{"id":46693,"date":"2025-09-16T14:18:43","date_gmt":"2025-09-16T07:18:43","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46693"},"modified":"2025-09-26T14:20:05","modified_gmt":"2025-09-26T07:20:05","slug":"ban-tin-an-toan-thong-tin-tuan-so-18","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/ban-tin-an-toan-thong-tin-tuan-so-18\/","title":{"rendered":"B\u1ea3n tin An to\u00e0n th\u00f4ng tin tu\u1ea7n s\u1ed1 18"},"content":{"rendered":"
\n
<\/i>\u00a0H\u1ed3ng \u0110\u1ea1t<\/a><\/div>\n<\/div>\n

T\u1ea1p ch\u00ed An to\u00e0n th\u00f4ng tin gi\u1edbi thi\u1ec7u to\u00e0n c\u1ea3nh v\u1ec1 nh\u1eefng s\u1ef1 ki\u1ec7n, tin t\u1ee9c n\u1ed5i b\u1eadt v\u1ec1 b\u1ea3o m\u1eadt v\u00e0 an to\u00e0n th\u00f4ng tin trong Tu\u1ea7n 37 (8\/9 – 14\/9), B\u1ea3n tin g\u1ed3m c\u00e1c s\u1ef1 ki\u1ec7n an to\u00e0n th\u00f4ng tin n\u1ed5i b\u1eadt trong n\u01b0\u1edbc v\u00e0 qu\u1ed1c t\u1ebf. Trong tu\u1ea7n qua, Ph\u00f3 Th\u1ee7 t\u01b0\u1edbng H\u1ed3 \u0110\u1ee9c Ph\u1edbc \u0111\u00e3 k\u00fd ban h\u00e0nh Ngh\u1ecb quy\u1ebft s\u1ed1 05\/2025\/NQ-CP c\u1ee7a Ch\u00ednh ph\u1ee7 v\u1ec1 vi\u1ec7c tri\u1ec3n khai th\u00ed \u0111i\u1ec3m th\u1ecb tr\u01b0\u1eddng t\u00e0i s\u1ea3n m\u00e3 h\u00f3a t\u1ea1i Vi\u1ec7t Nam. \u0110\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng di\u1ec5n bi\u1ebfn m\u1edbi nh\u1ea5t li\u00ean quan \u0111\u1ebfn v\u1ee5 vi ph\u1ea1m d\u1eef li\u1ec7u t\u1ea1i Trung t\u00e2m Th\u00f4ng tin t\u00edn d\u1ee5ng qu\u1ed1c gia Vi\u1ec7t Nam (CIC), v\u1edbi h\u00e0ng lo\u1ea1t khuy\u1ebfn c\u00e1o \u0111\u1ebfn t\u1eeb c\u00e1c t\u1ed5 ch\u1ee9c v\u00e0 c\u01a1 quan ch\u1ee9c n\u0103ng. B\u00ean c\u1ea1nh \u0111\u00f3, nhi\u1ec1u \u00f4ng l\u1edbn c\u00f4ng ngh\u1ec7 tu\u1ea7n n\u00e0y \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, c\u00e1c c\u1ea3nh b\u00e1o an ninh m\u1ea1ng,… l\u00e0 m\u1ed9t s\u1ed1 th\u00f4ng tin \u0111\u00e1ng ch\u00fa \u00fd kh\u00e1c.<\/p>\n

\u0110I\u1ec2M TIN TRONG N\u01af\u1edaC<\/strong><\/p>\n

Tri\u1ec3n khai th\u00ed \u0111i\u1ec3m th\u1ecb tr\u01b0\u1eddng t\u00e0i s\u1ea3n m\u00e3 h\u00f3a t\u1ea1i Vi\u1ec7t Nam k\u1ec3 t\u1eeb ng\u00e0y 09\/9\/2025<\/strong><\/p>\n

Ng\u00e0y 09\/9\/2025, thay m\u1eb7t Ch\u00ednh ph\u1ee7, Ph\u00f3 Th\u1ee7 t\u01b0\u1edbng H\u1ed3 \u0110\u1ee9c Ph\u1edbc \u0111\u00e3 k\u00fd ban h\u00e0nh\u00a0Ngh\u1ecb quy\u1ebft s\u1ed1 05\/2025\/NQ-CP<\/a>\u00a0c\u1ee7a Ch\u00ednh ph\u1ee7 v\u1ec1 vi\u1ec7c tri\u1ec3n khai th\u00ed \u0111i\u1ec3m th\u1ecb tr\u01b0\u1eddng t\u00e0i s\u1ea3n m\u00e3 h\u00f3a t\u1ea1i Vi\u1ec7t Nam. Ngh\u1ecb quy\u1ebft n\u00e0y c\u00f3 hi\u1ec7u l\u1ef1c thi h\u00e0nh k\u1ec3 t\u1eeb ng\u00e0y 9\/9\/2025; th\u1eddi gian th\u1ef1c hi\u1ec7n th\u00ed \u0111i\u1ec3m l\u00e0 5 n\u0103m.<\/p>\n

Ngh\u1ecb quy\u1ebft n\u00e0y quy \u0111\u1ecbnh v\u1ec1 tri\u1ec3n khai th\u00ed \u0111i\u1ec3m ch\u00e0o b\u00e1n, ph\u00e1t h\u00e0nh t\u00e0i s\u1ea3n m\u00e3 h\u00f3a, t\u1ed5 ch\u1ee9c th\u1ecb tr\u01b0\u1eddng giao d\u1ecbch\u00a0t\u00e0i s\u1ea3n m\u00e3 h\u00f3a<\/a>\u00a0v\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 t\u00e0i s\u1ea3n m\u00e3 h\u00f3a; qu\u1ea3n l\u00fd nh\u00e0 n\u01b0\u1edbc v\u1ec1 th\u1ecb tr\u01b0\u1eddng t\u00e0i s\u1ea3n m\u00e3 h\u00f3a t\u1ea1i Vi\u1ec7t Nam. \u0110\u1ed1i t\u01b0\u1ee3ng th\u1ef1c hi\u1ec7n th\u00ed \u0111i\u1ec3m bao g\u1ed3m: T\u1ed5 ch\u1ee9c cung c\u1ea5p d\u1ecbch v\u1ee5 t\u00e0i s\u1ea3n m\u00e3 h\u00f3a; t\u1ed5 ch\u1ee9c ph\u00e1t h\u00e0nh t\u00e0i s\u1ea3n m\u00e3 h\u00f3a; t\u1ed5 ch\u1ee9c, c\u00e1 nh\u00e2n Vi\u1ec7t Nam v\u00e0 t\u1ed5 ch\u1ee9c, c\u00e1 nh\u00e2n n\u01b0\u1edbc ngo\u00e0i tham gia \u0111\u1ea7u t\u01b0 t\u00e0i s\u1ea3n m\u00e3 h\u00f3a v\u00e0 ho\u1ea1t \u0111\u1ed9ng tr\u00ean th\u1ecb tr\u01b0\u1eddng t\u00e0i s\u1ea3n m\u00e3 h\u00f3a t\u1ea1i Vi\u1ec7t Nam trong ph\u1ea1m vi quy \u0111\u1ecbnh t\u1ea1i Ngh\u1ecb quy\u1ebft n\u00e0y.<\/p>\n

IGB Group v\u00e0 MobiFone Global \u0111\u1ea9y m\u1ea1nh c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt v\u00e0 gi\u00e1m s\u00e1t an to\u00e0n th\u00f4ng tin<\/strong><\/p>\n

Ng\u00e0y 11\/9, t\u1ea1i H\u00e0 N\u1ed9i, C\u00f4ng ty c\u1ed5 ph\u1ea7n IGB (IGB Group) v\u00e0 C\u00f4ng ty c\u1ed5 ph\u1ea7n C\u00f4ng ngh\u1ec7 MobiFone to\u00e0n c\u1ea7u (MobiFone Global) \u0111\u00e3 k\u00fd k\u1ebft th\u1ecfa thu\u1eadn h\u1ee3p t\u00e1c chi\u1ebfn l\u01b0\u1ee3c, \u0111\u00e1nh d\u1ea5u b\u01b0\u1edbc ti\u1ebfn quan tr\u1ecdng trong ti\u1ebfn tr\u00ecnh chuy\u1ec3n \u0111\u1ed5i s\u1ed1 Vi\u1ec7t Nam. Hai b\u00ean cam k\u1ebft \u0111\u1ea9y m\u1ea1nh c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt v\u00e0\u00a0gi\u00e1m s\u00e1t an to\u00e0n th\u00f4ng tin<\/a>, th\u1ef1c hi\u1ec7n c\u00e1c ti\u00eau chu\u1ea9n qu\u1ea3n l\u00fd c\u1ea5p \u0111\u1ed9 an ninh m\u1ea1ng theo quy \u0111\u1ecbnh c\u1ee7a Nh\u00e0 n\u01b0\u1edbc.<\/p>\n

