔÔÚÕý³£½øÐУ¬¶Ô¿Í»§Êý¾Ý°²È«¸ºÓи߶ÈÔðÈÎ ¡£ShinyHuntersÔÚ·¢¸øÃ½ÌåµÄÐÂÎÅÖÐÐû³Æ£¬ËûÃÇÓÚ5ÔÂ1ÈÕ¹¥»÷Á˸ßγȫÇò£¬ÇÔÈ¡ÁË¡°³¬¹ý50ÍòÌõSalesforce¼Í¼£¬ÆäÖÐÔ̺¬Ó×ÎÒÉí·ÝÐÅÏ¢¼°ÆäËûÄÚ²¿¹«Ë¾Êý¾Ý¡±£¬²¢É趨ÁË5ÔÂ6ÈÕµÄ×îºóÆÚÏÞÒªÇó¹«Ë¾ÁªÏµÒÔÔ¤·ÀÊý¾Ýй¶£¬µ«¾Ý³ÆÕâÒ»ÆÚÏÞ²¢Î´µÃµ½»ØÓ¦ ¡£QilinÔòÓÚ5ÔÂ4ÈÕÔÚÆäÊý¾ÝÐ¹Â¶ÍøÕ¾ÉÏÁгöÁ˸ßγȫÇò£¬µ«Î´¾ßÌå×¢Ã÷¹¥»÷·½Ê½ ¡£


https://www.theregister.com/2026/05/05/cushman_wakefield/


3. VimeoÊý¾Ýй¶ÊÂÎñµ¼ÖÂ11.9ÍòÈ˵ÄÓ×ÎÒÐÅÏ¢ÆØ¹â


5ÔÂ5ÈÕ£¬¾ÝÊý¾Ýй¶֪ͨ·þÎñHave I Been PwnedÅû¶£¬ShinyHuntersÀÕË÷ÍÅ»ïÔÚ4Ô·ÝÈëÇÖÔÚÏßÊÓÆµÆ½Ì¨Vimeoºó£¬ÇÔÈ¡Á˳¬¹ý11.9ÍòÈ˵ÄÓ×ÎÒÐÅÏ¢ ¡£VimeoÓÚ4ÔÂ27ÈÕÅû¶£¬ÔÚÊý¾ÝÒì³£¼ì²â¹«Ë¾Anodot²úÉúÊý¾Ýй¶ÊÂÎñºó£¬¿Í»§ºÍÓû§Êý¾ÝÔ⵽δ¾­ÊÚȨµÄ½Ó¼û ¡£Vimeo°µÊ¾£¬±»½Ó¼ûµÄÊý¾Ý¿âÖØÒªÔ̺¬¼¼·¨Êõ¾Ý¡¢ÊÓÆµ±êÌâºÍÔªÊý¾Ý£¬ÔÚijЩÇé¿öÏ»¹Ô̺¬¿Í»§µÄµç×ÓÓʼþµØÖ· ¡£µ«¹«Ë¾Ç¿µ÷£¬Õâ´Î¹¥»÷δÔì³ÉÈκÎÒµÎñÖжÏ£¬¹¥»÷ÕßҲδÄÜ»ñÈ¡Óû§µÄµÇ¼ƾ֤»ò²ÆÕþÐÅÏ¢ ¡£¼ì²âµ½·ì϶ºó£¬Vimeoµ±¼´½ûÓÃÁËËùÓÐAnodotƾ֤£¬ÒƳýÁËAnodotÓëϵͳµÄ¼¯³É£¬ÀñƸµÚÈý·½°²È«×¨¼ÒЭÖúµ÷²é£¬²¢Í¨ÖªÁË·¨Âɲ¿ÃÅ ¡£ÔÚVimeoÅû¶´Ë¹ýºó£¬ShinyHuntersÒòÀÕË÷δ¹û£¬ÔÚÆä°µÍøÊý¾ÝÐ¹Â¶ÍøÕ¾Éϰ䲼ÁË106GBµÄ±»µÁÎļþ´æµµ ¡£¸ÃÀÕË÷ÍÅ»ïÐû³Æ£¬ÒòAnodotµÄ°²È«ÎÊÌâµ¼ÖÂVimeoµÄSnowflakeºÍBigQueryÊ·ýÊý¾Ýй¶£¬²¢Ôð¹Ö¹«Ë¾Î´ÄÜÓëÆä´ï³ÉºÍ̸ ¡£


https://www.bleepingcomputer.com/news/security/vimeo-data-breach-exposes-personal-information-of-119-000-people/


