Vietnam Security Summit 2025: B\u1ea3o \u0111\u1ea3m an ninh m\u1ea1ng v\u00e0 t\u1ea1o l\u1eadp ni\u1ec1m tin trong k\u1ef7 nguy\u00ean m\u1edbi<\/strong><\/p>\n Ng\u00e0y 23\/5, t\u1ea1i TP.HCM \u0111\u00e3 di\u1ec5n ra H\u1ed9i th\u1ea3o v\u00e0 Tri\u1ec3n l\u00e3m qu\u1ed1c t\u1ebf\u00a0Vietnam Security Summit 2025<\/a>\u00a0l\u1ea7n th\u1ee9 b\u1ea3y. V\u1edbi ch\u1ee7 \u0111\u1ec1 \u201cB\u1ea3o \u0111\u1ea3m an ninh m\u1ea1ng v\u00e0 t\u1ea1o l\u1eadp ni\u1ec1m tin trong k\u1ef7 nguy\u00ean m\u1edbi\u201d, s\u1ef1 ki\u1ec7n \u0111\u00e3 quy t\u1ee5 h\u01a1n 1.000 \u0111\u1ea1i bi\u1ec3u, l\u00e3nh \u0111\u1ea1o, chuy\u00ean gia an ninh m\u1ea1ng \u0111\u1ebfn t\u1eeb c\u00e1c B\u1ed9, ng\u00e0nh, doanh nghi\u1ec7p h\u00e0ng \u0111\u1ea7u trong n\u01b0\u1edbc v\u00e0 qu\u1ed1c t\u1ebf.<\/p>\n Trong khu\u00f4n kh\u1ed5 s\u1ef1 ki\u1ec7n \u0111\u00e3 di\u1ec5n ra 03 phi\u00ean H\u1ed9i th\u1ea3o chuy\u00ean \u0111\u1ec1 bao g\u1ed3m: B\u1ea3o v\u1ec7 d\u1eef li\u1ec7u v\u00e0 quy\u1ec1n ri\u00eang t\u01b0 trong k\u1ef7 nguy\u00ean AI; B\u1ea3o m\u1eadt \u0111\u00e1m m\u00e2y trong th\u1ebf gi\u1edbi s\u1ed1; B\u1ea3o \u0111\u1ea3m an ninh h\u1ea1 t\u1ea7ng c\u00f4ng ngh\u1ec7 th\u00f4ng tin quan tr\u1ecdng. \u0110\u1ea1i di\u1ec7n Ban C\u01a1 y\u1ebfu Ch\u00ednh ph\u1ee7, \u00f4ng Nguy\u1ec5n Vi\u1ebft Phan, Ph\u00f3 Gi\u00e1m \u0111\u1ed1c Trung t\u00e2m C\u00f4ng ngh\u1ec7 th\u00f4ng tin v\u00e0 Gi\u00e1m s\u00e1t an ninh m\u1ea1ng ch\u1ee7 tr\u00ec H\u1ed9i th\u1ea3o chuy\u00ean \u0111\u1ec1 2 v\u1edbi ch\u1ee7 \u0111\u1ec1 B\u1ea3o m\u1eadt \u0111\u00e1m m\u00e2y trong th\u1ebf gi\u1edbi s\u1ed1, v\u1edbi nhi\u1ec1u b\u00e1o c\u00e1o \u0111\u1ebfn t\u1eeb c\u00e1c chuy\u00ean gia c\u1ee7a HPE, VSEC, VEEAM, CMC Telecom, VNETWORK, xoay quanh nh\u1eefng xu h\u01b0\u1edbng t\u1ea5n c\u00f4ng m\u1edbi v\u00e0 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p hi\u1ec7u qu\u1ea3 \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt \u0111\u00e1m m\u00e2y, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u1ee9ng d\u1ee5ng AI \u0111\u1ec3 b\u1ea3o m\u1eadt to\u00e0n di\u1ec7n Web, \u1ee9ng d\u1ee5ng, API v\u00e0 email tr\u01b0\u1edbc c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng.<\/p>\n Ng\u0103n ch\u1eb7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Telegram t\u1ea1i Vi\u1ec7t Nam<\/strong><\/p>\n Ng\u00e0y 21\/5, C\u1ee5c Vi\u1ec5n th\u00f4ng (B\u1ed9 Khoa h\u1ecdc v\u00e0 C\u00f4ng ngh\u1ec7) v\u1eeba c\u00f3 v\u0103n b\u1ea3n v\u1ec1 vi\u1ec7c ng\u0103n ch\u1eb7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a\u00a0Telegram<\/a>\u00a0c\u00f3 d\u1ea5u hi\u1ec7u vi ph\u1ea1m ph\u00e1p lu\u1eadt. C\u1ee5c Vi\u1ec5n th\u00f4ng y\u00eau c\u1ea7u c\u00e1c doanh nghi\u1ec7p vi\u1ec5n th\u00f4ng kh\u1ea9n tr\u01b0\u01a1ng th\u1ef1c hi\u1ec7n c\u00e1c bi\u1ec7n ph\u00e1p ng\u0103n ch\u1eb7n Telegram, b\u00e1o c\u00e1o ph\u01b0\u01a1ng \u00e1n v\u00e0 k\u1ebft qu\u1ea3 th\u1ef1c hi\u1ec7n v\u1ec1 c\u1ee5c tr\u01b0\u1edbc ng\u00e0y 2-6-2025.<\/p>\n Tr\u01b0\u1edbc \u0111\u00f3, C\u1ee5c Vi\u1ec5n th\u00f4ng nh\u1eadn \u0111\u01b0\u1ee3c v\u0103n b\u1ea3n c\u1ee7a C\u1ee5c An ninh m\u1ea1ng v\u00e0 Ph\u00f2ng, ch\u1ed1ng t\u1ed9i ph\u1ea1m s\u1eed d\u1ee5ng c\u00f4ng ngh\u1ec7 cao (B\u1ed9 C\u00f4ng an) v\u1ec1 vi\u1ec7c ph\u1ed1i h\u1ee3p ng\u0103n ch\u1eb7n ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Telegram t\u1ea1i Vi\u1ec7t Nam. C\u01a1 quan ch\u1ee9c n\u0103ng cho bi\u1ebft kho\u1ea3ng 68% k\u00eanh v\u00e0 nh\u00f3m tr\u00ean Telegram ch\u1ee9a n\u1ed9i dung kh\u00f4ng ph\u00f9 h\u1ee3p, bao g\u1ed3m l\u1eeba \u0111\u1ea3o, th\u00f4ng tin sai l\u1ec7ch, ho\u1eb7c n\u1ed9i dung vi ph\u1ea1m ph\u00e1p lu\u1eadt. Nhi\u1ec1u h\u1ed9i, nh\u00f3m v\u1edbi h\u00e0ng ch\u1ee5c ngh\u00ecn \u0111\u1ed1i t\u01b0\u1ee3ng tham gia, do c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng ch\u1ed1ng \u0111\u1ed1i, ph\u1ea3n \u0111\u1ed9ng t\u1ea1o l\u1eadp, ph\u00e1t t\u00e1n t\u00e0i li\u1ec7u