Home
1
Hot News2
https://www.kjintelligent.com/en/ KJ Intelligent Corp.
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Citrix 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。二、存在風險         Citrix 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:NetScaler ADC 和 NetScaler Gateway  14.1-66.54 版本NetScaler ADC 和 NetScaler Gateway 14.1 中 14.1-60.58 之前的版本NetScaler ADC 和 NetScaler Gateway 13.1 中 13.1-62.23 之前的版本NetScaler ADC FIPS 和 NDcPP 中 13.1-37.262 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請將 NetScaler ADC 和 NetScaler Gateway 14.1 中 14.1-60.58 之前的版本更新至 14.1-60.58。請將 NetScaler ADC and NetScaler Gateway 14.1-66.54 版本更新至14.1-66.59 或更高版本。請將 NetScaler ADC and NetScaler Gateway 13.1 中 13.1-62.23 之前的版本更新至 13.1-62.23 或更高版本。請將 NetScaler ADC 13.1-FIPS 和 13.1-NDcPP 中 13.1-37.262 之前的版本更新至 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP。       情資報告連結:https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 https://www.kjintelligent.com/en/hot_532868.html [資安漏洞通知-CIO]_Citrix 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532868.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco 旗下整合管理控制器( Integrated Management Controller,IMC)是一款專門為Cisco整合運算系統的伺服器設計管理工具,提供伺服器遠端監控、配置和管理功能,近日Cisco發布重大資安公告(CVE-2026-20093,CVSS:9.8 和 CVE-2026-20094,CVSS:8.8)。CVE-2026-20093為身分驗證繞過漏洞,可能允許未經身分驗證的遠端攻擊者繞過身分驗證,並以管理員身分存取系統;CVE-2026-20094存在於IMC的Web管理介面,此為命令注入漏洞,經身分驗證的遠端攻擊者可能在受影響的底層作業系統上,執行任意程式碼或命令,並將權限提升至root。◎建議措施:根據官方網站釋出的解決方式進行修補:【CVE-2026-20093】https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn【CVE-2026-20094】https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt3. https://nvd.nist.gov/vuln/detail/CVE-2026-200934. https://nvd.nist.gov/vuln/detail/CVE-2026-20094 https://www.kjintelligent.com/en/hot_532855.html [TWCERT 分享資安情資]_Cisco旗下Integrated Management Controller 存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532855.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532855.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532855.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】近日Cisco針對Smart Software Manager發布重大資安公告(CVE-2026-20160,CVSS:9.8),該漏洞可能允許未經身分驗證的遠端攻擊者於底層作業系統上執行任意命令。◎建議措施:請更新至以下版本:Cisco Smart Software Manager On-Prem 9-202601 (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr2. https://nvd.nist.gov/vuln/detail/CVE-2026-20160 https://www.kjintelligent.com/en/hot_532854.html [TWCERT 分享資安情資]_Cisco旗下Smart Software Manager(本機部署版)存在重大資安漏洞(CVE-2026-20160) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532854.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532854.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532854.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        GitLab 發現存在漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、洩露敏感資料、跨網站指令碼、資料篡改及繞過身份驗證。二、存在風險         GitLab 發現存在漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、洩露敏感資料、跨網站指令碼、資料篡改及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.10.1, 18.9.3, 18.8.7 以前的版本GitLab Enterprise Edition (EE) 18.10.1, 18.9.3, 18.8.7 以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/ https://www.kjintelligent.com/en/hot_532867.html [資安漏洞通知-CIO]_GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532867.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532867.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532867.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、敏感資料洩露及資料篡改。二、存在風險         TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、敏感資料洩露及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Archer AX53 v1 的 V1_251029 之前的版本Archer NX200 v1.0 的 1.8.0 Build 260311 之前的版本Archer NX200 v2.0 的 1.3.0 Build 260311 之前的版本Archer NX200 v2.20 的 1.3.0 Build 260311 之前的版本Archer NX200 v3.0 的 1.3.0 Build 260309 之前的版本Archer NX210 v2.0 的 1.3.0 Build 260311 之前的版本Archer NX210 v2.20 的 1.3.0 Build 260311 之前的版本Archer NX210 v3.0 的 1.3.0 Build 260309 之前的版本Archer NX500 v1.0 的 1.3.0 Build 260311 之前的版本Archer NX500 v2.0 的 1.5.0 Build 260309 之前的版本Archer NX600 v1.0 的 1.4.0 Build 260311 之前的版本Archer NX600 v2.0 的 1.3.0 Build 260311 之前的版本Archer NX600 v3.0 的 1.3.0 Build 260309 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.tp-link.com/us/support/faq/5025/https://www.tp-link.com/us/support/faq/5027/ https://www.kjintelligent.com/en/hot_532866.html [資安漏洞通知-CIO]_TP-Link 路由器存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532866.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】FortiClientEMS是Fortinet旗下一款端點管理伺服器,用於集中管理 FortiClient 代理程式,支持端點部署、設定與監控。近日發布重大資安漏洞公告(CVE-2026-35616,CVSS:9.8),此為不當存取控制漏洞,可能允許未經身分驗證的攻擊者,透過精心建構的請求執行未經授權的程式碼或命令。◎建議措施:請更新至以下版本:FortiClientEMS 7.4.7(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-26-0992. https://nvd.nist.gov/vuln/detail/CVE-2026-35616 https://www.kjintelligent.com/en/hot_532853.html [TWCERT 分享資安情資]_FortiClientEMS存在重大資安漏洞(CVE-2026-35616) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532853.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532853.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532853.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Juniper Networks CTP OS 存在重大資安漏洞(CVE-2026-33771,CVSS 4.x:9.1),此為弱密碼要求漏洞,可能允許未經身分驗證的網路攻擊者,利用本機帳號的弱密碼取得設備控制權。◎建議措施:請更新至以下版本:Juniper Networks CTP OS 9.3R1(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771 https://www.kjintelligent.com/en/hot_532860.html [TWCERT 分享資安情資]_Juniper Networks CTP OS 存在重大資安漏洞(CVE-2026-33771) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532860.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532860.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532860.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
KJ Intelligent and Cloud Intelligent Operation jointly launch cybersecurity integration solution Defend against cyberattacks and help businesses effectively enhance their cybersecurity capabilities during the digital transformation process. https://www.kjintelligent.com/en/hot_496856.html KJ Intelligent and Cloud Intelligent Operation jointly launch cybersecurity integration solution 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_496856.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_496856.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_496856.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】近日Internet Systems Consortium (ISC)針對BIND發布重大資安公告(CVE-2026-3104,CVSS:7.5),此漏洞可透過精心設計的域名,造成BIND解析器中記憶體洩漏。◎建議措施:根據官方網站釋出的解決方式進行修補:https://kb.isc.org/docs/cve-2026-3104◎相關IOC資訊:◎備註:◎參考資料:1. https://kb.isc.org/docs/cve-2026-31042. https://nvd.nist.gov/vuln/detail/CVE-2026-3104 https://www.kjintelligent.com/en/hot_532851.html [TWCERT 分享資安情資]_Internet Systems Consortium (ISC) 的BIND存在重大資安漏洞(CVE-2026-3104) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532851.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532851.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532851.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        IBM WebSphere 產品存在多個漏洞,遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、彷冒、洩露敏感資料、資料篡改及繞過身份驗證。二、存在風險         IBM WebSphere 產品存在多個漏洞,遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、彷冒、洩露敏感資料、資料篡改及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:WebSphere Application Server - Liberty 17.0.0.3 - 26.0.0.3三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.ibm.com/support/pages/node/7267345https://www.ibm.com/support/pages/node/7267347https://www.ibm.com/support/pages/node/7267351https://www.ibm.com/support/pages/node/7267362 https://www.kjintelligent.com/en/hot_532865.html [資安漏洞通知-CIO]_IBM WebSphere 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532865.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532865.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532865.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        思科 IOS XE 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、阻斷服務狀況、遠端執行任意程式碼、繞過身份驗證及權限提升。二、存在風險         思科 IOS XE 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、阻斷服務狀況、遠端執行任意程式碼、繞過身份驗證及權限提升,其影響系統如下:受影響之系統/漏洞描述:思科 IOS XE三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJyhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mntc-dos-LZweQcyqhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGKhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOmhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-dos-sbv8XRpLhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootp-WuBhNBxAhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scp-dos-duAdXtCghttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe_infodis-6J847uEBhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-secureboot-bypass-B6uYxYSZhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-tls-dos-TVgLDEZL https://www.kjintelligent.com/en/hot_532864.html [資安漏洞通知-CIO]__思科 IOS XE 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532864.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532864.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532864.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
科智數位 處於服務第一線 為客戶提供完善的資訊整合方案以及技術支援,深刻感受資訊安全對於企業營運的重要及影響,科智數位 以嚴謹的態度 透過第三方國際驗證公司 通過 ISO / IEC 27001:2022 資訊安全認證,以提供客戶安全及可信賴的資訊服務。目前通過 ISO / IEC 27001:2022 ,證明科智數位能鑑別資訊安全弱點,透過有效的計劃與管理及全體同仁的資訊安全專業能力、資訊安全共識來面對企業內外可能遭遇之資訊安全威脅並確保於最低風險下持續健康營運。 資訊安全政策[資安防護、人人有責].考量公司之核心資訊系統及相關利害關係者之需求及期望,基於保護資訊資產機密性、完整性、可用性為目標,將資訊系統開發維運、軟體專案服務及機房優先納入資訊安全管理範圍,展現本公司永續發展經營管理理念。.為避免因人為疏失、蓄意或天然災害等因素,導致資訊資產不當使用、洩漏、竄改、破壞等情事發生,對本公司帶來可能之風險及危害,應採用組織、人員、技術或實體等面向控制措施適切應對風險。資訊安全目標.維護資訊之機密性、完整性與可用性,並保障個人資料隱私。.保護業務服務資訊,避免未經授權的存取、修改,確保其正確完整。.建立資訊營運持續計畫,以確保業務服務之持續運作。.業務服務執行須符合相關法令或法規之要求。.組織每年依上述目標訂定量化量測項目,填寫於「目標管控及量測表」,依實際執行情形管控。 https://www.kjintelligent.com/en/hot_516037.html KJ Intelligent CORP obtains ISO / IEC 27001:2022 Information Security Certification 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_516037.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_516037.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_516037.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及洩露敏感資料。二、存在風險         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 146.0.3856.84 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 146.0.3856.84 或之後版本。       情資報告連結:https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-26-2026https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4673https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4674https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4675https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4677https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4679https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4680https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187 https://www.kjintelligent.com/en/hot_532863.html [資安漏洞通知-CIO]_Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532863.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532863.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532863.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】近日Palo Alto Networks發布重大資安公告(CVE-2026-0234,CVSS:8.8),Cortex XSOAR 和 Cortex XSIAM 平台整合 Microsoft Teams 時,存在加密簽章不當漏洞,允許未經身分驗證的攻擊者存取或竄改受保護的資源。◎建議措施:請更新至以下版本:Cortex XSIAM Microsoft Teams Marketplace 1.5.52(含)之後版本、Cortex XSOAR Microsoft Teams Marketplace 1.5.52(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://security.paloaltonetworks.com/CVE-2026-02342. https://nvd.nist.gov/vuln/detail/CVE-2026-26234 https://www.kjintelligent.com/en/hot_532861.html [TWCERT 分享資安情資]_Palo Alto Cortex XSIAM / XSOAR 存在重大資安漏洞(CVE-2026-0234) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532861.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532861.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532861.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】 一、摘要         SonicWall Email Security 存在漏洞,其允許攻擊者在取得管理者權限後發動攻擊,進而導致阻斷服務和資料毀損等狀況。   二、存在風險         SonicWall Email Security 存在漏洞,其允許攻擊者在取得管理者權限後發動攻擊,進而導致阻斷服務和資料毀損等狀況,其影響系統如下: 受影響之系統/漏洞描述: Email Security(ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare and Hyper-V) 10.0.34.8215, 10.0.34.8223 and earlier versions CVE-2026-3468:儲存型跨站腳本漏洞 (Stored XSS) 漏洞成因:系統在生成網頁時,未能正確處理使用者輸入的內容 影響:具備管理員權限的遠端攻擊者可以植入惡意的 JavaScript 程式碼。當其他使用者訪問受影響的頁面時,該程式碼會在瀏覽器中執行。 CVE-2026-3469:畸形輸入導致拒絕服務 (DoS) 漏洞成因:系統對輸入資料的驗證機制不完善。 影響:具備管理員權限的遠端攻擊者可以傳送特製的惡意資料,導致 Email Security 設備反應遲鈍或停止服務,造成系統無法正常運作。 CVE-2026-3470:輸入過濾不當導致資料損壞 漏洞成因:系統缺乏正確的輸入清理(Sanitization)機制。 影響:具備管理員權限的遠端攻擊者可以透過傳送精心構造的資料,直接破壞或損寫應用程式的資料庫,進而導致資料遺失或系統錯誤。 三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請將Email Security (ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare and Hyper-V)更新至 10.0.35.8405 或更高版本。        情資報告連結:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 https://www.kjintelligent.com/en/hot_532862.html [資安漏洞通知-CIO]__SonicWall Email Security 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532862.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532862.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532862.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】TWCERT/CC 近期接獲外部情資分享,發現駭客將惡意程式偽裝成IT管理者與開發人員常用之多種工具程式 (如微軟官方工具、網路管理、開發應用程式),放置於GitHub等公共程式碼共享平台上進行傳播,並利用Google SEO搜尋最佳化使網頁於搜尋結果排名靠前,誘使IT管理者與開發人員下載。已知遭偽冒工具程式如下:Tftpd64 (TFTP/DHCP Server)、Postman (API Testing Tool)、WinDbg (Windows Debugger)、PsExec (Remote Execution Tool)、USMT (User State Migration Tool)、IntuneWinAppUtil (Intune Packaging)、BgInfo (Desktop Info Display)、RDCMan (Remote Desktop Manager)◎建議措施:1. 安裝工具程式應從官方正式管道下載檔案(如微軟商店、官方GitHub倉儲)2. 自GitHub倉儲下載前需查看星數、貢獻者歷史紀錄及帳戶建立日期3. 比對程式雜湊值與監控C2 Domain連線紀錄,確保環境無使用惡意程式◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_532850.html [TWCERT 分享資安情資]_駭客透過GitHub散播偽冒之常用工具程式,請留意軟體安全與防護 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532850.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532850.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532850.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2026-3055】Citrix NetScaler Out-of-Bounds Read Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Citrix NetScaler ADC、NetScaler Gateway 以及 NetScaler ADC FIPS 和 NDcPP 在被配置為 SAML IDP時,存在越界讀取漏洞,可能導致記憶體過度讀取。【CVE-2026-5281】Google Dawn Use-After-Free Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Google Dawn 存在使用釋放後記憶體漏洞,可能允許已入侵渲染程序的遠端攻擊者,透過特製的 HTML 頁面執行任意程式碼。此漏洞可能影響多個基於 Chromium 的產品,包括但不限於 Google Chrome、Microsoft Edge 及 Opera。【CVE-2026-3502】TrueConf Client Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.8)【是否遭勒索軟體利用:未知】TrueConf Client 存在下載程式碼時未進行完整性檢查的漏洞。攻擊者若能影響更新傳輸路徑,可能替換為經竄改的更新酬載;一旦被更新程式執行或安裝,可能導致在更新程序或使用者權限範圍內執行任意程式碼。◎建議措施:【CVE-2026-3055】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300【CVE-2026-5281】官方已針對漏洞釋出修復更新,請更新至相關版本https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html【CVE-2026-3502】對應產品升級至以下版本(或更高)TrueConf 8.5.3.884◎相關IOC資訊:◎備註:◎參考資料:【CVE-2026-3055】1.https://nvd.nist.gov/vuln/detail/cve-2026-30552.https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300【CVE-2026-5281】1.https://nvd.nist.gov/vuln/detail/cve-2026-52812.https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html【CVE-2026-3502】1.https://nvd.nist.gov/vuln/detail/cve-2026-35022.https://trueconf.com/blog/update/trueconf-8-5 https://www.kjintelligent.com/en/hot_532852.html [TWCERT 分享資安情資]_CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2026/03/30-2026/04/05) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532852.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_532852.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_532852.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
KJ Intelligent launches AI SOC Solution https://www.kjintelligent.com/en/hot_514832.html KJ Intelligent launches AI SOC Solution 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_514832.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_514832.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_514832.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現Google Chrome、Microsoft Edge、Vivaldi、Brave及Opera等以Chromium為基礎之瀏覽器存在使用釋放後記憶體(Use After Free)漏洞(CVE-2026-2441),未經身分鑑別之遠端攻擊者可利用特製HTML頁面觸發記憶體錯誤,進而於瀏覽器沙箱環境執行任意程式碼。該漏洞已遭駭客利用,請儘速確認並進行修補。◎建議措施:1. 請更新Google Chrome瀏覽器至145.0.7632.75(含)以後版本https://support.google.com/chrome/answer/95414?hl=zh-Hant2. 請更新Microsoft Edge瀏覽器至144.0.3719.130或145.0.3800.58(含)以後版本https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef13. 請更新Vivaldi瀏覽器至7.8.3925.73 (含)以後版本https://help.vivaldi.com/desktop/install-update/update-vivaldi/4. 請更新Brave瀏覽器至1.87.188(含)以後版本https://community.brave.com/t/how-to-update-brave/3847805. 請更新Opera瀏覽器至127.0.5778.64(含)以後版本https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser◎相關IOC資訊:◎備註:◎參考資料: https://www.kjintelligent.com/en/hot_531095.html [TWCERT 分享資安情資]_以Chromium為基礎之瀏覽器存在高風險安全漏洞(CVE-2026-2441),請儘速確認並進行 修補 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531095.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531095.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531095.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現Microsoft Windows與Office存在5個高風險安全漏洞,類型包含安全功能繞過(Security Feature Bypass)漏洞(CVE-2026-21510、CVE-2026-21513及CVE-2026-21514)與本機提權(Local Privilege Escalation)漏洞(CVE-2026-21519與CVE-2026-21533),前者可使未經身分鑑別之攻擊者於使用者互動情境下繞過系統安全機制;後者可使已通過身分鑑別之攻擊者在既有權限基礎上提升權限。以上漏洞皆已遭駭客利用,請儘速確認並進行修補。◎建議措施:官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533◎相關IOC資訊:◎備註:◎參考資料:1. https://nvd.nist.gov/vuln/detail/CVE-2026-215102. https://nvd.nist.gov/vuln/detail/CVE-2026-215133. https://nvd.nist.gov/vuln/detail/CVE-2026-215144. https://nvd.nist.gov/vuln/detail/CVE-2026-215195. https://nvd.nist.gov/vuln/detail/CVE-2026-215336. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-215107. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-215138. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-215149. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2151910. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 https://www.kjintelligent.com/en/hot_531094.html [TWCERT 分享資安情資]_Microsoft Windows與Office存在5個高風險安全漏洞,請儘速確認並進行修補 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531094.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531094.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531094.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco Secure Firewall Management Center(FMC)是一套集中式管理平台,用於統一管理與監控 Cisco 防火牆產品,提供完整的威脅防禦視野,並支援政策制定、事件分析、流量監控與裝置設定等功能,近日Cisco發布重大資安公告。【CVE-2026-20131,CVSS:10.0】此漏洞存在於FMC的網頁管理介面,未經身分驗證的遠端攻擊者,可能以root身分執行任意Java程式碼。【CVE-2026-20079,CVSS:10.0】此漏洞存在於FMC的網頁管理介面,未經身分驗證的遠端攻擊者,可能繞過身分驗證並在受影響的裝置執行腳本,從而獲得對底層作業系統的root存取權限。◎建議措施:依官方網站釋出的解決方式進行修補:【CVE-2026-20131】https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh【CVE-2026-20079】https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V23. https://nvd.nist.gov/vuln/detail/CVE-2026-201314. https://nvd.nist.gov/vuln/detail/CVE-2026-20079 https://www.kjintelligent.com/en/hot_531096.html [TWCERT 分享資安情資]_Cisco 旗下防火牆系統存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531096.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531096.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531096.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2026-25108】Soliton Systems K.K FileZen OS Command Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Soliton Systems K.K FileZen 存在作業系統指令注入漏洞,當使用者登入受影響產品並傳送特製的 HTTP 請求,即可能觸發此漏洞。【CVE-2022-20775】Cisco SD-WAN Path Traversal Vulnerability (CVSS v3.1: 7.8)【是否遭勒索軟體利用:未知】Cisco SD-WAN CLI 存在路徑遍歷漏洞。由於應用程式 CLI 內指令存取控制不當,經驗證的本機攻擊者可能藉此提升權限。成功利用此漏洞後,攻擊者可作為 root 使用者執行任意指令。【CVE-2026-20127】Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Cisco Catalyst SD-WAN Controller(原 SD-WAN vSmart)與 Cisco Catalyst SD-WAN Manager(原 SD-WAN vManage)存在身分驗證繞過漏洞,可能使未經驗證的遠端攻擊者繞過驗證機制,並在受影響系統上取得管理權限。◎建議措施:【CVE-2026-25108】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.soliton.co.jp/support/2026/006657.html【CVE-2022-20775】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF【CVE-2026-20127】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk◎相關IOC資訊:◎備註:◎參考資料:【CVE-2026-25108】1.https://nvd.nist.gov/vuln/detail/cve-2026-251082.https://www.soliton.co.jp/support/2026/006657.html【CVE-2022-20775】1.https://nvd.nist.gov/vuln/detail/cve-2022-207752.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF【CVE-2026-20127】1.https://nvd.nist.gov/vuln/detail/cve-2026-201272.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://www.kjintelligent.com/en/hot_531093.html [TWCERT 分享資安情資]_CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2026/02/23-2026/03/01) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531093.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531093.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531093.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】SolarWinds Serv-U是一款用於安全文件傳輸的伺服器軟體,支援FTP、FTPS、SFTP等多種協議,具備易用的管理介面,並支援跨平台與跨裝置存取等功能。日前,SolarWinds發布旗下產品Serv-U存在4個重大資安漏洞。【CVE-2025-40538,CVSS:9.1】此為存取控制漏洞,允許攻擊者建立系統管理員,並透過網域管理員或群組管理員權限,以特權帳號身分執行任意程式碼。【CVE-2025-40539,CVSS:9.1】此為類型混淆漏洞,允許攻擊者能以特權帳號身分執行任意本機程式碼。【CVE-2025-40540,CVSS:9.1】此為類型混淆漏洞,允許攻擊者能以特權帳號身分執行任意本機程式碼。【CVE-2025-40541,CVSS:9.1】此為不安全直接物件參考(IDOR)漏洞,允許攻擊者能以特權帳號身分執行任意本機程式碼。◎建議措施:請更新至以下版本:SolarWinds Serv-U 15.5.4(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-405382. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-405393. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-405404. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-405415. https://nvd.nist.gov/vuln/detail/CVE-2025-405386. https://nvd.nist.gov/vuln/detail/CVE-2025-405397. https://nvd.nist.gov/vuln/detail/CVE-2025-405408. https://nvd.nist.gov/vuln/detail/CVE-2025-40541 https://www.kjintelligent.com/en/hot_531091.html [TWCERT 分享資安情資]_SolarWinds旗下Serv-U軟體存在4個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531091.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531091.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531091.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】因應近期中東戰事升溫,國際駭客組織及駭客行動主義者活動可能更加頻繁,常見以 DDoS 攻擊作為報復手段,並不排除伴隨破壞性行動或資料外洩等風險。為降低受攻擊影響,請各單位強化資安戒備與監控應變;如有攻擊活動情資,歡迎與台灣電腦網路危機處理暨協調中心(TWCERT/CC)分享,若有其他問題,亦可來信諮詢。◎建議措施:1.請持續強化資安防護機制與人員資安意識,並觀察機關網站連線、帳號登入等網站使用情形。2.建議可依「分散式阻斷服務攻擊(DDoS)趨勢與防護」(https://www.twcert.org.tw/tw/cp-157-6408-e0c62-1.html)進行防禦作為,以強化網站DDoS防禦能力。◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_531097.html [TWCERT 分享資安情資]_近期駭客組織活動可能更加頻繁,促請各單位強化資安戒備與監控應變 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531097.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531097.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531097.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。二、存在風險         TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:TL-WR841N v14 的 250908 之前的版本Archer MR600 v5 的 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n 之前的版本Archer C20 v6.0 的 V6_251031 之前的版本Archer AX53 v1.0 的 V1_251215 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.tp-link.com/hk/support/faq/4894/https://www.tp-link.com/hk/support/faq/4905/https://www.tp-link.com/hk/support/faq/4916/ https://www.kjintelligent.com/en/hot_530446.html [資安漏洞通知-CIO]_TP-Link 路由器存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530446.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530446.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530446.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        QNAP NAS 存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發權限提升。二、存在風險         QNAP NAS 存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發權限提升,其影響系統如下:受影響之系統/漏洞描述:QTS 4.3.x三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至QTS 5.2.x或更高版本。        情資報告連結:https://www.qnap.com/en/security-advisory/qsa-25-56 https://www.kjintelligent.com/en/hot_530445.html [資安漏洞通知-CIO]__QNAP NAS 存在權限提升漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530445.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530445.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530445.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】n8n是一款開源工作流程自動化工具,透過視覺化拖拉介面串接多種應用程式,無需程式碼即可自動化重複性任務,近日n8n發布重大資安公告。【CVE-2026-27495,CVSS:9.4】此漏洞允許經身分驗證且擁有或修改工作流程權限的攻擊者,可利用JavaScript任務執行沙箱中的漏洞,在邊界之外執行任意程式碼。【CVE-2026-27493,CVSS:9.5】此為二階段表達式注入漏洞,未經身分驗證的攻擊者,可透過精心設計的表單資料注入並執行任意n8n表達式,若與表達式的沙箱逃逸機制結合使用,可能導致在n8n主機上執行遠端程式碼。【CVE-2026-27577,CVSS:9.4】此漏洞允許經身分驗證且擁有建立或修改工作流程權限的攻擊者,可利用特製的工作流程參數表達式,在執行n8n主機上觸發未經授權的系統指令。【CVE-2026-27498,CVSS:9.0】此漏洞允許經身分驗證且擁有建立或修改工作流程權限的攻擊者,利用git操作連結「從磁碟讀取/寫入檔案」節點,導致攻擊者可遠端程式碼執行。◎建議措施:【CVE-2026-27495、CVE-2026-27493、CVE-2026-27577】請更新至以下版本:n8n 1.123.22(含)之後版本n8n 2.9.3(含)之後版本、n8n 2.10.1(含)之後版本、【CVE-2026-27498】請更新至以下版本:n8n 1.123.8(含)之後版本、n8n 2.2.0(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf232.http://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f73. https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr4. https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq5. https://nvd.nist.gov/vuln/detail/CVE-2026-274956. https://nvd.nist.gov/vuln/detail/CVE-2026-274937. https://nvd.nist.gov/vuln/detail/CVE-2026-275778. https://nvd.nist.gov/vuln/detail/CVE-2026-27498 https://www.kjintelligent.com/en/hot_531092.html [TWCERT 分享資安情資]_n8n存在4個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531092.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531092.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531092.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco Catalyst SD-WAN 是 Cisco 以雲端為中心的軟體定義廣域網路架構,提供集中管理、安全加密及應用效能優化,確保多雲環境的可靠連線,近日Cisco發布重大資安公告。【CVE-2026-20127,CVSS:10.0】此漏洞存在於Cisco Catalyst SD-WAN Controller(formerly vSmart)可能被未經身分驗證的遠端攻擊者利用,以繞過身分驗證機制並取得受影響系統的管理權限。【CVE-2026-20126,CVSS:8.8】此漏洞存在於Cisco Catalyst SD-WAN Manager(formerly vManage),可能允許已通過身分驗證且具有本機低權限的攻擊者,利用REST API發送請求後,取得底層作業系統的root權限。【CVE-2026-20129,CVSS:9.8】此漏洞存在於Cisco Catalyst SD-WAN Manager的 API 使用者驗證,允許未經身分驗證的遠端攻擊者利用精心設計的API請求,以netadmin 角色使用者的身分存取受影響的系統。註:Cisco Catalyst SD-WAN Controller (formerly vSmart) 與Cisco Catalyst SD-WAN Manager (formerly vManage) 已被發現積極利用於攻擊活動,請儘速採取應變措施。