風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Check Point 產品發現一個漏洞。遠端攻擊者可利用這漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式或緩解措施:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in Check Point Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes or mitigations issued by the vendor:
風險: 中度風險
類型: 伺服器 - 網站伺服器
於 Nginx ldap-auth 發現漏洞。遠端攻擊者可利用這漏洞,於目標系統觸發遠端執行程式碼、繞過保安限制、敏感資料洩露及阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Nginx. A remote attacker could exploit this vulnerability to trigger remote code execution, security restriction bypass, sensitive information disclosure and denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制及敏感資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制及敏感資料洩露。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
類別: 網絡釣魚
mickmick.net 提醒市民,近日發現騙徒同時利用假冒政府機構及知名品牌網站進行多類型網絡釣魚攻擊,其中包括冒充「反詐騙協調中心(ADCC)」的虛假網站,以及偽冒物流服務、金融機構、零售平台及網上服務的釣魚頁面。
騙徒假冒 ADCC 設立假網站,聲稱提供協助追回騙款、免費核查、免費專業法務團隊諮詢等服務,同時透過虛構成功個案、案例分享及常見問題(Q&A)等內容,聲稱「被騙超過一個月仍可高機率追回資金」,以增加可信度並吸引受害人主動聯絡。實際上,此類網站屬於針對受害人的二次詐騙手法。
此外,mickmick.net 發現騙徒亦建立多個釣魚網站,分別冒充本地機構、物流服務、金融機構、旅遊平台及娛樂服務等,誘導用戶輸入個人資料、帳戶憑證或付款資訊,以進一步進行詐騙或盜用帳戶。
「反詐騙協調中心(ADCC)」釣魚網站
市民應注意,真正的反詐騙協調中心官方網站為: adcc.gov.hk 且官方僅提供「防騙易 18222」作諮詢熱線
mickmick.net 偵測到的其他釣魚網站
除「反詐騙協調中心(ADCC)」釣魚網站外,mickmick.net 亦同時觀察到多個釣魚網站,分別冒充本地機構、物流服務、金融機構、旅遊平台及娛樂服務等,以不同主題進行誘騙。
可疑網站特徵
綜合上述案例,該批釣魚網站顯示出以下共同特徵:
mickmick.net 發現騙徒利用不同主題的釣魚網站進行大規模分散式攻擊,並結合「官方冒充」、「品牌仿冒」及「社交工程」等多種手法,提升成功率。
特別是針對已受騙人士,騙徒透過假冒 ADCC 網站及所謂專業團隊,利用「可追回騙款」的說法進行二次詐騙,進一步騙取金錢及敏感資料。
市民應提高警覺,切勿相信任何聲稱可快速或高機率追回騙款的網站或聯絡方式。如有懷疑,應透過官方渠道核實資料,以保障個人及財務安全。
對公眾的安全建議
mickmick.net 提醒市民:
如曾提交資料,應立即採取以下行動
如市民懷疑曾於可疑網站輸入個人資料或信用卡資料,應盡快採取以下措施:
Release Date: 22 May 2026
Type: Phishing
Phishing Alert
Current Status and Related Trends
mickmick.net reminds the public that fraudsters have
recently been using fake government institution and well-known brand websites
to carry out various phishing attacks. These include fake websites
impersonating the “Anti-Deception Coordination Centre (ADCC)”, as well as
phishing pages posing as logistics services, financial institutions, retail
platforms, and online services.
Scammers have set up fake ADCC websites claiming to offer
services such as assistance in recovering scam losses, free verification, and
free consultation with professional legal teams. These sites also use
fabricated success stories, case sharing, and FAQ content, claiming that “even
if more than a month has passed since the scam, there is still a high chance of
recovering the funds”, in order to increase credibility and lure victims into
contacting them. In reality, such websites are a form of secondary scam
targeting existing victims.
In addition, mickmick.net has found that fraudsters have
created multiple phishing websites impersonating local organisations, logistics
services, financial institutions, travel platforms, and entertainment services,
in order to trick users into entering personal information, account
credentials, or payment details for further fraud or account theft.
Fake “Anti-Deception Coordination Centre (ADCC)” Websites
Other Phishing Websites Observed by mickmick.net
Apart from fake ADCC websites, mickmick.net has also
observed multiple phishing websites impersonating local institutions, logistics
services, financial institutions, travel platforms, and entertainment services
under different themes:
Characteristics of Suspicious Websites
Based on the above cases, these phishing websites share the
following common features:
mickmick.net has found that fraudsters are using phishing
websites under different themes to launch large-scale distributed attacks,
combining tactics such as official impersonation, brand imitation, and social
engineering to improve their success rate.
In particular, for people who have already been scammed,
fraudsters use fake ADCC websites and so-called professional teams, together
with claims of being able to recover scammed funds, to carry out secondary
scams and further steal money and sensitive data.
The public should remain vigilant and must not trust any
website or contact method claiming it can quickly or highly likely recover scam
losses. If in doubt, always verify information through official channels to
protect personal and financial security.
Security Advice for the Public
mickmick.net reminds members of the public to:
If Information Has Been Submitted, the Following Actions
Should Be Taken Immediately
If members of the public suspect that they have entered
personal information or credit card information on a suspicious website, they
should take the following steps as soon as possible:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Splunk 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制及阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass and denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Trend Micro Apex One 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發權限提升、遠端執行任意程式碼及資料篡改。
注意:
CVE-2026-34926 正在被廣泛利用。未經預先驗證的本地攻擊者可透過修改伺服器上的金鑰表,注入惡意程式碼,部署到受影響安裝中的代理程式。因此,該漏洞的風險等級被評定為高度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Trend Micro Apex One. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and data manipulation on the targeted system.
Note:
CVE-2026-34926 is being exploited in the wild. A pre-authenticated local attacker could modify a key table on the server to inject malicious code to deploy to agents on affected installations. Hence, the risk level is rated as High Risk.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 Drupal Core 發現一個漏洞。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行任意程式碼、資料篡改、權限提升及洩露敏感資料。
Drupal 8.9.0或以上至10.4.10以下版本
Drupal 10.5.0或以上至10.5.10以下版本
Drupal 10.6.0或以上至10.6.9以下版本
Drupal 11.0.0或以上至11.1.10以下版本
Drupal 11.2.0或以上至11.2.12以下版本
Drupal 11.3.0或以上至11.3.10以下版本
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
注意:
RISK: Medium Risk
TYPE: Servers - Other Servers
A remote attacker could exploit this vulnerability to trigger remote code execution, data manipulation, elevation of privilege and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Note:
風險: 高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Microsoft Defender 發現多個漏洞。攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及權限提升。
注意:
CVE-2026-45498 正在被廣泛利用。 Microsoft Defender 存在一個未指明的漏洞,可能導致服務中斷。
CVE-2026-41091 正在被廣泛利用。Microsoft Defender 在存取檔案前進行不當的連結解析('link following‘),使得具備權限的攻擊者得以在本地端提升權限。
因此,該漏洞的風險等級被評為高度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Microsoft Defender. Attacker could exploit some of these vulnerabilities to trigger denial of service condition and elevation of privilege on the targeted system.
Note:
CVE-2026-45498 is being exploited in the wild. Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-41091 is being exploited in the wild. Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Hence, the risk level is rated as High Risk.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 IBM WebSphere 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in IBM WebSphere Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、繞過保安限制、仿冒及敏感資料洩露。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