Theo th\u1ecfa thu\u1eadn, IGB v\u00e0 MobiFone Global s\u1ebd ph\u1ed1i h\u1ee3p t\u1eadn d\u1ee5ng th\u1ebf m\u1ea1nh v\u1ec1 h\u1ea1 t\u1ea7ng, c\u00f4ng ngh\u1ec7 v\u00e0 quan h\u1ec7 \u0111\u1ed1i t\u00e1c \u0111\u1ec3 tri\u1ec3n khai c\u00e1c d\u1ef1 \u00e1n s\u1ed1 h\u00f3a quy m\u00f4 l\u1edbn, t\u1eeb c\u1ea5p t\u1ec9nh, th\u00e0nh ph\u1ed1 \u0111\u1ebfn c\u00e1c ng\u00e0nh kinh t\u1ebf – x\u00e3 h\u1ed9i tr\u1ecdng \u0111i\u1ec3m.<\/p>\n

Ng\u00e2n h\u00e0ng Nh\u00e0 n\u01b0\u1edbc c\u1ea3nh b\u00e1o b\u1eaby l\u1eeba xuy\u00ean bi\u00ean gi\u1edbi, AI deepfake \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i s\u1ea3n<\/strong><\/p>\n

Theo th\u00f4ng tin t\u1eeb V\u1ee5 Thanh to\u00e1n –\u00a0Ng\u00e2n h\u00e0ng Nh\u00e0 n\u01b0\u1edbc<\/a>, th\u1eddi gian g\u1ea7n \u0111\u00e2y, t\u00ecnh tr\u1ea1ng t\u1ed9i ph\u1ea1m c\u00f4ng ngh\u1ec7 cao, l\u1eeba \u0111\u1ea3o t\u00e0i ch\u00ednh qua c\u00e1c k\u00eanh \u0111i\u1ec7n t\u1eed c\u00f3 chi\u1ec1u h\u01b0\u1edbng gia t\u0103ng, v\u1edbi nhi\u1ec1u th\u1ee7 \u0111o\u1ea1n tinh vi nh\u01b0 m\u1ea1o danh ng\u00e2n h\u00e0ng g\u1eedi tin nh\u1eafn, ph\u00e1t t\u00e1n \u0111\u01b0\u1eddng link ho\u1eb7c\u00a0QR code<\/a>\u00a0gi\u1ea3 m\u1ea1o, gi\u1ea3 danh c\u01a1 quan c\u00f4ng an, t\u00f2a \u00e1n, l\u1eeba \u0111\u1ea3o tuy\u1ec3n d\u1ee5ng \u201cvi\u1ec7c nh\u1eb9 l\u01b0\u01a1ng cao\u201d t\u1eeb n\u01b0\u1edbc ngo\u00e0i, hay s\u1eed d\u1ee5ng c\u00f4ng ngh\u1ec7 AI, deepfake \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t th\u00f4ng tin c\u00e1 nh\u00e2n v\u00e0 t\u00e0i s\u1ea3n.<\/p>\n

Tr\u01b0\u1edbc th\u1ef1c tr\u1ea1ng n\u00e0y, V\u1ee5 Thanh to\u00e1n khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00e2n tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng cung c\u1ea5p th\u00f4ng tin b\u1ea3o m\u1eadt bao g\u1ed3m m\u1eadt kh\u1ea9u, OTP, s\u1ed1 th\u1ebb, CVV, sinh tr\u1eafc h\u1ecdc cho b\u1ea5t k\u1ef3 ai d\u01b0\u1edbi b\u1ea5t k\u1ef3 h\u00ecnh th\u1ee9c n\u00e0o. \u0110\u1ed3ng th\u1eddi kh\u00f4ng truy c\u1eadp link, QR code, \u1ee9ng d\u1ee5ng kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c, th\u01b0\u1eddng xuy\u00ean ki\u1ec3m tra, x\u00e1c minh th\u00f4ng tin qua c\u00e1c k\u00eanh ch\u00ednh th\u1ee9c c\u1ee7a ng\u00e2n h\u00e0ng.<\/p>\n

Nguy c\u01a1 r\u00f2 r\u1ec9 h\u01a1n 160 tri\u1ec7u th\u00f4ng tin t\u00edn d\u1ee5ng ng\u01b0\u1eddi d\u00f9ng Vi\u1ec7t Nam<\/strong><\/p>\n

Ng\u00e0y 8\/9, nh\u00f3m tin t\u1eb7c kh\u00e9t ti\u1ebfng\u00a0ShinyHunters<\/a>\u00a0tuy\u00ean b\u1ed1 \u0111\u00e3 \u0111\u00e1nh c\u1eafp h\u01a1n 160 tri\u1ec7u h\u1ed3 s\u01a1 t\u00edn d\u1ee5ng t\u1eeb CIC v\u00e0 r\u00f2 r\u1ec9 nh\u1eefng th\u00f4ng tin n\u00e0y. C\u00e1c tin t\u1eb7c ShinyHunters\u00a0rao b\u00e1n 175.000 USD tr\u00ean m\u1ed9t di\u1ec5n \u0111\u00e0n tin t\u1eb7c v\u00e0 cung c\u1ea5p m\u1ed9t m\u1eabu d\u1eef li\u1ec7u l\u1edbn, c\u00f9ng m\u00f4 t\u1ea3 h\u01a1n 160 tri\u1ec7u b\u1ea3n ghi v\u1edbi \u201cth\u00f4ng tin r\u1ea5t nh\u1ea1y c\u1ea3m bao g\u1ed3m PII chung, thanh to\u00e1n t\u00edn d\u1ee5ng, ph\u00e2n t\u00edch r\u1ee7i ro, th\u1ebb t\u00edn d\u1ee5ng,\u2026 V\u1ec1 c\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng, c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda l\u1ee3i d\u1ee5ng m\u1ed9t l\u1ed7 h\u1ed5ng n-day trong m\u1ed9t ph\u1ea7n m\u1ec1m \u0111\u00e3 h\u1ebft v\u00f2ng \u0111\u1eddi \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o CIC v\u00e0 \u0111\u00e1nh c\u1eafp kho\u1ea3ng h\u01a1n 3 t\u1ec9 b\u1ea3n ghi, trong \u0111\u00f3 c\u00f3 160 tri\u1ec7u b\u1ea3n ghi ch\u1ee9a th\u00f4ng tin c\u00e1 nh\u00e2n ng\u01b0\u1eddi Vi\u1ec7t.<\/p>\n

<\/p>\n

Th\u00f4ng tin r\u00f2 r\u1ec9 tr\u00ean di\u1ec5n \u0111\u00e0n tin t\u1eb7c<\/em><\/p>\n

VNCERT khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00e2n c\u1ea7n n\u00e2ng cao c\u1ea3nh gi\u00e1c tr\u01b0\u1edbc s\u1ef1 c\u1ed1 an ninh m\u1ea1ng t\u1ea1i CIC<\/strong><\/p>\n

Chi\u1ec1u ng\u00e0y 11\/9, Trung t\u00e2m \u1ee8ng c\u1ee9u kh\u1ea9n c\u1ea5p kh\u00f4ng gian m\u1ea1ng Vi\u1ec7t Nam (VNCERT<\/a>) \u0111\u00e3 c\u00f3 th\u00f4ng b\u00e1o v\u1ec1 s\u1ef1 c\u1ed1 l\u1ed9 d\u1eef li\u1ec7u c\u00e1 nh\u00e2n t\u1ea1i CIC. K\u1ebft qu\u1ea3 ban \u0111\u1ea7u cho th\u1ea5y, l\u01b0\u1ee3ng d\u1eef li\u1ec7u b\u1ecb thu th\u1eadp tr\u00e1i ph\u00e9p t\u1ea1i CIC kh\u00f4ng bao g\u1ed3m t\u00e0i kho\u1ea3n ti\u1ec1n g\u1eedi, s\u1ed1 th\u1ebb t\u00edn d\u1ee5ng, m\u00e3 s\u1ed1 b\u1ea3o m\u1eadt, l\u1ecbch s\u1eed giao d\u1ecbch thanh to\u00e1n,\u2026 c\u1ee7a kh\u00e1ch h\u00e0ng. \u0110\u1ed3ng th\u1eddi, h\u1ec7 th\u1ed1ng c\u00f4ng ngh\u1ec7 th\u00f4ng tin c\u1ee7a c\u00e1c t\u1ed5 ch\u1ee9c t\u00edn d\u1ee5ng ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c l\u1eadp, do v\u1eady, ho\u1ea1t \u0111\u1ed9ng cung c\u1ea5p d\u1ecbch v\u1ee5 c\u1ee7a c\u00e1c t\u1ed5 ch\u1ee9c t\u00edn d\u1ee5ng hi\u1ec7n nay v\u1eabn \u0111ang \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n li\u00ean t\u1ee5c, an to\u00e0n v\u00e0 \u1ed5n \u0111\u1ecbnh, kh\u00e1ch h\u00e0ng ho\u00e0n to\u00e0n kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi s\u1ef1 c\u1ed1 n\u00e0y.<\/p>\n