◎建議措施:請更新至以下版本:【CVE-2026-20127】Cisco Catalyst SD-WAN 20.9.8.2(含)之後版本、Cisco Catalyst SD-WAN 20.12.6.1(含)之後版本、Cisco Catalyst SD-WAN 20.12.5.3(含)之後版本、Cisco Catalyst SD-WAN 20.12.6.1(含)之後版本、Cisco Catalyst SD-WAN 20.15.4.2(含)之後版本、Cisco Catalyst SD-WAN 20.18.2.1(含)之後版本【CVE-2026-20126、CVE-2026-20129】Cisco Catalyst SD-WAN Manager 20.9.8.2(含)之後版本、Cisco Catalyst SD-WAN Manager 20.12.6.1(含)之後版本、Cisco Catalyst SD-WAN Manager 20.12.5.3(含)之後版本、Cisco Catalyst SD-WAN Manager 20.12.6.1(含)之後版本、Cisco Catalyst SD-WAN Manager 20.15.4.2(含)之後版本、Cisco Catalyst SD-WAN Manager 20.15.4.2(含)之後版本、Cisco Catalyst SD-WANManager 20.18.2.1(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk2. https://sec.cloudapps.cisco.com/security/center/conteTLP: CLEAR TWCERT-TWISAC-202602-0028nt/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v3. https://nvd.nist.gov/vuln/detail/CVE-2026-201264. https://nvd.nist.gov/vuln/detail/CVE-2026-201275. https://nvd.nist.gov/vuln/detail/CVE-2026-20129 https://www.kjintelligent.com/en/hot_531090.html [TWCERT 分享資安情資]_Cisco Catalyst SD-WAN 存在3個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531090.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531090.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531090.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet 產品存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         Fortinet 產品存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:FortiAnalyzer 7.0 版本 7.0.0 至 7.0.15FortiAnalyzer 7.2 版本 7.2.0 至 7.2.11FortiAnalyzer 7.4 版本 7.4.0 至 7.4.9FortiAnalyzer 7.6 版本 7.6.0 至 7.6.5FortiManager 7.0 版本 7.0.0 至 7.0.15FortiManager 7.2 版本 7.2.0 至 7.2.11FortiManager 7.4 版本 7.4.0 至 7.4.9FortiManager 7.6 版本 7.6.0 至 7.6.5FortiOS 7.0 版本 7.0.0 至 7.0.18FortiOS 7.2 版本 7.2.0 至 7.2.12FortiOS 7.4 版本 7.4.0 至 7.4.10FortiOS 7.6 版本 7.6.0 至 7.6.5FortiProxy 7.0 版本 7.0.0 至 7.0.22FortiProxy 7.2 版本 7.2.0 至 7.2.15FortiProxy 7.4 版本 7.4.0 至 7.4.12FortiProxy 7.6 版本 7.6.0 至 7.6.4FortiWeb 8.0 版本 8.0.0 至 8.0.3FortiWeb 7.6 版本 7.6.0 至 7.6.6FortiWeb 7.4 版本 7.4.0 至 7.4.11三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請將 FortiAnalyzer 7.0 版本 7.0.0 至 7.0.15 更新至 7.0.16 或更高版本。請將 FortiAnalyzer 7.2 版本 7.2.0 至 7.2.11 更新至 7.2.12 或更高版本。請將 FortiAnalyzer 7.4 版本 7.4.0 至 7.4.9 更新至 7.4.10 或更高版本。請將 FortiAnalyzer 7.6 版本 7.6.0 至 7.6.5 更新至 7.6.6 或更高版本。請將 FortiManager 7.0 版本 7.0.0 至 7.0.15 更新至 7.0.16 或更高版本。請將 FortiManager 7.2 版本 7.2.0 至 7.2.11 更新至 7.2.12 或更高版本。請將 FortiManager 7.4 版本 7.4.0 至 7.4.9 更新至 7.4.10 或更高版本。請將 FortiManager 7.6 版本 7.6.0 至 7.6.5 更新至 7.6.6 或更高版本。請將 FortiOS 7.0 版本 7.0.0 至 7.0.18 更新至 7.0.19 或更高版本。請將 FortiOS 7.2 版本 7.2.0 至 7.2.12 更新至 7.2.13 或更高版本。請將 FortiOS 7.4 版本 7.4.0 至 7.4.10 更新至 7.4.11 或更高版本。請將 FortiOS 7.6 版本 7.6.0 至 7.6.5 更新至 7.6.6 或更高版本。請將 FortiProxy 7.0 版本 7.0.0 至 7.0.22 更新至 7.0.23 或更高版本。請將 FortiProxy 7.2 版本 7.2.0 至 7.2.15 更新至 7.2.16 或更高版本。請將 FortiProxy 7.4 版本 7.4.0 至 7.4.12 更新至 7.4.13 或更高版本。請將 FortiProxy 7.6 版本 7.6.0 至 7.6.4 更新至 7.6.6 或更高版本。請將 FortiWeb 8.0 版本 8.0.0 至 8.0.3 更新至 8.0.4 或更高版本。請將 FortiWeb 7.6 版本 7.6.0 至 7.6.6 更新至 7.6.7 或更高版本。請將 FortiWeb 7.4 版本 7.4.0 至 7.4.11 更新至 7.4.12 或更高版本。        情資報告連結:https://www.fortiguard.com/psirt/FG-IR-26-060 https://www.kjintelligent.com/en/hot_530447.html [資安漏洞通知-CIO]_Fortinet 產品存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530447.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530447.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530447.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        微軟 Edge 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼及繞過身份驗證。二、存在風險         微軟 Edge 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 144.0.3719.115 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 144.0.3719.115 或之後版本。        情資報告連結:https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-5-2026https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1861 https://www.kjintelligent.com/en/hot_530449.html [資安漏洞通知-CIO]_Microsoft Edge 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530449.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530449.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530449.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、跨網站指令碼、遠端執行任意程式碼及權限提升。二、存在風險         思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、跨網站指令碼、遠端執行任意程式碼及權限提升,其影響系統如下:受影響之系統/漏洞描述:Cisco FXOS SoftwareCisco NX-OS SoftwareCisco UCS Manager Software三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zvhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q https://www.kjintelligent.com/en/hot_531100.html [資安漏洞通知-CIO]_思科產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531100.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531100.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531100.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】TWCERT/CC 近期接獲外部情資,有攻擊者運用Fortinet VPN漏洞進行攻擊,可能藉此建立非法帳號、竄改VPN配置或組態資訊等,進而造成單位遭受駭侵。◎建議措施:1.請各單位盡速留意設備是否遭到入侵,並將該服務系統版本更新至最新。2.如未能及時更新,請關閉Fortinet VPN以緩解此漏洞。◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_531086.html [TWCERT 分享資安情資]_請留意駭客利用Fortinet VPN漏洞進行駭侵行為 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531086.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531086.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531086.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Juniper Junos OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發執行程式碼。二、存在風險         Juniper Junos OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發執行程式碼,其影響系統如下:受影響之系統/漏洞描述:Junos OS Evolved on PTX Series 25.4 的 25.4R1-S1-EVO 之前的版本Junos OS Evolved on PTX Series 25.4 的 25.4R2-EVO 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902 https://www.kjintelligent.com/en/hot_531099.html [資安漏洞通知-CIO]_Juniper Junos OS 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531099.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531099.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531099.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        VMware 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、跨網站指令碼及遠端執行任意程式碼。二、存在風險         VMware 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、跨網站指令碼及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:VMware Aria Operations 8.xVMware Cloud Foundation 4.x, 5.x, 9.x.x.xVMware Telco Cloud Platform 4.x, 5.xVMware Telco Cloud Infrastructure 2.x, 3.xVMware vSphere Foundation 9.x.x.x三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請將VMware Aria Operations 8.x更新至8.18.6。請將VMware Cloud Foundation 4.x, 5.x, 9.x.x.x更新至KB92148、9.0.2.0。請將VMware Telco Cloud Platform 4.x, 5.x更新至KB428241。請將VMware Telco Cloud Infrastructure 2.x, 3.x更新至KB428241。請將VMware vSphere Foundation 9.x.x.x更新至9.0.2.0。        情資報告連結:https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 https://www.kjintelligent.com/en/hot_531101.html [資安漏洞通知-CIO]_VMWare 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531101.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531101.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531101.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        F5 BIG-IP 存在一個漏洞,允許遠端攻擊者利用這漏洞,於目標系統觸發阻斷服務狀況。二、存在風險         F5 BIG-IP 存在一個漏洞,允許遠端攻擊者利用這漏洞,於目標系統觸發阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:BIG-IP AFM and DDoS Hybrid Defender17.5.1.4三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至17.5.1.5。        情資報告連結:https://my.f5.com/manage/s/article/K000160003 https://www.kjintelligent.com/en/hot_531102.html [資安漏洞通知-CIO]_F5 BIG-IP 存在阻斷服務漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531102.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531102.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531102.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過身份驗證。二、存在風險         Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 144.0.7559.132 (Linux) 之前的版本Google Chrome 144.0.7559.132/.133 (Mac) 之前的版本Google Chrome 144.0.7559.132/.133 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 144.0.7559.132 (Linux) 或之後版本。請更新至 144.0.7559.132/.133 (Mac) 或之後版本。請更新至 144.0.7559.132/.133 (Windows) 或之後版本。        情資報告連結:https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html https://www.kjintelligent.com/en/hot_530450.html [資安漏洞通知-CIO]_Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530450.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530450.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530450.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        PostgreSQL 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、遠端執行任意程式碼及洩露敏感資料。二、存在風險         PostgreSQL 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、遠端執行任意程式碼及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:PostgreSQL 18.2 之前的版本PostgreSQL 17.8 之前的版本PostgreSQL 16.12 之前的版本PostgreSQL 15.16 之前的版本PostgreSQL 14.21 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至PostgreSQL 18.2 版本。請更新至PostgreSQL 17.8 版本。請更新至PostgreSQL 16.12 版本。請更新至PostgreSQL 15.16 版本。請更新至PostgreSQL 14.21 版本。        情資報告連結:https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ https://www.kjintelligent.com/en/hot_531103.html [資安漏洞通知-CIO]_PostgreSQL 多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531103.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531103.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531103.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Dell RecoverPoint for Virtual Machines 存在使用硬編碼之帳號通行碼(Use of Hard-coded Credentials)漏洞(CVE-2026-22769,CVSS:10.0),此漏洞允許未經身分認證的遠端攻擊者可使用硬編碼之帳號通行碼取得底層作業系統之root權限。備註:目前已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出的解決方式進行修補:https://www.dell.com/support/kbdoc/zh-tw/000426773/dsa-2026-079◎相關IOC資訊:◎備註:◎參考資料:1. https://www.dell.com/support/kbdoc/zh-tw/000426773/dsa-2026-0792. https://nvd.nist.gov/vuln/detail/CVE-2026-22769 https://www.kjintelligent.com/en/hot_531088.html [TWCERT 分享資安情資]_Dell RecoverPoint for Virtual Machines存在重大資安漏洞(CVE-2026-22769) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531088.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531088.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531088.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Apache Tomcat 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         Apache Tomcat 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Apache Tomcat 9.0.83 至 9.0.114 版本Apache Tomcat 10.1.0-M7 至 10.1.51 版本Apache Tomcat 11.0.0-M1 至 11.0.17 版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18 https://www.kjintelligent.com/en/hot_531104.html [資安漏洞通知-CIO]_Apache Tomcat 存在繞過繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531104.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531104.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531104.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Juniper Networks 針對旗下Junos OS Evolved PTX系列產品發布重大資安公告(CVE-2026-21902,CVSS:9.8),此為關鍵資源權限分配錯誤漏洞,允許未經身分驗證的攻擊者以root身分執行程式碼。◎建議措施:請更新至以下版本:Junos OS Evolved PTX系列 25.4R1-S1-EVO、25.4R2-EVO、26.2R1-EVO(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-219022. https://nvd.nist.gov/vuln/detail/CVE-2026-21902 https://www.kjintelligent.com/en/hot_531089.html [TWCERT 分享資安情資]_Junos OS Evolved PTX系列存在重大資安漏洞(CVE-2026-21902) Juniper 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531089.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531089.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531089.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證。二、存在風險         RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64Red Hat CodeReady Linux Builder for ARM 64 8 aarch64Red Hat CodeReady Linux Builder for ARM 64 9 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390xRed Hat CodeReady Linux Builder for IBM z Systems 9 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 8 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 9 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64Red Hat CodeReady Linux Builder for x86_64 8 x86_64Red Hat CodeReady Linux Builder for x86_64 9 x86_64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64Red Hat Enterprise Linux for ARM 64 8 aarch64Red Hat Enterprise Linux for ARM 64 9 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390xRed Hat Enterprise Linux for IBM z Systems 8 s390xRed Hat Enterprise Linux for IBM z Systems 9 s390xRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat Enterprise Linux for Power, little endian 8 ppc64leRed Hat Enterprise Linux for Power, little endian 9 ppc64leRed Hat Enterprise Linux for Real Time 8 x86_64Red Hat Enterprise Linux for Real Time for NFV 8 x86_64Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64Red Hat Enterprise Linux for x86_64 8 x86_64Red Hat Enterprise Linux for x86_64 9 x86_64Red Hat Enterprise Linux Server - AUS 8.4 x86_64Red Hat Enterprise Linux Server - AUS 9.2 x86_64Red Hat Enterprise Linux Server - AUS 9.4 x86_64Red Hat Enterprise Linux Server - AUS 9.6 x86_64Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390xRed Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://access.redhat.com/errata/RHSA-2026:1581https://access.redhat.com/errata/RHSA-2026:1617https://access.redhat.com/errata/RHSA-2026:1623https://access.redhat.com/errata/RHSA-2026:1661https://access.redhat.com/errata/RHSA-2026:1662https://access.redhat.com/errata/RHSA-2026:1703https://access.redhat.com/errata/RHSA-2026:1820https://access.redhat.com/errata/RHSA-2026:1886https://access.redhat.com/errata/RHSA-2026:1946https://access.redhat.com/errata/RHSA-2026:2096https://access.redhat.com/errata/RHSA-2026:2109https://access.redhat.com/errata/RHSA-2026:2115https://access.redhat.com/errata/RHSA-2026:2127https://access.redhat.com/errata/RHSA-2026:2212https://access.redhat.com/errata/RHSA-2026:2264https://access.redhat.com/errata/RHSA-2026:2352https://access.redhat.com/errata/RHSA-2026:2378 https://www.kjintelligent.com/en/hot_530451.html [資安漏洞通知-CIO]_RedHat Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530451.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530451.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530451.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        MongoDB 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。二、存在風險         MongoDB 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:MongoDB 7.0 至 7.0.29 之前的版本MongoDB 8.0 至 8.0.13 之前的版本MongoDB 8.0 至 8.0.18 之前的版本MongoDB 8.2 至 8.2.2 之前的版本MongoDB 8.2 至 8.2.4 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.mongodb.com/resources/products/alerts#securityhttps://jira.mongodb.org/browse/SERVER-102364https://jira.mongodb.org/browse/SERVER-112952https://jira.mongodb.org/browse/SERVER-113532https://jira.mongodb.org/browse/SERVER-113685https://jira.mongodb.org/browse/SERVER-114126https://jira.mongodb.org/browse/SERVER-114695https://jira.mongodb.org/browse/SERVER-114838https://jira.mongodb.org/browse/SERVER-116210https://jira.mongodb.org/browse/SERVER-99119 https://www.kjintelligent.com/en/hot_531105.html [資安漏洞通知-CIO]_MongoDB 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531105.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_531105.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_531105.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        OpenSSL 中存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、資料篡改及敏感資料洩露。二、存在風險         OpenSSL 中存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、資料篡改及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:OpenSSL 1.0.2 版本OpenSSL 1.1.1 版本OpenSSL 3.0 版本OpenSSL 3.3 版本OpenSSL 3.4 版本OpenSSL 3.5 版本OpenSSL 3.6 版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請將 1.0.2 版本更新至 1.0.2zn 版本。請將 1.1.1 版本更新至 1.1.1ze 版本。請將 3.0 版本更新至 3.0.19 版本。請將 3.3 版本更新至 3.3.6 版本。請將 3.4 版本更新至 3.4.4 版本。請將 3.5 版本更新至 3.5.5 版本。請將 3.6 版本更新至 3.6.1 版本。        情資報告連結:https://openssl-library.org/news/secadv/20260127.txt https://www.kjintelligent.com/en/hot_530452.html [資安漏洞通知-CIO]_OpenSSL 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530452.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530452.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530452.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2026-21962,CVSS:10.0】此漏洞存在Oracle Fusion Middleware的Oracle HTTP Server與Oracle Weblogic Server Proxy Plug-in產品中。允許未經身分驗證的攻擊者透過HTTP存取相關服務,若攻擊者成功利用,可能導致未經授權的敏感資料建立、刪除、修改和存取。【CVE-2026-21969,CVSS:9.8】此漏洞存在Oracle Supply Chain的Oracle Agile Product LifecycleManagement for Process產品中。允許未經身分驗證的攻擊者透過HTTP存取入侵系統,進而造成系統遭完全接管。◎建議措施:根據官方網站釋出的解決方式進行修補:https://www.oracle.com/security-alerts/cpujan2026.html◎相關IOC資訊:◎備註:◎參考資料:1. https://www.oracle.com/security-alerts/cpujan2026.html2. https://nvd.nist.gov/vuln/detail/CVE-2026-219623. https://nvd.nist.gov/vuln/detail/CVE-2026-21969 https://www.kjintelligent.com/en/hot_530438.html [TWCERT 分享資安情資]_Oracle針對旗下多款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530438.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530438.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530438.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Fortinet 針對 FortiCloud SSO發布重大資安漏洞公告(CVE-2026-24858,CVSS:9.8),此為身分驗證繞過漏洞,允許擁有FortiCloud帳號和已註冊設備的攻擊者,登入註冊到其他帳號的其他設備。備註:目前Fortinet已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:請更新至以下版本:FortiAnalyzer 7.6.6(含)之後版本、FortiAnalyzer 7.4.10(含)之後版本、FortiAnalyzer 7.2.12(含)之後版本、FortiAnalyzer 7.0.16(含)之後版本、FortiManager 7.6.6(含)之後版本、FortiManager 7.4.10(含)之後版本、FortiManager 7.2.13(含)之後版本、FortiManager 7.0.16(含)之後版本、FortiOS 7.6.6(含)之後版本、FortiOS 7.4.11(含)之後版本、FortiOS 7.2.13(含)之後版本、FortiOS 7.0.19(含)之後版本、FortiProxy 7.6.6(含)之後版本、FortiProxy 7.4.13(含)之後版本備註:FortiProxy 7.2 和 FortiProxy 7.0 請遷移至固定版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-26-0602. https://nvd.nist.gov/vuln/detail/CVE-2026-24858 https://www.kjintelligent.com/en/hot_530439.html [TWCERT 分享資安情資]_Fortinet 的 FortiCloud SSO 存在重大資安漏洞(CVE-2026-24858) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530439.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530439.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530439.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Ubuntu Linux 核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、洩露敏感資料、繞過身份驗證及資料篡改。二、存在風險         Ubuntu Linux 核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、洩露敏感資料、繞過身份驗證及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 25.10三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://ubuntu.com/security/notices/USN-7986-1https://ubuntu.com/security/notices/USN-7987-1https://ubuntu.com/security/notices/USN-7987-2https://ubuntu.com/security/notices/USN-7988-1https://ubuntu.com/security/notices/USN-7988-2https://ubuntu.com/security/notices/USN-7988-3https://ubuntu.com/security/notices/USN-7990-1https://ubuntu.com/security/notices/USN-7990-2https://ubuntu.com/security/notices/USN-8013-1https://ubuntu.com/security/notices/USN-8013-2https://ubuntu.com/security/notices/USN-8013-3https://ubuntu.com/security/notices/USN-8014-1https://ubuntu.com/security/notices/USN-8015-1https://ubuntu.com/security/notices/USN-8015-2https://ubuntu.com/security/notices/USN-8015-3https://ubuntu.com/security/notices/USN-8016-1 https://www.kjintelligent.com/en/hot_530453.html [資安漏洞通知-CIO]_Ubuntu Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530453.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530453.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530453.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco 針對旗下多項整合通訊產品發布重大資安漏洞公告(CVE-2026-20045,CVSS:8.2),此漏洞為HTTP請求驗證不當,未經身分驗證的遠端攻擊者可能透過特製的HTTP請求至受影響設備,以執行任意指令,進而提升root權限。備註:目前Cisco已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出的解決方式進行修補:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b2. https://nvd.nist.gov/vuln/detail/CVE-2026-20045 https://www.kjintelligent.com/en/hot_530440.html [TWCERT 分享資安情資]_Cisco整合通訊多項產品存在重大資安漏洞(CVE-2026-20045) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530440.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530440.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530440.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Aruba 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料、資料篡改及遠端執行任意程式碼。二、存在風險         Aruba 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料、資料篡改及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Aruba Networking Fabric Composer 7.x.x: 7.2.3 及以下版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至7.3.0 或更高版本。        情資報告連結:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US https://www.kjintelligent.com/en/hot_530454.html 資安漏洞通知-CIO]_Aruba 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530454.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530454.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530454.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】OpenSSL是開源的加密工具庫,主要用於安全通訊、SSL/TLS協定實作及憑證管理,支援多種加密演算法,廣泛應用於伺服器與應用程式。近期OpenSSL發布安全性更新,修補重大資安漏洞(CVE-2025-15467,CVSS:9.8),此為堆疊緩衝區溢位漏洞,可能導致程式異常終止,引發拒絕服務(DoS)攻擊,甚至可能造成遠端程式碼執行。◎建議措施:請更新至以下版本:OpenSSL libray 3.6.1(含)之後版本、OpenSSL libray 3.5.5(含)之後版本、OpenSSL libray 3.4.4(含)之後版本、OpenSSL libray 3.3.6(含)之後版本、OpenSSL libray 3.0.19(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://openssl-library.org/news/vulnerabilities/#CVE-2025-154672. https://nvd.nist.gov/vuln/detail/CVE-2025-15467 https://www.kjintelligent.com/en/hot_530441.html [TWCERT 分享資安情資]_OpenSSL函式庫存在重大資安漏洞(CVE-2025-15467) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530441.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530441.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530441.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet FortiClientEMS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險         Fortinet FortiClientEMS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:FortiClientEMS 7.4.4三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 FortiClientEMS 7.4.5 或之後版本。        情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 https://www.kjintelligent.com/en/hot_530448.html [資安漏洞通知-CIO]_Fortinet FortiClientEMS 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530448.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530448.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530448.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Microsoft Office 存在安全功能繞過(Security Feature Bypass)漏洞(CVE-2026-21509,CVSS:7.8),允許未經身分驗證的攻擊者可透過發送惡意Office文件並誘使用戶開啟,進而繞過元件物件模型(Component Object Model, COM)與物件連結與嵌入(Object Linking andEmbedding, OLE)防護機制,使原本應該被阻擋之COM/OLE控制元件仍能執行。備註:目前已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出的解決方式進行修補:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-215092. https://nvd.nist.gov/vuln/detail/CVE-2026-21509 https://www.kjintelligent.com/en/hot_530442.html [TWCERT 分享資安情資]_Microsoft Office 存在高風險資安漏洞(CVE-2026-21509) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530442.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530442.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530442.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、洩露敏感資料、繞過身份驗證及資料篡改。二、存在風險         SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、權限提升、洩露敏感資料、繞過身份驗證及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Basesystem Module 15-SP7Development Tools Module 15-SP7Legacy Module 15-SP7SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Availability Extension 15 SP7SUSE Linux Enterprise High Performance Computing 12 SP5SUSE Linux Enterprise High Performance Computing 15 SP5SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5SUSE Linux Enterprise High Performance Computing LTSS 15 SP5SUSE Linux Enterprise Live Patching 12-SP5SUSE Linux Enterprise Live Patching 15-SP5SUSE Linux Enterprise Live Patching 15-SP7SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Micro for Rancher 5.2SUSE Linux Enterprise Micro for Rancher 5.3SUSE Linux Enterprise Micro for Rancher 5.4SUSE Linux Enterprise Real Time 15 SP5SUSE Linux Enterprise Real Time 15 SP7SUSE Linux Enterprise Server 11 SP4SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORESUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server 12 SP5 LTSSSUSE Linux Enterprise Server 12 SP5 LTSS Extended SecuritySUSE Linux Enterprise Server 15 SP5SUSE Linux Enterprise Server 15 SP5 LTSSSUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server 16.0SUSE Linux Enterprise Server for SAP Applications 12 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP7SUSE Linux Enterprise Server for SAP Applications 16.0SUSE Linux Enterprise Server High Availability Extension 16.0SUSE Linux Enterprise Workstation Extension 15 SP7SUSE Linux Micro 6.2SUSE Linux Micro Extras 6.2openSUSE Leap 15.3openSUSE Leap 15.5三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.suse.com/support/update/announcement/2026/suse-su-20260315-1https://www.suse.com/support/update/announcement/2026/suse-su-20260316-1https://www.suse.com/support/update/announcement/2026/suse-su-20260317-1https://www.suse.com/support/update/announcement/2026/suse-su-20260350-1https://www.suse.com/support/update/announcement/2026/suse-su-20260352-1https://www.suse.com/support/update/announcement/2026/suse-su-20260369-1https://www.suse.com/support/update/announcement/2026/suse-su-20260385-1https://www.suse.com/support/update/announcement/2026/suse-su-20260411-1/https://www.suse.com/support/update/announcement/2026/suse-su-202620207-1https://www.suse.com/support/update/announcement/2026/suse-su-202620220-1/https://www.suse.com/support/update/announcement/2026/suse-su-202620228-1/ https://www.kjintelligent.com/en/hot_530455.html [資安漏洞通知-CIO]_SUSE Linux 內核存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530455.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530455.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530455.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco Meeting Management 提供管理員網頁介面,並監控管理視訊會議,包括新增/移除參與者、靜音、變更畫面佈局及啟動錄影等功能。近日Cisco發布重大資安公告(CVE-2026-20098,CVSS:8.8),此為任意檔案上傳漏洞,可能允許經過身分驗證的遠端攻擊者,上傳任意檔案、執行任意命令,並將受影響的系統權限提升至root。備註:若要利用此漏洞,攻擊者至少擁有視訊操作員的有效使用者憑證。◎建議措施:請更新至以下版本:Cisco Meeting Management 3.12.1 MR (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK2. https://nvd.nist.gov/vuln/detail/CVE-2026-20098 https://www.kjintelligent.com/en/hot_530443.html [TWCERT 分享資安情資]_Cisco Meeting Management 存在重大資安漏洞(CVE-2026-20098) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530443.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530443.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530443.