¹ÂÀǺڿÍЯAI¹¤¾ß£¬72Ó×ʱ¹¥ÏÂAWSÔÆ»·¾³

°ä²¼¹¦·ò 2026-07-10
1. ¹ÂÀǺڿÍЯAI¹¤¾ß£¬72Ó×ʱ¹¥ÏÂAWSÔÆ»·¾³


7ÔÂ9ÈÕ£¬°²È«¹«Ë¾SygniaÅû¶£¬Ò»Ãûµ¥±øÍþвÐÐΪÕßÀûÓÃÈËΪÖÇÄܸ¨Öú¹¤×÷Á÷³Ì£¬Ôڶ̶Ì72Ó×ʱÄڳɹ¦¹¥ÆÆÒ»¸ö´óÐÍÑÇÂíÑ·ÍøÂç·þÎñ£¨AWS£©»·¾³£¬²¢¶Ôδ¾ßÃûµÄÈ«ÇòÆóÒµÖ´ÐÐÁËÀÕË÷¡£¹¥»÷Õß²¢Î´ÀûÓõ¥Ò»ÅäÖÃÃýÎ󣬶øÊÇ´®ÁªÁËÀûÓ÷¨Ê½·þÎñ¡¢AWS×ÊÔ´¡¢Ô´´úÂë¿â¡¢CI/CD¹Ü·¡¢ÔËÐÐʱ×é¼þ¼°Êý¾Ý´æ´¢ÖеĶà¸ö·ì϶£¬Ñ¸¿ìʵÏÖÆ¾Ö¤·¢ÏÖ¡¢ÃÜÔ¿ÇÔÈ¡¡¢ÔÆÃ¶¾Ù¡¢²¿Êð¹Ü·ÀÄÓá¢Êý¾Ý¿â½Ó¼û¼°ÔËÓªÖжϵȲÙ×÷¡£ÆäÊ×ÏÈͨ¹ýÃæÏò»¥ÁªÍøµÄÀûÓ÷¨Ê½·ì϶»ñÈ¡AWS½Ó¼ûÃÜÔ¿£¬Ëæºóͨ¹ýËĸö²¢Ðй¤×÷Á÷³ÌϵͳÐÔÇÔÈ¡»úÃÜ¡¢´´½¨ºóÃŲ¢Ð¹Â¶Êý¾Ý£¬Í¬Ê±²ÉÈ¡S3´æ´¢Í°»Ø¾ø½Ó¼û¡¢ECS·þÎñÏÞÁã¡¢ACL×è¶Ï¼°Çå¿ÕSQS¶ÓÁеȿÉÄæµ«¼«¾ßÍþÉåÁ¦µÄ´ëÊ©À´Ê©Ñ¹Êܺ¦ÕßÖ§¸¶Êê½ð¡£×êÑÐÖ¸³ö£¬¹¥»÷ÕßÀûÓÃAI¼Ó¿ì¿úËÅ¡¢¹¤¾ß¿ª·¢¼°ºÅÁî½á¹¹»¯£¬ÒÔÔ¶³¬Í¨ÀýµÄ¿ìÂʺ͹æÄ£Ö´Ðй¥»÷¡£SygniaÇ¿µ÷£¬ÆóÒµÐèÈ«Ãæ°ÑÎÕ×ʲúºÍÉí·ÝÐÅÏ¢¡¢Ç¿»¯Éí·Ý°²È«½ÚÔì¡¢±£»¤ÔÆÓ뿪·¢»·¾³¡¢²¿Êð·Ö²ã·ÀÓù¼°×Ô¶¯»¯ÏìÓ¦Á÷³Ì£¬ÓÈÆäÓ¦Ôì¶©Ô¤Ô¼Òå¶ôÔ취ʽ£¬½«¾ùÔȼì²âºÍ½¨¸´¹¦·ò´ó·ùËõ¶Ì£¬ÒÔÓ¦¶ÔAIÇý¶¯µÄ¼±¾ç¹¥»÷¡£