ch\u1ed1ng ph\u00e1, x\u1ea3y ra nhi\u1ec1u v\u1ee5 vi\u1ec7c li\u00ean quan \u0111\u1ebfn l\u1eeba \u0111\u1ea3o, rao b\u00e1n d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng, ma t\u00fay; c\u00f3 tr\u01b0\u1eddng h\u1ee3p nghi v\u1ea5n li\u00ean quan \u0111\u1ebfn kh\u1ee7ng b\u1ed1,\u2026<\/p>\n \u0110I\u1ec2M TIN QU\u1ed0C T\u1ebe<\/strong><\/p>\n C\u01a1 quan Tr\u1ee3 gi\u00fap ph\u00e1p l\u00fd Anh b\u1ecb tin t\u1eb7c t\u1ea5n c\u00f4ng<\/strong><\/p>\n Ng\u00e0y 19\/5,\u00a0C\u01a1 quan Tr\u1ee3 gi\u00fap ph\u00e1p l\u00fd Anh<\/a>\u00a0(tr\u1ef1c thu\u1ed9c B\u1ed9 T\u01b0 ph\u00e1p) cho bi\u1ebft tin t\u1eb7c \u0111\u00e3 truy c\u1eadp v\u00e0 \u0111\u00e1nh c\u1eafp m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng l\u1edbn d\u1eef li\u1ec7u c\u00e1 nh\u00e2n, trong \u0111\u00f3 c\u00f3 l\u00fd l\u1ecbch t\u01b0 ph\u00e1p, c\u1ee7a nh\u1eefng ng\u01b0\u1eddi xin h\u1ed7 tr\u1ee3 ph\u00e1p l\u00fd k\u1ec3 t\u1eeb n\u0103m 2010.<\/p>\n C\u01a1 quan Tr\u1ee3 gi\u00fap ph\u00e1p l\u00fd cho bi\u1ebft cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng n\u00e0y c\u00f3 quy m\u00f4 l\u1edbn h\u01a1n d\u1ef1 \u0111o\u00e1n ban \u0111\u1ea7u v\u00e0 tin t\u1eb7c c\u00f3 th\u1ec3 \u0111\u00e3 truy c\u1eadp c\u00e1c th\u00f4ng tin c\u00e1 nh\u00e2n c\u1ee7a nh\u1eefng ng\u01b0\u1eddi xin tr\u1ee3 gi\u00fap ph\u00e1p l\u00fd nh\u01b0 \u0111\u1ecba ch\u1ec9, ng\u00e0y sinh, s\u1ed1 c\u0103n c\u01b0\u1edbc hay d\u1eef li\u1ec7u t\u00e0i ch\u00ednh, khi\u1ebfn c\u01a1 quan n\u00e0y ph\u1ea3i ng\u1eebng d\u1ecbch v\u1ee5 tr\u1ef1c tuy\u1ebfn.<\/p>\n 25 lo\u1ea1i m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong v\u1ee5 t\u1ea5n c\u00f4ng m\u1ea1ng SK Telecom<\/strong><\/p>\n Li\u00ean quan t\u1edbi v\u1ee5 h\u00e3ng vi\u1ec5n th\u00f4ng\u00a0SK Telecom (SKT)<\/a>\u00a0c\u1ee7a H\u00e0n Qu\u1ed1c b\u1ecb tin t\u1eb7c t\u1ea5n c\u00f4ng ng\u00e0y 19\/5, nh\u00f3m \u0111i\u1ec1u tra cho bi\u1ebft \u0111\u00e3 ki\u1ec3m tra t\u1ed5ng c\u1ed9ng 4 \u0111\u1ee3t v\u1edbi kho\u1ea3ng 30.000 m\u00e1y ch\u1ee7 c\u00f3 h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux c\u1ee7a SKT v\u00e0 ph\u00e1t hi\u1ec7n 25 lo\u1ea1i m\u00e3 \u0111\u1ed9c tr\u00ean 23 m\u00e1y ch\u1ee7. Ngo\u00e0i 4 lo\u1ea1i m\u00e3 \u0111\u1ed9c t\u1eebng \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 trong \u0111\u1ee3t ph\u00e2n t\u00edch \u0111\u1ea7u ti\u00ean v\u00e0o ng\u00e0y 29\/4, nh\u00f3m \u0111i\u1ec1u tra trong \u0111\u1ee3t hai \u0111\u00e3 ph\u00e1t hi\u1ec7n th\u00eam 21 lo\u1ea1i m\u1edbi, trong \u0111\u00f3 c\u00f3 m\u1ed9t lo\u1ea1i m\u00e3 \u0111\u1ed9c d\u1ea1ng Web Shell, c\u00e1c lo\u1ea1i c\u00f2n l\u1ea1i \u0111\u1ec1u thu\u1ed9c d\u00f2ng m\u00e3 \u0111\u1ed9c backdoor BPFDoor. Qua ph\u00e2n t\u00edch chi ti\u1ebft 15 trong s\u1ed1 23 m\u00e1y ch\u1ee7 b\u1ecb nhi\u1ec5m m\u00e3 \u0111\u1ed9c, nh\u00f3m \u0111i\u1ec1u tra x\u00e1c \u0111\u1ecbnh c\u00f3 hai m\u00e1y ch\u1ee7 li\u00ean k\u1ebft v\u1edbi h\u1ec7 th\u1ed1ng x\u00e1c th\u1ef1c kh\u00e1ch h\u00e0ng t\u00edch h\u1ee3p \u0111\u00e3 b\u1ecb r\u00f2 r\u1ec9 nhi\u1ec1u th\u00f4ng tin c\u00e1 nh\u00e2n, g\u1ed3m m\u00e3 nh\u1eadn di\u1ec7n thi\u1ebft b\u1ecb di \u0111\u1ed9ng qu\u1ed1c t\u1ebf (IMEI), h\u1ecd t\u00ean, ng\u00e0y th\u00e1ng n\u0103m sinh, s\u1ed1 \u0111i\u1ec7n tho\u1ea1i v\u00e0 \u0111\u1ecba ch\u1ec9 email.<\/p>\n Microsoft c\u00f4ng b\u1ed1 t\u00ednh n\u0103ng \u201cAdvanced Settings\u201d m\u1edbi cho Windows 11<\/strong><\/p>\n M\u1edbi \u0111\u00e2y, Microsoft \u0111\u00e3 c\u00f4ng b\u1ed1 t\u00ednh n\u0103ng \u201cAdvanced Settings\u201d m\u1edbi \u0111\u1ec3 gi\u00fap ng\u01b0\u1eddi d\u00f9ng v\u00e0 nh\u00e0 ph\u00e1t tri\u1ec3n c\u00e1 nh\u00e2n h\u00f3a tr\u1ea3i nghi\u1ec7m h\u1ec7 \u0111i\u1ec1u h\u00e0nh. V\u1edbi t\u00ednh n\u0103ng m\u1edbi, ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 t\u00f9y ch\u1ec9nh m\u1ed9t s\u1ed1 t\u00ednh n\u0103ng c\u1ee7a Windows 11, ch\u1eb3ng h\u1ea1n nh\u01b0 File Explorer v\u00e0 m\u00e1y \u1ea3o.