VNCERT khuy\u1ebfn ngh\u1ecb kh\u00e1ch h\u00e0ng tu\u00e2n th\u1ee7 h\u01b0\u1edbng d\u1eabn c\u1ee7a c\u00e1c c\u01a1 quan, \u0111\u01a1n v\u1ecb t\u00edn d\u1ee5ng, t\u00e0i ch\u00ednh; kh\u00f4ng c\u1ea7n ph\u1ea3i \u0111\u00f3ng, kh\u00f3a th\u1ebb t\u00edn d\u1ee5ng ho\u1eb7c t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng. Ng\u01b0\u1eddi d\u00e2n kh\u00f4ng tin t\u01b0\u1edfng, b\u00ecnh lu\u1eadn, chia s\u1ebb v\u1edbi c\u00e1c ngu\u1ed3n tin th\u1ea5t thi\u1ec7t, xuy\u00ean t\u1ea1c, b\u1ecba \u0111\u1eb7t tr\u00ean kh\u00f4ng gian m\u1ea1ng c\u00f3 li\u00ean quan \u0111\u1ebfn s\u1ef1 vi\u1ec7c; c\u1ea7n th\u01b0\u1eddng xuy\u00ean theo d\u00f5i, c\u1eadp nh\u1eadt th\u00f4ng tin \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 ch\u00ednh th\u1ee9c b\u1edfi c\u01a1 quan ch\u1ee9c n\u0103ng.<\/p>\n

\u0110I\u1ec2M TIN QU\u1ed0C T\u1ebe<\/strong><\/p>\n

Plex y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u sau v\u1ee5 r\u00f2 r\u1ec9 d\u1eef li\u1ec7u m\u1edbi<\/strong><\/p>\n

Tu\u1ea7n qua, n\u1ec1n t\u1ea3ng ph\u00e1t tr\u1ef1c tuy\u1ebfn media Plex \u0111\u01b0a ra c\u1ea3nh b\u00e1o ng\u01b0\u1eddi d\u00f9ng c\u1ea7n ph\u1ea3i \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u t\u00e0i kho\u1ea3n, trong b\u1ed1i c\u1ea3nh tin t\u1eb7c t\u1ea5n c\u00f4ng v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u x\u00e1c th\u1ef1c t\u1eeb m\u1ed9t trong c\u00e1c c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee7a n\u1ec1n t\u1ea3ng n\u00e0y. \u0110\u1ed1i v\u1edbi nh\u1eefng ng\u01b0\u1eddi s\u1eed d\u1ee5ng\u00a0SSO<\/a>\u00a0\u0111\u1ec3 \u0111\u0103ng nh\u1eadp, c\u00f4ng ty khuy\u1ebfn ngh\u1ecb kh\u00e1ch h\u00e0ng n\u00ean \u0111\u0103ng xu\u1ea5t kh\u1ecfi t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean \u0111ang ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch truy c\u1eadp https:\/\/plex[.]tv\/security v\u00e0 nh\u1ea5p v\u00e0o n\u00fat \u201c\u0110\u0103ng xu\u1ea5t kh\u1ecfi t\u1ea5t c\u1ea3 c\u00e1c thi\u1ebft b\u1ecb\u201d.<\/p>\n

H\u01a1n 6.700 kho l\u01b0u tr\u1eef ri\u00eang t\u01b0 b\u1ecb c\u00f4ng khai trong cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng Nx<\/strong><\/p>\n

C\u00f4ng ty an ninh m\u1ea1ng Wiz cho bi\u1ebft tin t\u1eb7c \u0111\u00e3 s\u1eed d\u1ee5ng c\u00e1c th\u00f4ng tin b\u00ed m\u1eadt (secret) b\u1ecb \u0111\u00e1nh c\u1eafp trong cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng Nx g\u1ea7n \u0111\u00e2y, \u0111\u1ec3 t\u1eeb \u0111\u00f3 c\u00f4ng khai h\u01a1n 6.700 kho l\u01b0u tr\u1eef ri\u00eang t\u01b0. L\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 t\u00ean \u201cs1ngularity\u201d, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 s\u1eed d\u1ee5ng token NPM tr\u00ean kho l\u01b0u tr\u1eef Nx \u0111\u1ec3 ph\u00e1t h\u00e0nh 8 phi\u00ean b\u1ea3n \u0111\u1ed9c h\u1ea1i. C\u00e1c phi\u00ean b\u1ea3n n\u00e0y ch\u1ee9a m\u1ed9t t\u1eadp l\u1ec7nh \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 th\u1ef1c thi t\u1ec7p telemetry[.]js \u0111\u1ed9c h\u1ea1i tr\u00ean h\u1ec7 th\u1ed1ng\u00a0Linux<\/a>\u00a0v\u00e0 macOS, nh\u1eb1m t\u00ecm ki\u1ebfm m\u1ed9t c\u00e1ch c\u00f3 h\u1ec7 th\u1ed1ng c\u00e1c m\u00e1y t\u00ednh \u0111\u1ec3 t\u00ecm c\u00e1c t\u1ec7p ch\u1ee9a kh\u00f3a API, token\u00a0GitHub<\/a>, token NPM, kh\u00f3a SSH v\u00e0 d\u1eef li\u1ec7u v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed.<\/p>\n

Microsoft ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 Patch Tuesday th\u00e1ng 9 kh\u1eafc ph\u1ee5c 81 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/strong><\/p>\n

Microsoft v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 Patch Tuesday th\u00e1ng 9\/2025 \u0111\u1ec3 gi\u1ea3i quy\u1ebft 81 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. \u0110\u00e1ng l\u01b0u \u00fd, b\u1ea3n v\u00e1 l\u1ea7n n\u00e0y \u0111\u00e3 kh\u1eafc ph\u1ee5c 02 l\u1ed7 h\u1ed5ng zero-day ti\u1ebft l\u1ed9 c\u00f4ng khai.<\/p>\n

<\/p>\n

Theo \u0111\u00f3, b\u1ea3n v\u00e1\u00a0Patch Tuesday<\/a>\u00a0th\u00e1ng 9 \u0111\u00e3 kh\u1eafc ph\u1ee5c 38 l\u1ed7 h\u1ed5ng leo thang \u0111\u1eb7c quy\u1ec1n; 22 l\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE); 14 l\u1ed7 h\u1ed5ng ti\u1ebft l\u1ed9 th\u00f4ng tin; 04 l\u1ed7 h\u1ed5ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS), 01 l\u1ed7 h\u1ed5ng gi\u1ea3 m\u1ea1o (Spoofing), 02 l\u1ed7 h\u1ed5ng v\u01b0\u1ee3t qua t\u00ednh n\u0103ng b\u1ea3o m\u1eadt (Bypass). S\u1ed1 l\u01b0\u1ee3ng n\u00e0y kh\u00f4ng bao g\u1ed3m c\u00e1c l\u1ed7 h\u1ed5ng Azure, Dynamics 365 FastTrack Implementation Assets, Mariner, Microsoft Edge v\u00e0 Xbox \u0111\u00e3 \u0111\u01b0\u1ee3c kh\u1eafc ph\u1ee5c s\u1edbm v\u00e0o \u0111\u1ea7u th\u00e1ng n\u00e0y.<\/p>\n

Tin t\u1eb7c APT Trung Qu\u1ed1c ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i EggStreme \u0111\u1ec3 x\u00e2m nh\u1eadp h\u1ec7 th\u1ed1ng qu\u00e2n s\u1ef1 Philippines<\/strong><\/p>\n

M\u1ed9t nh\u00f3m tin t\u1eb7c APT t\u1eeb\u00a0Trung Qu\u1ed1c<\/a>\u00a0\u0111\u00e3 b\u1ecb c\u00e1o bu\u1ed9c l\u00e0 th\u1ee7 ph\u1ea1m x\u00e2m nh\u1eadp m\u1ed9t c\u00f4ng ty qu\u00e2n s\u1ef1 c\u00f3 tr\u1ee5 s\u1edf t\u1ea1i Philippines, b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng m\u1ed9t framework ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u00f3 t\u00ean l\u00e0 EggStreme.<\/p>\n

Nh\u00e0 nghi\u00ean c\u1ee9u Bogdan Zavadovschi c\u1ee7a h\u00e3ng b\u1ea3o m\u1eadt Bitdefender (Romania) cho bi\u1ebft: \u201cB\u1ed9 c\u00f4ng c\u1ee5 n\u00e0y c\u00f3 kh\u1ea3 n\u0103ng ho\u1ea1t \u0111\u1ed9ng\u00a0gi\u00e1n \u0111i\u1ec7p<\/a>\u00a0tinh vi, k\u00edn \u0111\u00e1o b\u1eb1ng c\u00e1ch \u0111\u01b0a m\u00e3 \u0111\u1ed9c tr\u1ef1c ti\u1ebfp v\u00e0o b\u1ed9 nh\u1edb v\u00e0 t\u1eadn d\u1ee5ng kh\u1ea3 n\u0103ng\u00a0DLL sideloading<\/a>\u00a0\u0111\u1ec3 th\u1ef1c thi c\u00e1c payload. V\u1edbi th\u00e0nh ph\u1ea7n c\u1ed1t l\u00f5i, EggStremeAgent, l\u00e0 m\u1ed9t backdoor \u0111\u1ea7y \u0111\u1ee7 t\u00ednh n\u0103ng cho ph\u00e9p trinh s\u00e1t h\u1ec7 th\u1ed1ng, di chuy\u1ec3n ngang h\u00e0ng v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u th\u00f4ng qua m\u1ed9t keylogger \u0111\u01b0\u1ee3c nh\u00fang\u201d.<\/p>\n