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          趨勢科技(Trend Micro)產品Apex Central(存在多個漏洞,允許攻擊者在未經身分驗證的情況下,利用這些漏洞於目標系統觸發遠端程式碼執行(RCE)及阻斷服務(DoS),對企業資安管理平台造成重大風險。二、存在風險        Trend Micro Apex Central(On-premise)存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發遠端執行程式碼(RCE)及阻斷服務(DoS),其影響系統或版本如下:受影響之系統/漏洞描述:Trend Micro Apex Central  (On-prem) Versions below Build 7190   三、建議改善措施:                企業及使用者如有上述漏洞版本應儘速更新:請將 Trend Micro Apex Central(On-premise)更新至 Critical Patch Build 7190(含)以上版本 在完成修補前,建議:限制 Apex Central 管理介面對外連線僅允許內部管理網段或透過 VPN 存取強化防火牆與存取控制政策       情資報告連結:https://success.trendmicro.com/en-US/solution/KA-0022071 https://www.kjintelligent.com/en/hot_529446.html [資安漏洞通知-CIO]__Trend Micro 產品Apex Central存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529446.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529446.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529446.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要     GitLab 發布 18.7.1、18.6.3、18.5.5 等版本,修補多項影響 GitLab Community Edition (CE) 及 Enterprise Edition (EE) 的安全漏洞及功能異常,涵蓋跨站指令碼(XSS)、授權檢查缺失、拒絕服務(DoS)與資訊洩露等風險。建議所有自我管理(self-managed) 的 GitLab 實例儘速升級以降低資安風險。 二、存在風險    GitLab Patch Release 修補了數項安全弱點,可能被惡意使用者利用造成 跨站腳本 (XSS)、未授權存取、阻斷服務 (DoS)、資訊洩漏 及 安全檢查繞過 等攻擊,其影響系統或版本如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 版本 18.2.2 起但低於 18.5.5 / 18.6.3 / 18.7.1 之版本GitLab Enterprise Edition (EE) 版本 18.2.2 起但低於 18.5.5 / 18.6.3 / 18.7.1 之版本主要漏洞修補摘要: CVE-2025-9222 — Stored Cross-site Scripting(XSS)可濫用GitLab Flavored Markdown標記語言的占位符(Placeholders)機制,發動儲存型跨站指令碼攻擊,此漏洞嚴重性屬 High (CVSS 8.7)。CVE-2025-13761 — Web IDE XSS未經身份驗證者可誘使合法使用者瀏覽特定頁面後,在其瀏覽器上下文執行任意程式碼,亦為 High (CVSS 8.0) 風險漏洞。CVE-2025-13772 — Duo Workflows API 權限不足已驗證使用者可能利用 API 的 namespace 參數擅自存取或變更 AI 模型設定,此為 High 級別漏洞。CVE-2025-10569 — 匯入功能 DoS攻擊者藉由對外部API呼叫提供特製回應,造成 GitLab 實例資源耗盡或阻斷服務。CVE-2025-11246 — GraphQL runnerUpdate 權限控制具備特定權限的使用者,移除不相關專案的Runner資源(runner)。CVE-2025-3950 — Mermaid 圖表資訊洩漏使用特製圖片可能繞過 Asset Proxy 行為,洩露連線相關敏感資訊。   三、建議改善措施:           企業及使用者如有遭受上述漏洞影響之 GitLab 版本,請儘速更新至最新版 Patch Release:請將 GitLab CE/EE 更新至以下版本之一:18.7.118.6.318.5.5升級前請依官方說明備份資料並評估資料庫遷移需求:單節點部署 (Single-node) 可能需要停機以完成升級及資料庫 migration。多節點部署則可透過 Zero-downtime 升級流程進行,以降低服務中斷影響。其他安全強化建議:限制 GitLab Web 介面及 API 存取僅允許內部網段或 VPN 存取。建立例行性版本更新通知與漏洞監控流程。確保系統日誌、資安事件監控與入侵偵測持續運作。    情資報告連結:https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ https://www.kjintelligent.com/en/hot_529448.html [資安漏洞通知-CIO]_GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529448.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529448.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529448.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及資料篡改。二、存在風險         TP-Link 路由器存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Archer BE400 從 0 至 1.1.0 Build 20250710 rel.14914Archer AXE75 從 0 至 build 20250107三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.tp-link.com/hk/support/faq/4881/https://www.tp-link.com/hk/support/faq/4871/ https://www.kjintelligent.com/en/hot_529449.html [資安漏洞通知-CIO]_TP-Link 路由器存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529449.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529449.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529449.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2021-39935】GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability (CVSS v3.1: 6.8)【是否遭勒索軟體利用:未知】GitLab Community 與 Enterprise 版本存在伺服器端請求偽造漏洞,可能允許未經授權的外部使用者透過 CI Lint API 執行伺服器端請求。【CVE-2025-64328】Sangoma FreePBX OS Command Injection Vulnerability (CVSS v3.1: 7.2)【是否遭勒索軟體利用:未知】Sangoma FreePBX Endpoint Manager 存在作業系統指令注入漏洞,通過身分驗證的已知使用者可能透過 testconnection -> check_ssh_connect() 函式進行指令注入,進而以 asterisk 使用者身分遠端存取系統。【CVE-2019-19006】Sangoma FreePBX Improper Authentication Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Sangoma FreePBX 存在不當驗證漏洞,可能允許未經授權的使用者繞過密碼驗證機制,進而存取 FreePBX 管理介面所提供的服務。【CVE-2025-40551】SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】SolarWinds Web Help Desk 存在不受信任資料反序列化漏洞,可能導致遠端程式碼執行,使攻擊者能在主機上執行任意指令。【CVE-2025-11953】React Native Community CLI OS Command InjectionVulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】React Native Community CLI 存在作業系統指令注入漏洞,可能允許未經身分驗證的網路攻擊者向 Metro Development Server 發送POST 請求,並透過伺服器暴露的易受攻擊端點執行任意可執行檔。在 Windows 環境中,攻擊者亦可執行具完全可控參數的任意 shell 指令。【CVE-2026-24423】SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:是】SmarterTools SmarterMail 的 ConnectToHub API 方法存在關鍵功能驗證缺失漏洞,可能允許攻擊者將 SmarterMail 執行個體指向惡意 HTTP 伺服器,可能導致執行惡意作業系統指令。◎建議措施:【CVE-2021-39935】官方已針對漏洞釋出修復更新,請更新至相關版本https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/【CVE-2025-64328】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw【CVE-2019-19006】官方已針對漏洞釋出修復更新,請更新至相關版本https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772【CVE-2025-40551】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551【CVE-2025-11953】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/advisories/GHSA-399j-vxmf-hjvr【CVE-2026-24423】對應產品升級至以下版本(或更高)SmarterMail Build 9511TLP: CLEAR TWCERT-TWISAC-202602-0006◎相關IOC資訊:◎備註:◎參考資料:【CVE-2021-39935】1.https://nvd.nist.gov/vuln/detail/cve-2021-399352.https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/【CVE-2025-64328】1.https://nvd.nist.gov/vuln/detail/cve-2025-643282.https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw【CVE-2019-19006】1.https://nvd.nist.gov/vuln/detail/cve-2019-190062.https://community.freepbx.org/t/freepbx-security-vulnerability-sec-2019-001/62772【CVE-2025-40551】1.https://nvd.nist.gov/vuln/detail/cve-2025-405512.https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551【CVE-2025-11953】1.https://nvd.nist.gov/vuln/detail/cve-2025-119532.https://github.com/advisories/GHSA-399j-vxmf-hjvr【CVE-2026-24423】1.https://nvd.nist.gov/vuln/detail/cve-2026-244232.https://www.smartertools.com/smartermail/release-notes/current https://www.kjintelligent.com/en/hot_530444.html [TWCERT 分享資安情資]_CISA新增6個已知遭駭客利用之漏洞至KEV目錄(2026/02/02-2026/02/08) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530444.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_530444.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_530444.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Veeam Backup & Replication是Veeam核心備份軟體。近日Veeam發布重大資安漏洞公告,此漏洞(CVE-2025-59470,CVSS:9.0)允許Backup或Tape Operator傳送惡意interval或order參數,以postgres使用者身分執行遠端程式碼(RCE)。◎建議措施:更新 Veeam Backup & Replication 至13.0.1.1071(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.veeam.com/kb4792 https://www.kjintelligent.com/en/hot_529433.html [TWCERT 分享資安情資]_Veeam旗下Veeam Backup & Replication備份軟體存在重大資安漏洞(CVE-2025-59470) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529433.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529433.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529433.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Apache Struts存在一個漏洞,允許遠端使用者利用此漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及繞過身份驗證。二、存在風險         Apache Struts存在一個漏洞,允許遠端使用者利用此漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Struts 2.0.0 至 Struts 2.3.37 (EOL)Struts 2.5.0 至 Struts 2.5.33 (EOL)Struts 6.0.0 至 Struts 6.1.0三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至Struts 6.1.1 版本或更高版本。        情資報告連結:https://cwiki.apache.org/confluence/display/WW/S2-069 https://www.kjintelligent.com/en/hot_529450.html [資安漏洞通知-CIO]_Apache Struts 存在阻斷服務漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529450.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529450.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529450.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        微軟 Edge存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         微軟 Edge存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 143.0.3650.139 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 143.0.3650.139 或之後版本。        情資報告連結:https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-9-2026https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628 https://www.kjintelligent.com/en/hot_529451.html [資安漏洞通知-CIO]_Microsoft Edge 存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529451.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529451.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529451.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        QNAP NAS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及資料篡改。二、存在風險         QNAP NAS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及資料篡改,其影響系統如下:受影響之系統/漏洞描述:QTS 5.2.xQuTS hero h5.2.xQuTS hero h5.3.x三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將QTS 5.2.x更新至 QTS 5.2.8.3332 build 20251128 或之後版本。請將QuTS hero h5.2.x更新至 QuTS hero h5.2.8.3321 build 20251117 或之後版本。請將QuTS hero h5.3.x更新至 QuTS hero h5.3.1.3250 build 20250912 或之後版本。        情資報告連結:https://www.qnap.com/en/security-advisory/qsa-25-50https://www.qnap.com/en/security-advisory/qsa-25-51 https://www.kjintelligent.com/en/hot_529444.html [資安漏洞通知-CIO]__QNAP NAS 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529444.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529444.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529444.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Trend Micro Apex Central 是趨勢科技旗下一款集中式管理平台,用於管理多種TrendMicro 安全解決方案,包括閘道、郵件伺服器、檔案伺服器和企業桌面。近日發布重大資安漏洞公告,此漏洞(CVE-2025-69258,CVSS:9.8)為Trend Micro Apex Central使用的 LoadLibraryEX 函式存在安全弱點,攻擊者可在未經身分驗證的情況下,遠端將其控制的惡意 DLL 載入系統中的關鍵執行檔,並以SYSTEM權限執行攻擊者的程式碼。◎建議措施:請至官方網站進行修補:https://success.trendmicro.com/en-US/solution/KA-0022071◎相關IOC資訊:◎備註:◎參考資料:1. https://success.trendmicro.com/en-US/solution/KA-00220712. https://nvd.nist.gov/vuln/detail/CVE-2025-69258 https://www.kjintelligent.com/en/hot_529434.html [TWCERT 分享資安情資]_趨勢科技旗下 Trend Micro Apex Central 存在重大資安漏洞(CVE-2025-69258) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529434.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529434.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529434.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Ubuntu Linux 核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料。二、存在風險         Ubuntu Linux 核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Ubuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTS三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://ubuntu.com/security/notices/USN-7922-4https://ubuntu.com/security/notices/USN-7922-5https://ubuntu.com/security/notices/USN-7928-5https://ubuntu.com/security/notices/USN-7931-5https://ubuntu.com/security/notices/USN-7940-2 https://www.kjintelligent.com/en/hot_529452.html [資安漏洞通知-CIO]_Ubuntu Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529452.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529452.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529452.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】FortiFone Web Portal 是Fortinet FortiVoice系統的集中管理介面,用於遠端配置電話分機、監控通話紀錄與系統效能。日前,Fortinet發布重大資安漏洞公告,此漏洞(CVE-2025-47855,CVSS:9.8)可能允許未經身分驗證的攻擊者,透過精心設計的HTTP或HTTPS請求取得裝置配置,從而取得敏感資料。◎建議措施:請更新至以下版本:FortiFone 3.0.24(含)之後版本、FortiFone 7.0.2(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-2602. https://nvd.nist.gov/vuln/detail/CVE-2025-47855 https://www.kjintelligent.com/en/hot_529436.html [TWCERT 分享資安情資]_Fortinet旗下 FortiFone Web Portal 存在重大資安漏洞(CVE-2025-47855) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529436.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529436.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529436.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證。二、存在風險         RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64Red Hat CodeReady Linux Builder for ARM 64 10 aarch64Red Hat CodeReady Linux Builder for ARM 64 8 aarch64Red Hat CodeReady Linux Builder for ARM 64 9 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390xRed Hat CodeReady Linux Builder for IBM z Systems 10 s390xRed Hat CodeReady Linux Builder for IBM z Systems 9 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 10 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 8 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 9 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64Red Hat CodeReady Linux Builder for x86_64 10 x86_64Red Hat CodeReady Linux Builder for x86_64 8 x86_64Red Hat CodeReady Linux Builder for x86_64 9 x86_64Red Hat Enterprise Linux Server - AUS 9.4 x86_64Red Hat Enterprise Linux Server - AUS 9.6 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64leRed Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64Red Hat Enterprise Linux for ARM 64 10 aarch64Red Hat Enterprise Linux for ARM 64 8 aarch64Red Hat Enterprise Linux for ARM 64 9 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390xRed Hat Enterprise Linux for IBM z Systems 10 s390xRed Hat Enterprise Linux for IBM z Systems 8 s390xRed Hat Enterprise Linux for IBM z Systems 9 s390xRed Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat Enterprise Linux for Power, little endian 10 ppc64leRed Hat Enterprise Linux for Power, little endian 8 ppc64leRed Hat Enterprise Linux for Power, little endian 9 ppc64leRed Hat Enterprise Linux for Real Time 8 x86_64Red Hat Enterprise Linux for Real Time for NFV 8 x86_64Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64Red Hat Enterprise Linux for x86_64 10 x86_64Red Hat Enterprise Linux for x86_64 8 x86_64Red Hat Enterprise Linux for x86_64 9 x86_64三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://access.redhat.com/errata/RHSA-2026:0443https://access.redhat.com/errata/RHSA-2026:0444https://access.redhat.com/errata/RHSA-2026:0445https://access.redhat.com/errata/RHSA-2026:0453https://access.redhat.com/errata/RHSA-2026:0457 https://www.kjintelligent.com/en/hot_529453.html [資安漏洞通知-CIO]_RedHat Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529453.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529453.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529453.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 143.0.7499.192 (Linux) 之前的版本Google Chrome 143.0.7499.192/.193 (Mac) 之前的版本Google Chrome 143.0.7499.192/.193 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 143.0.7499.192 (Linux) 或之後版本。請更新至 143.0.7499.192/.193 (Mac) 或之後版本。請更新至 143.0.7499.192/.193 (Windows) 或之後版本。        情資報告連結:https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html https://www.kjintelligent.com/en/hot_529454.html [資安漏洞通知-CIO]_Google Chrome 存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529454.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529454.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529454.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】FortiSIEM是Fortinet旗下的次世代安全資訊與事件管理平台,運用AI和自動化技術,提升威脅偵測與安全營運效率,降低管理複雜度。近日,Fortinet發布重大資安漏洞公告(CVE-2025-64155,CVSS:9.8),此為作業系統指令注入漏洞,可能允許未經身分驗證的攻擊者,透過特製的TCP請求,執行未經授權的程式碼或命令。◎建議措施:請更新至以下版本:FortiSIEM 7.1.9(含)之後版本、FortiSIEM 7.2.7(含)之後版本、FortiSIEM 7.3.5(含)之後版本、FortiSIEM 7.4.1(含)之後版本備註:FortiSIEM 6.7 和 FortiSIEM 7.0版本請遷移至固定版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-7722. https://nvd.nist.gov/vuln/detail/CVE-2025-64155 https://www.kjintelligent.com/en/hot_529437.html [TWCERT 分享資安情資]_Fortinet旗下FortiSIEM存在重大資安漏洞(CVE-2025-64155) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529437.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529437.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529437.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過身份驗證。二、存在風險         Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 144.0.7559.59 (Linux) 之前的版本Google Chrome 144.0.7559.59/60 (Mac) 之前的版本Google Chrome 144.0.7559.59/60 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 144.0.7559.59 (Linux) 或之後版本。請更新至 144.0.7559.59/60 (Mac) 或之後版本。請更新至 144.0.7559.59/60 (Windows) 或之後版本。        情資報告連結:https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html https://www.kjintelligent.com/en/hot_529455.html [資安漏洞通知-CIO]_Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529455.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529455.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529455.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Microsoft SharePoint Server 是一款企業級協作平台,提供文件管理與團隊協作等功能,是企業資訊整合的核心平台。近期微軟發布重大資安公告(CVE-2026-20947,CVSS:8.8 和 CVE-2026-20963,CVSS:8.8),CVE-2026-20947為SQL注入漏洞,經授權的攻擊者可透過網路執行任意 SQL 命令;CVE-2026-20963 為不受信任資料之反序列化漏洞,允許經授權的攻擊者透過網路執行任意程式碼。◎建議措施:根據官方網站釋出解決方式進行修補:【CVE-2026-20947】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20947【CVE-2026-20963】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20963◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-209472. https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-209633. https://nvd.nist.gov/vuln/detail/CVE-2026-209474. https://nvd.nist.gov/vuln/detail/CVE-2026-20963 https://www.kjintelligent.com/en/hot_529438.html [TWCERT 分享資安情資]_Microsoft 旗下SharePoint Server 存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529438.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529438.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529438.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險         Fortinet 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:FortiClientEMSFortiClientEMS 7.0 所有版本FortiClientEMS 7.2.0 至 7.2.10FortiClientEMS 7.4.0 至 7.4.1FortiClientEMS 7.4.3 至 7.4.4FortiOSFortiOS 6.4.0 至 6.4.16FortiOS 7.0.0 至 7.0.17FortiOS 7.2.0 至 7.2.11FortiOS 7.4.0 至 7.4.8FortiOS 7.6.0 至 7.6.3FortiSwitchManagerFortiSwitchManager 7.0.0 至 7.0.5FortiSwitchManager 7.2.0 至 7.2.6FortiSASEFortiSASE 25.1.aFortiSASE 25.2.b三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:FortiClientEMS請將 FortiClientEMS 7.0 所有版本更新請將 FortiClientEMS 7.2.0 至 7.2.10 更新至 7.2.12 或更高版本。請將 FortiClientEMS 7.4.0 至 7.4.1 更新至 7.4.5 或更高版本。請將 FortiClientEMS 7.4.3 至 7.4.4 更新至 7.4.5 或更高版本。FortiOSFortiOS 6.4.0 至 6.4.16 更新至 6.4.17 或更高版本。FortiOS 7.0.0 至 7.0.17 更新至 7.0.18 或更高版本。FortiOS 7.2.0 至 7.2.11 更新至 7.2.12 或更高版本。FortiOS 7.4.0 至 7.4.8 更新至 7.4.9 或更高版本。FortiOS 7.6.0 至 7.6.3 更新至 7.6.4 或更高版本。FortiSwitchManagerFortiSwitchManager 7.0.0 至 7.0.5 更新至 7.2.7 或更高版本。FortiSwitchManager 7.2.0 至 7.2.6 更新至 7.0.6 或更高版本。        情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-25-084https://fortiguard.fortinet.com/psirt/FG-IR-25-735 https://www.kjintelligent.com/en/hot_529456.html [資安漏洞通知-CIO]_Fortinet 產品存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529456.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529456.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529456.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2026-0501,CVSS:9.9】此漏洞存在於SAP S/4HANA私有雲和本地部署(Financials – General Ledger),由於輸入驗證不足,允許經過身分驗證的攻擊者利用特製的SQL指令進行讀取、修改和刪除後端資料庫資料。【CVE-2026-0500,CVSS:9.6】由於SAP Wily Introscope Enterprise Manager (WorkStation)使用易受攻擊的第三方元件,未經身分驗證的攻擊者可建立公開URL存取的惡意JNLP文件,導致受害者點擊URL時,Wily Introscope伺服器可在受害者電腦上執行作業系統命令。【CVE-2026-0498,CVSS:9.1】此漏洞存在於SAP S/4HANA的私有雲和本地部署,允許具有管理員權限的攻擊者透過RFC公開功能模組的漏洞,將任意ABAP程式碼/作業系統命令注入系統,從而繞過必要的授權檢查。【CVE-2026-0491,CVSS:9.1】SAP Landscape Transformation 允許擁有管理員權限的攻擊者利用RFC公開函數模組漏洞,將任意ABAP程式碼/作業系統命令注入系統,從而繞過必要的授權檢查。【CVE-2026-0492,CVSS:8.8】SAP HANA 資料庫存在權限提升漏洞,允許攻擊者擁有使用者的有效憑證,即可切換其他用戶,從而獲得管理員權限。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html2. https://www.cve.org/CVERecord?id=CVE-2026-05013. https://www.cve.org/CVERecord?id=CVE-2026-05004. https://www.cve.org/CVERecord?id=CVE-2026-04985. https://www.cve.org/CVERecord?id=CVE-2026-04916. https://www.cve.org/CVERecord?id=CVE-2026-0492 https://www.kjintelligent.com/en/hot_529439.html [TWCERT 分享資安情資]_SAP針對旗下多款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529439.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529439.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529439.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Aruba 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、繞過身份驗證、資料篡改及遠端執行任意程式碼。二、存在風險         Aruba 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、繞過身份驗證、資料篡改及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:AOS-10.7.x.x: 10.7.2.1 及以下版本AOS-10.4.x.x: 10.4.1.9 及以下版本AOS-8.13.x.x: 8.13.1.0 及以下版本AOS-8.10.x.x: 8.10.0.20 及以下版本HPE Aruba Networking 終止維護 (EoM) 的版本:AOS-10.6.x.x: 所有版本AOS-10.5.x.x: 所有版本AOS-10.3.x.x: 所有版本AOS-8.12.x.x: 所有版本AOS-8.11.x.x: 所有版本AOS-8.9.x.x: 所有版本AOS-8.8.x.x: 所有版本AOS-8.7.x.x: 所有版本AOS-8.6.x.x: 所有版本AOS-6.5.4.x: 所有版本SD-WAN 8.7.0.0-2.3.0.x: 所有版本SD-WAN 8.6.0.4-2.2.x.x: 所有版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將 AOS-10.7.x.x 更新至 10.7.2.2 或更高版本。請將 AOS-10.4.x.x 更新至 10.4.1.10 或更高版本。請將 AOS-8.13.x.x 更新至 8.13.1.1 或更高版本。請將 AOS-8.10.x.x 更新至 8.10.0.21 或更高版本。        情資報告連結:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US https://www.kjintelligent.com/en/hot_529457.html [資安漏洞通知-CIO]_Aruba 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529457.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529457.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529457.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、繞過保安限制、遠端執行任意程式碼及敏感資料洩露。二、存在風險         Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、繞過保安限制、遠端執行任意程式碼及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Firefox ESR 115.32 之前版本Firefox ESR 140.7 之前版本Firefox 147 之前版本Thunderbird ESR 140.7 之前版本Thunderbird 147 之前版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 Firefox ESR 115.32。請更新至  Firefox ESR 140.7。請更新至  Firefox 147。請更新至  Thunderbird ESR 140.7。請更新至  Thunderbird 147。        情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/ https://www.kjintelligent.com/en/hot_529458.html 【雲智維資安預警通知】-Mozilla 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529458.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529458.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529458.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】HPE OneView 是一款IT基礎設施管理平台解決方案,利用自動化控制伺服器、儲存與網路,簡化管理並提升效率。近期HPE發布重大資安公告(CVE-2025-37164,CVSS:10.0),此為程式碼注入漏洞,允許未經身分驗證的遠端攻擊者可利用此漏洞於受影響設備執行任意程式碼。備註:目前已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#resolution-4◎相關IOC資訊:◎備註:◎參考資料:1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#resolution-42. https://nvd.nist.gov/vuln/detail/CVE-2025-37164 https://www.kjintelligent.com/en/hot_529440.html TWCert --HPE 旗下OneView存在重大資安漏洞(CVE-2025-37164) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529440.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529440.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529440.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Palo Alto PAN-OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況。二、存在風險         Palo Alto PAN-OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:PAN-OS 10.1.14-h20 之前的 PAN-OS 10.1 版本PAN-OS 10.2.7-h32、10.2.10-h30、10.2.13-h18、10.2.16-h6、10.2.18-h1 之前的 PAN-OS 10.2 版本PAN-OS 11.1.4-h27、11.1.6-h23、11.1.10-h9、11.1.13 之前的 PAN-OS 11.1 版本PAN-OS 11.2.4-h15、11.2.7-h8、11.2.10-h2 之前的 PAN-OS 11.2 版本PAN-OS 12.1.3-h3、12.1.4 之前的 PAN-OS 12.1 版本PAN-OS Prisma Access 10.2.10-h29 之前的 PAN-OS Prisma Access 10.2 版本PAN-OS Prisma Access 11.2.7-h8 之前的 PAN-OS Prisma Access 11.2 版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將 PAN-OS 12.1 12.1.3-h3 之前版本更新至 12.1.3-h3 或更高版本。請將 PAN-OS 12.1 12.1.4 之前版本更新至 12.1.4 或更高版本。請將 PAN-OS 11.2 11.2.4-h15 之前版本更新至 11.2.4-h15 (ETA: 1/14/2026) 或更高版本。請將 PAN-OS 11.2 11.2.7-h8 之前版本更新至 11.2.7-h8 (ETA: 1/14/2026) 或更高版本。請將 PAN-OS 11.2 11.2.10-h2 之前版本更新至 11.2.10-h2 或更高版本。請將 PAN-OS 11.1 11.1.4-h27 之前版本更新至 11.1.4-h27 或更高版本。請將 PAN-OS 11.1 11.1.6-h23 之前版本更新至 11.1.6-h23 或更高版本。請將 PAN-OS 11.1 11.1.10-h9 之前版本更新至 11.1.10-h9 或更高版本。請將 PAN-OS 11.1 11.1.13 之前版本更新至 11.1.13 或更高版本。請將 PAN-OS 10.2 10.2.7-h32 之前版本更新至 10.2.7-h32 或更高版本。請將 PAN-OS 10.2 10.2.10-h30 之前版本更新至 10.2.10-h30 或更高版本。請將 PAN-OS 10.2 10.2.13-h18 之前版本更新至 10.2.13-h18 或更高版本。請將 PAN-OS 10.2 10.2.16-h6 之前版本更新至 10.2.16-h6 或更高版本。請將 PAN-OS 10.2 10.2.18-h1 之前版本更新至 10.2.18-h1 或更高版本。請將 PAN-OS 10.1 10.1.14-h20 之前版本更新至 10.1.14-h20 或更高版本。請將 Prisma Access 11.2  11.2.7-h8* 之前版本更新至 11.2.7-h8* 或更高版本。請將 Prisma Access 10.2  10.2.10-h29* 之前版本更新至 10.2.10-h29* 或更高版本。        情資報告連結:https://security.paloaltonetworks.com/CVE-2026-0227 https://www.kjintelligent.com/en/hot_529459.html [資安漏洞通知-CIO]_Palo Alto PAN-OS 存在阻斷服務狀況漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529459.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529459.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529459.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】n8n是一款開源工作流程自動化工具,透過視覺化拖拉介面串接多種應用程式,無需程式碼即可自動化重複性任務。近期n8n發布多個重大資安漏洞公告。【CVE-2025-68613,CVSS:9.9】此為遠端程式碼執行漏洞,在特定條件下,允許經身分驗證的攻擊者以n8n行程的權限執行任意程式碼。【CVE-2025-68668,CVSS:9.9】由於n8n使用Pyodide的Python程式碼節點存在沙箱繞過漏洞,經身分驗證且具有建立或修改工作流程權限的攻擊者,以n8n行程相同權限在n8n伺服器上執行任意命令。【CVE-2026-21877,CVSS:10.0】此漏洞允許經過身分驗證的攻擊者,可利用n8n服務執行惡意程式碼,導致系統完全被破壞。【CVE-2026-21858,CVSS:10.0】此漏洞允許未經身分驗證的攻擊者,可透過執行某些基於表單工作流程,存取底層伺服器的檔案,導致儲存在系統中的敏感資料外洩。◎建議措施:【CVE-2025-68613】請更新至以下版本:n8n 1.120.4版本、1.121.1版本、1.122.0版本【CVE-2025-68668】請更新至以下版本:n8n 2.0.0版本【CVE-2026-21877】請更新至以下版本:n8n 1.121.3版本【CVE-2026-21858】請更新至以下版本:n8n 1.121.0版本◎相關IOC資訊:◎備註:◎參考資料:1. https://github.com/n8n-io/n8n/security2. https://www.cve.org/CVERecord?id=CVE-2025-686133. https://www.cve.org/CVERecord?id=CVE-2025-686684. https://www.cve.org/CVERecord?id=CVE-2025-218775. https://www.cve.org/CVERecord?id=CVE-2025-21858 https://www.kjintelligent.com/en/hot_529441.html [TWCERT 分享資安情資]_n8n存在4個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529441.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529441.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529441.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】MOXA近期發布安全性更新,修補旗下產品乙太網路交換器中存在的重大資安漏洞(CVE-2023-38408,CVSS:9.8)。此為OpenSSH不帶引號搜尋路徑(Unquoted Search Path)漏洞,允許未經身分驗證之遠端攻擊者,透過SSH金鑰轉發機制遠端執行任意程式碼。◎建議措施:根據官方網站釋出的解決方式進行修補:https://www.moxa.com/en/support/productsupport/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches◎相關IOC資訊:◎備註:◎參考資料:1. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches2. https://nvd.nist.gov/vuln/detail/cve-2023-38408 https://www.kjintelligent.com/en/hot_529443.html [TWCERT 分享資安情資]_MOXA交換器存在重大資安漏洞(CVE-2023-38408) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529443.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529443.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529443.