<\/p>\n Th\u1ef1c hi\u1ec7n nh\u01b0 sau: Truy c\u1eadp trang Advanced Settings m\u1edbi t\u1eeb Settings > System > Advanced. Trang n\u00e0y thay th\u1ebf tab \u201cFor developers\u201d trong Settings v\u00e0 gi\u1eef nguy\u00ean t\u1ea5t c\u1ea3 c\u00e1c t\u00ednh n\u0103ng.<\/p>\n B\u1ea3n c\u1eadp nh\u1eadt kh\u1ea9n c\u1ea5p c\u1ee7a Windows 10 kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 BitLocker Recovery<\/strong><\/p>\n Microsoft \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt \u0111\u1ec3 kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 khi\u1ebfn h\u1ec7 th\u1ed1ng Windows 10 kh\u1edfi \u0111\u1ed9ng v\u00e0o ch\u1ebf \u0111\u1ed9 BitLocker Recovery sau khi c\u00e0i \u0111\u1eb7t b\u1ea3n b\u1ea3n v\u00e1 th\u00e1ng 5\/2025. \u0110\u00e2y c\u0169ng l\u00e0 b\u1ea3n c\u1eadp nh\u1eadt t\u00edch l\u0169y, ngh\u0129a l\u00e0 ng\u01b0\u1eddi d\u00f9ng s\u1ebd kh\u00f4ng ph\u1ea3i c\u00e0i \u0111\u1eb7t b\u1ea5t k\u1ef3 b\u1ea3n c\u1eadp nh\u1eadt n\u00e0o tr\u01b0\u1edbc \u0111\u00f3, tr\u01b0\u1edbc khi tri\u1ec3n khai b\u1ea3n v\u00e1 l\u1ed7i cho s\u1ef1 c\u1ed1 BitLocker Recovery \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn thi\u1ebft b\u1ecb c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n Microsoft cho bi\u1ebft s\u1ef1 c\u1ed1 n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c h\u1ec7 th\u1ed1ng Windows 10 22H2, Windows 10 Enterprise LTSC 2021 v\u00e0 Windows 10 IoT Enterprise LTSC 2021 v\u1edbi b\u1ed9 x\u1eed l\u00fd Intel vPro (th\u1ebf h\u1ec7 th\u1ee9 10 tr\u1edf l\u00ean) c\u00f3 k\u00edch ho\u1ea1t Intel Trusted Execution Technology (TXT).<\/p>\n Nh\u00e0 m\u1ea1ng di \u0111\u1ed9ng Cellcom x\u00e1c nh\u1eadn cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng g\u00e2y ra t\u00ecnh tr\u1ea1ng m\u1ea5t \u0111i\u1ec7n k\u00e9o d\u00e0i<\/strong><\/p>\n M\u1edbi \u0111\u00e2y, nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 kh\u00f4ng d\u00e2y Cellcom \u0111\u00e3 x\u00e1c nh\u1eadn r\u1eb1ng m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng l\u00e0 nguy\u00ean nh\u00e2n g\u00e2y ra t\u00ecnh tr\u1ea1ng m\u1ea5t \u0111i\u1ec7n v\u00e0 gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 tr\u00ean di\u1ec7n r\u1ed9ng b\u1eaft \u0111\u1ea7u v\u00e0o t\u1ed1i ng\u00e0y 14\/5\/2025. S\u1ef1 c\u1ed1 n\u00e0y \u0111\u00e3 l\u00e0m gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 tho\u1ea1i v\u00e0 tin nh\u1eafn SMS cho kh\u00e1ch h\u00e0ng tr\u00ean kh\u1eafp Wisconsin v\u00e0 Michigan, khi\u1ebfn ng\u01b0\u1eddi \u0111\u0103ng k\u00fd kh\u00f4ng th\u1ec3 g\u1ecdi \u0111i\u1ec7n tho\u1ea1i ho\u1eb7c g\u1eedi tin nh\u1eafn v\u0103n b\u1ea3n.<\/p>\n Coinbase cho bi\u1ebft v\u1ee5 vi ph\u1ea1m d\u1eef li\u1ec7u g\u1ea7n \u0111\u00e2y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn 69.461 kh\u00e1ch h\u00e0ng<\/strong><\/p>\n Coinbase<\/a>, m\u1ed9t s\u00e0n giao d\u1ecbch ti\u1ec1n \u0111i\u1ec7n t\u1eed v\u1edbi h\u01a1n 100 tri\u1ec7u kh\u00e1ch h\u00e0ng, ti\u1ebft l\u1ed9 r\u1eb1ng m\u1ed9t v\u1ee5 vi ph\u1ea1m d\u1eef li\u1ec7u g\u1ea7n \u0111\u00e2y trong \u0111\u00f3 t\u1ed9i ph\u1ea1m m\u1ea1ng \u0111\u00e3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u kh\u00e1ch h\u00e0ng v\u00e0 c\u00f4ng ty \u0111\u00e3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn 69.461 c\u00e1 nh\u00e2n. M\u1eb7c d\u00f9 d\u1eef li\u1ec7u b\u1ecb l\u1ed9 kh\u00f4ng bao g\u1ed3m m\u1eadt kh\u1ea9u, seed phrase, kh\u00f3a b\u00ed m\u1eadt ho\u1eb7c th\u00f4ng tin kh\u00e1c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp v\u00e0o ti\u1ec1n, ho\u1eb7c t\u00e0i kho\u1ea3n c\u1ee7a nh\u1eefng ng\u01b0\u1eddi b\u1ecb \u1ea3nh h\u01b0\u1edfng, nh\u01b0ng d\u1eef li\u1ec7u n\u00e0y bao g\u1ed3m s\u1ef1 k\u1ebft h\u1ee3p c\u1ee7a c\u00e1c th\u00f4ng tin nh\u1eadn d\u1ea1ng c\u00e1 nh\u00e2n nh\u01b0 t\u00ean, ng\u00e0y sinh, b\u1ed1n ch\u1eef s\u1ed1 cu\u1ed1i c\u1ee7a s\u1ed1 an sinh x\u00e3 h\u1ed9i, s\u1ed1 t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng \u0111\u01b0\u1ee3c che gi\u1ea5u v\u00e0 m\u1ed9t s\u1ed1 th\u00f4ng tin nh\u1eadn d\u1ea1ng t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng, \u0111\u1ecba ch\u1ec9, s\u1ed1 \u0111i\u1ec7n tho\u1ea1i v\u00e0 \u0111\u1ecba ch\u1ec9 email.