Microsoft kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 ph\u00e1t tr\u1ef1c tuy\u1ebfn do b\u1ea3n c\u1eadp nh\u1eadt Windows g\u00e2y ra<\/strong><\/p>\n

Ng\u00e0y 9\/9, Microsoft \u0111\u00e3 gi\u1ea3i quy\u1ebft \u0111\u01b0\u1ee3c t\u00ecnh tr\u1ea1ng tr\u1ec5 v\u00e0 gi\u1eadt nghi\u00eam tr\u1ecdng v\u1edbi ph\u1ea7n m\u1ec1m ph\u00e1t tr\u1ef1c tuy\u1ebfn NDI, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u1ec7 th\u1ed1ng Windows 10 v\u00e0\u00a0Windows 11<\/a>, sau khi c\u00e0i \u0111\u1eb7t b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt th\u00e1ng 8\/2025 (KB5063878 v\u00e0 KB5063709) tr\u00ean Windows 11 24H2 v\u00e0 Windows 10 21H2\/22H2. Microsoft cho bi\u1ebft, t\u00ecnh tr\u1ea1ng gi\u1eadt, lag v\u00e0 \u00e2m thanh\/video b\u1ecb ng\u1eaft qu\u00e3ng nghi\u00eam tr\u1ecdng c\u00f3 th\u1ec3 x\u1ea3y ra khi s\u1eed d\u1ee5ng NDI \u0111\u1ec3 ph\u00e1t tr\u1ef1c tuy\u1ebfn ho\u1eb7c truy\u1ec1n d\u1eef li\u1ec7u \u00e2m thanh\/video gi\u1eefa c\u00e1c PC.<\/p>\n

M\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n HybridPetya m\u1edbi c\u00f3 th\u1ec3 bypass UEFI Secure Boot<\/strong><\/p>\n

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1ea1i c\u00f4ng ty an ninh m\u1ea1ng ESET (Slovakia) \u0111\u00e3 ph\u00e1t hi\u1ec7n ra m\u1ed9t lo\u1ea1i\u00a0m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n<\/a>\u00a0m\u1edbi c\u00f3 t\u00ean HybridPetya, v\u1edbi nhi\u1ec1u \u0111i\u1ec3m t\u01b0\u01a1ng \u0111\u1ed3ng v\u1edbi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i Petya v\u00e0 NotPetya kh\u00e9t ti\u1ebfng, c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua (bypass) t\u00ednh n\u0103ng UEFI\u00a0Secure Boot<\/a>, \u0111\u1ec3 c\u00e0i \u0111\u1eb7t \u1ee9ng d\u1ee5ng \u0111\u1ed9c h\u1ea1i tr\u00ean ph\u00e2n v\u00f9ng h\u1ec7 th\u1ed1ng EFI.<\/p>\n

Khi kh\u1edfi ch\u1ea1y, HybridPetya s\u1ebd x\u00e1c \u0111\u1ecbnh xem m\u00e1y ch\u1ee7 c\u00f3 s\u1eed d\u1ee5ng UEFI v\u1edbi ph\u00e2n v\u00f9ng GPT hay kh\u00f4ng, sau \u0111\u00f3 nh\u00fang bootkit \u0111\u1ed9c h\u1ea1i v\u00e0o ph\u00e2n v\u00f9ng h\u1ec7 th\u1ed1ng EFI. Ch\u00fang bao g\u1ed3m c\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh v\u00e0 x\u00e1c th\u1ef1c, bootloader \u0111\u00e3 s\u1eeda \u0111\u1ed5i, bootloader UEFI d\u1ef1 ph\u00f2ng, payload container v\u00e0 t\u1ec7p tr\u1ea1ng th\u00e1i theo d\u00f5i ti\u1ebfn tr\u00ecnh m\u00e3 h\u00f3a.<\/p>\n

M\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n Akira khai th\u00e1c l\u1ed7 h\u1ed5ng SSLVPN nghi\u00eam tr\u1ecdng c\u1ee7a SonicWall<\/strong><\/p>\n

Nh\u00f3m tin t\u1eb7c m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n Akira hi\u1ec7n \u0111ang t\u00edch c\u1ef1c khai th\u00e1c CVE-2024-40766, m\u1ed9t l\u1ed7 h\u1ed5ng ki\u1ec3m so\u00e1t truy c\u1eadp nghi\u00eam tr\u1ecdng \u0111\u00e3 t\u1ed3n t\u1ea1i m\u1ed9t n\u0103m, \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o c\u00e1c thi\u1ebft b\u1ecb SonicWall. C\u00f4ng ty an ninh m\u1ea1ng Rapid7 (M\u1ef9) b\u00e1o c\u00e1o r\u1eb1ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n\u00a0Akira<\/a>\u00a0v\u00e0o c\u00e1c thi\u1ebft b\u1ecb SonicWall g\u1ea7n \u0111\u00e2y \u0111\u00e3 b\u00f9ng ph\u00e1t tr\u1edf l\u1ea1i, c\u00f3 kh\u1ea3 n\u0103ng li\u00ean quan \u0111\u1ebfn vi\u1ec7c kh\u1eafc ph\u1ee5c ch\u01b0a ho\u00e0n ch\u1ec9nh.<\/p>\n

Qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb n\u00ean c\u1eadp nh\u1eadt l\u00ean firmware phi\u00ean b\u1ea3n 7.3.0 tr\u1edf l\u00ean, thay \u0111\u1ed5i m\u1eadt kh\u1ea9u t\u00e0i kho\u1ea3n\u00a0SonicWall<\/a>, th\u1ef1c thi x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA), gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb Default Groups v\u00e0 h\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp Virtual Office Portal v\u00e0o c\u00e1c m\u1ea1ng n\u1ed9i b\u1ed9\/\u0111\u00e1ng tin c\u1eady.<\/p>\n

Tin t\u1eb7c Kosovo nh\u1eadn t\u1ed9i \u0111i\u1ec1u h\u00e0nh di\u1ec5n \u0111\u00e0n t\u1ed9i ph\u1ea1m m\u1ea1ng BlackDB<\/strong><\/p>\n

V\u1eeba qua, c\u00f4ng d\u00e2n Kosovo c\u00f3 t\u00ean Liridon Masurica \u0111\u00e3 nh\u1eadn t\u1ed9i \u0111i\u1ec1u h\u00e0nh BlackDB[.]cc, m\u1ed9t th\u1ecb tr\u01b0\u1eddng t\u1ed9i ph\u1ea1m m\u1ea1ng ho\u1ea1t \u0111\u1ed9ng t\u1eeb n\u0103m 2018.\u00a0B\u1ed9 T\u01b0 ph\u00e1p M\u1ef9<\/a>\u00a0tuy\u00ean b\u1ed1 r\u1eb1ng di\u1ec5n \u0111\u00e0n n\u00e0y rao b\u00e1n c\u00e1c t\u00e0i kho\u1ea3n b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 th\u00f4ng tin \u0111\u0103ng nh\u1eadp m\u00e1y ch\u1ee7, th\u00f4ng tin th\u1ebb t\u00edn d\u1ee5ng b\u1ecb \u0111\u00e1nh c\u1eafp v\u00e0 th\u00f4ng tin nh\u1eadn d\u1ea1ng c\u00e1 nh\u00e2n (PII) thu\u1ed9c v\u1ec1 c\u00e1c n\u1ea1n nh\u00e2n tr\u00ean to\u00e0n th\u1ebf gi\u1edbi, \u0111\u1eb7c bi\u1ec7t t\u1eadp trung v\u00e0o c\u00e1c c\u00e1 nh\u00e2n t\u1ea1i M\u1ef9. Masurica b\u1ecb c\u00e1o bu\u1ed9c n\u0103m t\u1ed9i danh s\u1eed d\u1ee5ng thi\u1ebft b\u1ecb truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0 m\u1ed9t t\u1ed9i danh \u00e2m m\u01b0u gian l\u1eadn thi\u1ebft b\u1ecb truy c\u1eadp. N\u1ebfu b\u1ecb k\u1ebft \u00e1n v\u1ec1 t\u1ea5t c\u1ea3 c\u00e1c t\u1ed9i danh, qu\u1ea3n tr\u1ecb vi\u00ean ch\u1ee3 BlackDB c\u00f3 th\u1ec3 ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u1edbi m\u1ee9c \u00e1n t\u1ed1i \u0111a 55 n\u0103m t\u00f9 giam.<\/p>\n