https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment


2. NextcloudÊý¾Ý¿âÅäÖÃÃýÎóÖÂ36ÍòÌõÃô¸Ð¼Í¼й¶


7ÔÂ8ÈÕ£¬µÂ¹úÄ£¿é»¯¹¤×÷¿Õ¼äƽ̨NextcloudÒòÊý¾Ý¿âÅäÖÃÃýÎ󣬵¼ÖÂ7.92GBÊý¾Ý£¨º¬36.7Íò±Ê¼Í¼£©¹«¿ªÂ¶³ö£¬Éæ¼°·¢Æ±¡¢ºÏͬ¡¢Ô±¹¤¼°¿Í»§ÐÅÏ¢¡¢ÏµÍ³ÖÎÀí¾ç±¾µÈ´óÁ¿Ãô¸ÐÎļþ¡£°²È«ÍŶÓÓÚ5ÔÂ18ÈÕ·¢Ïָù«¿ªElasticsearch¼¯Èº£¬ÆäÖÐδ¼ÓÃܼͼÔ̺¬NextcloudÔ±¹¤µçÓÊ¡¢¿Í»§¹«Ë¾Ãû³ÆÓëµØÖ·¡¢ÍùÀ´·¢Æ±ÏêÇ飬ÉõÖÁÔ̺¬Ó²±àÂëÊý¾Ý¿âÍ´´¦µÄShellºÍPython¾ç±¾£¬ÒÔ¼°Óû§Ãûµ¥¡¢HTTPÔªÊý¾ÝºÍMD5¹þÏ£Öµ¡£¹ÌÈ»¹«Ë¾Ðû³Æ¿Í»§·þÎñÆ÷δÊÜÖ±½ÓÓ°Ï죬µ«Ð¹Â¶Êý¾Ý¿ÉÄܱ»¹¥»÷ÕßÓÃÓÚ´¹µö¡¢Éç»á¹¤³Ì»òÕë¶Ô¿Í»§ÏµÍ³µÄ·ì϶̽²â¡£Nextcloud½Ó±¨ºóÁ½ÌìÄڹعØÂ¶³öÊý¾Ý¼¯£¬²¢Éϱ¨µÂ¹úÊý¾Ý±£»¤²¿ÃÅ£¬È·ÈÏÎÊÌâÔ´ÓÚÍйܻù´¡ÉèÊ©ÅäÖÃÃýÎó£¬Óë²úÆ·×ÔÉíÎ޹أ¬ÇÒÉÐÎÞÖ¤¾ÝÅú×¢Êý¾Ý±»ÀÄÓá£È»¶ø£¬×êÑÐÈËÔ±ÖҸ棬¶ñÒ⽩ʬ·¨Ê½¿ÉÄÜÒÑÔÚй¶ÆÚ¼äÇÔÈ¡Êý¾Ý£¬Ôö³¤ÁËÕë¶ÔÔ±¹¤ºÍ¿Í»§µÄ¶¨Ïò¹¥»÷·çÏÕ¡£