<\/p>\n T\u00f9y thu\u1ed9c v\u00e0o kh\u00e1ch h\u00e0ng b\u1ecb \u1ea3nh h\u01b0\u1edfng, th\u00f4ng tin b\u1ecb \u0111\u00e1nh c\u1eafp c\u0169ng c\u00f3 th\u1ec3 bao g\u1ed3m h\u00ecnh \u1ea3nh th\u00f4ng tin nh\u1eadn d\u1ea1ng do ch\u00ednh ph\u1ee7 c\u1ea5p (v\u00ed d\u1ee5: s\u1ed1 gi\u1ea5y ph\u00e9p l\u00e1i xe, s\u1ed1 h\u1ed9 chi\u1ebfu, s\u1ed1 ch\u1ee9ng minh th\u01b0 nh\u00e2n d\u00e2n) v\u00e0 th\u00f4ng tin t\u00e0i kho\u1ea3n (bao g\u1ed3m l\u1ecbch s\u1eed giao d\u1ecbch, s\u1ed1 d\u01b0, chuy\u1ec3n kho\u1ea3n, ng\u00e0y m\u1edf t\u00e0i kho\u1ea3n). Coinbase c\u1ea3nh b\u00e1o: \u201cNh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng t\u00ecm ki\u1ebfm th\u00f4ng tin n\u00e0y v\u00ec ch\u00fang mu\u1ed1n th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng k\u1ef9 ngh\u1ec7 x\u00e3 h\u1ed9i, s\u1eed d\u1ee5ng th\u00f4ng tin n\u00e0y \u0111\u1ec3 t\u1ecf ra \u0111\u00e1ng tin c\u1eady nh\u1eb1m thuy\u1ebft ph\u1ee5c n\u1ea1n nh\u00e2n chuy\u1ec3n ti\u1ec1n c\u1ee7a h\u1ecd\u201d.<\/p>\n M\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n 3AM s\u1eed d\u1ee5ng c\u00e1c cu\u1ed9c g\u1ecdi h\u1ed7 tr\u1ee3 gi\u1ea3 m\u1ea1o, email bombing \u0111\u1ec3 x\u00e2m nh\u1eadp h\u1ec7 th\u1ed1ng m\u1ea1ng<\/strong><\/p>\n M\u1ed9t chi nh\u00e1nh c\u1ee7a m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n 3AM \u0111ang ti\u1ebfn h\u00e0nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 m\u1ee5c ti\u00eau cao b\u1eb1ng c\u00e1ch g\u1eedi email spam v\u00e0 c\u00e1c cu\u1ed9c g\u1ecdi h\u1ed7 tr\u1ee3 c\u00f4ng ngh\u1ec7 th\u00f4ng gi\u1ea3 m\u1ea1o, nh\u1eb1m \u0111\u00e1nh l\u1eeba nh\u00e2n vi\u00ean cung c\u1ea5p th\u00f4ng tin \u0111\u0103ng nh\u1eadp \u0111\u1ec3 truy c\u1eadp t\u1eeb xa v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a c\u00f4ng ty. Nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y li\u00ean quan \u0111\u1ebfn k\u1ef9 thu\u1eadt c\u1ee7a nh\u00f3m tin t\u1eb7c BlackBasta , bao g\u1ed3m email bombing, vishing qua Microsoft Teams v\u00e0 l\u1ea1m d\u1ee5ng Quick Assist. Vi\u1ec7c r\u00f2 r\u1ec9 c\u00e1c cu\u1ed9c tr\u00f2 chuy\u1ec7n n\u1ed9i b\u1ed9 c\u1ee7a Black Basta \u0111\u00e3 gi\u00fap nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng kh\u00e1c b\u1eaft k\u1ecbp k\u1ef9 thu\u1eadt c\u1ee7a nh\u00f3m n\u00e0y, v\u00ec n\u00f3 bao g\u1ed3m m\u1ed9t m\u1eabu \u0111\u1ec3 s\u1eed d\u1ee5ng trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o Microsoft Teams m\u1ea1o danh b\u1ed9 ph\u1eadn tr\u1ee3 gi\u00fap c\u00f4ng ngh\u1ec7 th\u00f4ng.<\/p>\n L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng ch\u01b0a \u0111\u01b0\u1ee3c v\u00e1 trong Versa Concerto d\u1eabn \u0111\u1ebfn v\u01b0\u1ee3t qua x\u00e1c th\u1ef1c v\u00e0 th\u1ef1c thi m\u00e3 t\u1eeb xa<\/strong><\/p>\n C\u00e1c l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong Versa Concerto v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c v\u00e1 c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng t\u1eeb xa v\u01b0\u1ee3t qua x\u00e1c th\u1ef1c v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb \u1ea3nh h\u01b0\u1edfng. Ba l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, trong \u0111\u00f3 c\u00f3 hai l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng, \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1ea1i c\u00f4ng ty qu\u1ea3n l\u00fd l\u1ed7 h\u1ed5ng ProjectDiscovery (Hoa K\u1ef3) ti\u1ebft l\u1ed9 c\u00f4ng khai sau khi b\u00e1o c\u00e1o v\u1edbi nh\u00e0 cung c\u1ea5p v\u00e0 kh\u00f4ng nh\u1eadn \u0111\u01b0\u1ee3c x\u00e1c nh\u1eadn v\u1ec1 vi\u1ec7c c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c gi\u1ea3i quy\u1ebft. \u0110\u01b0\u1ee3c bi\u1ebft, Versa Concerto l\u00e0 n\u1ec1n t\u1ea3ng qu\u1ea3n l\u00fd v\u00e0 \u0111i\u1ec1u ph\u1ed1i t\u1eadp trung cho c\u00e1c gi\u1ea3i ph\u00e1p SD-WAN v\u00e0 SASE (Secure Access Service Edge) c\u1ee7a Versa Networks.