Jaguar Land Rover x\u00e1c nh\u1eadn d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp sau cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng g\u1ea7n \u0111\u00e2y<\/strong><\/p>\n

V\u1eeba qua, Jaguar Land Rover (JLR) x\u00e1c nh\u1eadn r\u1eb1ng c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111\u00e3\u00a0\u0111\u00e1nh c\u1eafp<\/a>\u00a0m\u1ed9t s\u1ed1 d\u1eef li\u1ec7u trong m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng g\u1ea7n \u0111\u00e2y. Trong tuy\u00ean b\u1ed1 m\u1edbi nh\u1ea5t v\u00e0o ng\u00e0y 10\/9, c\u00f4ng ty c\u0169ng cho bi\u1ebft h\u1ecd \u0111\u00e3 th\u00f4ng b\u00e1o cho c\u00e1c c\u01a1 quan c\u00f3 th\u1ea9m quy\u1ec1n v\u1ec1 v\u1ee5 vi ph\u1ea1m d\u1eef li\u1ec7u.<\/p>\n

M\u1eb7c d\u00f9 nh\u00e0 s\u1ea3n xu\u1ea5t \u00f4 t\u00f4 \u0111\u00e3 x\u00e1c nh\u1eadn r\u1eb1ng nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin t\u1eeb c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m ph\u1ea1m c\u1ee7a c\u00f4ng ty, nh\u01b0ng JLR v\u1eabn ch\u01b0a x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c t\u00e1c nh\u00e2n \u0111e d\u1ecda c\u1ee5 th\u1ec3 n\u00e0o g\u00e2y ra v\u1ee5 t\u1ea5n c\u00f4ng. Tuy nhi\u00ean, m\u1ed9t nh\u00f3m t\u1ed9i ph\u1ea1m m\u1ea1ng t\u1ef1 x\u01b0ng l\u00e0 \u201cScattered Lapsus$ Hunters\u201d \u0111\u00e3 l\u00ean ti\u1ebfng nh\u1eadn tr\u00e1ch nhi\u1ec7m v\u1ec1 v\u1ee5 x\u00e2m nh\u1eadp tr\u00ean\u00a0Telegram<\/a>, chia s\u1ebb \u1ea3nh ch\u1ee5p m\u00e0n h\u00ecnh h\u1ec7 th\u1ed1ng SAP n\u1ed9i b\u1ed9 c\u1ee7a JLR, cho bi\u1ebft r\u1eb1ng h\u1ecd c\u0169ng \u0111\u00e3 tri\u1ec3n khai m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m ph\u1ea1m c\u1ee7a c\u00f4ng ty.<\/p>\n

Samsung v\u00e1 l\u1ed7 h\u1ed5ng zero-day nh\u1eafm v\u00e0o Android<\/strong><\/p>\n

Samsung<\/a>\u00a0\u0111\u00e3 v\u00e1 l\u1ed7 h\u1ed5ng RCE b\u1ecb khai th\u00e1c trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng zero-day nh\u1eafm v\u00e0o c\u00e1c thi\u1ebft b\u1ecb Android c\u1ee7a h\u00e3ng. \u0110\u01b0\u1ee3c theo d\u00f5i v\u1edbi \u0111\u1ecbnh danh CVE-2025-21043, l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c thi\u1ebft b\u1ecb Samsung Android 13 tr\u1edf l\u00ean. Theo Samsung, CVE-2025-21043 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong th\u01b0 vi\u1ec7n h\u00ecnh \u1ea3nh libimagecodec.quram.so, m\u1ed9t \u0111i\u1ec3m y\u1ebfu ghi ngo\u00e0i gi\u1edbi h\u1ea1n cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa tr\u00ean c\u00e1c thi\u1ebft b\u1ecb d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng.<\/p>\n

M\u1ef9 bu\u1ed9c t\u1ed9i c\u00f4ng d\u00e2n Ukraine li\u00ean quan \u0111\u1ebfn m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n LockerGoga, MegaCortex v\u00e0 Nefilim<\/strong><\/p>\n

Ng\u00e0y 9\/9, DOJ \u0111\u00e3 bu\u1ed9c t\u1ed9i c\u00f4ng d\u00e2n\u00a0Ukraine<\/a>\u00a0c\u00f3 t\u00ean Volodymyr Viktorovich Tymoshchuk v\u00ec vai tr\u00f2 l\u00e0 ng\u01b0\u1eddi qu\u1ea3n l\u00fd c\u00e1c ho\u1ea1t \u0111\u1ed9ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n LockerGoga, MegaCortex v\u00e0 Nefilim. Tymoshchuk (c\u00f2n \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn v\u1edbi c\u00e1c t\u00ean g\u1ecdi deadforz, Boba, msfv v\u00e0 farnetwork) n\u1eb1m trong danh s\u00e1ch truy n\u00e3 g\u1eaft gao nh\u1ea5t c\u1ee7a c\u1ea3 Li\u00ean minh ch\u00e2u \u00c2u (EU) v\u00e0 C\u1ee5c \u0110i\u1ec1u tra Li\u00ean bang M\u1ef9 (FBI). Theo b\u1ea3n c\u00e1o tr\u1ea1ng b\u1ed5 sung, Tymoshchuk \u0111\u00e3 tham gia v\u00e0o c\u00e1c v\u1ee5 t\u1ea5n c\u00f4ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n g\u00e2y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u00e0ng tr\u0103m doanh nghi\u1ec7p, g\u00e2y thi\u1ec7t h\u1ea1i h\u00e0ng tri\u1ec7u USD.<\/p>\n

Apple c\u1ea3nh b\u00e1o c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p<\/strong><\/p>\n

Ng\u00e0y 11\/9, Trung t\u00e2m \u1ee9ng c\u1ee9u kh\u1ea9n c\u1ea5p m\u00e1y t\u00ednh Ph\u00e1p (CERT-FR) cho bi\u1ebft, Apple \u0111ang c\u1ea3nh b\u00e1o kh\u00e1ch h\u00e0ng r\u1eb1ng thi\u1ebft b\u1ecb c\u1ee7a h\u1ecd \u0111ang l\u00e0 m\u1ee5c ti\u00eau c\u1ee7a m\u1ed9t lo\u1ea1t cu\u1ed9c t\u1ea5n c\u00f4ng ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p m\u1edbi. CERT-FR n\u00eau r\u00f5: \u201cC\u00e1c th\u00f4ng b\u00e1o cho th\u1ea5y \u0111\u00e2y l\u00e0 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u1ef1c k\u1ef3 tinh vi, h\u1ea7u h\u1ebft s\u1eed d\u1ee5ng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt\u00a0zero-day<\/a>\u00a0ho\u1eb7c kh\u00f4ng y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng t\u01b0\u01a1ng t\u00e1c. Nh\u1eefng cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y nh\u1eafm v\u00e0o c\u00e1c c\u00e1 nh\u00e2n nh\u01b0 nh\u00e0 b\u00e1o, lu\u1eadt s\u01b0, nh\u00e0 ho\u1ea1t \u0111\u1ed9ng, ch\u00ednh tr\u1ecb gia, quan ch\u1ee9c c\u1ea5p cao,\u2026\u201d.<\/p>\n

Microsoft kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 gi\u00e1n \u0111o\u1ea1n c\u1ee7a Exchange Online<\/strong><\/p>\n

Ng\u00e0y 12\/9, Microsoft th\u00f4ng b\u00e1o \u0111\u00e3 gi\u1ea3i quy\u1ebft s\u1ef1 c\u1ed1 gi\u00e1n \u0111o\u1ea1n ng\u1eebng ho\u1ea1t \u0111\u1ed9ng c\u1ee7a\u00a0Exchange<\/a>\u00a0Online, khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng th\u1ec3 truy c\u1eadp v\u00e0o email v\u00e0 l\u1ecbch. G\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 cho bi\u1ebft, nguy\u00ean nh\u00e2n x\u1ea3y ra s\u1ef1 c\u1ed1 do m\u1ed9t phi\u00ean b\u1ea3n ph\u1ea7n m\u1ec1m c\u1ee5 th\u1ec3 g\u00e2y ra t\u00ecnh tr\u1ea1ng ng\u1eaft k\u1ebft n\u1ed1i v\u00e0 chuy\u1ec3n \u0111\u1ed5i d\u1ef1 ph\u00f2ng c\u01a1 s\u1edf d\u1eef li\u1ec7u nhi\u1ec1u l\u1ea7n. \u0110i\u1ec1u n\u00e0y d\u1eabn \u0111\u1ebfn vi\u1ec7c s\u1eed d\u1ee5ng CPU t\u0103ng l\u00ean, g\u00e2y ra t\u00ecnh tr\u1ea1ng t\u00edch t\u1ee5 h\u00e0ng \u0111\u1ee3i tin nh\u1eafn, d\u1eabn \u0111\u1ebfn t\u00e1c \u0111\u1ed9ng tr\u00ean.<\/p>\n

