{"id":47619,"date":"2026-03-28T15:08:49","date_gmt":"2026-03-28T08:08:49","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47619"},"modified":"2026-03-31T15:09:39","modified_gmt":"2026-03-31T08:09:39","slug":"lo-hong-moi-cua-claude-chi-can-vao-web-doc-hai-la-dinh-tan-cong","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/lo-hong-moi-cua-claude-chi-can-vao-web-doc-hai-la-dinh-tan-cong\/","title":{"rendered":"L\u1ed7 h\u1ed5ng m\u1edbi c\u1ee7a Claude: Ch\u1ec9 c\u1ea7n v\u00e0o web \u0111\u1ed9c h\u1ea1i l\u00e0 d\u00ednh t\u1ea5n c\u00f4ng"},"content":{"rendered":"
M\u1ed9t l\u1ed7 h\u1ed5ng \u0111\u00e1ng lo ng\u1ea1i v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n tr\u00ean ti\u1ec7n \u00edch tr\u00ecnh duy\u1ec7t c\u1ee7a tr\u1ee3 l\u00fd AI Claude do Anthropic ph\u00e1t tri\u1ec3n. Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, ch\u1ec9 c\u1ea7n truy c\u1eadp m\u1ed9t trang web \u0111\u1ed9c h\u1ea1i, ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 v\u00f4 t\u00ecnh \u0111\u1ec3 hacker g\u1eedi l\u1ec7nh \u0111i\u1ec1u khi\u1ec3n AI m\u00e0 kh\u00f4ng h\u1ec1 hay bi\u1ebft. Trong b\u1ed1i c\u1ea3nh c\u00e1c tr\u1ee3 l\u00fd AI ng\u00e0y c\u00e0ng \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u00e2u v\u00e0o tr\u00ecnh duy\u1ec7t v\u00e0 h\u1ec7 th\u1ed1ng l\u00e0m vi\u1ec7c, \u0111\u00e2y \u0111\u01b0\u1ee3c xem l\u00e0 m\u1ed9t b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng m\u1edbi, c\u00f3 gi\u00e1 tr\u1ecb cao \u0111\u1ed1i v\u1edbi tin t\u1eb7c.<\/b>
\n\u200b<\/div>\n
\n
\"1774585195162.png\"<\/div>\n

\u1ea2nh: Internet<\/i>\u200b<\/div>\n

\nL\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1eeb Koi Security ph\u00e1t hi\u1ec7n, v\u1edbi t\u00ean g\u1ecdi\u00a0ShadowPrompt<\/b>. N\u00f3 \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn ti\u1ec7n \u00edch Claude tr\u00ean tr\u00ecnh duy\u1ec7t Google Chrome. B\u1ea3n ch\u1ea5t c\u1ee7a l\u1ed7 h\u1ed5ng n\u1eb1m \u1edf vi\u1ec7c ti\u1ec7n \u00edch n\u00e0y tin t\u01b0\u1edfng qu\u00e1 m\u1ee9c v\u00e0o m\u1ed9t s\u1ed1 ngu\u1ed3n d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o, d\u1eabn \u0111\u1ebfn vi\u1ec7c b\u1ea5t k\u1ef3 website n\u00e0o c\u0169ng c\u00f3 th\u1ec3 \u201cgi\u1ea3 danh\u201d ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 g\u1eedi l\u1ec7nh (prompt) t\u1edbi AI.<\/p>\n

L\u1ed7 h\u1ed5ng kh\u00f4ng y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n b\u1ea5t k\u1ef3 thao t\u00e1c n\u00e0o nh\u01b0 click hay c\u1ea5p quy\u1ec1n. Ch\u1ec9 c\u1ea7n truy c\u1eadp trang web \u0111\u1ed9c h\u1ea1i, qu\u00e1 tr\u00ecnh t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u1ef1 \u0111\u1ed9ng di\u1ec5n ra.\u200b<\/p><\/div>\n