<\/p>\n Nh\u00f3m tin t\u1eb7c UAT-6382 x\u00e2m nh\u1eadp v\u00e0o ch\u00ednh quy\u1ec1n \u0111\u1ecba ph\u01b0\u01a1ng Hoa K\u1ef3 b\u1eb1ng c\u00e1ch khai th\u00e1c l\u1ed7 h\u1ed5ng Cityworks zero-day<\/strong><\/p>\n Nh\u00f3m tin t\u1eb7c UAT-6382 tu\u1ea7n v\u1eeba qua \u0111\u00e3 khai th\u00e1c l\u1ed7 h\u1ed5ng zero-day c\u1ee7a Trimble Cityworks hi\u1ec7n \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o nhi\u1ec1u c\u01a1 quan ch\u00ednh quy\u1ec1n \u0111\u1ecba ph\u01b0\u01a1ng tr\u00ean kh\u1eafp Hoa K\u1ef3. Trimble Cityworks l\u00e0 ph\u1ea7n m\u1ec1m qu\u1ea3n l\u00fd t\u00e0i s\u1ea3n v\u00e0 qu\u1ea3n l\u00fd l\u1ec7nh l\u00e0m vi\u1ec7c, ch\u1ee7 y\u1ebfu \u0111\u01b0\u1ee3c ch\u00ednh quy\u1ec1n \u0111\u1ecba ph\u01b0\u01a1ng, c\u00e1c t\u1ed5 ch\u1ee9c ti\u1ec7n \u00edch v\u00e0 c\u00f4ng tr\u00ecnh c\u00f4ng c\u1ed9ng s\u1eed d\u1ee5ng, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 gi\u00fap qu\u1ea3n l\u00fd t\u00e0i s\u1ea3n c\u00f4ng, x\u1eed l\u00fd gi\u1ea5y ph\u00e9p v\u00e0 c\u1ea5p ph\u00e9p, c\u0169ng nh\u01b0 x\u1eed l\u00fd l\u1ec7nh l\u00e0m vi\u1ec7c.<\/p>\n C\u00e1c tin t\u1eb7c \u0111\u00e3 s\u1eed d\u1ee5ng tr\u00ecnh t\u1ea3i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i d\u1ef1a tr\u00ean Rust \u0111\u1ec3 tri\u1ec3n khai c\u00e1c beacon Cobalt Strike v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i Vshell, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 t\u1ea1o backdoor tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 cung c\u1ea5p quy\u1ec1n truy c\u1eadp li\u00ean t\u1ee5c trong th\u1eddi gian d\u00e0i, c\u0169ng nh\u01b0 c\u00e1c webshell v\u00e0 c\u00f4ng c\u1ee5 \u0111\u1ed9c h\u1ea1i t\u00f9y ch\u1ec9nh \u0111\u01b0\u1ee3c vi\u1ebft b\u1eb1ng ti\u1ebfng Trung.<\/p>\n C\u1ea3nh b\u00e1o h\u01a1n 100 ti\u1ec7n \u00edch m\u1edf r\u1ed9ng \u0111\u1ed9c h\u1ea1i gi\u1ea3 m\u1ea1o Chrome \u0111\u1ec3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u<\/strong><\/p>\n C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u \u0111\u1ebfn t\u1eeb c\u00f4ng ty t\u00ecnh b\u00e1o m\u1ed1i \u0111e d\u1ecda\u00a0DomainTools<\/a>\u00a0(Hoa K\u1ef3) cho bi\u1ebft: \u201cK\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra c\u00e1c trang web ng\u1ee5y trang th\u00e0nh c\u00e1c d\u1ecbch v\u1ee5 h\u1ee3p ph\u00e1p, tr\u1ee3 l\u00fd ph\u00e2n t\u00edch ho\u1eb7c t\u1ea1o qu\u1ea3ng c\u00e1o v\u00e0 ph\u01b0\u01a1ng ti\u1ec7n truy\u1ec1n th\u00f4ng, d\u1ecbch v\u1ee5 VPN, ti\u1ec1n \u0111i\u1ec7n t\u1eed, ng\u00e2n h\u00e0ng,\u2026 \u0111\u1ec3 h\u01b0\u1edbng d\u1eabn ng\u01b0\u1eddi d\u00f9ng c\u00e0i \u0111\u1eb7t ti\u1ec7n \u00edch m\u1edf r\u1ed9ng \u0111\u1ed9c h\u1ea1i t\u01b0\u01a1ng \u1ee9ng tr\u00ean c\u1eeda h\u00e0ng Chrome Web Storte c\u1ee7a Google (CWS)\u201d.<\/p>\n M\u1eb7c d\u00f9 c\u00e1c ti\u1ec7n \u00edch b\u1ed5 sung cho tr\u00ecnh duy\u1ec7t d\u01b0\u1eddng nh\u01b0 cung c\u1ea5p c\u00e1c t\u00ednh n\u0103ng \u0111\u01b0\u1ee3c qu\u1ea3ng c\u00e1o, nh\u01b0ng ch\u00fang c\u0169ng cho ph\u00e9p \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 cookie, chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n phi\u00ean, ch\u00e8n qu\u1ea3ng c\u00e1o, chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ed9c h\u1ea1i, thao t\u00fang l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp v\u00e0 phishing. M\u1ed9t y\u1ebfu t\u1ed1 kh\u00e1c c\u00f3 l\u1ee3i cho ti\u1ec7n \u00edch m\u1edf r\u1ed9ng l\u00e0 ch\u00fang \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1ec3 t\u1ef1 c\u1ea5p cho m\u00ecnh c\u00e1c quy\u1ec1n qu\u00e1 m\u1ee9c th\u00f4ng qua t\u1ec7p manifest[.]json, cho ph\u00e9p ch\u00fang t\u01b0\u01a1ng t\u00e1c v\u1edbi m\u1ecdi trang web \u0111\u01b0\u1ee3c truy c\u1eadp tr\u00ean tr\u00ecnh duy\u1ec7t, th\u1ef1c thi m\u00e3 t\u00f9y \u00fd l\u1ea5y t\u1eeb t\u00ean mi\u1ec1n do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t, th\u1ef1c hi\u1ec7n chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ed9c h\u1ea1i v\u00e0 th\u1eadm ch\u00ed ch\u00e8n qu\u1ea3ng c\u00e1o.