https://cybernews.com/security/nextcloud-cloud-provider-data-leak/


3. ¶ñÒânpm°üÏ®»÷Injective SDK£¬ÇÔÈ¡¼ÓÃÜÇ®°üÃÜÔ¿


7ÔÂ9ÈÕ£¬ÀûÓð²È«¹«Ë¾Socket¡¢Ox SecurityºÍStepSecurityÅû¶ÁËһ·Õë¶ÔInjective LabsµÄ¹©¸øÁ´¹¥»÷ÊÂÎñ¡£¹¥»÷ÕßÈëÇÖÁËInjective Labs SDKÏîÄ¿ºÏ·¨¹±Ï×ÕßµÄGitHubÕË»§£¬ÔÚ6ÔÂ8ÈÕ½øÐгõ´Î¿ÉÒÉÌá½»ºó£¬ÓÚnpmÉϰ䲼Á˶ñÒâ°æ±¾µÄ@injectivelabs/sdk-tsÈí¼þ°ü£¨°æ±¾1.20.21£©£¬²¢Í¬²½´«È¾ÁËÁí±í17¸öÓйذü£¬½«ÆäÈ«ÊýËø¶¨ÖÁ¸Ã±»ÈëÇÖ°æ±¾¡£¸ÃTypeScript/JavaScript SDKרΪInjectiveÇø¿éÁ´£¨Layer-1 DeFi¹«Á´£©Éè¼Æ£¬Ã¿ÖÜÏÂÔØÁ¿Ô¼5Íò´Î£¬±»¿í·ºÓÃÓÚ¹¹½¨¼ÓÃÜÇ®°ü¡¢ÂòÂô»úеÈË¡¢DEX¼°DeFiÀûÓ᣶ñÒâ´úÂ벢δÔÚ×°ÖÃʱ´¥·¢£¬¶øÊÇÔÚ¿ª·¢ÕßŲÓÃSDKº¯ÊýÌìÉú»òµ¼ÈëÇ®°üÃÜԿʱ¼¤»î£¬ÊµÊ±²¶»ñÆëÈ«Öú¼Ç´ÊºÍ˽Կ£¬¾­base64±àÂëºó£¬Í¨¹ýHTTP POSTÒªÇó·¢ÍùInjective LabsµÄ¹«¹²»ù´¡ÉèÊ©¶ËµãÒÔ¼Ù×°Á÷Á¿£¬²¢Ñ¡È¡Á½ÃëÅúÁ¿´ò°ü»úÔ죬½«¶àÌõÃÜÔ¿ÕûºÏÖÁÒªÇóÍ·Öз¢ËÍ£¬ÒԱ㹥»÷ÕߺóÐø½Ù³ÖÇ®°ü²¢×ªÒÆ×ʲú¡£ºÏ·¨ÕË»§ËùÓÐÕßÔÚÊý·ÖÖÓÄÚ¾õ²ìÈëÇÖ£¬Ñ¸¿ì³·Ïú¸ü¸Ä²¢°ä²¼¸É¾»°æ±¾1.20.23£¬µ«´Ëǰ¶ñÒâ°üÒѱ»ÏÂÔØÔ¼310´Î£¬ÇÒGitHubÉϵĶñÒâ°ä²¼¹¤¼þÉÐδɾ³ý¡£´Ë±í£¬¸Ã°üÕ¼ÓÐ87¸öÖ±½ÓÒÀÀµ¼°¶à¶à´«µÝÒÀÀµ£¬ÆäÀÛ¼ÆÏÂÔØÁ¿³¬11.2Íò´Î£¬Ç±ÔÚÓ°ÏìÃæ¿í·º¡£


https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/


4. ÐÂÐÍÀÕË÷×éÖ¯HelixÒÔÓïÒô´¹µöÇÔÈ¡SharePointÊý¾Ý


7ÔÂ9ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾ReliaQuest½üÈÕÅû¶£¬Ò»¸öÃûΪHelixµÄÐÂÐÍÊý¾ÝÀÕË÷×éÖ¯ÕýѡȡÒÔÉí·ÝΪÖÐÐĵĶ൵´Î¹¥»÷¼¿Á©£¬ÖØÒªÕë¶ÔÆóÒµµÄSharePoint»·¾³Ö´ÐÐÊý¾ÝÇÔÈ¡ÓëÀÕË÷¡£¸Ã×éÖ¯µÄ¹¥»÷Á´ÌõʼÓÚÓïÒôÍøÂç´¹µö£¨vishing£©£º¹¥»÷Õß¼ÙÒâÖ¸±êÔ±¹¤µÄ¾­Àí£¬Í¨¹ýÀ´µçÏÔʾºýŪµÈ¼¼Êõ¼Ù×°³ÉºÏ·¨ÁªÏµÈË£¬Ö±½ÓÖµçÔ±¹¤ÒÔ³ÉÁ¢ÐÅÀµ¡£ÆäÖ÷±êÌâ±êÊÇÓÕµ¼Êܺ¦ÕßÂäÈëÉ豸´úÂëÍøÂç´¹µöÏÝÚ壬ÕâÊÇÒ»ÖÖÀûÓÃ΢ÈíµÈƽ̨É豸´úÂëÈÏÖ¤Á÷³ÌµÄÉç»á¹¤³Ìѧ¹¥»÷£¬Ò»µ©Óû§Ê§É÷ÊäÈë¹¥»÷ÕßÌṩµÄ´úÂ룬¹¥»÷Õß±ãÄܽٳÔìäÕË»§½Ó¼ûȨÏÞ¡£³É¹¦ÈëÇÖºó£¬Helix²Ù×÷Ô±»áѸ¿ì×¢²áеĶà³É·ÖÉí·ÝÑéÖ¤Æ÷ÀûÓÃÒÔʵÏÖÓÆ¾Ã»¯½ÚÔì£¬Ëæ¼´ÆðÍ·È«ÃæÃ¶¾ÙºÍ±éÀúSharePointÕ¾µã£¬ÀûÓÃ"contentclass:STS_Site"¼ÓͨÅä·ûµÄËÑË÷Óï·¨Å̵ãËùÓпɽӼûÄÚÈÝ£¬Ëæºó´Ó¹Ì¶¨IPµØÖ·Ê¹ÓÃ"python-requests/2.28.1"Óû§´úÀíÅúÁ¿ÏÂÔØÎļþ¡£±»µÁÊý¾ÝËæºó±»ÓÃÓÚË«³ÁÀÕË÷¡£ReliaQuestÖ¸³ö£¬HelixÔÚ¼¼ÊõÊÖ·¨ºÍ»ù´¡ÉèÊ©ÉÏÓëÒÑDzɢµÄBlackFile×éÖ¯¼°³ÛÃûºÚ¿Í¼¯ÌåShinyHunters´æÔÚÏÔÖø¹ØÁª¡£