Nguy\u00ean nh\u00e2n k\u1ef9 thu\u1eadt: V\u00ec sao l\u1ea1i x\u1ea3y ra?<\/b>\u200b<\/div>\n
ShadowPrompt th\u1ef1c ch\u1ea5t l\u00e0 s\u1ef1 k\u1ebft h\u1ee3p c\u1ee7a hai \u0111i\u1ec3m y\u1ebfu:\u200b<\/div>\n
    \n
  • \n
    C\u01a1 ch\u1ebf ki\u1ec3m tra ngu\u1ed3n qu\u00e1 l\u1ecfng l\u1ebbo, cho ph\u00e9p m\u1ecdi t\u00ean mi\u1ec1n con d\u1ea1ng “*[.]claude[.]ai” \u0111\u1ec1u \u0111\u01b0\u1ee3c g\u1eedi l\u1ec7nh t\u1edbi AI\u200b<\/div>\n<\/li>\n
  • \n
    M\u1ed9t l\u1ed7 h\u1ed5ng XSS trong th\u00e0nh ph\u1ea7n CAPTCHA c\u1ee7a Arkose Labs, cho ph\u00e9p th\u1ef1c thi m\u00e3 JavaScript \u0111\u1ed9c h\u1ea1i\u200b<\/div>\n<\/li>\n<\/ul>\n
    S\u1ef1 k\u1ebft h\u1ee3p n\u00e0y t\u1ea1o ra m\u1ed9t chu\u1ed7i t\u1ea5n c\u00f4ng ho\u00e0n ch\u1ec9nh, n\u01a1i m\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 ch\u1ea1y trong ng\u1eef c\u1ea3nh h\u1ee3p l\u1ec7 v\u00e0 g\u1eedi l\u1ec7nh tr\u1ef1c ti\u1ebfp t\u1edbi Claude.\u200b<\/div>\n
    C\u01a1 ch\u1ebf khai th\u00e1c: T\u1ea5n c\u00f4ng di\u1ec5n ra nh\u01b0 th\u1ebf n\u00e0o?<\/b>\u200b<\/div>\n
    Qu\u00e1 tr\u00ecnh khai th\u00e1c \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf tinh vi nh\u01b0ng l\u1ea1i r\u1ea5t \u201c\u00e2m th\u1ea7m\u201d:<\/p>\n

    K\u1ebb t\u1ea5n c\u00f4ng nh\u00fang m\u1ed9t th\u00e0nh ph\u1ea7n web ch\u1ee9a l\u1ed7 h\u1ed5ng v\u00e0o trang \u0111\u1ed9c h\u1ea1i, th\u01b0\u1eddng d\u01b0\u1edbi d\u1ea1ng m\u1ed9t iframe \u1ea9n m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng nh\u00ecn th\u1ea5y. Th\u00f4ng qua l\u1ed7 h\u1ed5ng XSS, h\u1ecd ch\u00e8n m\u00e3 JavaScript c\u00f3 kh\u1ea3 n\u0103ng g\u1eedi l\u1ec7nh t\u1edbi ti\u1ec7n \u00edch Claude.<\/p>\n

    Do ti\u1ec7n \u00edch tin t\u01b0\u1edfng ngu\u1ed3n g\u1eedi l\u00e0 h\u1ee3p l\u1ec7, l\u1ec7nh n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c x\u1eed l\u00fd nh\u01b0 th\u1ec3 ch\u00ednh ng\u01b0\u1eddi d\u00f9ng nh\u1eadp v\u00e0o. To\u00e0n b\u1ed9 qu\u00e1 tr\u00ecnh di\u1ec5n ra trong n\u1ec1n, kh\u00f4ng hi\u1ec3n th\u1ecb c\u1ea3nh b\u00e1o hay d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng. K\u1ebft qu\u1ea3 l\u00e0 AI c\u00f3 th\u1ec3 b\u1ecb \u0111i\u1ec1u khi\u1ec3n m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng h\u1ec1 hay bi\u1ebft.\u200b<\/p><\/div>\n

    R\u1ee7i ro v\u00e0 h\u1eadu qu\u1ea3 khi b\u1ecb khai th\u00e1c<\/b>\u200b<\/div>\n
    N\u1ebfu b\u1ecb khai th\u00e1c th\u00e0nh c\u00f4ng, l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nhi\u1ec1u h\u1ec7 qu\u1ea3 nghi\u00eam tr\u1ecdng:\u200b<\/div>\n
      \n
    • \n
      \u0110\u00e1nh c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m nh\u01b0 token \u0111\u0103ng nh\u1eadp\u200b<\/div>\n<\/li>\n
    • \n
      Truy c\u1eadp l\u1ecbch s\u1eed h\u1ed9i tho\u1ea1i v\u1edbi AI\u200b<\/div>\n<\/li>\n
    • \n
      Th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng thay ng\u01b0\u1eddi d\u00f9ng (g\u1eedi email, y\u00eau c\u1ea7u th\u00f4ng tin, thao t\u00e1c tr\u00ean web)\u200b<\/div>\n<\/li>\n
    • \n
      L\u1ee3i d\u1ee5ng AI nh\u01b0 m\u1ed9t \u201cc\u00f4ng c\u1ee5 n\u1ed9i gi\u00e1n\u201d trong tr\u00ecnh duy\u1ec7t\u200b<\/div>\n<\/li>\n<\/ul>\n
      \u0110i\u1ec3m nguy hi\u1ec3m n\u1eb1m \u1edf ch\u1ed7 AI ng\u00e0y c\u00e0ng c\u00f3 quy\u1ec1n truy c\u1eadp s\u00e2u v\u00e0o d\u1eef li\u1ec7u v\u00e0 h\u00e0nh vi ng\u01b0\u1eddi d\u00f9ng. Khi b\u1ecb chi\u1ebfm quy\u1ec1n, n\u00f3 c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh m\u1ed9t t\u00e1c nh\u00e2n t\u1ef1 \u0111\u1ed9ng th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng nguy hi\u1ec3m.\u200b<\/div>\n
      M\u1ee9c \u0111\u1ed9 \u1ea3nh h\u01b0\u1edfng v\u00e0 ph\u1ea1m vi r\u1ee7i ro<\/b>\u200b<\/div>\n
      L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec:\u200b<\/div>\n
        \n
      • \n
        Kh\u00f4ng c\u1ea7n t\u01b0\u01a1ng t\u00e1c ng\u01b0\u1eddi d\u00f9ng\u200b<\/div>\n<\/li>\n
      • \n
        Kh\u00f3 ph\u00e1t hi\u1ec7n b\u1eb1ng m\u1eaft th\u01b0\u1eddng\u200b<\/div>\n<\/li>\n
      • \n
        T\u1eadn d\u1ee5ng ch\u00ednh c\u01a1 ch\u1ebf tin c\u1eady c\u1ee7a h\u1ec7 th\u1ed1ng\u200b<\/div>\n<\/li>\n<\/ul>\n
        Kh\u1eafc ph\u1ee5c v\u00e0 khuy\u1ebfn ngh\u1ecb t\u1eeb chuy\u00ean gia<\/b>
        \nNgay sau khi \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o v\u00e0o cu\u1ed1i th\u00e1ng 12\/2025, Anthropic \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho ti\u1ec7n \u00edch Claude (phi\u00ean b\u1ea3n 1.0.41), si\u1ebft ch\u1eb7t ki\u1ec3m tra ngu\u1ed3n truy c\u1eadp, ch\u1ec9 cho ph\u00e9p domain ch\u00ednh x\u00e1c. Ph\u00eda Arkose Labs c\u0169ng \u0111\u00e3 kh\u1eafc ph\u1ee5c l\u1ed7 h\u1ed5ng XSS li\u00ean quan.<\/p>\n