<\/p>\n T\u00e2y Ban Nha s\u1eadp m\u1ea1ng vi\u1ec5n th\u00f4ng v\u00e0 Internet<\/strong><\/p>\n Ng\u00e0y 20\/5,\u00a0T\u00e2y Ban Nha<\/a>\u00a0\u0111\u00e3 g\u1eb7p ph\u1ea3i s\u1ef1 c\u1ed1 s\u1eadp m\u1ea1ng vi\u1ec5n th\u00f4ng quy m\u00f4 l\u1edbn, khi\u1ebfn h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi kh\u00f4ng th\u1ec3 truy c\u1eadp Internet, g\u1ecdi \u0111i\u1ec7n tho\u1ea1i ho\u1eb7c s\u1eed d\u1ee5ng d\u1eef li\u1ec7u di \u0111\u1ed9ng. S\u1ef1 c\u1ed1 c\u0169ng \u1ea3nh h\u01b0\u1edfng nghi\u00eam tr\u1ecdng \u0111\u1ebfn c\u00e1c \u0111\u01b0\u1eddng d\u00e2y n\u00f3ng, trong \u0111\u00f3 c\u00f3 s\u1ed1 \u0111i\u1ec7n tho\u1ea1i c\u1ee9u h\u1ed9 kh\u1ea9n c\u1ea5p to\u00e0n ch\u00e2u \u00c2u 112. Theo truy\u1ec1n th\u00f4ng \u0111\u1ecba ph\u01b0\u01a1ng, s\u1ef1 c\u1ed1 x\u1ea3y ra t\u1ea1i h\u1ea7u h\u1ebft c\u00e1c th\u00e0nh ph\u1ed1 l\u1edbn c\u1ee7a T\u00e2y Ban Nha, trong \u0111\u00f3 c\u00f3 Madrid, Malaga, Barcelona, Valencia, Murcia, Seville v\u00e0 Bilbao. S\u1ef1 c\u1ed1 d\u01b0\u1eddng nh\u01b0 c\u00f3 li\u00ean quan \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng n\u00e2ng c\u1ea5p m\u1ea1ng c\u1ee7a t\u1eadp \u0111o\u00e0n vi\u1ec5n th\u00f4ng l\u1edbn th\u1ee9 2 n\u01b0\u1edbc n\u00e0y l\u00e0 Telef\u00f3nica. T\u1ea5t c\u1ea3 c\u00e1c nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 vi\u1ec5n th\u00f4ng l\u1edbn t\u1ea1i T\u00e2y Ban Nha, bao g\u1ed3m Movistar, Orange, Vodafone, Digimobil v\u00e0 O2, \u0111\u1ec1u b\u00e1o c\u00e1o g\u1eb7p s\u1ef1 c\u1ed1 s\u1eadp m\u1ea1ng.<\/p>\n L\u1ed7 h\u1ed5ng SSO nghi\u00eam tr\u1ecdng c\u1ee7a Samlify<\/strong><\/p>\n Ng\u00e0y 20\/5, m\u1ed9t l\u1ed7 h\u1ed5ng x\u00e1c th\u1ef1c Samlify quan tr\u1ecdng \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a c\u00f4ng ty an ninh m\u1ea1ng EndorLabs (Hoa K\u1ef3) ph\u00e1t hi\u1ec7n, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng m\u1ea1o danh ng\u01b0\u1eddi d\u00f9ng qu\u1ea3n tr\u1ecb b\u1eb1ng c\u00e1ch \u0111\u01b0a c\u00e1c x\u00e1c nh\u1eadn \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c response SAML \u0111\u00e3 \u0111\u01b0\u1ee3c k\u00fd s\u1ed1 h\u1ee3p l\u1ec7. L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c g\u1eafn m\u00e3 \u0111\u1ecbnh danh CVE-2025-47949 (\u0111i\u1ec3m CVSS v4.0: 9.9) \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n Samlify tr\u01b0\u1edbc 2.10.0. Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, Samlify x\u00e1c minh \u0111\u00fang r\u1eb1ng t\u00e0i li\u1ec7u XML cung c\u1ea5p \u0111\u1ecbnh danh c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c k\u00fd. Tuy nhi\u00ean, n\u00f3 v\u1eabn ti\u1ebfp t\u1ee5c \u0111\u1ecdc c\u00e1c Assertions (SAML Assertions ch\u1ee9a th\u00f4ng tin v\u1ec1 ng\u01b0\u1eddi d\u00f9ng, quy\u1ec1n truy c\u1eadp v\u00e0 c\u00e1c thu\u1ed9c t\u00ednh kh\u00e1c) gi\u1ea3 m\u1ea1o t\u1eeb m\u1ed9t ph\u1ea7n c\u1ee7a XML kh\u00f4ng \u0111\u01b0\u1ee3c k\u00fd. K\u1ebb t\u1ea5n c\u00f4ng n\u1eafm gi\u1eef response SAML \u0111\u00e3 k\u00fd s\u1ed1 h\u1ee3p l\u1ec7 th\u00f4ng qua vi\u1ec7c ng\u0103n ch\u1eb7n ho\u1eb7c metadata c\u00f4ng khai c\u00f3 th\u1ec3 s\u1eeda \u0111\u1ed5i response \u0111\u00f3 \u0111\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng trong th\u01b0 vi\u1ec7n v\u00e0 x\u00e1c th\u1ef1c nh\u01b0 m\u1ed9t ng\u01b0\u1eddi d\u00f9ng kh\u00e1c.