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】 https://www.kjintelligent.com/en/hot_529442.html TWCert_CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/12-2026/01/18) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529442.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529442.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529442.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Microsoft Office PowerPoint存在程式碼注入漏洞,遠端攻擊者可透過包含無效索引值的OutlineTextRefAtom的PowerPoint檔案觸發記憶體損毀,進而執行任意程式碼。【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Hewlett Packard Enterprise(HPE) OneView 存在程式碼注入漏洞,允許未經驗證的遠端使用者進行遠端程式碼執行。◎建議措施:【CVE-2009-0556】官方已針對漏洞釋出修復更新,請更新至相關版本https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017【CVE-2025-37164】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US◎相關IOC資訊:◎備註:◎參考資料:【CVE-2009-0556】1.https://nvd.nist.gov/vuln/detail/cve-2009-05562.https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017【CVE-2025-37164】1.https://nvd.nist.gov/vuln/detail/cve-2025-371642.https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US https://www.kjintelligent.com/en/hot_529435.html [TWCERT 分享資安情資]_CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2026/01/05-2026/01/11) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529435.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529435.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529435.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-14847】MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability (CVSS v3.1: 7.5)【是否遭勒索軟體利用:未知】MongoDB伺服器存在 Zlib 壓縮協定標頭中長度參數不一致處理不當的漏洞。此漏洞可能允許未經身份驗證的用戶端讀取未初始化的堆記憶體。◎建議措施:【CVE-2025-14847】官方已針對漏洞釋出修復更新,請更新至相關版本https://jira.mongodb.org/browse/SERVER-115508◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-14847】1.https://nvd.nist.gov/vuln/detail/cve-2025-148472.https://jira.mongodb.org/browse/SERVER-115508 https://www.kjintelligent.com/en/hot_529432.html [TWCERT 分享資安情資]_CISA新增1個已知遭駭客利用之漏洞至KEV目錄(2025/12/29-2026/01/04) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529432.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_529432.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_529432.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】AsyncOS軟體是Cisco專門設計用於Cisco Secure Email Gateway、Cisco Secure Email和Web Manager的作業系統,提供處理大量郵件與網路流量,提供進階的郵件安全等多項功能。Cisco發布重大資安公告,發現AsyncOS存在重大資安漏洞(CVE-2025-20393,CVSS:10.0),此漏洞允許攻擊者在受影響設備的底層系統以root權限執行任意命令,目前已被發現用於網路攻擊活動,詳細解決方案請見Cisco官網。◎建議措施:根據官方網站釋出的解決方式進行修補:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf42. https://nvd.nist.gov/vuln/detail/CVE-2025-203933. https://www.cve.org/CVERecord?id=CVE-2025-20393 https://www.kjintelligent.com/en/hot_528073.html [TWCERT 分享資安情資]_Cisco旗下AsyncOS軟體存在重大資安漏洞(CVE-2025-20393) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528073.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528073.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_528073.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。二、存在風險         Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 143.0.7499.109 (Linux) 之前的版本Google Chrome 143.0.7499.109/.110 (Mac) 之前的版本Google Chrome 143.0.7499.109/.110 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 143.0.7499.109 (Linux) 或之後版本。請更新至 143.0.7499.109/.110 (Mac) 或之後版本。請更新至 143.0.7499.109/.110 (Windows) 或之後版本。       情資報告連結:https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://www.kjintelligent.com/en/hot_527513.html [Cybersecurity Vulnerability Notice]_Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527513.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527513.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527513.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】WatchGuard Firebox 是一款次世代防火牆產品,提供多層次防護,包括防毒、IPS、APT 阻擋及垃圾郵件過濾。WatchGuard發布重大資安漏洞(CVE-2025-14733,CVSS 4.x:9.3)公告,該漏洞為越界寫入漏洞,可能允許遠端未經驗證的攻擊者執行任意程式碼,目前WatchGuard已觀察到攻擊者正積極嘗試利用此漏洞,詳細說明請見WatchGuard官網。◎建議措施:請更新至以下版本:WatchGuard Fireware OS 2025.1.4版本、WatchGuard FirewareOS 12.5.15版本、WatchGuard Fireware OS 12.11.6版本、WatchGuard Fireware OS 12.3.1_Update4 (B728352)版本備註:WatchGuard Fireware OS 11.x版本已是EoL(End of Life)的產品,建議升級至支援版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-000272. https://nvd.nist.gov/vuln/detail/CVE-2025-14733 https://www.kjintelligent.com/en/hot_528074.html [TWCERT 分享資安情資]_WatchGuard Firebox存在重大資安漏洞(CVE-2025-14733) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528074.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528074.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_528074.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Mozilla Firefox 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、權限提升、遠端執行任意程式碼及繞過身份中。二、存在風險         Mozilla Firefox 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、權限提升、遠端執行任意程式碼及繞過身份中,其影響系統如下:受影響之系統/漏洞描述:Firefox ESR 115.31 之前的版本Firefox ESR 140.6 之前的版本Firefox 146 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 Firefox ESR 115.31。請更新至 Firefox ESR 140.6。請更新至 Firefox 146。        情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2025-92https://www.mozilla.org/en-US/security/advisories/mfsa2025-93https://www.mozilla.org/en-US/security/advisories/mfsa2025-94 https://www.kjintelligent.com/en/hot_527512.html [Cybersecurity Vulnerability Notice]_Mozilla Firefox 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527512.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527512.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527512.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現WordPress擴充程式與網頁主題存在PHP本機檔案包含(PHP Local File Inclusion)漏洞(CVE-2025-67522、CVE-2025-67523、CVE-2025-67524、CVE-2025-67525、CVE-2025-67526、CVE-2025-67527、CVE-2025-67529、CVE-2025-67530、CVE-2025-67531及CVE-2025-67532)。未經身分鑑別之遠端攻擊者可利用此漏洞,誘使伺服器端PHP程式載入本機非預期檔案,並於伺服器端執行任意程式碼,請儘速確認並進行修補。◎建議措施:更新至Jobmonster Elementor Addon 1.1.5(含)以後版本更新至Jobmonster 4.8.3(含)以後版本更新至Exhibz 3.0.10(含)以後版本更新至ekommart 4.3.1(含)以後版本更新至Sailing4.4.6(含)以後版本更新至Digiqole 2.2.7(含)以後版本更新至Fashion 5.3.0(含)以後版本更新至Besa 2.3.16(含)以後版本更新至Turitor 1.5.3(含)以後版本更新至Hara 1.2.18(含)以後版本◎相關IOC資訊:◎備註:◎參考資料:1.https://www.cve.org/CVERecord?id=CVE-2025-675222.https://www.cve.org/CVERecord?id=CVE-2025-675233.https://www.cve.org/CVERecord?id=CVE-2025-675244.https://www.cve.org/CVERecord?id=CVE-2025-675255.https://www.cve.org/CVERecord?id=CVE-2025-675266.https://www.cve.org/CVERecord?id=CVE-2025-675277.https://www.cve.org/CVERecord?id=CVE-2025-675298.https://www.cve.org/CVERecord?id=CVE-2025-675309.https://www.cve.org/CVERecord?id=CVE-2025-6753110.https://www.cve.org/CVERecord?id=CVE-2025-67532 https://www.kjintelligent.com/en/hot_528076.html [TWCERT 分享資安情資]_WordPress擴充程式與網頁主題存在10個高風險安全漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528076.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528076.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_528076.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼及洩露敏感資料。二、存在風險         RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390xRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64Red Hat Enterprise Linux Server - AUS 8.4 x86_64Red Hat Enterprise Linux Server - AUS 9.4 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://access.redhat.com/errata/RHSA-2025:22661https://access.redhat.com/errata/RHSA-2025:22752 https://www.kjintelligent.com/en/hot_527505.html [Cybersecurity Vulnerability Notice]_RedHat Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527505.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527505.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527505.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證。二、存在風險         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、彷冒、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 143.0.3650.66 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 143.0.3650.66 或之後版本。       情資報告連結:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13630https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13631https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13632https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13633https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13634https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13635https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13636https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13637https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13638https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13639https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13640https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13720https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13721https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223 https://www.kjintelligent.com/en/hot_527507.html [資安漏洞通知-CIO]_Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527507.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527507.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527507.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】郵件伺服器系統Zimbra Collaboration Suite的Webmail Classic UI中存在重大本機檔案包含漏洞(Local File Inclusion,LFI),漏洞編號為CVE-2025-68645(CVSS:8.8)。該漏洞源於RestFilter Servlet對使用者提供的請求參數處理不當,未經身分驗證的遠端攻擊者可對 /h/rest 端點請求,從而影響內部請求分發,包含 WebRoot 目錄中的任意檔案。◎建議措施:根據官方網站釋出解決方式進行修補。◎相關IOC資訊:◎備註:◎參考資料:1. https://wiki.zimbra.com/wiki/Security_Center2. https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes3. https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes4. https://nvd.nist.gov/vuln/detail/CVE-2025-68645 https://www.kjintelligent.com/en/hot_528077.html [TWCERT 分享資安情資]_Zimbra旗下Zimbra Collaboration Suite存在重大資安漏洞(CVE-2025-68645) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528077.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528077.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_528077.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】React是一個由Meta開發的開源JavaScript函式庫,用於建構使用者介面。近日Meta發布重大資安漏洞公告(CVE-2025-55182,CVSS:10.0),指出 React Server Components 存在遠端程式碼執行漏洞。由於 React 在解析傳送至 React Server Function 端點的資料時存在安全弱點,攻擊者無需通過身分驗證,即可能透過特製有效負載觸發任意程式碼執行。◎建議措施:根據官方網站釋出的解決方式進行修補:https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components◎相關IOC資訊:◎備註:◎參考資料:1. https://www.facebook.com/security/advisories/cve-2025-551822. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components3. https://nvd.nist.gov/vuln/detail/CVE-2025-55182 https://www.kjintelligent.com/en/hot_527501.html [TWCERT 分享資安情資]_Meta旗下React Server Components存在重大資安漏洞(CVE-2025-55182) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527501.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527501.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527501.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Mozilla Thunderbird 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、權限提升、遠端執行任意程式碼及繞過身份驗證。二、存在風險         Mozilla Thunderbird 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、權限提升、遠端執行任意程式碼及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Thunderbird 140.6 之前的版本Thunderbird 146 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 Thunderbird 140.6。請更新至 Thunderbird 146。        情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2025-95/https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/ https://www.kjintelligent.com/en/hot_527511.html [資安漏洞通知-CIO]_Mozilla Thunderbird 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527511.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527511.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527511.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】TWCERT/CC近期接獲外部情資,攻擊者以行政訴訟為由發動社交工程郵件攻擊,誘導收件者開啟並下載與執行惡意附檔。建議貴單位加強防範與通知各單位提高警覺,避免點擊郵件附檔與連結,以免受駭。已知攻擊郵件特徵如下,相關受駭偵測指標請參考附件。1.相關惡意中繼站:giugh9ygiuhljbgh-1328314126[.]cos[.]ap- tokyo[.]myqcloud[.]com、202[.]79[.]168[.]1552.惡意附檔SHA1雜湊值:770e64e02d2cf2cac30d6074c201d44279996cbc、e69b347f9608abaf31cab02f0a34b3dfa1d7c872註:相關網域名稱為避免誤點觸發連線,故以「[.]」區隔。◎建議措施:1.網路管理人員請參考受駭偵測指標,確實更新防火牆,阻擋惡意中繼站。2.建議留意可疑電子郵件,注意郵件來源正確性,勿開啟不明來源之郵件與相關附檔。3.安裝防毒軟體並更新至最新病毒碼,開啟檔案前使用防毒軟體掃描郵件附檔,並確認附檔檔案類型,若發現檔案名稱中存在異常字元(如lnk, rcs, exe, moc等可執行檔案附檔名的逆排序),請提高警覺。4.加強內部宣導,提升人員資安意識,以防範駭客利用電子郵件進行社交工程攻擊。◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_527502.html [TWCERT 分享資安情資]_社交工程攻擊通告:請加強防範以行政訴訟為由之社交工程郵件攻擊 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527502.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527502.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527502.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        OpenVPN 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及繞過身份驗證。二、存在風險         OpenVPN 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:OpenVPN 版本 2.6.0 至 2.6.15 及 2.7_alpha1 至 2.7_rc1三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html https://www.kjintelligent.com/en/hot_527508.html [資安漏洞通知-CIO]_OpenVPN 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527508.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527508.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527508.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-42928,CVSS:9.1】此漏洞為反序列化漏洞,具備高權限的使用者可能利用此漏洞,觸發遠端程式碼執行攻擊,影響系統的機密性、完整性和可用性。【CVE-2025-42880,CVSS:9.9】由於缺乏輸入過濾機制,SAP Solution Manager允許已驗證的攻擊者在呼叫支援遠端的功能模組時植入惡意程式碼,可能影響系統的機密性、完整性和可用性。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html2. https://nvd.nist.gov/vuln/detail/CVE-2025-429283. https://nvd.nist.gov/vuln/detail/CVE-2025-42880 https://www.kjintelligent.com/en/hot_527500.html [TWCERT 分享資安情資]_SAP針對旗下2款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527500.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527500.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527500.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Splunk 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制、跨網站指令碼、篡改、阻斷服務狀況及權限提升。二、存在風險         Splunk 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制、跨網站指令碼、篡改、阻斷服務狀況及權限提升,其影響系統如下:受影響之系統/漏洞描述:Splunk Enterprise 9.2.10, 9.4.6, 9.3.8 及 10.0.2 之前的版本Splunk Cloud Platform 9.3.2411.120, 10.0.2503.8 及 10.1.2507.10 之前的版本Splunk Secure Gateway 3.7.28, 3.8.58 及 3.9.10 之前的版本Splunk MCP Server 0.2.4 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://advisory.splunk.com/advisories/SVD-2025-1201https://advisory.splunk.com/advisories/SVD-2025-1202https://advisory.splunk.com/advisories/SVD-2025-1203https://advisory.splunk.com/advisories/SVD-2025-1204https://advisory.splunk.com/advisories/SVD-2025-1205https://advisory.splunk.com/advisories/SVD-2025-1206https://advisory.splunk.com/advisories/SVD-2025-1207https://advisory.splunk.com/advisories/SVD-2025-1208https://advisory.splunk.com/advisories/SVD-2025-1210 https://www.kjintelligent.com/en/hot_527509.html [資安漏洞通知-CIO]_Splunk 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527509.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527509.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527509.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-14611】Gladinet CentreStack and Triofox Hard Coded CryptographicVulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Gladinet CentreStack 與 TrioFox 因其 AES 加密方案的實作方式,存在硬編碼加密金鑰漏洞。此漏洞會降低對外公開端點的安全性,若未經驗證即接收特製的請求,可能會受任意本地檔案包含影響。【CVE-2025-43529】Apple Multiple Products Use-After-Free WebKit Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Apple iOS、iPadOS、macOS 及其他 Apple 產品中的 WebKit 存在記憶體釋放後使用漏洞。在處理惡意設計的網頁內容時,可能導致記憶體損毀。此漏洞可能影響所有使用 WebKit 的 HTML解析器,包括但不限於 Apple Safari以及其他依賴 WebKit 進行 HTML 處理的非 Apple 產品。【CVE-2025-59718】Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Fortinet FortiOS、FortiSwitchMaster、FortiProxy 與 FortiWeb 存在加密簽章驗證不當漏洞。此漏洞可能允許未經身分驗證的攻擊者,透過特製的 SAML 訊息繞過 FortiCloud SSO 登入驗證。請注意,CVE-2025-59719 涉及相同問題,並已於同份廠商公告中提及。請務必套用該公告中所列的所有修補程式。【CVE-2025-59374】ASUS Live Update Embedded Malicious Code Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】ASUS Live Update 含有嵌入式惡意程式碼漏洞,該客戶端曾因供應鏈遭入侵而在未經授權情況下修改後發行。經修改的版本可能導致符合特定目標條件的裝置執行非預期的行為。受影響的產品可能已達生命週期終止(EoL)及/或服務終止(EoS)。建議使用者立即停止使用該產品。【CVE-2025-40602】SonicWall SMA1000 Missing Authorization Vulnerability (CVSS v3.1: 6.6)【是否遭勒索軟體利用:未知】SonicWall SMA1000 存在授權缺失漏洞,可能導致受影響裝置的設備管理控制台 (AMC) 發生權限提升。【CVE-2025-20393】Cisco Multiple Products Improper Input Validation Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Cisco Secure Email Gateway、Secure Email、AsyncOS 軟體以及 Web Manager 設備中存在輸入驗證不當漏洞,該漏洞可能允許威脅行為者在受影響設備的底層作業系統上,以 root 權限執行任意指令。【CVE-2025-14733】WatchGuard Firebox Out of Bounds Write Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】WatchGuard Fireware OS 的 iked 程序存在越界寫入漏洞。此漏洞可能允許未經身分驗證的遠端攻擊者執行任意程式碼,並影響使用 IKEv2 的行動用戶 VPN 以及配置了動態閘道對等體的使用 IKEv2 的分公司 VPN。◎建議措施:【CVE-2025-14611】對應產品升級至以下版本(或更高)Gladinat CentreStack 16.12.10420.56791Gladinat Triofox 16.12.10420.56791【CVE-2025-43529】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.apple.com/en-us/125884https://support.apple.coTLP: CLEAR TWCERT-TWISAC-202512-0025m/en-us/125885https://support.apple.com/en-us/125886https://support.apple.com/en-us/125889https://support.apple.com/en-us/125890https://support.apple.com/en-us/125891https://support.apple.com/en-us/125892【CVE-2025-59718】官方已針對漏洞釋出修復更新,請更新至相關版本https://fortiguard.fortinet.com/psirt/FG-IR-25-647【CVE-2025-59374】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.asus.com/news/hqfgvuyz6uyayje1/【CVE-2025-40602】官方已針對漏洞釋出修復更新,請更新至相關版本https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019【CVE-2025-20393】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4【CVE-2025-14733】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-14611】1.https://nvd.nist.gov/vuln/detail/cve-2025-146112.https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability【CVE-2025-43529】1.https://nvd.nist.gov/vuln/detail/cve-2025-435292.https://support.apple.com/en-us/1258843.https://support.apple.com/en-us/1258854.https://support.apple.com/en-us/1258865.https://support.apple.com/en-us/1258896.https://support.apple.com/en-us/1258907.https://support.apple.com/en-us/1258918.https://support.apple.com/en-us/125892【CVE-2025-59718】1.https://nvd.nist.gov/vuln/detail/cve-2025-597182.https://fortiguard.fortinet.com/psirt/FG-IR-25-647【CVE-2025-59374】1.https://nvd.nist.gov/vuln/detail/cve-2025-593742.https://www.asus.com/news/hqfgvuyz6uyayje1/【CVE-2025-40602】1.https://nvd.nist.gov/vuln/detail/cve-2025-406022.https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019【CVE-2025-20393】1.https://nvd.nist.gov/vuln/detail/cve-2025-203932.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4【CVE-2025-14733】1.https://nvd.nist.gov/vuln/detail/cve-2025-147332.https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 https://www.kjintelligent.com/en/hot_528075.html [TWCERT 分享資安情資]_CISA新增7個已知遭駭客利用之漏洞至KEV目錄(2025/12/15-2025/12/21) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528075.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_528075.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_528075.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        SonicWall 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及資料篡改。二、存在風險        SonicWall Products 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Email Security (ES Appliance 5000, 5050, 7000, 7050, 9000, VMware and Hyper-V) 10.0.33.8195 及之前的版本Gen7 hardware Firewalls (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700) 7.3.0-7012 及之前的版本Gen7 virtual Firewalls (NSv270, NSv470, NSv870 for ESX, KVM, Hyper-V, AWS, Azure) 7.3.0-7012 及之前的版本Gen8 Firewalls (TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800) 8.0.2-8011 及之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請將 Email Security(ES Appliance 5000, 5050, 7000, 7050, 9000, VMWare and Hyper-V) 更新至 10.0.34.8215, 10.0.34.8223 或更高版本。請將 Gen7 hardware Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 更新至 7.3.1-7013 或更高版本。請將Gen7 virtual Firewalls (NSv) - NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) 更新至 7.3.1-7013 或更高版本。請將 Gen8 Firewalls - TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 更新至 8.0.3-8011 或更高版本。        情資報告連結:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 https://www.kjintelligent.com/en/hot_526321.html CIO_SonicWall 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526321.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526321.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526321.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。二、存在風險         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 143.0.3650.80 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 143.0.3650.80 或之後版本。        情資報告連結:https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-11-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14372https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14373 https://www.kjintelligent.com/en/hot_527514.html [Cybersecurity Vulnerability Notice]_Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527514.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527514.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527514.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現Fortinet FortiWeb存在作業系統指令注入(OS Command Injection)漏洞(CVE-2025-58034)。已取得管理權限之遠端攻擊者可注入任意作業系統指令並於伺服器上執行。該漏洞已遭駭客利用,請儘速確認並進行修補。◎建議措施:官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:https://fortiguard.fortinet.com/psirt/FG-IR-25-513◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-5132. https://nvd.nist.gov/vuln/detail/CVE-2025-58034 https://www.kjintelligent.com/en/hot_527498.html [TWCERT 分享資安情資]_Fortinet旗下FortiWeb存在高風險安全漏洞(CVE-2025-58034) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527498.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527498.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527498.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Synology 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及遠端執行任意程式碼。二、存在風險         Synology 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Synology DSM 7.2.2 的 7.2.2-72806 之前的版本Synology DSM 7.2.1 的 7.2.1-69057-2 之前的版本Synology DSMUC 3.1 的 3.1.4-23079 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。請將 Synology DSM 7.2.2 的 7.2.2-72806 之前的版本更新至 7.2.2-72806 或更高版本。請將 Synology DSM 7.2.1 的 7.2.1-69057-2 之前的版本更新至 7.2.1-69057-2 或更高版本。請將 Synology DSMUC 3.1 的 3.1.4-23079 之前的版本更新至 3.1.4-23079 或更高版本。        情資報告連結:https://www.synology.com/en-global/security/advisory/Synology_SA_24_27 https://www.kjintelligent.com/en/hot_527510.html [資安漏洞通知-CIO]__Synology 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527510.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527510.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527510.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-59718,CVSS:9.8】FortiOS、FortiProxy及FortiSwitchManager存在繞過身分驗證漏洞,未經身分驗證的攻擊者可利用特製的SAML訊息,繞過FortiCloud SSO的身分驗證機制。【CVE-2025-59719,CVSS:9.8】FortiWeb存在繞過身分驗證漏洞,未經身分驗證的攻擊者可利用特製的SAML訊息,繞過FortiCloud SSO的身分驗證機制。◎建議措施:【CVE-2025-59718】請更新至以下版本:FortiOS 7.6.4(含)之後版本、FortiOS 7.4.9(含)之後版本、FortiOS 7.2.12(含)之後版本、FortiOS 7.0.18(含)之後版本、FortiProxy 7.6.4(含)之後版本、FortiProxy 7.4.11(含)之後版本、FortiProxy 7.2.15(含)之後版本、FortiProxy 7.0.22(含)之後版本、FortiSwitchManager 7.2.7(含)之後版本、FortiSwitchManager 7.0.6(含)之後版本【CVE-2025-59719】請更新至以下版本:FortiWeb 7.4.10(含)之後版本、FortiWeb 7.6.5(含)之後版本、FortiWeb 8.0.1(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.fortiguard.com/psirt/FG-IR-25-6472. https://nvd.nist.gov/vuln/detail/CVE-2025-597183. https://nvd.nist.gov/vuln/detail/CVE-2025-59719 https://www.kjintelligent.com/en/hot_527499.html [TWCERT 分享資安情資]_Fortinet 旗下多項產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527499.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527499.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527499.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現WordPress擴充程式與網頁主題存在6個高風險安全漏洞。1. Blubrry PowerPress擴充程式存在任意檔案上傳(Arbitrary File Upload)漏洞(CVE-2025-13536),取得一般權限之遠端攻擊者可於受影響網頁伺服器上傳並執行網頁後門程式,進而達成遠端執行任意程式碼。2. FindAll Listing與Tiare Membership擴充程式及Tiger網頁主題存在權限提升(Privilege Escalation)漏洞(CVE-2025-13538、CVE-2025-13540及CVE-2025-13675),未經身分鑑別之遠端攻擊可於註冊時指定管理者角色,進而利用漏洞取得網站管理員權限。3. FindAll Membership擴充程式存在身分鑑別繞過(Authentication Bypass)漏洞(CVE-2025-13539),未經身分鑑別之遠端攻擊者於取得一般使用者帳號且能存取管理員電子郵件之情況下,以管理員身分登入系統。4. StreamTube Core擴充程式存在任意使用者密碼變更(Arbitrary User Password Change)漏洞(CVE-2025-13615),未經身分鑑別之遠端攻擊者可任意變更網站使用者密碼,進而接管管理員帳號。WordPress為常見網站架設系統,由於其擴充程式與網頁布景主題數量眾多,因此偶有出現嚴重漏洞情況,如本次警訊所列之幾項漏洞。建議若有使用WordPress系統時,除留意WordPres本身核心程式之更新資訊外,針對擴充程式網頁布景主題亦須關注,適時更新修補,此外亦建議評估所用之擴充程式網頁布景主題之必要性,如無需求,建議移除。◎建議措施:更新Blubrry PowerPress至11.15.3(含)以後版本更新FindAll Listing至1.1(含)以後版本更新FindAll Membership至1.1(含)以後版本更新Tiare Membership至1.3(含)以後版本更新StreamTube Core至4.79(含)以前後版本Tiger網頁主題請參考官方說明採取必要措施,網址如下:https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/tiger-2/tiger-10121-unauthenticated-privilege-escalation◎相關IOC資訊:◎備註:◎參考資料:1. https://nvd.nist.gov/vuln/detail/CVE-2025-135362. https://nvd.nist.gov/vuln/detail/CVE-2025-135383. https://nvd.nist.gov/vuln/detail/CVE-2025-135394. https://nvd.nist.gov/vuln/detail/CVE-2025-135405. https://nvd.nist.gov/vuln/detail/CVE-2025-136TLP: CLEAR TWCERT-TWISAC-202512-0015156. https://nvd.nist.gov/vuln/detail/CVE-2025-136757. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/powerpress/blubrry-powerpress-11152-authenticated-contributor-arbitrary-file-upload-via-powerpress-edit-post8. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/findall-listing/findall-listing-10-unauthenticated-privilege-escalation9. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/findall-membership/findall-membership-104-authentication-bypass-via-social-login10. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tiare-membership/tiare-membership-12-unauthenticated-privilege-escalation11. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/streamtube-core/streamtube-core-478-unauthenticated-arbitrary-user-password-change12. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/tiger-2/tiger-10121-unauthenticated-privilege-escalation https://www.kjintelligent.com/en/hot_527497.html [TWCERT 分享資安情資]_WordPress擴充程式與網頁主題存在6個安全漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527497.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527497.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527497.