https://www.bleepingcomputer.com/news/security/new-helix-vishing-group-emerges-in-sharepoint-data-theft-attacks/


5. Forg365´¹µöƽ̨ÓÃAIÇÔȡ΢ÈíÕË»§


7ÔÂ9ÈÕ£¬ÍøÂ簲ȫ¹«Ë¾ZeroBECÅû¶£¬ÃûΪForg365µÄÐÂÐÍÍøÂç´¹µö¼´·þÎñƽ̨ÕýÒÔMicrosoft 365ÕË»§ÎªÖ¸±ê£¬ÈÚºÏÖÐÑëÈ˹¥»÷¡¢É豸´úÂë´¹µö¼°AI¸¨Öúµö¶üÌìÉúµÈ¸ß¼¶¼¿Á©¡£¸Ãƽ̨ÌṩForgCookieä¯ÀÀÆ÷À©´ó£¬ÄÜ×Ô¶¯Ë¢ÐÂ΢ÈíSSO Cookie£¬Ê¹¹¥»÷Õß³Ö¾Ãά³Ö¶Ô±»µÁÕË»§µÄ½Ó¼û¡£×êÑÐÈËÔ±·¢ÏÖ£¬Forg365½ÚÔìÃæ°å¼¯³ÉÁËһվʽְÄÜ£º´´½¨´¹µö»î¶¯¡¢ÅäÖÃOAuthÀûÓá¢ÖÎÀíÁîÅÆ£¬²¢ÄÚÖÃAIÄ£¿é×Ô¶¯ÌìÉú¶¨Ô컯´¹µöÓʼþ£¬´ó·ù½µµÍ¹¥»÷Ãż÷¡£Ãæ°å»¹Ô̺¬¹Ø¼ü´Ê¼à¿Ø£¬¿ÉʵʱɨÃè±»ÈëÇÖÓÊÏä²¢¸æ¾¯¡£Forg365Ö§³ÖÁ½Ìõ¹¥»÷õè¾¶£ºÉ豸´úÂë´¹µöÀûÓÃ΢ÈíºÏ·¨OAuth 2.0É豸´úÂëÁ÷£¬ÓÕÆ­Óû§ÊÚȨ¹¥»÷ÕßÉ豸£»AiTM´¹µöÔòͨ¹ý´úÀí½Ø»ñÉí·ÝÑéÖ¤»á»°Cookie¡£Æ½Ì¨²¿ÊðÁËAntiBot·À»¤»úÔ죬Ô̺¬¼ÓÃܳÁ¶¨Ïò¡¢»úеÈ˼ì²âºÍɳÏä²é³­£¬²¢ÔÚ¼ì²âVPNʱ°µ²ØÕæÊµÒ³Ãæ¡£Æä»ù´¡ÉèÊ©½áºÏAmazon SES¡¢Cloudflare PagesºÍGophish¿ò¼Ü¡£ZeroBECÖ¸³ö£¬¸Ãƽְ̨ÄÜÓëKali365¡¢Sneaky2FAÀàËÆµ«Î´È·ÈϹØÁª¡£½¨ÒéÆóÒµ½ûÓ÷DZØÒªÉ豸´úÂëÈÏÖ¤£¬¼à¿ØEntraÈÕÖ¾ÖеÄÒì³£ÈÏÖ¤¡¢ÓÊÏ乿¶¨µ÷»»¼°OAuthÊÚȨ£¬·¢ÏÖÈëÇÖºóµ±¼´³·ÏúËùÓÐÁîÅÆºÍ»á»°¡£


https://www.bleepingcomputer.com/news/security/new-forg365-phishing-platform-uses-ai-to-target-microsoft-365-accounts/