<\/p>\n \u1ee8ng d\u1ee5ng Volkswagen b\u1ecb t\u1ea5n c\u00f4ng m\u1ea1ng<\/strong><\/p>\n H\u00e3ng s\u1ea3n xu\u1ea5t \u00f4 t\u00f4 \u0110\u1ee9c Volkswagen g\u1ea7n \u0111\u00e2y \u0111\u00e3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng trong \u1ee9ng d\u1ee5ng My Volkswagen c\u1ee7a m\u00ecnh. C\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp th\u00f4ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng kh\u00e1c, bao g\u1ed3m v\u1ecb tr\u00ed xe, t\u00ecnh tr\u1ea1ng \u0111\u1ed9ng c\u01a1, s\u1ed1 li\u1ec7u th\u1ed1ng k\u00ea nhi\u00ean li\u1ec7u, \u00e1p su\u1ea5t l\u1ed1p, c\u0169ng nh\u01b0 th\u00f4ng tin c\u00e1 nh\u00e2n nh\u01b0 \u0111\u1ecba ch\u1ec9 nh\u00e0, s\u1ed1 \u0111i\u1ec7n tho\u1ea1i, \u0111\u1ecba ch\u1ec9 email, gi\u1ea5y ph\u00e9p l\u00e1i xe v\u00e0 l\u1ecbch s\u1eed d\u1ecbch v\u1ee5. Volkswagen cho bi\u1ebft c\u00e1c v\u1ea5n \u0111\u1ec1 ch\u1ec9 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn \u1ee9ng d\u1ee5ng t\u1ea1i \u1ea4n \u0110\u1ed9 v\u00e0 ch\u1ec9 ra r\u1eb1ng kh\u00f4ng c\u00f3 b\u1eb1ng ch\u1ee9ng n\u00e0o v\u1ec1 vi\u1ec7c khai th\u00e1c trong th\u1ef1c t\u1ebf.<\/p>\n D\u1eef li\u1ec7u c\u1ee7a Ch\u00ednh ph\u1ee7 Hoa K\u1ef3 b\u1ecb \u0111\u00e1nh c\u1eafp trong v\u1ee5 t\u1ea5n c\u00f4ng TeleMessage<\/strong><\/p>\n H\u00e3ng tin Reuters cho bi\u1ebft tin nh\u1eafn trao \u0111\u1ed5i gi\u1eefa nhi\u1ec1u quan ch\u1ee9c Hoa K\u1ef3 \u0111\u00e3 b\u1ecb tin t\u1eb7c ng\u0103n ch\u1eb7n, t\u00e1c nh\u00e2n \u0111e d\u1ecda n\u00e0y \u0111\u00e3 x\u00e2m nh\u1eadp v\u00e0o n\u1ec1n t\u1ea3ng TeleMessage \u0111\u01b0\u1ee3c c\u1ef1u c\u1ed1 v\u1ea5n an ninh qu\u1ed1c gia c\u1ee7a Trump l\u00e0 Mike Waltz v\u00e0 h\u01a1n 60 ng\u01b0\u1eddi d\u00f9ng ch\u00ednh ph\u1ee7 kh\u00e1c s\u1eed d\u1ee5ng. D\u1eef li\u1ec7u li\u00ean quan \u0111\u1ebfn c\u00e1c th\u00e0nh vi\u00ean c\u1ee7a C\u01a1 quan M\u1eadt v\u1ee5, quan ch\u1ee9c h\u1ea3i quan, \u1ee9ng ph\u00f3 th\u1ea3m h\u1ecda, nh\u00e2n vi\u00ean ngo\u1ea1i giao Hoa K\u1ef3 v\u00e0 \u00edt nh\u1ea5t m\u1ed9t nh\u00e2n vi\u00ean Nh\u00e0 Tr\u1eafng.<\/p>\n Tr\u00ecnh c\u00e0i \u0111\u1eb7t RVTools b\u1ecb nhi\u1ec5m Trojan<\/strong><\/p>\n M\u1ed9t phi\u00ean b\u1ea3n Trojan c\u1ee7a tr\u00ecnh c\u00e0i \u0111\u1eb7t RVTools, \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i th\u00f4ng qua m\u1ed9t t\u00ean mi\u1ec1n b\u1ecb chi\u1ebfm \u0111o\u1ea1t, \u0111\u00e3 b\u1ecb ph\u00e1t hi\u1ec7n \u0111ang ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i Bumblebee cho ng\u01b0\u1eddi d\u00f9ng. T\u00ean mi\u1ec1n n\u00e0y m\u1ea1o danh trang web c\u1ee7a c\u00f4ng c\u1ee5 h\u1ee3p l\u1ec7, s\u1eed d\u1ee5ng TLD .org thay v\u00ec .com. C\u00e1c b\u00e1o c\u00e1o v\u1ec1 tr\u00ecnh c\u00e0i \u0111\u1eb7t \u0111\u1ed9c h\u1ea1i l\u1ea7n \u0111\u1ea7u ti\u00ean xu\u1ea5t hi\u1ec7n v\u00e0o gi\u1eefa th\u00e1ng 5 v\u00e0 Robware \u0111\u00e3 t\u1ea1m th\u1eddi \u0111\u01b0a c\u00e1c trang web ch\u00ednh th\u1ee9c c\u1ee7a c\u00f4ng c\u1ee5, c\u1ee5 th\u1ec3 l\u00e0 Robware.net v\u00e0 RVTools.com v\u00e0o tr\u1ea1ng th\u00e1i ngo\u1ea1i tuy\u1ebfn, c\u1ea3nh b\u00e1o ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng t\u1ea3i RVTools t\u1eeb b\u1ea5t k\u1ef3 trang web n\u00e0o kh\u00e1c.<\/p>\n L\u1ed7 h\u1ed5ng prompt injection t\u1eeb xa tr\u00ean GitLab Duo<\/strong><\/p>\n H\u00e3ng b\u1ea3o m\u1eadt Legit Security (Hoa K\u1ef3) cho bi\u1ebft l\u1ed7 h\u1ed5ng prompt injection t\u1eeb xa trong AI-native GitLab assistant\u00a0GitLab<\/a>\u00a0Duo c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng thao t\u00fang c\u00e1c code g\u1ee3i \u00fd \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb cho ng\u01b0\u1eddi d\u00f9ng kh\u00e1c, t\u1eeb \u0111\u00f3 ti\u00eam code HTML kh\u00f4ng \u0111\u00e1ng tin c\u1eady v\u00e0o kho l\u01b0u tr\u1eef, \u0111\u00e1nh c\u1eafp m\u00e3 ngu\u1ed3n t\u1eeb c\u00e1c project ri\u00eang t\u01b0 v\u00e0 khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng zero-day ch\u01b0a \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9 th\u00f4ng qua t\u00ednh n\u0103ng tr\u00f2 chuy\u1ec7n c\u1ee7a bot. Hi\u1ec7n GitLab \u0111\u00e3 kh\u1eafc ph\u1ee5c l\u1ed7i b\u1ea3o m\u1eadt n\u00e0y.