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】研究人員發現ASUS部分DSL型號路由器存在身分鑑別繞過(Authentication Bypass)漏洞(CVE-2025-59367)。未經身分鑑別之遠端攻擊者可透過此漏洞,對受影響設備執行未經授權之存取,請儘速確認並進行修補。◎建議措施:官方已針對漏洞釋出修復更新,請更新至以下版本:ASUS DSL-AC51 Firmware 1.1.2.3_1010版本ASUS DSL-AC750 Firmware 1.1.2.3_1010版本ASUS DSL-N16 Firmware 1.1.2.3_1010版本官方針對已停止支援(EOL)之設備提出安全建議,請參考官方說明,網址如下:https://www.asus.com/security-advisory◎相關IOC資訊:◎備註:◎參考資料:1. https://nvd.nist.gov/vuln/detail/CVE-2025-593672. https://www.asus.com/security-advisory https://www.kjintelligent.com/en/hot_527496.html [TWCERT 分享資安情資]_ASUS DSL路由器存在高風險安全漏洞(CVE-2025-59367) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527496.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527496.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527496.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Synology DiskStation Manager 存在一個漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         Synology DiskStation Manager 存在一個漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:DSM 7.3.1-86003-1 之前的版本DSM 7.2.2-72806-5 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將DSM 7.3.1-86003-1 之前的版本更新至 7.3.1-86003-1 或之後版本。請將DSM 7.2.2-72806-5 之前的版本更新至 7.2.2-72806-5 或之後版本。       情資報告連結:https://www.synology.com/en-us/security/advisory/Synology_SA_25_14 https://www.kjintelligent.com/en/hot_524297.html [Cybersecurity Vulnerability Notice] Synology DiskStation Manager 存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524297.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524297.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524297.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Apache OpenOffice 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒及洩露敏感資料。二、存在風險         Apache OpenOffice 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Apache OpenOffice 4.1.16 以前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.openoffice.org/security/bulletin.html https://www.kjintelligent.com/en/hot_526317.html [Cybersecurity Vulnerability Notice]_Apache OpenOffice 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526317.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526317.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526317.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-48633】Android Framework Information Disclosure Vulnerability (CVSS : 暫無)【是否遭勒索軟體利用:未知】Android Framework 存在未具體說明的漏洞,可能導致資訊外洩。【CVE-2025-48572】Android Framework Privilege Escalation Vulnerability (CVSS: 暫無)【是否遭勒索軟體利用:未知】Android Framework 存在未具體說明的漏洞,可能導致權限提升。【CVE-2021-26828】OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】OpenPLC ScadaBR 存在未受限制的危險類型檔案上傳漏洞,允許經身份驗證的遠端使用者透過 view_edit.shtm 上傳並執行任意JSP 檔案。【CVE-2025-55182】Meta React Server Components Remote Code Execution Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Meta React Server Components 存在遠端程式碼執行漏洞,攻擊者可透過利用 React 在解碼傳送至 React Server Function 端點的有效負載時的缺陷,在未經身份驗證的情況下實現遠端程式碼執行。◎建議措施:【CVE-2025-48633】官方已針對漏洞釋出修復更新,請更新至相關版本https://source.android.com/docs/security/bulletin/2025-12-01【CVE-2025-48572】官方已針對漏洞釋出修復更新,請更新至相關版本https://source.android.com/docs/security/bulletin/2025-12-01【CVE-2021-26828】對應產品升級至以下版本(或更高)OpenPLC ScadaBR Linux 0.9.1(不含)之後的版本OpenPLC ScadaBR Windows 1.12.4(不含)之後的版本【CVE-2025-55182】官方已針對漏洞釋出修復更新,請更新至相關版本https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-48633】1.https://nvd.nist.gov/vuln/detail/cve-2025-486332.https://source.android.com/docs/security/bulletin/2025-12-01【CVE-2025-48572】1.https://nvd.nist.gov/vuln/detail/cve-2025-485722.https://source.android.com/docs/security/bulletin/2025-12-01【CVE-2021-26828】1.https://nvd.nist.gov/vuln/detail/cve-2021-268282.httTLP: CLEAR TWCERT-TWISAC-202512-0006ps://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4【CVE-2025-55182】1.https://nvd.nist.gov/vuln/detail/cve-2025-551822. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components https://www.kjintelligent.com/en/hot_527504.html [TWCERT 分享資安情資]_CISA新增4個已知遭駭客利用之漏洞至KEV目錄(2025/12/01-2025/12/07) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527504.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527504.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527504.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】TWCERT/CC匯整惡意軟體 Amadey、Emotet、Koi Loader、LokiBot、Lumma、Purplefox、Raccoon Stealer、Redline、SocGholish、Socks5Systemz、Ursnif、VenomRAT、XLoader及TWCERT-IoC 觀測(至12/08)受駭偵測指標(IoC)情資(詳如附件),可做為貴單位強化資安防護之參考。Amadey:一種用於蒐集系統資訊的木馬程式,經常透過釣魚郵件或 SmokeLoader 傳播。它會與遠端伺服器進行通信,定期傳送感染者的系統資訊。Emotet:其散布惡意程式的方式以寄送釣魚郵件為主,郵件主旨從過往如發票、轉帳資訊等金融訊息,逐漸發展成結合時事,透過使用者好奇或恐慌的心理,成功達成感染主機之目的。KOI Loader: 是一種被歸類為資訊竊取工具的惡意軟體下載器/投放器。它被設計用來滲透受感染的系統、下載額外的惡意載荷,並竊取使用者的敏感資訊。Lokibot: 利用木馬程式來竊取敏感資訊,例如使用者名稱、密碼、加密貨幣錢包以及其他憑證資料。Lumma: 又稱為LummaC2,是一種廣為人知的惡意軟體,首次出現於2022年。Lumma Stealer的目標包括瀏覽器儲存的密碼、加密貨幣錢包以及其他有價值的資訊。Purplefox:是一種結合了後門程式和rootkit的惡意軟體,曾在多起攻擊行動中被用來投放各種加密貨幣挖礦程式、勒索軟體和間諜軟體。RaccoonStealer: 用於從受感染主機竊取敏感信息,該惡意軟體會從各類應用程式中竊取資料,包括登入憑證、信用卡資訊、歷史瀏覽記錄、Cookie 以及加密貨幣錢包帳戶等。Redline: 一款以 C# 編寫的惡意軟體,它會從受感染的電腦中竊取儲存於瀏覽器、VPN、和線上通訊工具的憑證與個人資訊,並且擁有下載遠端檔案的能力。SocGholish: 利用社交工程技術,透惡意的 JavaScript 框架偽裝成系統或瀏覽器的更新訊息,以引誘使用者下載惡意程式。Socks5Systemz:是一種殭屍網路,利用其感染能力建立一個由受害裝置組成的網路。這些裝置被用來轉發惡意流量。Ursnif:用於從受感染主機竊取敏感信息,也可以充當惡意程式下載工具。此惡意軟體通常藉由惡意電子郵件或漏洞攻擊包(exploit kit)傳播。VenomRAT:已在實際環境中觀察到使用VHD檔案的VenomRat惡意軟體攻擊活動。該攻擊從一封釣魚電子郵件開始,郵件中附有偽裝成採購訂單的壓縮檔附件,用以誘騙使用者開啟。XLoader:是一種自2016年起便被使用的資訊竊取型惡意軟體。它曾被稱為Formbook,是一種惡意軟體即服務,以從網頁瀏覽器、電子郵件客戶端及檔案傳輸協定(FTP)應用程式中竊取資料而聞名。TWCERT-IoC : 聯盟會員分享或接收之外部情資與Virus Check分析可疑檔案,可能包含近期攻擊事件所發現之惡意網域、惡意 IP Address、及惡意程式(MD5、SHA-1及SHA-256)等資訊。*若貴公司因服務之必要無法將有風險之IP列入黑名單, 為避免影響正常服務, 可將該IP列為觀察名單,監控與此IP連線的設備與流量等防護措施, 以降低資安風險。*如貴單位有發現可疑的攻擊/探嗅活動(log)、攻擊資訊(如IoC, IoA)或惡意程式樣本,歡迎提供給TWCERT/CC,我們將去識別化後通報給相關CERT或資安單位,以達到資安聯防的效果。◎建議措施:請參考附件之名單做相關防範措施。TLP: AMBER TWCERT-TWISAC-202512-0007◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_527503.html [TWCERT 分享資安情資]_Amadey、Malware及TWCERT-IoC 觀測IoC分享_1208 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527503.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527503.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527503.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet 產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料及權限提升。FortiWeb的漏洞CVE-2025-58034 正被廣泛利用並可能允許經過驗證的攻擊者透過精心設計的 HTTP 請求或 CLI 命令在底層系統上執行未經授權的程式碼。二、存在風險        Fortinet 產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料及權限提升。FortiWeb的漏洞CVE-2025-58034 正被廣泛利用並可能允許經過驗證的攻擊者透過精心設計的 HTTP 請求或 CLI 命令在底層系統上執行未經授權的程式碼,其影響系統如下:受影響之系統/漏洞描述:FortiOSFortiOS 6.0 所有版本FortiOS 6.2 所有版本FortiOS 6.4 所有版本FortiOS 7.0 所有版本FortiOS 7.2 所有版本FortiOS 7.4 所有版本FortiOS 7.4.0 至 7.4.8FortiOS 7.6.0 至 7.6.3FortiProxyFortiProxy 7.0 所有版本FortiProxy 7.2 所有版本FortiProxy 7.4 所有版本FortiProxy 7.6.0 至 7.6.3FortiWebFortiWeb 7.0 所有版本FortiWeb 7.0.0 至 7.0.11FortiWeb 7.2 所有版本FortiWeb 7.2.0 至 7.2.11FortiWeb 7.4 所有版本FortiWeb 7.4.0 至 7.4.10FortiWeb 7.6.0 至 7.6.5FortiWeb 8.0.0 至 8.0.1FortiMailFortiMail 7.0 所有版本FortiMail 7.2 所有版本FortiMail 7.4.0 至 7.4.5FortiMail 7.6.0 至 7.6.3FortiClientWindowsFortiClientWindows 7.0 所有版本FortiClientWindows 7.2.0 至 7.2.10FortiClientWindows 7.4.0 至 7.4.3FortiSASEFortiSASE 25.3.bFortiPAMFortiPAM 1.0 所有版本FortiPAM 1.1 所有版本FortiPAM 1.2 所有版本FortiPAM 1.3 所有版本FortiPAM 1.4 所有版本FortiPAM 1.5 所有版本FortiPAM 1.6.0三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:FortiOS請將 FortiOS 6.0 所有版本更新。請將 FortiOS 6.2 所有版本更新。請將 FortiOS 6.4 所有版本更新。請將 FortiOS 7.0 所有版本更新。請將 FortiOS 7.2 所有版本更新。請將 FortiOS 7.4 所有版本更新。請將 FortiOS 7.4.0 至 7.4.8 更新至7.4.9或更高版本。FortiProxy請將 FortiProxy 7.0 所有版本更新。請將 FortiProxy 7.2 所有版本更新。請將 FortiProxy 7.4 所有版本更新。請將 FortiProxy 7.6.0 至 7.6.3 更新至7.6.4或更高版本。FortiWeb請將 FortiWeb 7.0 所有版本更新。請將 FortiWeb 7.0.0 至 7.0.11 更新至7.0.12或更高版本。請將 FortiWeb 7.2 所有版本更新。請將 FortiWeb 7.4 所有版本更新。請將 FortiWeb 7.6.0 至 7.6.5 更新至7.6.6或更高版本。請將 FortiWeb 8.0.0 至 8.0.1 更新至8.0.2或更高版本。FortiMail請將 FortiMail 7.0 所有版本更新。請將 FortiMail 7.2 所有版本更新。請將 FortiMail 7.4.0 至 7.4.5 更新至7.4.6或更高版本。請將 FortiMail 7.6.0 至 7.6.3 更新至7.6.4或更高版本。FortiClientWindows請將 FortiClientWindows 7.0 所有版本更新。請將 FortiClientWindows 7.2.0 至 7.2.10 更新至7.2.11或更高版本。請將 FortiClientWindows 7.4.0 至 7.4.3 更新至7.4.4或更高版本。FortiSASE請將 FortiSASE 25.3.b 更新至25.3.c或更高版本。FortiPAM請將 FortiPAM 1.0 所有版本更新。請將 FortiPAM 1.1 所有版本更新。請將 FortiPAM 1.2 所有版本更新。請將 FortiPAM 1.3 所有版本更新。請將 FortiPAM 1.4 所有版本更新。請將 FortiPAM 1.5 所有版本更新。請將 FortiPAM 1.6.0 更新至1.6.1或更高版本。        情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-25-112https://fortiguard.fortinet.com/psirt/FG-IR-25-125https://fortiguard.fortinet.com/psirt/FG-IR-25-358https://fortiguard.fortinet.com/psirt/FG-IR-25-513https://fortiguard.fortinet.com/psirt/FG-IR-25-545https://fortiguard.fortinet.com/psirt/FG-IR-25-632https://fortiguard.fortinet.com/psirt/FG-IR-25-634https://fortiguard.fortinet.com/psirt/FG-IR-25-843https://fortiguard.fortinet.com/psirt/FG-IR-25-844     https://www.kjintelligent.com/en/hot_526320.html [Cybersecurity Vulnerability Notice]_Fortinet 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526320.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526320.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526320.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】TWCERT/CC近期接獲外部情資,發現攻擊者偽冒公司內部主管名義,發起社交工程攻擊,誘使收件者開啟郵件並依照指示內容執行作業。建議加強防範與通知各單位提高警覺,避免點擊郵件附檔與連結,以免受駭。已知攻擊郵件特徵內容如下:「為便於公司管理,麻煩你建立一個專屬的公司內部 LINE 群組。建成後,請將群組的QR Code轉寄到此信箱,我稍等進群安排工作。」◎建議措施:1. 建議留意可疑電子郵件,注意郵件來源正確性,不點擊不明的網址或連結,進入可疑網站不輸入個資、帳號密碼及金融資訊。2. 建議定期更換符合複雜性需求之密碼,並啟用多因子認證(MFA),以提高安全防護措施。3. 網路管理人員應參考最新受駭偵測指標,確實實施預防性阻擋措施,以攔截並過濾可疑郵件。4. 加強內部宣導,提升人員資安意識,以防範駭客利用電子郵件進行社交工程攻擊。◎相關IOC資訊:◎備註:◎參考資料:無 https://www.kjintelligent.com/en/hot_527086.html [TWCERT 分享資安情資]_社交工程攻擊通告:請加強防範以偽冒企業主管名義並以協助群組建立為由之社交工程 郵件攻擊 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527086.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527086.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527086.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet FortiWeb 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險         Fortinet FortiWeb 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:FortiWeb 7.0.0 至 7.0.11FortiWeb 7.2.0 至 7.2.11FortiWeb 7.4.0 至 7.4.9FortiWeb 7.6.0 至 7.6.4FortiWeb 8.0.0 至 8.0.1三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將 FortiWeb 7.0.0 至 7.0.11 更新至 7.0.12 或更高版本。請將 FortiWeb 7.2.0 至 7.2.11 更新至 7.2.12 或更高版本。請將 FortiWeb 7.4.0 至 7.4.9 更新至 7.4.10 或更高版本。請將 FortiWeb 7.6.0 至 7.6.4 更新至 7.6.5 或更高版本。請將 FortiWeb 8.0.0 至 8.0.1 更新至 8.0.2 或更高版本。       情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-25-910 https://www.kjintelligent.com/en/hot_526314.html [Cybersecurity Vulnerability Notice]_Fortinet FortiWeb 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526314.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526314.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526314.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2021-26829】OpenPLC ScadaBR Cross-site Scripting Vulnerability (CVSS v3.1: 5.4)【是否遭勒索軟體利用:未知】OpenPLC ScadaBR 存在可透過 system_settings.shtm 檔案觸發的跨網站指令碼漏洞。◎建議措施:【CVE-2021-26829】對應產品升級至以下版本(或更高)OpenPLC ScadaBR Linux 0.9.1(不含)之後的版本OpenPLC ScadaBR Windows 1.12.4(不含)之後的版本◎相關IOC資訊:◎備註:◎參考資料:【CVE-2021-26829】1.https://nvd.nist.gov/vuln/detail/cve-2021-268292.https://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4 https://www.kjintelligent.com/en/hot_527089.html [TWCERT 分享資安情資]_CISA新增1個已知遭駭客利用之漏洞至KEV目錄(2025/11/24-2025/11/30) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527089.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_527089.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_527089.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Fortinet旗下FortiWeb是一款提供網站應用程式的防火牆產品,其功能涵蓋異常偵測、API保護、機器人緩解和進階威脅分析等。日前,Fortinet發布重大資安漏洞公告(CVE-2025-64446,CVSS:9.8),此漏洞為相對路徑遍歷漏洞,可能允許未經身分驗證的攻擊者,透過精心設計的HTTP或HTTPs請求,在系統上執行管理命令。備註:目前Fortinet已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:請更新至以下版本:FortiWeb 7.0.12版本、FortiWeb 7.2.12版本、FortiWeb 7.4.10版本、FortiWeb 7.6.5版本、FortiWeb 8.0.2版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-9102. https://nvd.nist.gov/vuln/detail/CVE-2025-64446 https://www.kjintelligent.com/en/hot_526312.html [TWCERT 分享資安情資]_Fortinet旗下FortiWeb存在重大資安漏洞(CVE-2025-64446) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526312.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526312.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526312.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Palo Alto PAN-OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況。二、存在風險        Palo Alto PAN-OS 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:PAN-OS 10.2 版本 >= 10.2.4-h25, >= 10.2.7-h11, < 10.2.7-h24, >= 10.2.8-h10, < 10.2.8-h21, >= 10.2.9-h6, < 10.2.9-h21, >= 10.2.10-h2, < 10.2.10-h14, < 10.2.11-h12,< 10.2.12-h6, < 10.2.13-h3, < 10.2.14 >= 10.2.8, < 10.2.14PAN-OS 11.1 版本 >= 11.1.2-h9, < 11.1.2-h18, >= 11.1.3-h2, >= 11.1.4-h4, < 11.1.4-h13, < 11.1.6-h1, < 11.1.7PAN-OS 11.2 版本 < 11.2.2-h2, < 11.2.3-h6, < 11.2.4-h4, < 11.2.5PAN-OS Prisma Access 版本  >= 10.2.4-h25, < 10.2.10-h14, < 11.2.4-h4三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:https://security.paloaltonetworks.com/CVE-2025-4619        情資報告連結:https://security.paloaltonetworks.com/CVE-2025-4619 https://www.kjintelligent.com/en/hot_526316.html [Cybersecurity Vulnerability Notice]_Palo Alto PAN-OS 存在阻斷服務狀況漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526316.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526316.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526316.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Apache 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、仿冒及繞過身份驗證。二、存在風險        Apache 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、仿冒及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Apache Tomcat versions 從 9.0.0.M1 到 9.0.109 的版本Apache Tomcat versions 從 10.1.0-M1 到 10.1.46 的版本Apache Tomcat versions 從 11.0.0-M1 到 11.0.11 的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 Apache Tomcat 9.0.110 或之後的版本。請更新至 Apache Tomcat 10.1.47 或之後的版本。請更新至 Apache Tomcat 11.0.12 或之後的版本。       情資報告連結:https://tomcat.apache.org/security-9.htmlhttps://tomcat.apache.org/security-10.htmlhttps://tomcat.apache.org/security-11.html https://www.kjintelligent.com/en/hot_525182.html [Cybersecurity Vulnerability Notice]_Apache 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525182.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525182.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525182.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Catalyst Center是Cisco提供的網路管理平台,藉由自動化配置和部署功能,可協助網路管理人員更有效率管理和監控企業網路環境。近日,Cisco發布重大資安漏洞公告(CVE-2025-20341,CVSS:8.8),該漏洞源於使用者輸入資料驗證不足,允許攻擊者可向受影響的系統發送精心設計的HTTP請求,對系統進行未授權的修改。備註:攻擊者若要使用此漏洞,必須至少具有「Observer」角色的有效憑證◎建議措施:請更新至以下版本:Cisco Catalyst Center 2.3.7.10-VA(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX2. https://nvd.nist.gov/vuln/detail/CVE-2025-20341 https://www.kjintelligent.com/en/hot_525869.html [TWCERT 分享資安情資]_Cisco旗下Catalyst Center存在重大資安漏洞(CVE-2025-20341) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525869.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525869.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525869.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Aruba產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、繞過身份驗證、洩露敏感資料、資料篡改及遠端執行任意程式碼。二、存在風險        Aruba產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、繞過身份驗證、洩露敏感資料、資料篡改及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:HPE Aruba Networking AOS-CX Software 版本:AOS-CX 10.16.xxxx:10.16.1000 及以下版本AOS-CX 10.15.xxxx:10.15.1020 及以下版本AOS-CX 10.14.xxxx:10.14.1050 及以下版本AOS-CX 10.13.xxxx:10.13.1090 及以下版本AOS-CX 10.10.xxxx:10.10.1160 及以下版本HPE Aruba Networking 100 Series Cellular Bridge 版本:AOS-10.7.1.x:10.7.1.1 及以下版本HPE Aruba Networking Management Software (AirWave):8.3.0.4 及以下版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_UShttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_UShttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US https://www.kjintelligent.com/en/hot_526319.html [Cybersecurity Vulnerability Notice]_Aruba 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526319.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526319.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526319.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        ASUS 路由器存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險         ASUS 路由器存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:DSL-AC51: 1.1.2.3_1010 之前版本DSL-N16: 1.1.2.3_1010 之前版本DSL-AC750: 1.1.2.3_1010 之前版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 DSL-AC51: 1.1.2.3_1010 或之後版本。請更新至 DSL-N16: 1.1.2.3_1010 或之後版本。請更新至 DSL-AC750: 1.1.2.3_1010 或之後版本。       情資報告連結:https://www.asus.com/security-advisory https://www.kjintelligent.com/en/hot_526315.html [Cybersecurity Vulnerability Notice]_ASUS 路由器存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526315.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526315.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526315.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】FortiVoice是Fortinet是一款提供企業的通訊系統,整合語音通話、會議、聊天和傳真等功能,支援混合和遠端工作環境。近日,Fortinet發布重大資安漏洞公告(CVE-2025-58692,CVSS:8.8),此漏洞為SQL注入漏洞,允許經過身分驗證的攻擊者,透過精心設計的HTTP或HTTPs請求,執行未經授權的程式碼或指令。◎建議措施:請更新至以下版本:FortiVoice 7.0.8版本、FortiVoice 7.2.3版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-6662. https://nvd.nist.gov/vuln/detail/CVE-2025-58692 https://www.kjintelligent.com/en/hot_526313.html [TWCERT 分享資安情資]_Fortinet 旗下 FortiVoice存在SQL注入漏洞(CVE-2025-58692) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526313.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526313.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526313.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          資安業者Palo Alto Networks揭露安卓間諜軟體LandFall的攻擊行動,鎖定伊拉克、伊朗、土耳其,以及摩洛哥等國家而來,過程裡利用三星今年4月修補的手機零時差漏洞CVE-2025-21042。二、存在風險         資安業者Palo Alto Networks揭露安卓間諜軟體LandFall的攻擊行動,利用三星今年4月修補的手機零時差漏洞CVE-2025-21042。此間諜軟體具備全面監控的能力,包含麥克風錄音、地理位置追蹤,以及任意檔案、聯絡人與通話記錄。         攻擊者透過格式錯誤的數位負片檔案(DNG檔)觸發,透過「零點擊」(zero-click)方式傳送,利用了三星影像處理庫 (libimagecodec.quram.so)中的漏洞(CVE-2025-21042/SVE-2024-1969), 並在受害裝置植入間諜軟體。而對於間諜軟體的來源,Palo Alto Networks推測,這項威脅與專門開發及販售商業間諜軟體的公司(Private Sector Offensive Actors,PSOA)有關,原因是相關活動與其他中東的商業間諜軟體共用部分基礎設施,但他們無法確認LandFall開發商的身分。         該間諜軟體主要針對三星 Galaxy 系列裝置(如 S23、S24、Fold4、Flip4 等)進行監控活動。IoC:WhatsApp Image 2025-02-10 at 4.54.17 PM.jpeg SHA256 Hash: 297888746158e38d320b05b27b0032b2cc29231be8990d87bc46f1e06456f93 WhatsApp Image 2024-08-27 at 11.48.40 AM.jpegSHA256 Hash:c0f30c2a2d6f95b57128e78dc0b7180e69315057e62809de1926b75f86516b2ePHOTO-2024-08-27-11-48-41.jpgSHA256 Hash: b975b499baa3119ac5c2b3379306d4e50b9610e9bba3e56de7dfd3927a96032dIMG-20250120-WA0005.jpgSHA256 Hash: b06dec10e8ad0005ebb9da24204c96cb2e297bd8d418bc1c8983d066c0997756 IMG-20240723-WA0001.jpgSHA256 Hash: 29882a3c426273a7302e852aa77662e168b6d44dcebfca53757e29a9cdf02483IMG-20240723-WA0000.jpgSHA256 Hash: b45817ffb0355badcc89f2d7d48eecf00ebdf2b966ac986514f9d971f6c57d18b.so componentffeeb0356abb56c5084756a5ab0a39002832403bca5290bb6d794d14b642 fffe2d2fafc7100f33a11089e98b660a85hd479eab761b137cca83b166d19629dd3b0a62a2400bf93ed84ebadf22b4441924f904d3fcda7d1507ba309a4b1801d44444953841073d3d51e0f2e1586b6050af62de886f5448735d963dfc026580096d81bd211311468f36731005031d5f77d4d4d716e80cbf3c1f0bb1f148f220092051326169cf56ac6f38888efa7a1306977431fdledb369a5fd4591ce37b72b7e0195555ee三、建議改善措施如使用的是三星 Galaxy 裝置,請確保已安裝 2025 年 4 月或以後的韌體更新,以涵蓋 CVE-2025-21042 的修補。留意來自 WhatsApp 或其他通訊應用程式的可疑影像檔案,特別是 DNG 或命名類似 “WhatsApp Image…” 的檔案,不輕易開啟。安裝並啟用可信的行動安全/防惡意程式工具,並留意是否有異常通訊、電量消耗異常、裝置過熱等可疑跡象。        情資報告連結:https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ https://www.kjintelligent.com/en/hot_525874.html [Cybersecurity Vulnerability Notice]_間諜軟體LandFall鎖定三星裝置零時差漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525874.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525874.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525874.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Catalyst Center是Cisco提供的網路管理平台,藉由自動化配置和部署功能,可協助網路管理人員更有效率管理和監控企業網路環境。近日,Cisco發布重大資安漏洞公告(CVE-2025-20341,CVSS:8.8),該漏洞源於使用者輸入資料驗證不足,允許攻擊者可向受影響的系統發送精心設計的HTTP請求,對系統進行未授權的修改。備註:攻擊者若要使用此漏洞,必須至少具有「Observer」角色的有效憑證◎建議措施:請更新至以下版本:Cisco Catalyst Center 2.3.7.10-VA(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX2. https://nvd.nist.gov/vuln/detail/CVE-2025-20341 https://www.kjintelligent.com/en/hot_526309.html [TWCERT 分享資安情資]_Cisco旗下Catalyst Center存在重大資安漏洞(CVE-2025-20341) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526309.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526309.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526309.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-21042】Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】三星行動裝置在 libimagecodec.quram.so 中存在越界寫入漏洞。該漏洞可能使遠端攻擊者得以執行任意程式碼。【CVE-2025-12480】Gladinet Triofox Improper Access Control Vulnerability (CVSS v3.1: 9.1)【是否遭勒索軟體利用:未知】Gladinet Triofox 存在不當存取控制漏洞,該漏洞允許在設定完成後仍可存取初始設定頁面。【CVE-2025-62215】Microsoft Windows Race Condition Vulnerability (CVSS v3.1: 7.0)【是否遭勒索軟體利用:未知】Microsoft Windows 核心存在競爭條件漏洞,允許具低階權限的本機攻擊者提升權限。成功利用此漏洞後,攻擊者可能取得 SYSTEM 級別存取權限。【CVE-2025-9242】WatchGuard Firebox Out-of-Bounds Write Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】WatchGuard Firebox 的作業系統中 iked 程序存在越界寫入漏洞,可能允許未經認證的遠端攻擊者執行任意程式碼。【CVE-2025-64446】Fortinet FortiWeb Path Traversal Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Fortinet FortiWeb 存在相對路徑遍歷漏洞,未經驗證的攻擊者可透過特製的 HTTP 或 HTTPS 請求在系統上執行管理指令。◎建議措施:【CVE-2025-21042】官方已針對漏洞釋出修復更新,請更新至相關版本https://security.samsungmobile.com/securityUpdate.smsb【CVE-2025-12480】對應產品升級至以下版本(或更高)TrioFox 16.7.10368.56560(不含)之後的版本【CVE-2025-62215】官方已針對漏洞釋出修復更新,請更新至相關版本https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215【CVE-2025-9242】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015【CVE-2025-64446】官方已針對漏洞釋出修復更新,請更新至相關版本https://fortiguard.fortinet.com/psirt/FG-IR-25-910◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-21042】1.https://nvd.nist.gov/vuln/detail/cve-2025-210422.https://security.samsungmobile.com/securityUpdate.smsb【CVE-2025-12480】1.https://nvd.nistTLP: CLEAR TWCERT-TWISAC-202511-0022.gov/vuln/detail/cve-2025-124802.https://access.triofox.com/releases_history/【CVE-2025-62215】1.https://nvd.nist.gov/vuln/detail/cve-2025-622152.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215【CVE-2025-9242】1.https://nvd.nist.gov/vuln/detail/cve-2025-92422.https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015【CVE-2025-64446】1.https://nvd.nist.gov/vuln/detail/cve-2025-644462.https://fortiguard.fortinet.com/psirt/FG-IR-25-910 https://www.kjintelligent.com/en/hot_526311.html [TWCERT 分享資安情資]_CISA新增5個已知遭駭客利用之漏洞至KEV目錄(2025/11/10-2025/11/16) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526311.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_526311.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_526311.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Synology 存在漏洞,遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險     Synology 產品存在漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統或版本如下:BeeStation OS 1.3BeeStation OS 1.2BeeStation OS 1.1BeeStation OS 1.0三、建議改善措施:    請將BeeStation OS更新至1.3.2-65648或更高版本。        情資報告連結:https://www.synology.com/en-global/security/advisory/Synology_SA_25_12 https://www.kjintelligent.com/en/hot_525872.html [Cybersecurity Vulnerability Notice]_Synology 零日遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525872.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525872.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525872.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】微軟針對旗下產品SQL Server發布重大資安漏洞公告(CVE-2025-59499,CVSS:8.8),此漏洞為SQL注入漏洞,允許經授權的攻擊者透過網路注入精心設計的SQL指令並提升權限。◎建議措施:根據官方網站釋出解決方式進行修補:https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2025-59499◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2025-594992. https://nvd.nist.gov/vuln/detail/CVE-2025-59499 https://www.kjintelligent.com/en/hot_525868.html [TWCERT 分享資安情資]_Microsoft SQL Server 存在重大資安漏洞(CVE-2025-59499) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525868.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         SAP 存在多個漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及資料篡改。二、存在風險        漏洞出現在名為SQL Anywhere Monitor的系統,是屬於安全性不足的金鑰及機密管理而造成的漏洞,起因是此應用程式將憑證嵌入程式碼,導致特定資源或功能曝露,攻擊者有機會藉此執行任何程式碼,使得相關系統的機密性、完整性,以及可用性面臨高風險。一旦IT人員套用修補程式,將會完全移除SQL Anywhere Monitor,假如無法及時套用修補程式,應停止使用此系統,並且刪除所有SQL Anywhere Monitor資料庫的實體。        另一項重大漏洞CVE-2025-42887,影響SAP Solution Manager,為程式碼注入型態的弱點,CVSS風險值為9.9,問題出在對於置入的程式碼缺乏過濾與管控,通過身分驗證的攻擊者在呼叫能遠端啟用的功能模組過程裡,插入惡意程式碼,進而對系統完全控制,對於機密性、完整性,以及可用性造成重大影響。Onapsis也透露SAP對此漏洞的處理方法,是增加輸入檢查機制,大量排除非英數的字元因應。受影響之系統/漏洞描述:SQL Anywhere Monitor (Non-Gui)SYBASE_SQL_ANYWHERE_SERVER v17.0SAP NetWeaver AS JavaSERVERCORE 7.50SAP Solution ManagerST 720SAP CommonCryptoLibCRYPTOLIB 8SAP HANA JDBC ClientHDB_CLIENT 2.0SAP Business ConnectorSAP BC 4.8(OS Command Injection)SAP BC 4.8(Path Traversal)SAP BC 4.8(Open Redirect)SAP BC 4.8(Reflected XSS)SAP NetWeaver Enterprise PortalEP-BASIS 7.50EP-RUNTIME 7.50SAP S/4HANA Landscape (SAP E-Recruiting BSP)S4ERECRT 100/200ERECRUIT 600-617ERECRUIT 800-802SAP HANA 2.0 (hdbrss)HDB 2.00SAP GUI for WindowsBC-FES-GUI 8.00BC-FES-GUI 8.10SAP Starter Solution (PL SAFT)SAP_APPL 600-606, 616SAP_FIN 617-618, 700, 720, 730S4CORE 100-104SAP NetWeaver Application Server JavaENGINEAPI 7.50EP-BASIS 7.50SAP Business One (SLD)B1_ON_HANA 10.0SAP-M-BO 10.0SAP S4CORE (Manage Journal Entries)S4CORE 104-108SAP NetWeaver Application Server for ABAP (Migration Workbench)SAP_BASIS 700-758SAP_BASIS 816SAP Fiori for SAP ERPSAP_GWFND 740-758 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html https://www.kjintelligent.com/en/hot_525873.html [Cybersecurity Vulnerability Notice]_SAP 產品多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525873.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525873.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525873.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-42887,CVSS:9.9】此漏洞缺少輸入清理機制,允許經過身分驗證的攻擊者呼叫遠端功能模組時,植入惡意程式碼,影響系統的機密性、完整性和可用性。