Windows 11 23H2 Home v\u00e0 Pro k\u1ebft th\u00fac h\u1ed7 tr\u1ee3 v\u00e0o th\u00e1ng 11\/2025<\/strong><\/p>\n

Ng\u00e0y 12\/9, Microsoft th\u00f4ng b\u00e1o c\u00e1c thi\u1ebft b\u1ecb ch\u1ea1y phi\u00ean b\u1ea3n Home v\u00e0 Pro c\u1ee7a Windows 11 23H2 s\u1ebd k\u1ebft th\u00fac h\u1ed7 tr\u1ee3 v\u00e0 ng\u1eebng nh\u1eadn b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt h\u00e0ng th\u00e1ng sau ng\u00e0y 11\/11. Ng\u01b0\u1eddi d\u00f9ng Windows 11 23H2 \u0111\u01b0\u1ee3c khuy\u1ebfn c\u00e1o n\u00e2ng c\u1ea5p h\u1ec7 th\u1ed1ng c\u1ee7a m\u00ecnh l\u00ean Windows 11 24H2 (c\u00f2n g\u1ecdi l\u00e0 b\u1ea3n c\u1eadp nh\u1eadt Windows 11 2024), phi\u00ean b\u1ea3n Windows 11 m\u1edbi nh\u1ea5t, \u0111\u01b0\u1ee3c cung c\u1ea5p r\u1ed9ng r\u00e3i cho c\u00e1c thi\u1ebft b\u1ecb Windows 11 22H2\/23H2 \u0111\u1ee7 \u0111i\u1ec1u ki\u1ec7n v\u00e0o th\u00e1ng 10\/2024, sau khi tri\u1ec3n khai Windows Insider enterprise v\u00e0o th\u00e1ng 5\/2024.<\/p>\n

Adobe v\u00e1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt SessionReaper nghi\u00eam tr\u1ecdng<\/strong><\/p>\n

Ng\u00e0y 9\/9,\u00a0Adobe<\/a>\u00a0c\u1ea3nh b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng SessionReaper trong n\u1ec1n t\u1ea3ng Commerce v\u00e0\u00a0Magento<\/a>\u00a0m\u00e3 ngu\u1ed3n m\u1edf, n\u1ebfu khai th\u00e1c th\u00e0nh c\u00f4ng c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng. V\u1edbi m\u00e3 \u0111\u1ecbnh danh CVE-2025-54236 (\u0111i\u1ec3m CVSS: 9.1), l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 l\u00e0 m\u1ed9t l\u1ed7i x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u00fang c\u00e1ch. Th\u00f4ng b\u00e1o c\u1ee7a Adobe n\u00eau r\u00f5: \u201cK\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n kh\u00e1ch h\u00e0ng trong Adobe Commerce th\u00f4ng qua Commerce REST API\u201d.<\/p>\n

SAP kh\u1eafc ph\u1ee5c l\u1ed7 h\u1ed5ng th\u1ef1c thi l\u1ec7nh NetWeaver nghi\u00eam tr\u1ecdng<\/strong><\/p>\n

SAP \u0111\u00e3 gi\u1ea3i quy\u1ebft 21 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt m\u1edbi \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c s\u1ea3n ph\u1ea9m c\u1ee7a h\u00e3ng, trong \u0111\u00f3 c\u00f3 01 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng l\u00e0 CVE-2025-42944 (\u0111i\u1ec3m CVSS: 10.0). \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng gi\u1ea3i tu\u1ea7n t\u1ef1 h\u00f3a kh\u00f4ng an to\u00e0n trong\u00a0SAP NetWeaver<\/a>\u00a0(RMIP4), ServerCore 7.50. K\u1ebb t\u1ea5n c\u00f4ng ch\u01b0a x\u00e1c th\u1ef1c c\u00f3 th\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1ec3 th\u1ef1c thi l\u1ec7nh h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u00f9y \u00fd b\u1eb1ng c\u00e1ch g\u1eedi \u0111\u1ebfn c\u1ed5ng m\u1edf m\u1ed9t \u0111\u1ed1i t\u01b0\u1ee3ng Java \u0111\u1ed9c h\u1ea1i th\u00f4ng qua m\u00f4-\u0111un RMI-P4.<\/p>\n

GitLab ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 kh\u1ea9n c\u1ea5p kh\u1eafc ph\u1ee5c nhi\u1ec1u l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng<\/strong><\/p>\n

GitLab<\/a>\u00a0v\u1eeba ph\u00e1t h\u00e0nh m\u1ed9t lo\u1ea1t b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt kh\u1ea9n c\u1ea5p nh\u1eb1m kh\u1eafc ph\u1ee5c nhi\u1ec1u l\u1ed7 h\u1ed5ng nguy hi\u1ec3m c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c \u0111\u1ec3 t\u1ea5n c\u00f4ng v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng. L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng nh\u1ea5t \u0111\u01b0\u1ee3c kh\u1eafc ph\u1ee5c v\u1edbi m\u00e3 \u0111\u1ecbnh danh CVE-2025-6454 (\u0111i\u1ec3m CVSS: 8.5). \u0110\u00e2y l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng SSRF (Server-Side Request Forgery), cho ph\u00e9p tin t\u1eb7c g\u1eedi c\u00e1c y\u00eau c\u1ea7u t\u1eeb ch\u00ednh m\u00e1y ch\u1ee7 GitLab t\u1edbi c\u00e1c \u0111\u1ecba ch\u1ec9 n\u1ed9i b\u1ed9 ho\u1eb7c d\u1ecbch v\u1ee5 nh\u1ea1y c\u1ea3m, bypass c\u00e1c l\u1edbp b\u1ea3o m\u1eadt th\u00f4ng th\u01b0\u1eddng.<\/p>\n

Zoom v\u00e1 nhi\u1ec1u l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt quan tr\u1ecdng tr\u00ean Windows v\u00e0 macOS<\/strong><\/p>\n

Zoom<\/a>\u00a0v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt quan tr\u1ecdng cho c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee7a h\u00e3ng, bao g\u1ed3m Zoom Workplace v\u00e0 c\u00e1c client tr\u00ean Windows l\u1eabn macOS, nh\u1eb1m kh\u1eafc ph\u1ee5c nhi\u1ec1u l\u1ed7 h\u1ed5ng v\u1edbi m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng t\u1eeb trung b\u00ecnh \u0111\u1ebfn cao. B\u1ea3n v\u00e1 m\u1edbi nh\u1ea5t \u0111\u1eb7c bi\u1ec7t ch\u00fa tr\u1ecdng v\u00e0o l\u1ed7 h\u1ed5ng Missing Authorization, v\u1edbi m\u00e3 \u0111\u1ecbnh danh CVE-2025-49459, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn Zoom Workplace tr\u00ean Windows ARM. L\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 kh\u1ea3 n\u0103ng cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng ngo\u00e0i quy\u1ec1n h\u1ea1n, t\u1eeb \u0111\u00f3 \u0111e d\u1ecda nghi\u00eam tr\u1ecdng \u0111\u1ebfn b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng.<\/p>\n

Microsoft b\u1ed5 sung c\u1ea3nh b\u00e1o li\u00ean k\u1ebft \u0111\u1ed9c h\u1ea1i v\u00e0o cu\u1ed9c tr\u00f2 chuy\u1ec7n ri\u00eang t\u01b0 c\u1ee7a Teams<\/strong><\/p>\n

Microsoft Teams<\/a>\u00a0s\u1ebd t\u1ef1 \u0111\u1ed9ng c\u1ea3nh b\u00e1o ng\u01b0\u1eddi d\u00f9ng khi h\u1ecd g\u1eedi ho\u1eb7c nh\u1eadn tin nh\u1eafn ri\u00eang t\u01b0 c\u00f3 ch\u1ee9a li\u00ean k\u1ebft \u0111\u01b0\u1ee3c g\u1eafn th\u1ebb l\u00e0 \u0111\u1ed9c h\u1ea1i. Microsoft d\u1ef1 ki\u1ebfn \u0111\u01b0a ra nh\u1eefng c\u1ea3nh b\u00e1o m\u1edbi n\u00e0y cho c\u00e1c tin nh\u1eafn c\u00f3 ch\u1ee9a URL b\u1ecb g\u1eafn c\u1edd l\u00e0 th\u01b0 r\u00e1c, l\u1eeba \u0111\u1ea3o ho\u1eb7c ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, d\u00e0nh cho t\u1ea5t c\u1ea3 kh\u00e1ch h\u00e0ng enterprise s\u1eed d\u1ee5ng\u00a0Microsoft Defender<\/a>\u00a0for Office 365 (MDO) v\u00e0 Microsoft Teams.<\/p>\n

