漏洞 Vulnerability CVE-2021-39910：GitLab跨站脚本漏洞 http://vulhub.org.cn/vuln/VHN-401315 CVE-2021-29100：ESRI ArcGIS Earth 安全漏洞 http://vulhub.org.cn/vuln/VHN-388640 安全事件 Security Incident 俄罗斯黑客大量使用恶意流量方向系统传播恶意软件 https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html 新的BHUNT恶意软件以您的加密钱包和密码为目标 https://www.bleepingcomputer.com/news/security/new-bhunt-malware-targets-your-crypto-wallets-and-passwords/ OpenSubtitles数据泄露影响670万用户 https://www.databreachtoday.com/opensubtitles-data-breach-affected-67-million-users-a-18339 Donot APT团队将打击政府、军事目标多年，直到他们成功 https://www.zdnet.com/article/donot-team-apt-will-strike-govt-targets-for-years-until-they-succeed/ 红十字会发起网络攻击，泄露了515000名“高度脆弱人群”的数据 https://www.zdnet.com/article/red-cross-hit-with-cyberattack-that-compromised-data-of-515000-highly-vulnerable-people/ 通过韩国webHard平台分发的新DDoS IRC Bot https://securityaffairs.co/wordpress/126927/malware/irc-bot-ddos.html 营销巨头RRD证实了在Conti勒索软件攻击中的数据盗窃 https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/ SolarWinds Serv-U漏洞被用于Log4j攻击 https://securityaffairs.co/wordpress/126933/security/solarwinds-serv-u-flaw.html Molerats针对中东用户的网络间谍活动 https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east 假旗 or 升级？疑似海莲花利用Glitch平台的攻击样本再现 https://ti.qianxin.com/blog/articles/Samples-of-the-OceanLotus-attack-using-the-Glitch-platform/ APT41在针对性攻击中使用新的UEFI恶意软件MoonBounce https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/