【CVE-2025-42890,CVSS:10.0】SQL Anywhere Monitor (Non-GUI) 存在金鑰和金鑰管理安全漏洞,該漏洞源於程式中直接嵌入憑證,可能使未經授權的攻擊者取得系統資源或執行任意程式碼,影響系統的機密性、完整性和可用性。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html2. https://nvd.nist.gov/vuln/detail/CVE-2025-428873. https://nvd.nist.gov/vuln/detail/CVE-2025-42890 https://www.kjintelligent.com/en/hot_525870.html [TWCERT 分享資安情資]_SAP針對旗下2款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525870.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525870.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525870.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        QNAP於近期釋出QTS和QuTS hero的 漏洞更新,其修補 7 個在國際駭客競賽 Pwn2Own Ireland 2025 中被成功利用的零日漏洞(Zero-Day Vulnerability),其漏洞允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及權限提升。     二、存在風險        QNAP NAS 於近期釋出QTS和QuTS hero的漏洞更新,此次修補的漏洞涵蓋多個方面,其漏洞允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及權限提升。        作業系統層面,QTS 與 QuTS hero 存在三項漏洞(CVE-2025-62847、CVE-2025-62848、CVE-2025-62849)。        應用程式方面,Hyper Data Protector 資料保護軟體存在 CVE-2025-59389 漏洞、Malware Remover 惡意軟體移除工具存在 CVE-2025-11837 漏洞、HBS 3 Hybrid Backup Sync 混合備份同步軟體則有 CVE-2025-62840 與 CVE-2025-62842 兩項漏洞。其影響系統或版本如下:QTS 5.2.x QuTS hero h5.2.xQuTS hero h5.3.xQuLog Center 1.8.xQsync Central 5.0.x QuMagie 2.6.xHBS 3 Hybrid Backup Sync 26.1.xNotification Center 1.9.x (for QTS 5.2.x, QuTS hero h5.2.x)Notification Center 2.1.x (for QuTS hero h5.3.x)Notification Center 3.0.x (for QuTS hero h5.6.x, h6.0.x)File Station 5 version 5.5.xDownload Station 5.10.x (for QTS 5.2.1)Download Station 5.10.x (for QuTS hero h5.2.1)Malware Remover 6.6.x Hyper Data Protector 2.2.x三、建議改善措施:請將QTS 5.2.x更新至20251024或更高版本。請將QuTS hero h5.2.x更新至20251024或更高版本。請將QuTS hero h5.3.x更新至20251024或更高版本。請將QuLog Center更新至1.8.2.923或更高版本。請將Qsync Central更新至5.0.0.3 或更高版本。請將QuMagie更新至2.7.3或更高版本。請將HBS 3 Hybrid Backup Sync更新至26.2.0.938或更高版本。請將Notification Center更新至1.9.2.3163或更高版本。請將Notification Center更新至2.1.0.3443或更高版本。請將Notification Center更新至3.0.0.3466或更高版本。請將File Station更新至5.5.6.5018或更高版本。請將Download Station更新至5.10.0.305或更高版本。請將Malware Remover更新至6.6.8.20251023或更高版本。請將Hyper Data Protector更新至2.2.4.1或更高版本。        情資報告連結:https://www.qnap.com/zh-tw/security-advisory/qsa-25-33https://www.qnap.com/zh-tw/security-advisory/qsa-25-37https://www.qnap.com/zh-tw/security-advisory/qsa-25-38https://www.qnap.com/zh-tw/security-advisory/qsa-25-40https://www.qnap.com/zh-tw/security-advisory/qsa-25-41https://www.qnap.com/zh-tw/security-advisory/qsa-25-42https://www.qnap.com/zh-tw/security-advisory/qsa-25-43https://www.qnap.com/zh-tw/security-advisory/qsa-25-45https://www.qnap.com/zh-tw/security-advisory/qsa-25-46https://www.qnap.com/zh-tw/security-advisory/qsa-25-47https://www.qnap.com/zh-tw/security-advisory/qsa-25-48 https://www.kjintelligent.com/en/hot_525871.html [Cybersecurity Vulnerability Notice]_QNAP釋出QTS和QuTS多個的漏洞更新 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525871.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525871.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525871.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制、仿冒及遠端執行任意程式碼。二、存在風險         Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過保安限制、仿冒及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 142.0.7444.59 (Linux) 之前的版本Google Chrome 142.0.7444.60 (Mac) 之前的版本Google Chrome 142.0.7444.59/60 (Windows) 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至 142.0.7444.59 (Linux) 或之後版本。請更新至 142.0.7444.60 (Mac) 或之後版本。請更新至 142.0.7444.59/60 (Windows) 或之後版本。       情資報告連結:https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html https://www.kjintelligent.com/en/hot_525181.html [Cybersecurity Vulnerability Notice]_Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525181.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525181.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525181.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料、繞過身份驗證及資料篡改。二、存在風險         Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料、繞過身份驗證及資料篡改,其影響系統如下:受影響之系統/漏洞描述:Ubuntu 22.04 LTSUbuntu 24.04 LTS三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://ubuntu.com/security/notices/USN-7833-4https://ubuntu.com/security/notices/USN-7835-4 https://www.kjintelligent.com/en/hot_525184.html [Cybersecurity Vulnerability Notice]_Ubuntu Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525184.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525184.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525184.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco Unified Contact Center Express (Unified CCX)是一款企業建立客服中心的解決方案,整合語音、即時訊息、電子郵件等多種客服管道,提升客戶服務效率。日前,Cisco發布重大資安漏洞公告(CVE-2025-20354,CVSS:9.8和CVE-2025-20358,CVSS:9.4),CVE-2025-20354為遠端執行程式碼漏洞,允許未經身分驗證的攻擊者在受影響的系統上傳任意檔案,使用root權限執行任意命令;CVE-2025-20358為繞過身分驗證漏洞,可能允許未經身分驗證的遠端攻擊者繞過身分驗證,取得腳本建立和執行相關的管理權限。◎建議措施:請更新至以下版本Cisco Unified Contact Center Express 12.5 SU3 ES07(含)之後版本、Cisco Unified Contact Center Express 15.0 ES01(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ2. https://www.cve.org/CVERecord?id=CVE-2025-203543. https://www.cve.org/CVERecord?id=CVE-2025-20358 https://www.kjintelligent.com/en/hot_525733.html [TWCERT 分享資安情資]_Cisco旗下Unified Contact Center Express(Unified CCX)存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525733.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525733.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525733.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。二、存在風險       Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 141.0.7390.122 (Linux) 之前的版本Google Chrome 141.0.7390.122/.123 (Mac) 之前的版本Google Chrome 141.0.7390.122/.123 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新 141.0.7390.122 (Linux) 或之後的版本。請更新 141.0.7390.122/.123 (Mac) 或之後的版本。請更新 141.0.7390.122/.123 (Windows) 或之後的版本。       情資報告連結:https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html https://www.kjintelligent.com/en/hot_525180.html [Cybersecurity Vulnerability Notice]_Google Chrome 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525180.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525180.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525180.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-48703】CWP Control Web Panel OS Command Injection Vulnerability (CVSS v3.1: 9.0)【是否遭勒索軟體利用:未知】CWP(又稱 Control Web Panel 或 CentOS Web Panel)存在作業系統指令注入漏洞,該漏洞允許透過檔案總管changePerm請求中t_total參數執行未經驗證的遠端程式碼。【CVE-2025-11371】Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability (CVSS v3.1:7.5)【是否遭勒索軟體利用:未知】Gladinet CentreStack 和 TrioFox 的預設安裝和設定,允許未經身分驗證的攻擊者可存取本機檔案漏洞。◎建議措施:【CVE-2025-48703】對應產品升級至以下版本(或更高)CentOS Web Panel 0.9.8.1205(含)之後的版本【CVE-2025-11371】對應產品升級至以下版本(或更高)CentreStack and TrioFox 16.7.10368.56560(不含)之後的版本◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-48703】1.https://nvd.nist.gov/vuln/detail/cve-2025-487032. https://control-webpanel.com/changelog【CVE-2025-11371】1.https://nvd.nist.gov/vuln/detail/cve-2025-113712. https://www.centrestack.com/p/gce_latest_release.html https://www.kjintelligent.com/en/hot_525732.html [TWCERT 分享資安情資]_CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2025/11/03-2025/11/09) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525732.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525732.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525732.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過身份驗證、仿冒及遠端執行任意程式碼。二、存在風險         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、繞過身份驗證、仿冒及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 142.0.3595.53 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請更新至 142.0.3595.53 或之後版本。       情資報告連結:http://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-31-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12036https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12428https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12429https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12430https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12431https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12432https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12433https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12434https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12435https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12436https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12437https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12438https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12439https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12440https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12441https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12443https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12444https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12445https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12446https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12447https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60711 https://www.kjintelligent.com/en/hot_525185.html [Cybersecurity Vulnerability Notice]_Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525185.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525185.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525185.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        IBM WebSphere 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料及繞過身份驗證。二、存在風險         IBM WebSphere 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:IBM WebSphere Application Server 9.0IBM WebSphere Application Server 8.5WebSphere Application Server - Liberty (Continuous delivery)三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.ibm.com/support/pages/node/7250035 https://www.kjintelligent.com/en/hot_525186.html [Cybersecurity Vulnerability Notice]_IBM WebSphere 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525186.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525186.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525186.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        VMware 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、洩露敏感資料及繞過身份驗證。二、存在風險        VMware 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:VMware Aria Operations 8.xVMware Tools 11.x.x, 12.x.x, 13.x.xVMware Cloud Foundation 4.x, 5.xVMware Telco Cloud Platform 4.x, 5.xVMware Telco Cloud Infrastructure 2.x, 3.xVMware Cloud Foundation Operations 9.x.x.x三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將 VMware Aria Operations 8.x 更新至 8.18.5。請將 VMware Tools 11.x.x, 12.x.x 更新至 12.5.4。請將 VMware Tools 13.x.x 更新至 13.0.5。請將 VMware Cloud Foundation 4.x, 5.x 更新至 KB92148。請將 VMware Telco Cloud Platform 4.x, 5.x 更新至 8.18.5。請將 VMware Telco Cloud Infrastructure 2.x, 3.x 更新至 8.18.5。請將 VMware Cloud Foundation Operations 9.x.x.x 更新至 9.0.1.0。       情資報告連結:https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 https://www.kjintelligent.com/en/hot_525183.html [Cybersecurity Vulnerability Notice]_VMWare 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525183.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525183.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525183.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料、阻斷服務狀況及繞過身份驗證。二、存在風險        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、洩露敏感資料、阻斷服務狀況及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.5.1, 18.4.3, 18.3.5 以前的版本GitLab Enterprise Edition (EE) 18.5.1, 18.4.3, 18.3.5 以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/       情資報告連結:https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://www.kjintelligent.com/en/hot_525179.html [Cybersecurity Vulnerability Notice] GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525179.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525179.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525179.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過身份驗證。二、存在風險       SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:openSUSE Leap 15.3openSUSE Leap 15.4SUSE Linux Enterprise High Performance Computing 12 SP5SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP4SUSE Linux Enterprise Live Patching 12-SP5SUSE Linux Enterprise Live Patching 15-SP3SUSE Linux Enterprise Live Patching 15-SP4SUSE Linux Enterprise Live Patching 15-SP6SUSE Linux Enterprise Live Patching 15-SP7SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Real Time 15 SP4SUSE Linux Enterprise Real Time 15 SP6SUSE Linux Enterprise Real Time 15 SP7SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server 15 SP3SUSE Linux Enterprise Server 15 SP4SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 12 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP3SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Linux Enterprise Server for SAP Applications 15 SP6SUSE Linux Enterprise Server for SAP Applications 15 SP7三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.suse.com/support/update/announcement/2025/suse-su-202503465-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503468-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503469-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503470-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503472-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503473-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503475-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503476-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503479-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503480-1/https://www.suse.com/support/update/announcement/2025/suse-su-202503482-1https://www.suse.com/support/update/announcement/2025/suse-su-202503483-1https://www.suse.com/support/update/announcement/2025/suse-su-202503485-1https://www.suse.com/support/update/announcement/2025/suse-su-202503494-1https://www.suse.com/support/update/announcement/2025/suse-su-202503495-1https://www.suse.com/support/update/announcement/2025/suse-su-202503496-1https://www.suse.com/support/update/announcement/2025/suse-su-202503497-1https://www.suse.com/support/update/announcement/2025/suse-su-202503498-1https://www.suse.com/support/update/announcement/2025/suse-su-202503503-1https://www.suse.com/support/update/announcement/2025/suse-su-202503504-1https://www.suse.com/support/update/announcement/2025/suse-su-202503514-1https://www.suse.com/support/update/announcement/2025/suse-su-202503515-1https://www.suse.com/support/update/announcement/2025/suse-su-202503528-1https://www.suse.com/support/update/announcement/2025/suse-su-202503529-1https://www.suse.com/support/update/announcement/2025/suse-su-202503538-1https://www.suse.com/support/update/announcement/2025/suse-su-202503539-1 https://www.kjintelligent.com/en/hot_524302.html [資安漏洞通知-CIO]_SUSE Linux 內核存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524302.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524302.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524302.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料。二、存在風險       Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Zoom Meeting SDK for Windows 6.5.5 之前的版本Zoom Rooms for Windows 6.5.1 之前的版本Zoom Rooms for macOS 6.5.1 之前的版本Zoom Rooms for Android 6.5.1 之前的版本Zoom Rooms for iOS 6.5.1 之前的版本Zoom Rooms for iPad 6.5.1 之前的版本Zoom Workplace for Windows 6.5.5 之前的版本Zoom Workplace VDI Client for Windows 6.3.15 及 6.4.13 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.zoom.com/en/trust/security-bulletin/zsb-25038/https://www.zoom.com/en/trust/security-bulletin/zsb-25039/ https://www.kjintelligent.com/en/hot_524304.html [資安漏洞通知-CIO]_Zoom 產品存在資料洩露漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524304.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524304.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524304.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Redis 產品存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險       Redis 產品存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:所有 Redis 軟件版本所有具備 Lua 腳本功能的 Redis OSS/CE/Stack 版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://redis.io/blog/security-advisory-cve-2025-49844/ https://www.kjintelligent.com/en/hot_524301.html [資安漏洞通知-CIO]_Redis 產品存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524301.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524301.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524301.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Docker Compose是用於定義與管理多個容器的應用工具,能簡化部署流程並提高開發效率。Docker發布重大資安漏洞更新公告(CVE-2025-62725,CVSS 4.x:8.9)並釋出更新版本,此為路徑遍歷漏洞,允許攻擊者繞過Compose的快取目錄,進而在主機上覆寫任意檔案。◎建議措施:更新 Docker Compose v2.40.2(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q2. https://nvd.nist.gov/vuln/detail/CVE-2025-62725 https://www.kjintelligent.com/en/hot_525177.html [TWCERT 分享資安情資]Docker Compose 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525177.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525177.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525177.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-6204】Dassault Systèmes DELMIA Apriso Code Injection Vulnerability (CVSS v3.1: 8.0)【是否遭勒索軟體利用:未知】Dassault Systèmes DELMIA Apriso 存在程式碼注入漏洞,可能允許攻擊者執行任意程式碼。【CVE-2025-6205】Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability (CVSS v3.1: 9.1)【是否遭勒索軟體利用:未知】Dassault Systèmes DELMIA Apriso 存在授權缺失漏洞,可能允許攻擊者取得對應程式的特權存取權限。【CVE-2025-41244】Broadcom VMware Aria Operations and VMware Tools Privilege Definedwith Unsafe Actions Vulnerability (CVSS v3.1: 7.8)【是否遭勒索軟體利用:未知】BroadcomVMware Aria Operations 與 VMware Tools 存在本機權限提升漏洞。具非管理員權限的惡意本機使用者,若能存取已安裝 VMware Tools 且由 Aria Operations 管理並啟用 SDMP 的虛擬機,即可利用此漏洞在該虛擬機上將權限提升至 root。【CVE-2025-24893】XWiki Platform Eval InjectionVulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:已知】XWiki Platform 存在 eval 注入漏洞,可能允許任何訪客透過向 SolrSearch 發送請求來執行任意遠端程式碼。◎建議措施:【CVE-2025-6204】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204【CVE-2025-6205】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205【CVE-2025-41244】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149【CVE-2025-24893】官方已針對漏洞釋出修復更新,請更新至相關版本https://jira.xwiki.org/browse/XWIKI-22149◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-6204】1.https://nvd.nist.gov/vuln/detail/cve-2025-62042.https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204【CVE-2025-6205】1.https://nvd.nist.gov/vuln/detail/cve-2025-62052.https://www.3ds.com/trust-center/secuTLP: CLEAR TWCERT-TWISAC-202511-0001rity/security-advisories/cve-2025-6205【CVE-2025-41244】1.https://nvd.nist.gov/vuln/detail/cve-2025-412442.https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149【CVE-2025-24893】1.https://nvd.nist.gov/vuln/detail/cve-2025-248932.https://jira.xwiki.org/browse/XWIKI-22149 https://www.kjintelligent.com/en/hot_525178.html CISA新增4個已知遭駭客利用之漏洞至KEV目錄(2025/10/27-2025/11/02) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525178.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_525178.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_525178.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、資料篡改、繞過身份驗證、遠端執行任意程式碼、仿冒及敏感資料洩露。二、存在風險       Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、資料篡改、繞過身份驗證、遠端執行任意程式碼、仿冒及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Firefox 144 以前版本Firefox ESR 115.29 以前版本Firefox ESR 140.4 以前版本Thunderbird 140.4 以前版本Thunderbird 144 以前版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 Firefox 144。請更新至 Firefox ESR 115.29。請更新至 Firefox ESR 140.4。請更新至 Thunderbird 140.4。請更新至 Thunderbird 144。       情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/https://www.mozilla.org/en-US/security/advisories/mfsa2025-82/https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/https://www.mozilla.org/en-US/security/advisories/mfsa2025-84/https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/ https://www.kjintelligent.com/en/hot_524306.html [資安漏洞通知-CIO]_Mozilla 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524306.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524306.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524306.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        7-Zip 壓縮工具存在 2 個非常嚴重的漏洞,分別為(CVE-2025-11001&CVE-2025-11002),其允許攻擊者透過誘騙方式,令使用者開啟含惡意代碼的 ZIP 壓縮檔,攻擊者即可在使用者電腦上執行代碼並取得系統控制權。二、存在風險       7-Zip 壓縮工具存在 2 個非常嚴重的漏洞,分別為(CVE-2025-11001&CVE-2025-11002),其允許攻擊者透過誘騙方式,令使用者開啟含惡意代碼的 ZIP 壓縮檔,攻擊者即可在使用者電腦上執行代碼並取得系統控制權,其影響系統如下:受影響之系統/漏洞描述:7-Zip Windows App 25.00 先前版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 25.01 或更高版本。       情資報告連結:https://www.ithome.com/0/888/789.htmhttps://today.line.me/hk/v3/article/RBVKkVM https://www.kjintelligent.com/en/hot_524303.html [資安漏洞通知-CIO] 7-zip 存在安全性漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524303.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524303.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524303.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。二、存在風險       Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 141.0.7390.65 (Linux) 之前的版本Google Chrome 141.0.7390.65/.66 (Mac) 之前的版本Google Chrome 141.0.7390.65/.66 (Windows) 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 141.0.7390.65 (Linux) 或之後版本。請更新至 141.0.7390.65/.66 (Mac) 或之後版本。請更新至 141.0.7390.65/.66 (Windows) 或之後版本。        情資報告連結:https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html https://www.kjintelligent.com/en/hot_524298.html [資安漏洞通知-CIO] Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524298.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524298.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524298.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
[TWCERT 分享資安情資] SAP Supplier Relationship Management (SRM)是企業用來管理與供應商合作關係與優化的系統。近期SAP月度更新公告,該服務存在1個重大資安漏洞(CVE-2025-42910,CVSS:9.0),此漏洞源於缺少文件類型或內容驗證,允許經過身分驗證的攻擊者上傳任意檔案,一旦被成功利用,攻擊者可能會對應用程式的機密性、完整性和可用性造成嚴重影響。◎建議措施:請至官方網站進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html2. https://www.cve.org/CVERecord?id=CVE-2025-42910 https://www.kjintelligent.com/en/hot_521471.html [TWCERT 分享資安情資]_SAP 針對旗下供應商關係管理系統修補重大資安漏洞(CVE-2025-42910) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521471.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521471.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521471.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】 一、摘要         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。   二、存在風險        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況,其影響系統如下: 受影響之系統/漏洞描述: Microsoft Edge 141.0.3537.71 之前的版本 三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: 請更新至 141.0.3537.71 或之後版本。         情資報告連結: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-9-2025 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11458 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11460 https://www.kjintelligent.com/en/hot_524295.html [Cybersecurity Vulnerability Notice]_Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524295.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524295.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524295.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Zimbra Collaboration Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發跨網站指令碼。二、存在風險        Zimbra Collaboration Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發跨網站指令碼,其影響系統如下:受影響之系統/漏洞描述:Zimbra Collaboration Kepler 9.0.0 P44 之前的版本Zimbra Collaboration Daffodil 10.0.13 之前的版本Zimbra Collaboration Daffodil 10.1.5 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixeshttps://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixeshttps://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes https://www.kjintelligent.com/en/hot_524300.html [資安漏洞通知-CIO] Zimbra Collaboration Suite 存在跨網站指令碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524300.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524300.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524300.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        甲骨文 E-Business Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        甲骨文 E-Business Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:甲骨文 E-Business Suite 版本 12.2.3-12.2.14三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.oracle.com/security-alerts/alert-cve-2025-61882.html https://www.kjintelligent.com/en/hot_524299.html [資安漏洞通知-CIO] 甲骨文 E-Business Suite 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524299.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524299.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524299.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Microsoft SharePoint Server 是一款企業級協作平台,提供文件管理與團隊協作等功能,是企業資訊整合的核心平台。【CVE-2025-59228,CVSS:8.8】此為不正確輸入驗證漏洞,允許經授權的攻擊者透過網路執行程式碼。【CVE-2025-59237,CVSS:8.8】此為未受信任之資料反序列化漏洞,允許經授權的攻擊者透過網路執行程式碼。◎建議措施:根據官方網站釋出解決方式進行修補:【CVE-2025-59228】https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59228【CVE-2025-59237】https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59237◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-592282. https://nvd.nist.gov/vuln/detail/CVE-2025-592283. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-592374. https://nvd.nist.gov/vuln/detail/CVE-2025-59237 https://www.kjintelligent.com/en/hot_524287.html [TWCERT 分享資安情資]_Microsoft 旗下SharePoint Server 存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524287.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524287.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524287.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、跨網站指令碼、繞過身份驗證、遠端執行任意程式碼及敏感資料洩露。