<\/p>\n

Theo l\u1ed9 tr\u00ecnh Microsoft 365 g\u1ea7n \u0111\u00e2y, t\u00ednh n\u0103ng b\u1ea3o v\u1ec7 li\u00ean k\u1ebft m\u1edbi b\u1eaft \u0111\u1ea7u tri\u1ec3n khai v\u1edbi b\u1ea3n xem tr\u01b0\u1edbc (preview) c\u00f4ng khai cho ng\u01b0\u1eddi d\u00f9ng m\u00e1y t\u00ednh \u0111\u1ec3 b\u00e0n (PC), Android, web, iOS v\u00e0o th\u00e1ng 9\/2025 v\u00e0 d\u1ef1 ki\u1ebfn \u200b\u200bs\u1ebd c\u00f3 m\u1eb7t r\u1ed9ng r\u00e3i v\u00e0o th\u00e1ng 11\/2025.<\/p>\n

CISA c\u1ea3nh b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng RCE c\u1ee7a Dassault \u0111ang b\u1ecb khai th\u00e1c t\u00edch c\u1ef1c<\/strong><\/p>\n

C\u01a1 quan An ninh m\u1ea1ng v\u00e0 C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng M\u1ef9 (CISA) \u0111ang c\u1ea3nh b\u00e1o v\u1ec1 vi\u1ec7c tin t\u1eb7c khai th\u00e1c l\u1ed7 h\u1ed5ng RCE quan tr\u1ecdng (CVE-2025-5086, \u0111i\u1ec3m CVSS: 9.0) trong DELMIA Apriso, m\u1ed9t gi\u1ea3i ph\u00e1p qu\u1ea3n l\u00fd ho\u1ea1t \u0111\u1ed9ng s\u1ea3n xu\u1ea5t (MOM) v\u00e0 th\u1ef1c thi (MES) c\u1ee7a c\u00f4ng ty Dassault Syst\u00e8mes (Ph\u00e1p).<\/p>\n

L\u1ed7 h\u1ed5ng CVE-2025-5086 l\u00e0 m\u1ed9t l\u1ed7i h\u1ee7y tu\u1ea7n t\u1ef1 h\u00f3a d\u1eef li\u1ec7u kh\u00f4ng \u0111\u00e1ng tin c\u1eady c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn RCE. L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n bao g\u1ed3m vi\u1ec7c g\u1eedi y\u00eau c\u1ea7u SOAP \u0111\u1ed9c h\u1ea1i \u0111\u1ebfn c\u00e1c \u0111i\u1ec3m cu\u1ed1i d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng \u0111\u1ec3 t\u1ea3i v\u00e0 th\u1ef1c thi t\u1ec7p th\u1ef1c thi .NET m\u00e3 h\u00f3a Base64, n\u00e9n GZIP v\u00e0 nh\u00fang trong XML.<\/p>\n

Th\u01b0\u1ee3ng ngh\u1ecb s\u0129 M\u1ef9 c\u00e1o bu\u1ed9c Microsoft \u201cthi\u1ebfu s\u00f3t nghi\u00eam tr\u1ecdng v\u1ec1 an ninh m\u1ea1ng\u201d<\/strong><\/p>\n

Tu\u1ea7n qua, Th\u01b0\u1ee3ng ngh\u1ecb s\u0129 M\u1ef9 Ron Wyden \u0111\u00e3 g\u1eedi th\u01b0 cho \u1ee6y ban Th\u01b0\u01a1ng m\u1ea1i Li\u00ean bang (FTC), y\u00eau c\u1ea7u c\u01a1 quan n\u00e0y \u0111i\u1ec1u tra Microsoft v\u00ec \u0111\u00e3 kh\u00f4ng th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng quy\u1ebft \u0111o\u00e1n trong m\u1ed9t th\u1eddi gian d\u00e0i \u0111\u1ec3 gi\u1ea3m thi\u1ec3u hi\u1ec7u qu\u1ea3 c\u00e1c r\u1ee7i ro b\u1ea3o m\u1eadt, d\u1eabn \u0111\u1ebfn c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n v\u00e0o c\u00e1c t\u1ed5 ch\u1ee9c\u00a0ch\u0103m s\u00f3c s\u1ee9c kh\u1ecfe<\/a>, nh\u01b0 v\u1ee5 t\u1ea5n c\u00f4ng Ascension Health n\u0103m 2024, l\u00e0m m\u1ea5t d\u1eef li\u1ec7u c\u1ee7a 5,6 tri\u1ec7u b\u1ec7nh nh\u00e2n.<\/p>\n

Panama ti\u1ebft l\u1ed9 v\u1ee5 vi ph\u1ea1m do m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n INC g\u00e2y ra<\/strong><\/p>\n

Ng\u00e0y 11\/9, B\u1ed9 Kinh t\u1ebf v\u00e0 T\u00e0i ch\u00ednh Panama (MEF) ti\u1ebft l\u1ed9 r\u1eb1ng m\u1ed9t trong nh\u1eefng m\u00e1y t\u00ednh c\u1ee7a h\u1ecd c\u00f3 th\u1ec3 \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp trong m\u1ed9t cu\u1ed9c\u00a0t\u1ea5n c\u00f4ng m\u1ea1ng<\/a>. MEF cho bi\u1ebft d\u1eef li\u1ec7u c\u00e1 nh\u00e2n v\u00e0 d\u1eef li\u1ec7u c\u1ee7a t\u1ed5 ch\u1ee9c \u0111\u1ec1u an to\u00e0n, \u0111\u1ed3ng th\u1eddi nh\u1ea5n m\u1ea1nh c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt \u0111\u1ec1u \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u1ec3 ng\u0103n ng\u1eeba c\u00e1c s\u1ef1 c\u1ed1 trong t\u01b0\u01a1ng lai.<\/p>\n

Tuy nhi\u00ean, nh\u00f3m tin t\u1eb7c m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n INC \u0111\u00e3 tuy\u00ean b\u1ed1 t\u1ea5n c\u00f4ng MEF trong m\u1ed9t b\u00e0i \u0111\u0103ng tr\u00ean trang web r\u00f2 r\u1ec9 d\u1eef li\u1ec7u c\u1ee7a m\u00ecnh. Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng cho bi\u1ebft \u0111\u00e3 \u0111\u00e1nh c\u1eafp h\u01a1n 1,5 TB d\u1eef li\u1ec7u t\u1eeb h\u1ec7 th\u1ed1ng c\u1ee7a MEF, bao g\u1ed3m email, t\u00e0i li\u1ec7u t\u00e0i ch\u00ednh, chi ti\u1ebft ng\u00e2n s\u00e1ch,\u2026 Nh\u00f3m n\u00e0y c\u0169ng \u0111\u00e3 th\u00eam MEF v\u00e0o danh s\u00e1ch n\u1ea1n nh\u00e2n tr\u00ean dark web v\u00e0o ng\u00e0y 5\/9 v\u00e0 l\u00e0m r\u00f2 r\u1ec9 c\u00e1c m\u1eabu d\u1eef li\u1ec7u d\u01b0\u1edbi d\u1ea1ng t\u00e0i li\u1ec7u n\u1ed9i b\u1ed9 l\u00e0m b\u1eb1ng ch\u1ee9ng v\u1ec1 v\u1ee5 vi ph\u1ea1m.<\/p>\n

H\u00e0ng tr\u0103m l\u1ed7 h\u1ed5ng XSS v\u1eabn \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y trong c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a Microsoft<\/strong><\/p>\n

L\u1ed7 h\u1ed5ng\u00a0XSS<\/a>\u00a0\u0111\u00e3 t\u1ed3n t\u1ea1i h\u01a1n hai th\u1eadp k\u1ef7, nh\u01b0ng ch\u00fang v\u1eabn ti\u1ebfp t\u1ee5c ph\u1ed5 bi\u1ebfn trong c\u00e1c d\u1ecbch v\u1ee5 tr\u1ef1c tuy\u1ebfn. Microsoft \u0111\u00e3 ph\u00e1t hi\u1ec7n g\u1ea7n 1.000 l\u1ed7 h\u1ed5ng XSS \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 c\u1ee7a h\u00e3ng k\u1ec3 t\u1eeb \u0111\u1ea7u th\u00e1ng 01\/2024. Trong n\u0103m qua, g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 \u0111\u00e3 chi tr\u1ea3 h\u01a1n 900.000 USD ti\u1ec1n th\u01b0\u1edfng cho c\u00e1c l\u1ed7 h\u1ed5ng XSS, v\u1edbi ph\u1ea7n th\u01b0\u1edfng cao nh\u1ea5t l\u00e0 20.000 USD.<\/p>\n

FortiGuard Labs c\u00f4ng b\u1ed1 b\u00e1o c\u00e1o v\u1ec1 MostereRAT<\/strong><\/p>\n