4. ºÚ¿ÍÀûÓÃWeaver E-cologyÑϳÁ·ì϶ִÐÐÔ¶³Ì¹¥»÷


5ÔÂ4ÈÕ£¬×Ô3ÔÂÖÐÑ®ÒÔÀ´£¬ºÚ¿ÍÒ»ÏòÔÚÀûÓÃWeaver E-cology°ì¹«×Ô¶¯»¯ÏµÍ³ÖеÄÒ»¸öÑϳÁ·ì϶£¨CVE-2026-22679£©Ö´ÐпúËźÅÁî ¡£¸Ã·ì϶ӰÏì3ÔÂ12ÈÕ֮ǰµÄE-cology 10.0°æ±¾£¬ÊÇÒ»¸öδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´Ðзì϶ ¡£Æä±¾Ô­ÔÚÓÚϵͳ¶³öµÄµ÷ÊÔAPI¶Ëµã²»±¾µØÔÊÐíÓû§ÌṩµÄ²ÎÊýÔÚδ¾­Éí·ÝÑéÖ¤»òÊäÈëÑéÖ¤µÄÇé¿öÏ£¬Ö±½Ó´ïµ½ºó¶ËÔ¶³Ì¹ý³ÌŲÓÃÖ°ÄÜ£¬¹¥»÷Õ߿ɽè´Ë´«µÝ¾«ÐÄ»ú¹ØµÄÖµ£¬ÔÚ·þÎñÆ÷ÉÏÒÔϵͳºÅÁîȨÏÞÖ´ÐÐËÁÒâ´úÂë ¡£ÖµÍ×ÌùÐĵÄÊÇ£¬¹¥»÷ÐÐΪ²úÉúÔÚÈí¼þ¹©¸øḚ́䲼°²È«¸üкóµÄµÚÎåÌ죬ÒÔ¼°·ì϶¹«¿ªÅû¶ǰµÄÁ½ÖÜ£¬Åú×¢¹¥»÷Õß¿ÉÄÜͨ¹ýÄæÏò²¹¶¡»ò¶ÀÁ¢·¢ÏÖÁ˸÷ì϶ ¡£¾ÝÍþвµý±¨¹«Ë¾VegaµÄ×êÑÐÈËÔ±¼Í¼£¬ÕâЩ¶ñÒâ»î¶¯³ÖÐøÁËÔ¼Ò»Öܹ¦·ò£¬Ã¿´Î¹¥»÷Ô̺¬¶à¸ö·ÖÆç½×¶Î ¡£¹¥»÷Õß¹ÌÈ»ÓлúÓöÀûÓ÷ì϶ʵÏÖÔ¶³Ì´úÂëÖ´ÐУ¬È´´ÓδÔÚÖ¸±êÖ÷»úÉϳÉÁ¢ÓƾûỰ ¡£


https://www.bleepingcomputer.com/news/security/weaver-e-cology-critical-bug-exploited-in-attacks-since-march/