二、存在風險        思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、跨網站指令碼、繞過身份驗證、遠端執行任意程式碼及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Cisco Secure Firewall Adaptive Security Appliance (ASA)Cisco Secure Firewall Threat Defense (FTD)Cisco IOSCisco IOS XE三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-PtmD7bgyhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-9800cl-openscep-SB4xtxzPhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat9k-acl-L4K7VXgDhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-cli-EB7cZ6yOhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-invalid-url-dos-Nvxszf6uhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-tacacs-hdB7thJwhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4ehttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cmd-inject-rPJM8BGLhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nbar-dos-LAvwTmeThttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secboot-UqFD8AvChttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpwred-x3MJyf5Mhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhtehttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-xss-VWyDgjOUhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3Ohttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUWhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB https://www.kjintelligent.com/en/hot_523526.html [Cybersecurity Vulnerability Notice] 思科產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523526.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523526.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523526.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】 近日多雲應用服務和安全廠商F5發布2個重大資安漏洞(CVE-2025-57780,CVSS 3.x:8.8和CVE-2025-61955,CVSS:8.8),皆為允許經過驗證且擁有本地存取權限的攻擊者提升權限,進而執行任意系統命令。◎建議措施:請更新至以下版本:F5OS - Appliance 1.8.3版本、F5OS - Appliance 1.5.4版本、F5OS - Chassis 1.8.2版本、F5OS - Chassis 1.6.4版本◎相關IOC資訊:◎備註:◎參考資料:1. https://my.f5.com/manage/s/article/K0001567712. https://nvd.nist.gov/vuln/detail/CVE-2025-577803. https://my.f5.com/manage/s/article/K0001567674. https://nvd.nist.gov/vuln/detail/CVE-2025-61955 https://www.kjintelligent.com/en/hot_524285.html [TWCERT 分享資安情資] F5 的OS存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524285.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524285.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524285.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證。二、存在風險        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.4.2, 18.3.4, 18.2.8 以前的版本GitLab Enterprise Edition (EE) 18.4.2, 18.3.4, 18.2.8 以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ https://www.kjintelligent.com/en/hot_524293.html [Cybersecurity Vulnerability Notice] GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524293.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524293.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524293.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、權限提升、阻斷服務、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證。二、存在風險        Fortinet 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、權限提升、阻斷服務、遠端執行任意程式碼、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:FortiOSFortiOS 6.0 所有版本FortiOS 6.2 所有版本FortiOS 6.4 所有版本FortiOS 7.0 所有版本FortiOS 7.2 所有版本FortiOS 7.4.0 至 7.4.8FortiOS 7.6.0 至 7.6.3FortiPAMFortiPAM 1.0 所有版本FortiPAM 1.1 所有版本FortiPAM 1.2 所有版本FortiPAM 1.3 所有版本FortiPAM 1.4.0 至 1.4.2FortiPAM 1.5.0FortiProxyFortiProxy 1.0 所有版本FortiProxy 1.1 所有版本FortiProxy 1.2 所有版本FortiProxy 2.0 所有版本FortiProxy 7.0 所有版本FortiProxy 7.2 所有版本FortiProxy 7.4 所有版本FortiProxy 7.6.0 至 7.6.3FortiSwitchManagerFortiSwitchManager 7.0.0 至 7.0.3FortiSwitchManager 7.2.0 至 7.2.5FortiMailFortiMail 7.0 所有版本FortiMail 7.2.0 至 7.2.6FortiMail 7.4.0 至 7.4.2FortiManagerFortiManager 6.0 所有版本FortiManager 6.2 所有版本FortiManager 6.4 所有版本FortiManager 7.0.0 至 7.0.13FortiManager 7.2.0 至 7.2.9FortiManager 7.4.1 至 7.4.5FortiManager 7.6.0 至 7.6.1FortiManager CloudFortiManager Cloud 7.4.1 至 7.4.3FortiNDRFortiNDR 1.5 所有版本FortiNDR 7.0 所有版本FortiNDR 7.1 所有版本FortiNDR 7.2 所有版本FortiNDR 7.4.0 至 7.4.8FortiNDR 7.6.0 至 7.6.1FortiRecorderFortiRecorder 7.0.0 至 7.0.4FortiTesterFortiTester 4.2 所有版本FortiTester 7.0 所有版本FortiTester 7.1 所有版本FortiTester 7.2 所有版本FortiTester 7.3 所有版本FortiTester 7.4.0 至 7.4.2FortiVoiceFortiVoice 6.0.7 至 6.0.12FortiVoice 6.4.0 至 6.4.9FortiVoice 7.0.0 至 7.0.4FortiWebFortiWeb 6.4 所有版本FortiWeb 7.0 所有版本FortiWeb 7.2 所有版本FortiWeb 7.4.0 至 7.4.4FortiWeb 7.6.0FortiAnalyzerFortiAnalyzer 6.0 所有版本FortiAnalyzer 6.2 所有版本FortiAnalyzer 6.4 所有版本FortiAnalyzer 7.0.0 至 7.0.13FortiAnalyzer 7.2.0 至 7.2.8FortiAnalyzer 7.4.0 至 7.4.5FortiAnalyzer 7.6.0 至 7.6.2FortiAnalyzer CloudFortiAnalyzer Cloud 6.4 所有版本FortiAnalyzer Cloud 7.0.1 至 7.0.13FortiAnalyzer Cloud 7.2.1 至 7.2.8FortiAnalyzer Cloud 7.4.1 至 7.4.5FortiSRAFortiSRA 1.4.0 至 1.4.2FortiSRA Cloud 1.5.0FortiClientMacFortiClientMac 7.0 所有版本FortiClientMac 7.2.1 至 7.2.11 FortiClientMac 7.4.0 至 7.4.3FortiClientWindowsFortiClientWindows 7.0 所有版本FortiClientWindows 7.2.1 至 7.2.11FortiClientWindows 7.4.0 至 7.4.3 三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新: FortiOS請將 FortiOS 6.0 所有版本更新。請將 FortiOS 6.2 所有版本更新。請將 FortiOS 6.4 所有版本更新。請將 FortiOS 7.0 所有版本更新。請將 FortiOS 7.2 所有版本更新。請將 FortiOS 7.4.0 至 7.4.8 更新至 7.4.9 或更高版本。請將 FortiOS 7.6.0 至 7.6.3 更新至 7.6.4 或更高版本。FortiPAM請將 FortiPAM 1.0 所有版本更新。請將 FortiPAM 1.1 所有版本更新。請將 FortiPAM 1.2 所有版本更新。請將 FortiPAM 1.3 所有版本更新。請將 FortiPAM 1.4.0 至 1.4.2 更新至 1.4.3 或更高版本。請將 FortiPAM 1.5.0 更新至 1.5.1 或更高版本。FortiProxy請將 FortiProxy 1.0 所有版本更新。請將 FortiProxy 1.1 所有版本更新。請將 FortiProxy 1.2 所有版本更新。請將 FortiProxy 2.0 所有版本更新。請將 FortiProxy 7.0 所有版本更新。請將 FortiProxy 7.2 所有版本更新。請將 FortiProxy 7.4 所有版本更新。請將 FortiProxy 7.6.0 至 7.6.3 更新至 7.6.4 或更高版本。FortiSwitchManager請將 FortiSwitchManager 7.0.0 至 7.0.3 更新至 7.0.4 或更高版本。請將 FortiSwitchManager 7.2.0 至 7.2.5 更新至 7.2.6 或更高版本。FortiMail請將 FortiMail 7.0 所有版本更新。請將 FortiMail 7.2.0 至 7.2.6 更新至 7.2.7 或更高版本。請將 FortiMail 7.4.0 至 7.4.2 更新至 7.4.3 或更高版本。FortiManager請將 FortiManager 6.0 所有版本更新。請將 FortiManager 6.2 所有版本更新。請將 FortiManager 6.4 所有版本更新。請將 FortiManager 7.0.0 至 7.0.13 更新至 7.0.14 或更高版本。請將 FortiManager 7.2.0 至 7.2.9 更新至 7.2.10 或更高版本。請將 FortiManager 7.4.1 至 7.4.5 更新至 7.4.6 或更高版本。請將 FortiManager 7.6.0 至 7.6.1 更新至 7.6.2 或更高版本。FortiManager Cloud請將 FortiManager Cloud 7.4.1 至 7.4.3 更新至 7.4.4 或更高版本。FortiNDR請將 FortiNDR 1.5 所有版本更新。請將 FortiNDR 7.0 所有版本更新。請將 FortiNDR 7.1 所有版本更新。請將 FortiNDR 7.2 所有版本更新。請將 FortiNDR 7.4.0 至 7.4.8 更新至 7.4.9 或更高版本。請將 FortiNDR 7.6.0 至 7.6.1 更新至 7.6.2 或更高版本。FortiRecorder請將 FortiRecorder 7.0.0 至 7.0.4 更新至 7.0.5 或更高版本。FortiTester請將 FortiTester 4.2 所有版本更新。請將 FortiTester 7.0 所有版本更新。請將 FortiTester 7.1 所有版本更新。請將 FortiTester 7.2 所有版本更新。請將 FortiTester 7.3 所有版本更新。請將 FortiTester 7.4.0 至 7.4.2 更新至 7.4.3 或更高版本。FortiVoice請將 FortiVoice 6.0.7 至 6.0.12更新。請將 FortiVoice 6.4.0 至 6.4.9 更新至 6.4.10 或更高版本。請將 FortiVoice 7.0.0 至 7.0.4 更新至 7.0.5 或更高版本。FortiWeb請將 FortiWeb 6.4 所有版本更新。請將 FortiWeb 7.0 所有版本更新。請將 FortiWeb 7.2 所有版本更新。請將 FortiWeb 7.4.0 至 7.4.4 更新至 7.4.5 或更高版本。請將 FortiWeb 7.6.0 更新至 7.6.1 或更高版本。FortiAnalyzer請將 FortiAnalyzer 6.0 所有版本更新。請將 FortiAnalyzer 6.2 所有版本更新。請將 FortiAnalyzer 6.4 所有版本更新。請將 FortiAnalyzer 7.0.0 至 7.0.13 更新至 7.0.14 或更高版本。請將 FortiAnalyzer 7.2.0 至 7.2.8 更新至 7.2.10 或更高版本。請將 FortiAnalyzer 7.4.0 至 7.4.5 更新至 7.4.6 或更高版本。請將 FortiAnalyzer 7.6.0 至 7.6.2 更新至 7.6.3 或更高版本。FortiAnalyzer Cloud請將 FortiAnalyzer Cloud 6.4 所有版本更新。請將 FortiAnalyzer Cloud 7.0.1 至 7.0.13 更新至 7.0.14 或更高版本請將 FortiAnalyzer Cloud 7.2.1 至 7.2.8 更新至 7.2.10 或更高版本。請將 FortiAnalyzer Cloud 7.4.1 至 7.4.5 更新至 7.4.6 或更高版本。FortiSRA請將 FortiSRA 1.4.0 至 1.4.2 更新至 1.4.3 或更高版本。請將 FortiSRA Cloud 1.5.0 更新至 1.5.1 或更高版本。FortiClientMac請將 FortiClientMac 7.0 所有版本更新。請將 FortiClientMac 7.2.1 至 7.2.11 更新至 7.2.12 或更高版本。請將 FortiClientMac 7.4.0 至 7.4.3 更新至 7.4.4 或更高版本。FortiClientWindows請將 FortiClientWindows 7.0 所有版本更新。請將 FortiClientWindows 7.2.1 至 7.2.11 更新至 7.2.12 或更高版本。請將 FortiClientWindows 7.4.0 至 7.4.3 更新至 7.4.4 或更高版本。        情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-23-354https://fortiguard.fortinet.com/psirt/FG-IR-24-041https://fortiguard.fortinet.com/psirt/FG-IR-24-228https://fortiguard.fortinet.com/psirt/FG-IR-24-361https://fortiguard.fortinet.com/psirt/FG-IR-24-372https://fortiguard.fortinet.com/psirt/FG-IR-24-442https://fortiguard.fortinet.com/psirt/FG-IR-24-452https://fortiguard.fortinet.com/psirt/FG-IR-24-457https://fortiguard.fortinet.com/psirt/FG-IR-24-487https://fortiguard.fortinet.com/psirt/FG-IR-24-542https://fortiguard.fortinet.com/psirt/FG-IR-24-546https://fortiguard.fortinet.com/psirt/FG-IR-25-037https://fortiguard.fortinet.com/psirt/FG-IR-25-126https://fortiguard.fortinet.com/psirt/FG-IR-25-653https://fortiguard.fortinet.com/psirt/FG-IR-25-664https://fortiguard.fortinet.com/psirt/FG-IR-25-684https://fortiguard.fortinet.com/psirt/FG-IR-25-685https://fortiguard.fortinet.com/psirt/FG-IR-25-756 https://www.kjintelligent.com/en/hot_524305.html [資安漏洞通知-CIO]_Fortinet 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524305.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524305.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524305.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】 Veeam Backup & Replication是Veeam核心備份軟體,近日Veeam發布重大資安漏洞公告。【CVE-2025-48983,CVSS:9.9】此漏洞存在Veeam Backup & Replication 的 Mount 服務中,允許經網域驗證的使用者,在備份基礎架構主機上執行遠端程式碼。【CVE-2025-48984,CVSS:9.9】此漏洞允許經網域驗證的使用者,在備份伺服器上執行遠端程式碼。◎建議措施:更新 Veeam Backup & Replication 12.3.2.4165 (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.veeam.com/kb4771 https://www.kjintelligent.com/en/hot_524288.html [TWCERT 分享資安情資]_Veeam旗下Veeam Backup & Replication備份軟體存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524288.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524288.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524288.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】微軟針對旗下產品Exchange Server發布重大資安漏洞公告(CVE-2025-59249,CVSS:8.8),此漏洞為弱身分驗證漏洞,允許經授權的攻擊透過網路提升權限。◎建議措施:根據官方網站釋出解決方式進行修補:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59249◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-592492. https://nvd.nist.gov/vuln/detail/CVE-2025-59249 https://www.kjintelligent.com/en/hot_524286.html [TWCERT 分享資安情資]_Microsoft Exchange Server 存在重大資安漏洞(CVE-2025-59249) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524286.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524286.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524286.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】 SAP Print Service是一項雲端列印解決方案,可將文件從雲端傳送至本地印表機,提供監控與管理列印追蹤功能。近期SAP月度更新公告,該服務存在1個重大資安漏洞(CVE-2025-42937,CVSS:9.8),此漏洞源於對使用者提供的路徑資訊驗證不足,導致未經身分驗證的攻擊者,可以遍歷目錄並覆蓋系統文件。◎建議措施:請至官方網站進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html2. https://www.cve.org/CVERecord?id=CVE-2025-42937 https://www.kjintelligent.com/en/hot_524289.html [TWCERT 分享資安情資] _SAP 針對旗下Print Service修補重大資安漏洞(CVE-2025-42937) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524289.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524289.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524289.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】 一、摘要         甲骨文 E-Business Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發敏感資料洩露。   二、存在風險        甲骨文 E-Business Suite 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發敏感資料洩露,其影響系統如下: 受影響之系統/漏洞描述: 甲骨文 E-Business Suite 版本 12.2.3-12.2.14 三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.oracle.com/security-alerts/alert-cve-2025-61884.html https://www.kjintelligent.com/en/hot_524296.html [Cybersecurity Vulnerability Notice]_甲骨文 E-Business Suite 存在資料洩露漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524296.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524296.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524296.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】 【CVE-2021-22555】Linux Kernel Heap Out-of-Bounds Write Vulnerability (CVSSv3.1: 8.3)【是否遭勒索軟體利用:未知】Linux核心存在堆積越界寫入漏洞,攻擊者可利用該漏洞透過使用者命名空間提升權限或造成DoS(透過堆積記憶體損毀方式)。【CVE-2010-3962】Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability (CVSS v3.1: 8.1)【是否遭勒索軟體利用:未知】Microsoft Internet Explorer存在未初始化記憶體損毀漏洞,可能允許遠端程式碼執行。【CVE-2021-43226】Microsoft Windows Privilege Escalation Vulnerability(CVSS v3.1: 7.8)【是否遭勒索軟體利用:已知】Microsoft Windows 通用日誌檔案系統驅動程式存在權限提升漏洞,可能允許具備本地特權的攻擊者繞過特定安全機制。【CVE-2013-3918】Microsoft Windows Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Microsoft Windows在InformationCardSigninHelper類別的ActiveX控制項 (icardie.dll) 存在越界寫入漏洞。攻擊者可透過特製的網頁來利用此漏洞。當使用者瀏覽該網頁時,此漏洞可能導致遠端程式碼執行。成功利用此漏洞的攻擊者可取得與當前使用者相同的權限。受影響的產品可能已達生命週期終止(EoL)或停止服務(EoS),建議使用者停止使用該產品。【CVE-2011-3402】MicrosoftWindows Remote Code Execution Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Microsoft Windows Kernel在核心模式驅動程式win32k.sys中的TrueType字型解析引擎存在漏洞,可能允許遠端攻擊者透過特製的字型資料,在Word文件或網頁中執行任意程式碼。【CVE-2010-3765】Mozilla Multiple Products Remote Code Execution Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Mozilla Firefox、SeaMonkey與Thunderbird在啟用JavaScript時存在未具體說明的漏洞。遠端攻擊者可透過與 nsCSSFrameConstructor::ContentAppended、appendChild方法、不正確的索引追蹤,及建立多個框架等相關的攻擊向量,導致記憶體損毀,進而執行任意程式碼。【CVE-2025-61882】Oracle E-Business Suite Unspecified Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:是】Oracle E-Business Suite 的 BI Publisher 整合元件存在未具體說明的漏洞,可能允許透過 HTTP 且未經驗證的攻擊者入侵並接管 Oracle Concurrent Processing。【CVE-2025-27915】Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability (CVSS v3.1: 5.4)【是否遭勒索軟體利用:未知】Synacor Zimbra Collaboration Suite(ZCS)的經典 Web 用戶端存在跨站指令碼(XSS)漏洞,起因於系統對 ICS 檔案中 HTML 內容的過濾不足。當使用者檢視含有惡意 ICS 項目的電子郵件時,內嵌的 JavaScript 會透過標籤內的 ontoggle 事件被執行。攻擊者可藉此在受害者的工作階段中執行任意 JavaScript 程式碼,進而執行未經授權的操作,例如設定郵件篩選器以將郵件轉寄至攻擊者控制的地址。最終,攻擊者可能對受害者帳戶執行未經授權的操作,進行郵件轉寄或資料外洩等行為。【CVE-2021-43798】Grafana Path Traversal Vulnerability (CVSS v3.1: 7.5)【是否遭勒索軟體利用:未知】Grafana存在路徑遍歷漏洞,可能允許攻擊者存取本機檔案。TLP: CLEAR TWCERT-TWISAC-202510-0008◎建議措施:【CVE-2021-22555】官方已針對漏洞釋出修復更新,請更新至相關版本1.https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa212.https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d【CVE-2010-3962】官方已針對漏洞釋出修復更新,請更新至相關版本https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090【CVE-2021-43226】官方已針對漏洞釋出修復更新,請更新至相關版本https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43226【CVE-2013-3918】官方已針對漏洞釋出修復更新,請更新至相關版本https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090【CVE-2011-3402】官方已針對漏洞釋出修復更新,請更新至相關版本https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-087【CVE-2010-3765】官方已針對漏洞釋出修復更新,請更新至相關版本https://blog.mozilla.org/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/【CVE-2025-61882】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.oracle.com/security-alerts/alert-cve-2025-61882.html【CVE-2025-27915】官方已針對漏洞釋出修復更新,請更新至相關版本https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories【CVE-2021-43798】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p◎相關IOC資訊:◎備註:◎參考資料:【CVE-2021-22555】1.https://nvd.nist.gov/vuln/detail/cve-2021-225552.https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa213.https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d【CVE-2010-3962】1.https://nvd.nist.gov/vuln/detail/cve-2010-39622.https://learn.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090【CVE-2021-43226】1.https://nvd.nist.gov/vuln/detail/cve-2021-432262.https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-43226【CVE-2013-3918】1.https://nvd.nist.gov/vuln/detail/cve-2013-39182.https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090【CVE-2011-3402】1.https://nvd.nist.gov/vuln/detail/cve-20TLP: CLEAR TWCERT-TWISAC-202510-000811-34022.https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-087【CVE-2010-3765】1.https://nvd.nist.gov/vuln/detail/cve-2010-37652.https://blog.mozilla.org/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/【CVE-2025-61882】1.https://nvd.nist.gov/vuln/detail/cve-2025-618822.https://www.oracle.com/security-alerts/alert-cve-2025-61882.html【CVE-2025-27915】1.https://nvd.nist.gov/vuln/detail/cve-2025-279152.https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories【CVE-2021-43798】1.https://nvd.nist.gov/vuln/detail/cve-2021-437982.https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p https://www.kjintelligent.com/en/hot_524290.html [TWCERT 分享資安情資] CISA新增9個已知遭駭客利用之漏洞至KEV目錄(2025/10/06-2025/10/12) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524290.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_524290.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_524290.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露。二、存在風險        Google Chrome 存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 140.0.7339.207 (Linux) 之前的版本Google Chrome 140.0.7339.207/.208 (Mac) 之前的版本Google Chrome 140.0.7339.207/.208 (Windows) 之前的版本Google Chrome 140.0.7339.207 (Android) 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至 140.0.7339.207 (Linux) 或之後版本。請更新至 140.0.7339.207/.208 (Mac) 或之後版本。請更新至 140.0.7339.207/.208 (Windows) 或之後版本。請更新至 140.0.7339.207 (Android) 或之後版本。       情資報告連結:https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.htmlhttps://chromereleases.googleblog.com/2025/09/chrome-for-android-update_23.html https://www.kjintelligent.com/en/hot_523524.html [Cybersecurity Vulnerability Notice] Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523524.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523524.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523524.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行程式碼、敏感資料洩露、仿冒及繞過身份驗證。二、存在風險        Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行程式碼、敏感資料洩露、仿冒及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Firefox 143 之前的版本Firefox ESR 115.28 之前的版本Firefox ESR 140.3 之前的版本Thunderbird 140.3 之前的版本Thunderbird 143 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至 Firefox 143。請更新至 Firefox ESR 115.28。請更新至 Firefox ESR 140.3。請更新至 Thunderbird 140.3。請更新至 Thunderbird 143。        情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/https://www.mozilla.org/en-US/security/advisories/mfsa2025-74/https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/https://www.mozilla.org/en-US/security/advisories/mfsa2025-77/https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/ https://www.kjintelligent.com/en/hot_523520.html [Cybersecurity Vulnerability Notice] Mozilla 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523520.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523520.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523520.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        OpenSSL 中存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露。二、存在風險        OpenSSL 中存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:OpenSSL 1.0.2 版本OpenSSL 1.1.1 版本OpenSSL 3.0 版本OpenSSL 3.2 版本OpenSSL 3.3 版本OpenSSL 3.4 版本OpenSSL 3.5 版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請將 1.0.2 版本更新至 1.0.2zm 版本。請將 1.1.1 版本更新至 1.1.1zd 版本。請將 3.0 版本更新至 3.0.18 版本。請將 3.2 版本更新至 3.2.6 版本。請將 3.3 版本更新至 3.3.5 版本。請將 3.4 版本更新至 3.4.3 版本。請將 3.5 版本更新至 3.5.4 版本。        情資報告連結:https://openssl-library.org/news/secadv/20250930.txt https://www.kjintelligent.com/en/hot_523800.html [Cybersecurity Vulnerability Notice] OpenSSL 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523800.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523800.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523800.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        SolarWinds Web Help Desk 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        SolarWinds Web Help Desk 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:SolarWinds Web Help Desk 12.8.7 及之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至 SolarWinds Web Help Desk 12.8.7 HF1 或之後的版本。       情資報告連結:https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 https://www.kjintelligent.com/en/hot_523525.html [Cybersecurity Vulnerability Notice] SolarWinds Web Help Desk 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523525.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523525.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523525.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Oracle發布重大資安漏洞公告(CVE-2025-61882,CVSS:9.8),此漏洞存在於Oracle EBusinessSuite的Oracle Concurrent Processing,允許未經身分的攻擊者透過HTTP網路存取,可能導致遠端程式碼執行。備註:目前已觀察到有攻擊者利用此漏洞,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出解決方式進行修補:https://www.oracle.com/security-alerts/alert-cve-2025-61882.html◎相關IOC資訊:◎備註:◎參考資料:1. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html2. https://nvd.nist.gov/vuln/detail/CVE-2025-61882 https://www.kjintelligent.com/en/hot_523798.html [TWCERT 分享資安情資] Oracle E-Business Suite 存在重大資安漏洞(CVE-2025-61882) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523798.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523798.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523798.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露。二、存在風險         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge 140.0.3485.81 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至 140.0.3485.81 或之後版本。       情資報告連結:https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-18-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10500https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10501https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10502https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10585https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59251 https://www.kjintelligent.com/en/hot_523523.html [Cybersecurity Vulnerability Notice] Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523523.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523523.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523523.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】開源軟體領導品牌 Red Hat 的資安考驗一、摘要        全球開源軟體領導品牌 Red Hat 近期遭遇重大資安挑戰,駭客集團 Crimson Collective 聲稱竊取大量敏感資料後,將行動接力交棒給惡名昭彰的 Shiny Hunters駭客集團,威脅將於 2025 年 10 月 10 日公開約 570GB 的資料,涉及 Walmart、匯豐銀行、美國國防部等知名企業與機構的關鍵報告。        這場危機不僅暴露開源生態的潛在風險,更提醒企業:資安防護已成為生存關鍵!透過導入「雲智維資訊顧問代管代維方案」,企業可獲得專業資安支援,抵禦日益複雜的威脅!二、事件始末:駭客聯手掀起勒索風暴        這場資安風暴始於 Crimson Collective 入侵 Red Hat 的 GitLab 系統,竊取約 28,000 個開發儲存庫,包含大量客戶參與報告,涵蓋網路架構與基礎設施資訊等內容。Red Hat 已確認其 GitLab 平台受損,凸顯供應鏈資安的脆弱性。        隨後,Crimson Collective 與 Scattered Lapsus$ Hunters 合作,將攻擊行動轉交給 ShinyHunters。後者在專屬資料外洩網站上公開部分資料樣本,涉及全球知名企業與政府機構,並設定 10 月 10 日為贖金支付期限,否則將公開全部資料。這場精心策劃的攻擊不僅顯示駭客團體的高度協同能力,更凸顯企業資安防護的迫切需求。三、新興威脅:勒索即服務(EaaS)的崛起         ShinyHunters 採用的「勒索即服務」(Extortion-as-a-Service, EaaS)模式,標誌著駭客犯罪的新階段。不同於傳統勒索軟體鎖定檔案加密,EaaS 專注竊取敏感資料,透過公開或販售威脅受害者,迫使其支付贖金。ShinyHunters 提供平台與談判服務,抽取贖金分成,讓攻擊更具規模與效率。        面對這種跨組織、連環攻擊模式凸顯駭客團體的協同作戰能力,企業內部若無專業資安團隊或是資安防護,將難以應對。「雲智維資訊顧問代管代維方案」透過即時監控與威脅情資分析,協助企業提前發現並化解潛在風險,防患於未然。 四、企業的應對策略:資安代管代維的關鍵角色        Red Hat 事件為許多企業敲響警鐘,資安不再是可有可無的選項,而是生存基礎。以下是針對企業的實務建議,結合「雲智維資訊顧問代管代維方案」的核心價值:1. 守護供應鏈安全:Red Hat 事件顯示供應鏈漏洞可能引發連鎖危機。台灣企業應全面審查與技術供應商的合作,確保資料安全。「雲智維資訊顧問代管代維方案」提供持續監控,協助企業找出潛藏的資安威脅。2. 強化核心系統防護:GitLab 等平台成為駭客目標,企業需加強系統安全,啟用多因素驗證(MFA)、限制存取並定期審計,確保系統隨時處於最佳防護狀態。3. 保護敏感資料:外洩報告包含關鍵基礎設施資訊,企業應限制資料共享範圍並加密儲存。4. 快速應變勒索攻擊:EaaS 攻擊需要專業應對策略。「雲智維資訊顧問代管代維方案」在異常事件發生時,主動偵測、分析問題根源,並提供客製化應變建議,協助企業分階段處理危機,防止事件擴大。五、攜手專業資安,迎戰未來威脅               隨著 10 月 10 日期限逼近,Red Hat 及其客戶正面臨巨大壓力。ShinyHunters 主導的 EaaS 模式凸顯資料勒索的破壞力,也揭示駭客犯罪的進化。對企業而言,這是重新審視資安策略的關鍵時刻。               透過「雲智維資訊顧問代管代維方案」,企業可獲得主動監控、快速應變與專業諮詢,全面提升資安防護能力。立即採取行動,強化供應鏈安全、完善系統防護,發生異常事件時,可以幫助企業主動發現事件,主動幫企業找出問題點所在,並給予企業相關建議,而企業也可以逐步進行處理後,成功預防內部資安事件擴大。資料來源:https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12309&fbclid=IwZnRzaANS1JpleHRuA2FlbQIxMQABHvJgtqoPqMbhs5yNJU0q9DCYOQauICIof1GDSiqFavKJG1_B-ih-HzPsD09j_aem_nLBPFlSAQYUEX6HFuIlMDQ https://www.kjintelligent.com/en/hot_523803.html [Cybersecurity Vulnerability Notice] 資安威脅趨勢 - 資安警鐘響起:Red Hat 遭駭危機,企業如何自保? 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523803.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523803.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523803.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。二、存在風險        RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:Red Hat Enterprise Linux Server - AUS 8.6 x86_64Red Hat Enterprise Linux Server - TUS 8.6 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64leRed Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://access.redhat.com/errata/RHSA-2025:17123https://access.redhat.com/errata/RHSA-2025:17124https://access.redhat.com/errata/RHSA-2025:17192 https://www.kjintelligent.com/en/hot_523802.html [Cybersecurity Vulnerability Notice] RedHat Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523802.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523802.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523802.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-32463】Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVSS v3.1: 9.3)【是否遭勒索軟體利用:未知】Sudo 1.9.17p1 之前的版本存在漏洞,允許本地使用者取得 root 權限,原因在於使用 --chroot 選項時,會使用來自使用者可控目錄的 /etc/nsswitch.conf 檔案。【CVE-2025-59689】Libraesva Email Security Gateway Command Injection Vulnerability (CVSS v3.1: 6.1)【是否遭勒索軟體利用:未知】Libraesva Email Security Gateway (ESG)存在指令注入漏洞,允許透過壓縮的電子郵件附件執行指令注入攻擊。【CVE-2025-10035】Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:已知】Fortra GoAnywhere MFT存在反序列化不受信任資料漏洞,允許攻擊者偽造合法的授權回應簽章,反序列化任意由其控制的物件,可能導致指令注入。【CVE-2025-20352】Cisco IOS and IOS XE Software SNMP Denial of Service and RemoteCode Execution Vulnerability (CVSS v3.1: 7.7)【是否遭勒索軟體利用:未知】Cisco IOS與IOSXE在SNMP子系統中存在堆疊緩衝區溢位漏洞,可能導致拒絕服務(DoS)或遠端程式碼執行。【CVE-2021-21311】Adminer Server-Side Request Forgery Vulnerability (CVSS v3.1: 7.2)【是否遭勒索軟體利用:未知】Adminer存在伺服器端請求偽造(SSRF)漏洞,該漏洞若被利用,將允許遠端攻擊者取得潛在敏感資訊。【CVE-2014-6278】GNU Bash OS Command Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】GNU Bash存在作業系統指令注入漏洞,允許遠端攻擊者透過特製的環境變數執行任意指令。【CVE-2017-1000353】Jenkins Remote Code Execution Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Jenkins存在遠端程式碼執行漏洞。此漏洞允許攻擊者將序列化的Java SignedObject物件傳輸至基於遠端通訊的Jenkins CLI,該物件將透過新的ObjectInputStream進行反序列化,從而繞過現有的基於封鎖清單的防護機制。【CVE-2015-7755】Juniper ScreenOS Improper Authentication Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Juniper ScreenOS存在不當驗證漏洞,可能允許未經授權的遠端管理存取該設備。【CVE-2025-21043】Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】三星行動裝置在libimagecodec.quram.so中存在越界寫入漏洞,允許遠端攻擊者執行任意程式碼。【CVE-2025-4008】Smartbedded Meteobridge Command Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Smartbedded Meteobridge 存在指令注入漏洞,可能允許未經身分驗證的遠端攻擊者在受影響的裝置上以提升權限(root)執行任意指令。◎建議措施:【CVE-2025-32463】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.sudo.ws/security/advisories/chroot_bug/【CVE-2025-59689】官方已針對漏洞釋出修復更新,TLP: CLEAR TWCERT-TWISAC-202510-0004請更新至相關版本https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/【CVE-2025-10035】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.fortra.com/security/advisories/product-security/fi-2025-012【CVE-2025-20352】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte【CVE-2021-21311】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6【CVE-2014-6278】漏洞可能影響開源元件、第三方函式庫、協定或特定實作。