FortiGuard Labs \u0111\u00e3 c\u00f4ng b\u1ed1 m\u1ed9t ph\u00e2n t\u00edch v\u1ec1 MostereRAT.\u00a0Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt tinh vi, ch\u1eb3ng h\u1ea1n nh\u01b0 t\u00edch h\u1ee3p ch\u01b0\u01a1ng tr\u00ecnh EPL, \u1ea9n ph\u01b0\u01a1ng th\u1ee9c t\u1ea1o d\u1ecbch v\u1ee5, ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng AV v\u00e0 chuy\u1ec3n sang c\u00e1c c\u00f4ng c\u1ee5 truy c\u1eadp t\u1eeb xa h\u1ee3p ph\u00e1p nh\u01b0 AnyDesk, tightVNC v\u00e0 RDP Wrapper \u0111\u1ec3 ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng c\u1ee7a n\u1ea1n nh\u00e2n.<\/p>\n

Cisco v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng c\u1ee7a IOS XR<\/strong><\/p>\n

Ng\u00e0y 10\/9,\u00a0Cisco<\/a>\u00a0\u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 \u0111\u1ec3 kh\u1eafc ph\u1ee5c ba l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt trong ph\u1ea7n m\u1ec1m IOS XR c\u1ee7a h\u00e3ng. \u0110\u01b0\u1ee3c theo d\u00f5i v\u1edbi m\u00e3 \u0111\u1ecbnh danh CVE-2025-20248 (\u0111i\u1ec3m CVSS: 6.0), l\u1ed7 h\u1ed5ng \u0111\u1ea7u ti\u00ean l\u00e0 s\u1ef1 c\u1ed1 x\u1ea3y ra trong qu\u00e1 tr\u00ecnh c\u00e0i \u0111\u1eb7t IOS XR, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng bypass x\u00e1c minh ch\u1eef k\u00fd h\u00ecnh \u1ea3nh.<\/p>\n

S\u1ef1 c\u1ed1 IOS XR th\u1ee9 hai \u0111\u01b0\u1ee3c gi\u1ea3i quy\u1ebft trong tu\u1ea7n n\u00e0y l\u00e0 CVE-2025-20340 (\u0111i\u1ec3m CVSS: 7.4), m\u1ed9t l\u1ed7i trong qu\u00e1 tr\u00ecnh tri\u1ec3n khai giao th\u1ee9c ARP c\u1ee7a ph\u1ea7n m\u1ec1m, c\u00f3 th\u1ec3 b\u1ecb nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng ch\u01b0a x\u00e1c th\u1ef1c khai th\u00e1c \u0111\u1ec3 g\u00e2y ra t\u00ecnh tr\u1ea1ng DoS. L\u1ed7i b\u1ea3o m\u1eadt th\u1ee9 ba v\u1edbi m\u00e3 CVE-2025-20159 (\u0111i\u1ec3m CVSS: 5.3), \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u00ednh n\u0103ng x\u1eed l\u00fd ACL c\u1ee7a IOS XR, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng t\u1eeb xa ch\u01b0a x\u00e1c th\u1ef1c g\u1eedi l\u01b0u l\u01b0\u1ee3ng \u0111\u1ebfn thi\u1ebft b\u1ecb d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng v\u00e0 bypass ACL \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh cho c\u00e1c t\u00ednh n\u0103ng SSH, NetConf v\u00e0 gRPC.<\/p>\n

Ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng Cursor<\/strong><\/p>\n

C\u0169ng trong tu\u1ea7n qua, c\u00f4ng ty an ninh m\u1ea1ng Oasis Security (Israel) cho bi\u1ebft \u0111\u00e3 ph\u00e1t hi\u1ec7n m\u1ed9t l\u1ed7 h\u1ed5ng trong tr\u00ecnh so\u1ea1n th\u1ea3o m\u00e3 AI Cursor, cho ph\u00e9p m\u1ed9t kho l\u01b0u tr\u1eef \u0111\u1ed9c h\u1ea1i th\u1ef1c thi m\u00e3 t\u00f9y \u00fd khi \u0111\u01b0\u1ee3c m\u1edf b\u1eb1ng Cursor. D\u1ef1 \u00e1n \u0111\u1ed9c h\u1ea1i n\u00e0y bao g\u1ed3m m\u1ed9t l\u1ec7nh \u1ea9n \u201ct\u1ef1 \u0111\u1ed9ng ch\u1ea1y\u201d, y\u00eau c\u1ea7u Cursor th\u1ef1c thi m\u1ed9t t\u00e1c v\u1ee5 ngay khi th\u01b0 m\u1ee5c \u0111\u01b0\u1ee3c m\u1edf m\u00e0 kh\u00f4ng c\u1ea7n s\u1ef1 cho ph\u00e9p r\u00f5 r\u00e0ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. Cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e3 \u0111\u01b0\u1ee3c ng\u0103n ch\u1eb7n nh\u1edd t\u00ednh n\u0103ng Workspace Trust c\u1ee7a Cursor.<\/p>\n

Apple ra m\u1eaft t\u00ednh n\u0103ng b\u1ea3o v\u1ec7 b\u1ed9 nh\u1edb iPhone \u0111\u1ec3 ch\u1ed1ng l\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng tinh vi<\/strong><\/p>\n

Ng\u00e0y 9\/9,\u00a0Apple<\/a>\u00a0\u0111\u00e3 ra m\u1eaft \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh iPhone 17 v\u00e0 iPhone Air m\u1edbi, bao g\u1ed3m t\u00ednh n\u0103ng b\u1ea3o v\u1ec7 b\u1ed9 nh\u1edb m\u1edbi \u0111\u1ec3 b\u1ea3o v\u1ec7 thi\u1ebft b\u1ecb kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p tinh vi. T\u00ednh n\u0103ng m\u1edbi n\u00e0y \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 Memory Integrity Enforcement (MIE), nh\u1eb1m m\u1ee5c \u0111\u00edch khi\u1ebfn vi\u1ec7c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n \u0111\u00e1ng k\u1ec3. Theo Apple, t\u00ednh n\u0103ng MIE t\u1eadn d\u1ee5ng Enhanced Memory Tagging Extension (EMTE) c\u1ee7a Arm, \u0111\u01b0\u1ee3c g\u00e3 kh\u1ed5ng l\u1ed3 chip n\u00e0y ph\u00e1t h\u00e0nh v\u00e0o n\u0103m 2022, d\u01b0\u1edbi d\u1ea1ng b\u1ea3n c\u1eadp nh\u1eadt th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt Memory Tagging Extension (MTE) n\u0103m 2019.<\/p>\n

B\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt Chrome m\u1edbi v\u00e1 l\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 t\u1eeb xa nghi\u00eam tr\u1ecdng<\/strong><\/p>\n

Tu\u1ea7n n\u00e0y, Google \u0111\u00e3 tung ra b\u1ea3n c\u1eadp nh\u1eadt\u00a0Chrome<\/a>\u00a0\u0111\u1ec3 kh\u1eafc ph\u1ee5c 02 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, trong \u0111\u00f3 nghi\u00eam tr\u1ecdng nh\u1ea5t l\u00e0 CVE-2025-10200. \u0110\u00e2y l\u00e0 lo\u1ea1i l\u1ed7 h\u1ed5ng Use-After-Free trong th\u00e0nh ph\u1ea7n Serviceworke v\u00e0 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 nghi\u00eam tr\u1ecdng. L\u1ed7 h\u1ed5ng n\u00e0y x\u1ea3y ra khi m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh c\u1ed1 g\u1eafng s\u1eed d\u1ee5ng b\u1ed9 nh\u1edb sau khi \u0111\u00e3 gi\u1ea3i ph\u00f3ng, \u0111i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn s\u1ef1 c\u1ed1, h\u1ecfng d\u1eef li\u1ec7u ho\u1eb7c trong tr\u01b0\u1eddng h\u1ee3p x\u1ea5u nh\u1ea5t l\u00e0\u00a0th\u1ef1c thi m\u00e3 t\u1eeb xa<\/a>.<\/p>\n<\/article>\n","protected":false},"excerpt":{"rendered":"

\u00a0H\u1ed3ng \u0110\u1ea1t T\u1ea1p ch\u00ed An to\u00e0n th\u00f4ng tin gi\u1edbi thi\u1ec7u to\u00e0n c\u1ea3nh v\u1ec1 nh\u1eefng s\u1ef1 ki\u1ec7n, tin t\u1ee9c n\u1ed5i b\u1eadt v\u1ec1 b\u1ea3o m\u1eadt v\u00e0 an to\u00e0n th\u00f4ng tin trong Tu\u1ea7n 37 (8\/9 – 14\/9), B\u1ea3n tin g\u1ed3m c\u00e1c s\u1ef1 ki\u1ec7n an to\u00e0n th\u00f4ng tin n\u1ed5i b\u1eadt trong n\u01b0\u1edbc v\u00e0 qu\u1ed1c t\u1ebf. Trong tu\u1ea7n qua, Ph\u00f3 […]<\/p>\n","protected":false},"author":20,"featured_media":46694,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[4,24,35],"tags":[],"class_list":["post-46693","post","type-post","status-publish","format-standard","has-post-thumbnail","category-kien-thuc-an-toan-thong-tin","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46693"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46693\/revisions"}],"predecessor-version":[{"id":46695,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46693\/revisions\/46695"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46694"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}