5. TrellixÅû¶Դ´úÂë¿âÔâδÊÚȨ½Ó¼û


5ÔÂ4ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾Trellix½üÈÕÅû¶ÁËһ·Êý¾Ýй¶ÊÂÎñ£¬¹¥»÷Õß»ñµÃÁËÆäÔ´´úÂë¿â¡°²¿ÃÅ¡±µÄ½Ó¼ûȨÏÞ ¡£TrellixÊÇÓÉMcAfee EnterpriseºÍFireEyeÓÚ2021Äê10Ô¹鲢¶ø³ÉµÄÈ«ÇòÐÔÍøÂ簲ȫ¹«Ë¾£¬ÎªÈ«Çò³¬¹ý5Íò¼ÒÆóÒµºÍµ±¾Ö¿Í»§Ìṩ·þÎñ£¬±£»¤×ų¬¹ý2ÒÚ¸öÖÕ¶ËÉ豸 ¡£Æ¾¾ÝÖÜÒ»¸üеĹٷ½ÉêÃ÷£¬¸Ã¹«Ë¾Ä¿Ç°ÔÚ±í²¿·¨Ò½×¨¼ÒµÄЭÖú϶ÔÊÂÎñ½øÐе÷²é ¡£Trellix°µÊ¾£¬½ØÖÁĿǰÉÐδ·¢ÏÖÍþвÐÐΪÕßÀûÓûò´Û¸ÄÆäËù½Ó¼ûÔ´´úÂëµÄÈκÎÖ¤¾Ý ¡£¹«Ë¾Ç¿µ÷£¬ÔÚ·¢ÏÖÔ´´úÂë¿âÔâδÊÚȨ½Ó¼ûºó£¬Òѵ±¼´Óë¶¥¼âȡ֤ר¼ÒºÏ×÷´¦ÖôËÊ£¬²¢Í¬Ê±Í¨ÖªÁË·¨Âɲ¿ÃÅ ¡£Æ¾¾Ýµ±Ç°µ÷²éÁ˾Ö£¬¹«Ë¾Ã»Óз¢ÏÖÈκÎÖ¤¾ÝÅú×¢Ô´´úÂë°ä²¼»ò·Ö·¢¹ý³ÌÊܵ½Ó°Ï죬Ҳδ·¢ÏÖÔ´´úÂë±»ÏÖʵÀûÓà ¡£TrellixÔÚÆä¹Ù·½ÉêÃ÷ÖаµÊ¾£¬½«ÔÚµ÷²éʵÏÖºó×ÃÇé·ÖÏí¸ü¶àϸ½Ú ¡£


https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/


6. Ameriprise FinancialÊý¾Ýй¶ӰÏì½ü4.8ÍòÈË


5ÔÂ3ÈÕ£¬Ameriprise Financial½üÈÕÅû¶ÁËһ·Êý¾Ýй¶ÊÂÎñ£¬Ô¼4.8ÍòÃûÃÀ¹úÓ×ÎÒµÄÓ×ÎÒÐÅÏ¢Ô⵽δ¾­ÊÚȨ½Ó¼û ¡£¸Ã¹«Ë¾ÔÚÈëÇÔìðÍ·Ô¼16Ììºó£¬ÓÚ2026Äê3ÔÂ18ÈÕ·¢ÏÖÕâ´ÎÊÂÎñ£¬²¢ÏòÃåÒòÖÝ×ܼì²ì³¤Ìá½»ÁËй¶֪ͨ ¡£Ameriprise°µÊ¾£¬¹¥»÷Õß½Ó¼ûÁËÔ̺¬ÐÕÃû¡¢µØÖ·¡¢²ÆÕþÕË»§ÏêÇé¡¢²¿ÃÅÇé¿öϵÄÉç»á°²È«ºÅÂëµÈÓ×ÎÒÉí·ÝÐÅÏ¢µÄ´æ´¢Êý¾ÝºÍÎļþ ¡£¹«Ë¾È·ÈÏδ²úÉúÈκÎδ¾­ÊÚȨµÄÂòÂô»ò×ʽð×ªÒÆ£¬ÒµÎñÔËӪҲδÊܵ½Ó°Ïì ¡£Ä¿Ç°£¬AmeripriseÒÑÀñƸ±í²¿ÍøÂ簲ȫר¼ÒЭÖúµ÷²é£¬²¢ÎªÊÜÓ°ÏìµÄÓ×ÎÒÌṩÐÅÓþºÍÉí·Ý¼à¿Ø·þÎñ ¡£ÖµµÃ¹Ø×¢µÄÊÇ£¬ÓëºóÐøËßËÏÓйصķ¨Í¥ÎļþÏÔʾ£¬ShinyHuntersÀÕË÷ÍÅ»ïÐû³Æ¶ÔÕâ´ÎÊÂÎñÕÆ¹Ü£¬²¢Íþвй¶³¬¹ý200GBµÄÄÚ²¿Êý¾Ý£¬µ«ÓйØËßËÏÒѱ»³·Ïú£¬AmeripriseҲδ¹«¿ªÖ¤ÊµShinyHuntersÓë¸ÃÊÂÎñµÄ¹ØÁª ¡£


https://securityboulevard.com/2026/05/ameriprise-financial-data-breach-exposes-personal-information-of-48000-customers/