        C\u00e1c chuy\u00ean gia khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00f9ng:\u200b<\/p><\/div>\n

          \n
        • \n
          C\u1eadp nh\u1eadt ti\u1ec7n \u00edch Claude l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t\u200b<\/div>\n<\/li>\n
        • \n
          H\u1ea1n ch\u1ebf truy c\u1eadp c\u00e1c website kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c\u200b<\/div>\n<\/li>\n
        • \n
          Th\u1eadn tr\u1ecdng v\u1edbi c\u00e1c n\u1ed9i dung nh\u00fang ho\u1eb7c trang web l\u1ea1\u200b<\/div>\n<\/li>\n
        • \n
          Nh\u1eadn th\u1ee9c r\u1eb1ng AI c\u0169ng l\u00e0 m\u1ed9t \u201c\u0111i\u1ec3m t\u1ea5n c\u00f4ng\u201d c\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7\u200b<\/div>\n<\/li>\n<\/ul>\n
          S\u1ef1 c\u1ed1 ShadowPrompt cho th\u1ea5y m\u1ed9t th\u1ef1c t\u1ebf m\u1edbi trong an ninh m\u1ea1ng. Khi AI ng\u00e0y c\u00e0ng tr\u1edf n\u00ean th\u00f4ng minh v\u00e0 c\u00f3 quy\u1ec1n truy c\u1eadp s\u00e2u h\u01a1n v\u00e0o h\u1ec7 th\u1ed1ng, n\u00f3 c\u0169ng tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng h\u1ea5p d\u1eabn h\u01a1n bao gi\u1edd h\u1ebft. M\u1ed9t l\u1ed7 h\u1ed5ng nh\u1ecf trong c\u01a1 ch\u1ebf tin c\u1eady c\u00f3 th\u1ec3 bi\u1ebfn tr\u1ee3 l\u00fd AI th\u00e0nh c\u00f4ng c\u1ee5 b\u1ecb l\u1ee3i d\u1ee5ng m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng h\u1ec1 nh\u1eadn ra.\u200b<\/div>\n
          Theo The Hacker News<\/b><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"

          M\u1ed9t l\u1ed7 h\u1ed5ng \u0111\u00e1ng lo ng\u1ea1i v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n tr\u00ean ti\u1ec7n \u00edch tr\u00ecnh duy\u1ec7t c\u1ee7a tr\u1ee3 l\u00fd AI Claude do Anthropic ph\u00e1t tri\u1ec3n. Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, ch\u1ec9 c\u1ea7n truy c\u1eadp m\u1ed9t trang web \u0111\u1ed9c h\u1ea1i, ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 v\u00f4 t\u00ecnh \u0111\u1ec3 hacker g\u1eedi l\u1ec7nh \u0111i\u1ec1u khi\u1ec3n AI m\u00e0 kh\u00f4ng h\u1ec1 hay […]<\/p>\n","protected":false},"author":20,"featured_media":47620,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,35],"tags":[],"class_list":["post-47619","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47619"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47619\/revisions"}],"predecessor-version":[{"id":47621,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47619\/revisions\/47621"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47620"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47619"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}