6. À­ÍÑάÑÇÁÖÒµ¾ÞÍ·ÔâÀÕË÷¹¥»÷£¬Ð¹Â¶Æ¾Ö¤ÃÜÔ¿


7ÔÂ9ÈÕ£¬À­ÍÑάÑǹúÓÐÁÖÒµ¹«Ë¾LVMÓÚ7ÔÂ10ÈÕÅû¶£¬¸Ã¹«Ë¾ÔÚÔâ·êÀÕË÷Èí¼þ¹¥»÷ºó£¬Àú¾­ÊýÖÜÈÔÔÚ¼è¾Þ¸´Ô­ITϵͳ¡£Õâ´Î¹¥»÷×îÔçÓÚ6ÔÂÏÂÑ®±»·¢ÏÖ£¬µ¼ÖÂÆäµØÍ¼Æ½Ì¨¡¢á÷ÁÔÀûÓ÷¨Ê½ÒÔ¼°Óë³Ð°üÉ̺Ϳͻ§½øÐÐÐÅÏ¢»¥»»µÄÖ÷ÌâÏµÍ³È«ÃæÌ±»¾¡£À­ÍÑάÑǵ±¾Öµ÷²éÏÔʾ£¬¹¥»÷Õß¿ÉÄÜÔÚ±»·¢ÏÖǰÒÑÂñ·üÓÚ¹«Ë¾ÍøÂ糬¹ýÒ»ÖÜ¡£LVMÊ×ϯ¼¼Êõ¹ÙÂíÀï˹¡¤¿â×ÈÃ÷˹°µÊ¾£¬µ±Ç°Ì¬ÊÆËäÒÑÇ÷ÓÚ²»±ä£¬µ«¸´Ô­Õý³£ÔËÓªÈÔ¡°Ï൱ӵÓÐÌôÕ½ÐÔ¡±£¬Ä¿Ç°Ô¼ÓÐÈý·ÖÖ®¶þÇ©¶¨·þÎñºÏͬµÄ¿Í»§ÈÔÎÞ·¨½Ó¼ûÊÜÓ°Ïìϵͳ¡£¿â×ÈÃ÷˹й©£¬¹¥»÷ÕßÀûÓÃÁËÒ»¸öÁ½Äêδ¸üÐÂÈí¼þÖеÄÒÑÖª·ì϶ÈëÇÖ£¬µ«Î´Ö¸Ã÷¾ßÌåÈí¼þÃû³Æ¡£¸Ã¹«Ë¾´ËǰÃ÷È·°µÊ¾Î´ÊÕµ½Êê½ðÒªÇ󣬼´±ãÊÕµ½Ò²¼á¶¨»Ø¾øÖ§¸¶¡£À­ÍÑάÑǹú¶ÈÍÆËã»úÓ¦¼±ÏìÓ¦Ó××飨CERT.LV£©½«Õâ´Î¹¥»÷¹é×ïÓÚÒ»¸öÒÔ¾­¼ÃÀûÒæÎªÇý¶¯µÄ±í¹úÀÕË÷Èí¼þ×éÖ¯£¬¸Ã×éÖ¯´ËÇ°Ôø¹¥»÷¹ý±±Ô¼ºÍÅ·Ã˳ÉÔ±¹úµÄ¶à¼Ò¹«Ë¾ºÍ¹«¹²»ú¹¹£¬µ«¹Ù·½ÉÐδ¹«¿ªÆä¾ßÌåÉí·Ý¡£¹¥»÷ÕßÔÚÍøÉÏй¶ÁËÔ¼44GBµÄÇÔÈ¡Êý¾Ý£¬µ«µ÷²éÈËÔ±ÒÔΪÏÖʵ±»ÇÔÈ¡µÄÐÅÏ¢Ô¶³¬´Ë¹æÄ££¬Ð¹Â¶ÎļþÔ̺¬ÄÚ²¿Îĵµ¡¢µç×ÓÓʼþÍùÀ´¡¢Èí¼þ´úÂë¿â¡¢Êý×ÖÖ¤Êé¡¢¼ÓÃÜÃÜÔ¿ºÍÓû§Æ¾Ö¤£¬×é³ÉÑϳÁµÄ°²È«Òþ»¼¡£


https://therecord.media/latvia-state-owned-foresty-company-lvm-ransomware