<\/p>\n L\u1ed7 h\u1ed5ng Ivanti EPMM b\u1ecb tin t\u1eb7c Trung Qu\u1ed1c khai th\u00e1c<\/strong><\/p>\n C\u00e1c tin t\u1eb7c Trung Qu\u1ed1c \u0111\u00e3 khai th\u00e1c l\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 t\u1eeb xa trong Ivanti Endpoint Manager Mobile (EPMM) \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o c\u00e1c t\u1ed5 ch\u1ee9c l\u1edbn tr\u00ean to\u00e0n th\u1ebf gi\u1edbi. L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c g\u1eafn m\u00e3 theo d\u00f5i CVE-2025-4428 v\u00e0 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 \u1edf m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng cao. L\u1ed7 h\u1ed5ng c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c \u0111\u1ec3 th\u1ef1c thi m\u00e3 t\u1eeb xa tr\u00ean Ivanti EPMM phi\u00ean b\u1ea3n 12.5.0.0 tr\u1edf v\u1ec1 tr\u01b0\u1edbc th\u00f4ng qua c\u00e1c request API \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t.<\/p>\n Ng\u00e0y 21\/5, nh\u00e0 nghi\u00ean c\u1ee9u Arda B\u00fcy\u00fckkaya \u0111\u1ebfn t\u1eeb nh\u00e0 cung c\u1ea5p t\u00ecnh b\u00e1o m\u1ed1i \u0111e d\u1ecda EclecticIQ (H\u00e0 Lan) \u0111\u00e3 b\u00e1o c\u00e1o r\u1eb1ng \u0111\u00e3 ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng CVE-2025-4428 b\u1ecb khai th\u00e1c r\u1ed9ng r\u00e3i trong t\u1ef1 nhi\u00ean k\u1ec3 t\u1eeb ng\u00e0y 15\/5 v\u00e0 \u0111\u1ee9ng sau l\u00e0 c\u00e1c tin t\u1eb7c UNC5221 th\u1ef1c hi\u1ec7n.<\/p>\n Tin t\u1eb7c s\u1eed d\u1ee5ng \u1ee9ng d\u1ee5ng Ledger gi\u1ea3 m\u1ea1o \u0111\u1ec3 \u0111\u00e1nh c\u1eafp seed phrase c\u1ee7a ng\u01b0\u1eddi d\u00f9ng Mac<\/strong><\/p>\n C\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111ang s\u1eed d\u1ee5ng c\u00e1c \u1ee9ng d\u1ee5ng Ledger gi\u1ea3 m\u1ea1o \u0111\u1ec3 nh\u1eafm v\u00e0o ng\u01b0\u1eddi d\u00f9ng\u00a0macOS<\/a>\u00a0v\u00e0 t\u00e0i s\u1ea3n k\u1ef9 thu\u1eadt s\u1ed1 c\u1ee7a h\u1ecd, b\u1eb1ng c\u00e1ch tri\u1ec3n khai ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i nh\u1eb1m \u0111\u00e1nh c\u1eafp seed phrase b\u1ea3o v\u1ec7 quy\u1ec1n truy c\u1eadp v\u00e0o v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed k\u1ef9 thu\u1eadt s\u1ed1. Ledger l\u00e0 v\u00ed ph\u1ea7n c\u1ee9ng ph\u1ed5 bi\u1ebfn \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 l\u01b0u tr\u1eef ti\u1ec1n \u0111i\u1ec7n t\u1eed ngo\u1ea1i tuy\u1ebfn (l\u01b0u tr\u1eef l\u1ea1nh) v\u00e0 theo c\u00e1ch an to\u00e0n. M\u1ed9t seed phrase l\u00e0 m\u1ed9t t\u1eadp h\u1ee3p g\u1ed3m 12 ho\u1eb7c 24 t\u1eeb ng\u1eabu nhi\u00ean cho ph\u00e9p ph\u1ee5c h\u1ed3i t\u00e0i s\u1ea3n k\u1ef9 thu\u1eadt s\u1ed1 n\u1ebfu v\u00ed b\u1ecb m\u1ea5t ho\u1eb7c qu\u00ean m\u1eadt kh\u1ea9u truy c\u1eadp. Do \u0111\u00f3, n\u00f3 \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef ngo\u1ea1i tuy\u1ebfn v\u00e0 ri\u00eang t\u01b0.<\/p>\n C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a c\u00f4ng ty an ninh m\u1ea1ng Moonlock (Ukraine) cho bi\u1ebft, \u1ee9ng d\u1ee5ng \u0111\u1ed9c h\u1ea1i gi\u1ea3 m\u1ea1o \u1ee9ng d\u1ee5ng Ledger \u0111\u1ec3 \u0111\u00e1nh l\u1eeba ng\u01b0\u1eddi d\u00f9ng nh\u1eadp c\u1ee5m t\u1eeb g\u1ed1c c\u1ee7a h\u1ecd v\u00e0o trang l\u1eeba \u0111\u1ea3o. Moonlock Lab \u0111\u00e3 theo d\u00f5i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y k\u1ec3 t\u1eeb th\u00e1ng 8\/2024, khi c\u00e1c b\u1ea3n sao \u1ee9ng d\u1ee5ng ch\u1ec9 c\u00f3 th\u1ec3 \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u, ghi ch\u00fa v\u00e0 th\u00f4ng tin chi ti\u1ebft v\u1ec1 v\u00ed \u0111\u1ec3 c\u00f3 \u0111\u01b0\u1ee3c c\u00e1i nh\u00ecn tho\u00e1ng qua v\u1ec1 t\u00e0i s\u1ea3n trong v\u00ed.<\/p>\n Video TikTok ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u00e1nh c\u1eafp th\u00f4ng tin trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ClickFix<\/strong><\/p>\n![](\"https:\/\/dulieu.antoanthongtin.gov.vn\/tapchiantoanthongtin\/81e1f208-2b2a-437d-81d0-0692955eb92f\/z6607808140056_6cff57a46b94d0aaa9e1fc47c5b7cfc6(4).jpg\")
<\/p>\n