請依照產品釋出之緩解措施進行修補。【CVE-2017-1000353】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.jenkins.io/security/advisory/2017-04-26/【CVE-2015-7755】官方已針對漏洞釋出修復更新,請更新至相關版本https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756【CVE-2025-21043】官方已針對漏洞釋出修復更新,請更新至相關版本https://security.samsungmobile.com/securityUpdate.smsb【CVE-2025-4008】官方已針對漏洞釋出修復更新,請更新至相關版本https://forum.meteohub.de/viewtopic.php?t=18687◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-32463】1.https://nvd.nist.gov/vuln/detail/cve-2025-324632.https://www.sudo.ws/security/advisories/chroot_bug/【CVE-2025-59689】1.https://nvd.nist.gov/vuln/detail/cve-2025-596892.https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/【CVE-2025-10035】1.https://nvd.nist.gov/vuln/detail/cve-2025-100352.https://www.fortra.com/security/advisories/product-security/fi-2025-012【CVE-2025-20352】1.https://nvd.nist.gov/vuln/detail/cve-2025-203522.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte【CVE-2021-21311】1.https://nvd.nist.gov/vuln/detail/cve-2021-213112.https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6【CVE-2014-6278】1.https://nvd.nist.gov/vuln/detail/cve-2014-6278【CVE-2017-1000353】1.https://nvd.nist.gov/vuln/detail/cve-2017-10003532.https://www.jenkins.io/security/advisory/2017-04-26/【CVE-2015-7755】1.https://nvd.nist.gov/vuln/detail/cve-2015-77552.https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-MultipleTLP:CLEAR TWCERT-TWISAC-202510-0004Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756【CVE-2025-21043】1.https://nvd.nist.gov/vuln/detail/cve-2025-210432.https://security.samsungmobile.com/securityUpdate.smsb【CVE-2025-4008】1.https://nvd.nist.gov/vuln/detail/cve-2025-40082.https://forum.meteohub.de/viewtopic.php?t=18687 https://www.kjintelligent.com/en/hot_523799.html [TWCERT 分享資安情資] CISA新增10個已知遭駭客利用之漏洞至KEV目錄(2025/09/29-2025/10/05) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523799.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523799.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523799.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Jenkins 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況、洩露敏感資料及繞過身份驗證。二、存在風險        Jenkins 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況、洩露敏感資料及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Jenkins weekly 2.527 及以前的版本Jenkins LTS 2.516.2 及以前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.jenkins.io/security/advisory/2025-09-17/ https://www.kjintelligent.com/en/hot_523522.html [Cybersecurity Vulnerability Notice] Jenkins 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523522.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523522.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523522.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-10585】Google Chromium V8 Type Confusion Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Google Chromium在其V8 JavaScript與WebAssembly引擎中存在類型混淆漏洞,遠端攻擊者可利用此漏洞達到遠端執行任意程式碼或造成程式崩潰。【CVE-2025-20362】Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability (CVSS v3.1: 6.5)【是否遭勒索軟體利用:未知】Cisco安全防火牆自適應安全設備(ASA)和安全防火牆威脅防禦(FTD)的VPN Web伺服器中存在授權缺失漏洞。此漏洞可能與CVE-2025-20333串聯利用。【CVE-2025-20333】Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability (CVSS v3.1: 9.9)【是否遭勒索軟體利用:未知】Cisco安全防火牆自適應安全設備(ASA)和安全防火牆威脅防禦(FTD)的VPN Web伺服器中存在緩衝區溢位漏洞,可能導致遠端執行程式碼。此漏洞可能與CVE-2025-20362串聯利用。◎建議措施:【CVE-2025-10585】官方已針對漏洞釋出修復更新,請更新至相關版本https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html【CVE-2025-20362】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW【CVE-2025-20333】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-10585】1.https://nvd.nist.gov/vuln/detail/cve-2025-105852.https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html【CVE-2025-20362】1.https://nvd.nist.gov/vuln/detail/cve-2025-203622.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW【CVE-2025-20333】1.https://nvd.nist.gov/vuln/detail/cve-2025-203332.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB https://www.kjintelligent.com/en/hot_523519.html [TWCERT 分享資安情資] CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2025/09/22-2025/09/28) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523519.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523519.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523519.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Aruba 產品存在多個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證、洩露敏感資料、資料篡改及遠端執行任意程式碼。二、存在風險        Aruba 產品存在多個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證、洩露敏感資料、資料篡改及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:HPE Aruba Networking EdgeConnect SD-WAN Gateways 運行版本 9.5.x.x:9.5.3.x 及以下版本9.4.x.x:9.4.3.x 及以下版本EdgeConnect 作業系統 (ECOS) 9.3.x.x 版本已於 2025 年 6 月 30 日宣告終止維護三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US https://www.kjintelligent.com/en/hot_523521.html [Cybersecurity Vulnerability Notice] Aruba 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523521.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_523521.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_523521.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        GitLab 發現存在漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料及阻斷服務狀況。二、存在風險         GitLab 發現存在漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料及阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.3.2, 18.2.6 及 18.1.6 以前的版本GitLab Enterprise Edition (EE) 18.3.2, 18.2.6 及 18.1.6 以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。      情資報告連結:https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/ https://www.kjintelligent.com/en/hot_522931.html [Cybersecurity Vulnerability Notice] GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522931.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522931.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522931.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Ivanti 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、繞過身份驗證、阻斷服務狀況及敏感資料洩露。二、存在風險        Ivanti 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、繞過身份驗證、阻斷服務狀況及敏感資料洩露,其影響系統如下:受影響之系統/漏洞描述:Ivanti Connect Secure (ICS) 版本 22.7R2.8 及之前版本Ivanti Policy Secure (IPS) 版本 22.7R1.5 及之前版本Ivanti ZTA Gateway 版本 22.8R2.2Ivanti Neurons for Secure Access 版本 22.8R1.3 及之前版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。請將 Ivanti Connect Secure (ICS) 版本 22.7R2.8 及之前版本更新至22.7R2.9 或 22.8R2。請將 Ivanti Policy Secure (IPS) 版本 22.7R1.5 及之前版本更新至 22.7R1.6。請將 Ivanti ZTA Gateway 版本 22.8R2.2 更新至 22.8R2.3-723。請將 Ivanti Neurons for Secure Access 版本 22.8R1.3 及之前版本更新至22.8R1.4。        情資報告連結:https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs?language=en_US https://www.kjintelligent.com/en/hot_522934.html [Cybersecurity Vulnerability Notice] Ivanti 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522934.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522934.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522934.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 140.0.7339.127 (Linux) 之前的版本Google Chrome 140.0.7339.132/.133 (Mac) 之前的版本Google Chrome 140.0.7339.127/.128 (Windows) 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。請更新至  140.0.7339.127 (Linux) 或之後版本。請更新至 140.0.7339.132/.133 (Mac) 或之後版本。請更新至 140.0.7339.127/.128 (Windows) 或之後版本。      情資報告連結:https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html https://www.kjintelligent.com/en/hot_522933.html [Cybersecurity Vulnerability Notice] Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522933.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522933.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522933.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-42944,CVSS:10.0】SAP NetWeaver 存在反序列化漏洞。未經驗證的攻擊者可透過 RMI-P4 模組,向對外開放的連接埠傳送惡意負載,進而執行任意作業系統命令,對應用程式的機密性、完整性及可用性構成潛在威脅。【CVE-2025-42922,CVSS:9.9】SAP NetWeaverAS Java 存在允許經過管理身分驗證的攻擊者上傳任意檔案的漏洞,可能導致系統的機密性、完整性和可用性造成破壞。【CVE-2025-42958,CVSS:9.1】IBM i-series 的SAP NetWeaver 應用程式缺少身分驗證檢查,允許高權限的未經授權使用者讀取、修改或刪除敏感資料,並進一步存取管理功能或以特權權限操作,對應用程式的機密性、完整性與可用性構成重大風險。【CVE-2025-42933,CVSS:8.8】當用戶透過 SAP Business One 原生用戶端登入時,由於 SLD 後端服務未對部分 API強制使用適當的加密機制,導致敏感憑證可能在 HTTP 回應主體中外洩,進而嚴重影響應用程式的機密性、完整性與可用性。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html2. https://www.cve.org/CVERecord?id=CVE-2025-429443. https://www.cve.org/CVERecord?id=CVE-2025-429224. https://www.cve.org/CVERecord?id=CVE-2025-429585.https://www.cve.org/CVERecord?id=CVE-2025-42933 https://www.kjintelligent.com/en/hot_522929.html [TWCERT 分享資安情資] SAP針對旗下多款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522929.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522929.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522929.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        思科 IOS XR 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證。二、存在風險        思科 IOS XR 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:Cisco IOS XR Software Management Interface ACL Bypass VulnerabilityCVE編號:CVE-2025-20159漏洞描述:Cisco IOS XR 管理介面存取控制清單(ACL)處理功能存在,可能允許未經驗證的遠端攻擊者繞過針對 SSH、NetConf 和 gRPC 功能所設定的 ACL。影響系統/版本:8000 Series RoutersASR 9000 Series Aggregation Services RoutersIOS XR White box (IOSXRWBD)IOS XRd vRoutersIOS XRv 9000 RoutersNetwork Convergence Series (NCS) 540 Series Routers (NCS540-iosxr base image)NCS 540 Series Routers (NCS540L-iosxr base image)NCS 560 Series RoutersNCS 1010 PlatformsNCS 1014 PlatformsNCS 5500 Series RoutersNCS 5700 Series Routers檢查方式:show running-config interface mgmtEth 0/RP0/CPU0/0 show running-config grpcshow running-config sshshow running-config ssh server netconfCisco IOS XR Software Image Verification Bypass VulnerabilityCVE編號:CVE-2025-20248漏洞描述:Cisco IOS XR 軟體安裝過程中的一個漏洞可能允許已驗證的本地攻擊者繞過軟體映像簽章驗證,並在受影響設備上載入未簽章的軟體。影響系統/版本:ASR 9000 Series Aggregation Services Routers (64-bit)IOS XR White box (IOSXRWBD)IOS XRv 9000 RoutersNetwork Convergence System (NCS) 540 Series Routers that are running an NCS 540-iosxr base imageNCS 560 Series RoutersNCS 1000 Series (NCS 1001, NCS 1002, and NCS 1004)NCS 5000 Series RoutersNCS 5500 Series RoutersNCS 5700 Series Line Cards and Routers that are running an NCS 5500 base imageNCS 6000 Series RoutersCisco IOS XR ARP Broadcast Storm Denial of Service VulnerabilityCVE編號:CVE-2025-20340漏洞描述:Cisco IOS XR 軟體的地址解析協定(ARP)存在漏洞,可能允許未經驗證的鄰近攻擊者觸發廣播風暴,導致受影響設備發生拒絕服務(DoS)。影響系統/版本:Cisco IOS XR檢查方式:show interfaces MgmtEth 0/RP0/CPU0/0三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。      情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-arp-storm-EjUU55yMhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrsig-UY4zRUCGhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-acl-packetio-Swjhhbtz https://www.kjintelligent.com/en/hot_522935.html [Cybersecurity Vulnerability Notice] 思科 IOS XR 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522935.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522935.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522935.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Sophos針對旗下AP6系列無線存取點發布重大資安公告(CVE-2025-10159,CVSS:9.8),此為身分驗證繞過漏洞,允許攻擊者存取無線存取點的管理IP位址,從而取得管理員權限。備註:採用預設自動更新政策的用戶無需額外動作;若已停用自動更新,請手動升級以修正本次安全漏洞。◎建議措施:將AP6系列無線存取點韌體版本更新至1.7.2563(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap62. https://www.cve.org/CVERecord?id=CVE-2025-10159 https://www.kjintelligent.com/en/hot_522930.html [TWCERT 分享資安情資] Sophos旗下AP6系列無線存取點存在重大資安漏洞(CVE-2025-10159) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522930.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522930.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522930.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、篡改、權限提升及阻斷服務狀況。二、存在風險        Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、篡改、權限提升及阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:Zoom Meeting SDK for Android 6.5.0 之前的版本Zoom Meeting SDK for Linux 6.5.0 之前的版本Zoom Meeting SDK for macOS 6.5.0 之前的版本Zoom Meeting SDK for Windows 6.5.0 之前的版本Zoom Rooms Client for Android 6.5.0 之前的版本Zoom Rooms Client for iPad 6.5.0 之前的版本Zoom Rooms Client for macOS 6.5.0 之前的版本Zoom Rooms Client for Windows 6.5.0 之前的版本Zoom Rooms Controller for Android 6.5.0 之前的版本Zoom Rooms Controller for Linux 6.5.0 之前的版本Zoom Rooms Controller for macOS 6.5.0 之前的版本Zoom Rooms Controller for Windows 6.5.0 之前的版本Zoom Rooms for iOS 6.5.0 之前的版本Zoom Rooms for macOS 6.5.0 之前的版本Zoom Rooms for Windows 6.5.0 之前的版本Zoom Workplace App for iOS 6.5.0 之前的版本Zoom Workplace Desktop for Linux 6.5.0 之前的版本Zoom Workplace Desktop for macOS 6.5.0 之前的版本Zoom Workplace Desktop for Windows 6.5.0 之前的版本Zoom Workplace for Linux 6.5.0 之前的版本Zoom Workplace for macOS 6.5.0 之前的版本Zoom Workplace for Windows 6.5.0 之前的版本Zoom Workplace for Windows on ARM 6.5.0 之前的版本Zoom Workplace VDI Client for Windows 6.3.14 及 6.4.12 之前的版本Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon 6.4.10 之前的版本 (或 6.2.15 及 6.3.12 之前的版本)三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。     情資報告連結:https://www.zoom.com/en/trust/security-bulletin/zsb-25031/https://www.zoom.com/en/trust/security-bulletin/zsb-25032/https://www.zoom.com/en/trust/security-bulletin/zsb-25034/https://www.zoom.com/en/trust/security-bulletin/zsb-25035/https://www.zoom.com/en/trust/security-bulletin/zsb-25036/https://www.zoom.com/en/trust/security-bulletin/zsb-25037/https://www.zoom.com/en/trust/security-bulletin/zsb-25033/ https://www.kjintelligent.com/en/hot_522932.html [Cybersecurity Vulnerability Notice] Zoom 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522932.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522932.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522932.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-5086】Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.0)【是否遭勒索軟體利用:未知】Dassault Systèmes的DELMIA Apriso存在未經信任資料反序列化漏洞,可能導致遠端程式碼執行。◎建議措施:【CVE-2025-5086】依照供應商指示採取緩解措施,遵循適用的BOD 22-01指南以確保雲端服務的安全,若無法實施緩解措施則應停止使用該產品。◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-5086】1.https://nvd.nist.gov/vuln/detail/cve-2025-50862.https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086 https://www.kjintelligent.com/en/hot_522928.html [TWCERT 分享資安情資] CISA新增1個已知遭駭客利用之漏洞至KEV目錄(2025/09/08-2025/09/14) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522928.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522928.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522928.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Debian Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及洩露敏感資料。二、存在風險         Debian Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及洩露敏感資料,其影響系統如下:受影響之系統/漏洞描述:Debian stable 6.12.41-1 以前的版本Debian bookworm 6.1.147-1 以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://lists.debian.org/debian-security-announce/2025/msg00137.htmlhttps://lists.debian.org/debian-security-announce/2025/msg00139.html https://www.kjintelligent.com/en/hot_521457.html [Cybersecurity Vulnerability Notice] Debian Linux 內核存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521457.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521457.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521457.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Apache Tomcat 存在漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發阻斷服務狀況。二、存在風險        Apache Tomcat 存在漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發阻斷服務狀況,受影響之系統或技術如下:受影響之系統/漏洞描述:Apache Tomcat 11.0.0-M1 至 11.0.09 版本Apache Tomcat 10.1.0-M1 至 10.1.43 版本Apache Tomcat 9.0.0-M1 至 9.0.107 版本三、建議改善措施:         企業及使用者如有上述漏洞版本應儘速更新:        情資報告連結:https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.108https://tomcat.apache.org/security10.html#Fixed_in_Apache_Tomcat_10.1.44https://tomcat.apache.org/security11.html#Fixed_in_Apache_Tomcat_11.0.10 https://www.kjintelligent.com/en/hot_519157.html [Cybersecurity Vulnerability Notice] Apache Tomcat 存在阻斷服務漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519157.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519157.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519157.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Ivanti 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,在目標系統觸發阻斷服務狀況及敏感資料洩露。二、存在風險        Ivanti 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,在目標系統觸發阻斷服務狀況及敏感資料洩露,受影響之系統或技術如下:受影響之系統/漏洞描述:Ivanti Connect Secure (ICS) 版本 22.7R2.7 及之前版本Ivanti Policy Secure (IPS) 版本 22.7R1.4 及之前版本Ivanti ZTA Gateway 版本 22.8R2.2Ivanti Neurons for Secure Access 版本 22.8R1.3 及之前版本 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新: 請將 Ivanti Connect Secure (ICS) 版本 22.7R2.7 及之前版本更新至 22.7R2.8 或更高版本。請將 Ivanti Policy Secure (IPS) 版本 22.7R1.4 及之前版本更新至 22.7R1.5。請將 Ivanti ZTA Gateway 版本 22.8R2.2更新至 22.8R2.3-723。請將 Ivanti Neurons for Secure Access 版本 22.8R1.3 及之前版本更新至 22.8R1.4。        情資報告連結:https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US https://www.kjintelligent.com/en/hot_521462.html [Cybersecurity Vulnerability Notice] Ivanti 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521462.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521462.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521462.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證。 二、存在風險          Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證,受影響之系統或技術如下: 受影響之系統/漏洞描述:Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 25.04三、建議改善措施:          企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://ubuntu.com/security/notices/USN-7671-3https://ubuntu.com/security/notices/USN-7681-2https://ubuntu.com/security/notices/USN-7681-3https://ubuntu.com/security/notices/USN-7682-2https://ubuntu.com/security/notices/USN-7682-3https://ubuntu.com/security/notices/USN-7682-4https://ubuntu.com/security/notices/USN-7682-5https://ubuntu.com/security/notices/USN-7683-1https://ubuntu.com/security/notices/USN-7683-2https://ubuntu.com/security/notices/USN-7683-3https://ubuntu.com/security/notices/USN-7684-1https://ubuntu.com/security/notices/USN-7684-2https://ubuntu.com/security/notices/USN-7684-3https://ubuntu.com/security/notices/USN-7685-1https://ubuntu.com/security/notices/USN-7685-2https://ubuntu.com/security/notices/USN-7685-3https://ubuntu.com/security/notices/USN-7685-4https://ubuntu.com/security/notices/USN-7686-1 https://www.kjintelligent.com/en/hot_521458.html [Cybersecurity Vulnerability Notice] Ubuntu Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521458.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521458.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521458.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Docker Desktop 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險          Docker Desktop 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,受影響之系統或技術如下:受影響之系統/漏洞描述:Docker Desktop on Windows 4.44.3 之前的版本Docker Desktop on MacOS 4.44.3 之前的版本三、建議改善措施:         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://docs.docker.com/desktop/release-notes/#4443https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/ https://www.kjintelligent.com/en/hot_521866.html [Cybersecurity Vulnerability Notice] Docker Desktop 存在繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521866.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        QNAP NAS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及資料篡改。二、存在風險        QNAP NAS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及資料篡改,其影響系統如下:受影響之系統/漏洞描述:QTS 5.2.xQuTS hero h5.2.x三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請將 QTS 5.2.x 更新至 QTS 5.2.5.3145 build 20250526 或更高版本。請將 QuTS hero h5.2.x 更新至 QuTS hero h5.2.5.3138 build 20250519 或更高版本。       情資報告連結:https://www.qnap.com/en/security-advisory/qsa-25-21https://www.qnap.com/en/security-advisory/qsa-25-23 https://www.kjintelligent.com/en/hot_522304.html [Cybersecurity Vulnerability Notice] QNAP NAS 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522304.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522304.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522304.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        思科產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及遠端執行任意程式碼。二、存在風險         思科產品存在多個漏洞,允許遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、洩露敏感資料及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:MDS 9000 Series Multilayer SwitchesNexus 1000 Virtual Edge for VMware vSphereNexus 3000 Series SwitchesNexus 3000 Series SwitchesNexus 5500 Platform SwitchesNexus 5600 Platform SwitchesNexus 6000 Series SwitchesNexus 7000 Series SwitchesNexus 9000 Series Fabric Switches in ACI modeNexus 9000 Series Switches in standalone NX-OS modeNexus 9000 Series Switches in standalone NX-OS modeUCS 6400 Series Fabric InterconnectsUCS 6400 Series Fabric InterconnectsUCS 6500 Series Fabric InterconnectsUCS 6500 Series Fabric InterconnectsUCS X-Series Direct Fabric Interconnect 9108 100G三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n39k-isis-dos-JhJA8Rfxhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPhhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFGhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-qhNze5Ss https://www.kjintelligent.com/en/hot_522302.html [Cybersecurity Vulnerability Notice] 思科產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522302.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522302.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522302.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        WhatsApp 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險        WhatsApp 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:WhatsApp for iOS v2.25.21.73 之前的版本WhatsApp Business for iOS v2.25.21.7WhatsApp for Mac v2.25.21.78三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.whatsapp.com/security/advisories/2025 https://www.kjintelligent.com/en/hot_522303.html [Cybersecurity Vulnerability Notice] WhatsApp 存在繞過保安限制漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522303.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522303.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522303.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維一、摘要        Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升及阻斷服務狀況。二、存在風險         Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升及阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:Zoom Workplace for Windows 6.3.10 之前的版本Zoom Workplace for Windows 6.4.10 之前的版本Zoom Workplace VDI for Windows 6.3.10 之前的版本 (除了 6.1.16 及 6.2.12版本)Zoom Workplace VDI for Windows 6.3.12 之前的版本 (除了 6.2.15 版本)Zoom Rooms for Windows 6.3.10 之前的版本Zoom Rooms for Windows 6.4.5 之前的版本Zoom Rooms Controller for Windows 6.3.10 之前的版本Zoom Rooms Controller for Windows 6.4.5 之前的版本Zoom Meeting SDK for Windows 6.3.10 之前的版本Zoom Meeting SDK for Windows 6.4.10 之前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:        情資報告連結:https://www.zoom.com/en/trust/security-bulletin/zsb-25029/https://www.zoom.com/en/trust/security-bulletin/zsb-25030/資安預警通知】 https://www.kjintelligent.com/en/hot_521464.html [Cybersecurity Vulnerability Notice] Zoom 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521464.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521464.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521464.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Google Chrome 存在一個漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險           Google Chrome 存在一個漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼,受影響之系統或技術如下:受影響之系統/漏洞描述:Google Chrome 139.0.7258.154 (Linux) 之前的版本Google Chrome 139.0.7258.154/.155 (Mac) 之前的版本Google Chrome 139.0.7258.154/.155 (Windows) 之前的版本 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新:請更新 139.0.7258.154 (Linux) 或之後的版本。請更新 139.0.7258.154/.155 (Mac) 或之後的版本。請更新 139.0.7258.154/.155 (Windows) 或之後的版本。        情資報告連結:https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html  https://www.kjintelligent.com/en/hot_522301.html [Cybersecurity Vulnerability Notice] Google Chrome 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522301.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522301.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522301.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Microsoft Edge 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        Microsoft Edge 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Microsoft Edge Stable Channel 139.0.3405.125 之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。請更新至 Microsoft Edge Stable Channel 139.0.3405.125 或之後的版本。        情資報告連結:https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#august-28-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9478 https://www.kjintelligent.com/en/hot_522300.html [Cybersecurity Vulnerability Notice] Microsoft Edge 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522300.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522300.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522300.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況及遠端執行任意程式碼。二、存在風險        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況及遠端執行任意程式碼,其影響系統如下:受影響之系統/漏洞描述:Google Chrome 139.0.7258.127 (Linux) 之前的版本Google Chrome 139.0.7258.127/.128 (Mac) 之前的版本Google Chrome 139.0.7258.127/.128 (Windows) 之前的版本 三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至  139.0.7258.127 (Linux) 或之後版本。請更新至 139.0.7258.127/.128 (Mac) 或之後版本。請更新至 139.0.7258.127/.128 (Windows) 或之後版本。       情資報告連結:https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html https://www.kjintelligent.com/en/hot_521456.html [Cybersecurity Vulnerability Notice] Google Chrome 多個存在漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521456.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521456.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521456.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Citrix 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及遠端執行任意程式碼。二、存在風險       Citrix 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及遠端執行任意程式碼,受影響之系統或技術如下:受影響之系統/漏洞描述:Citrix Virtual Apps and Desktops 2407 中 24.5.200.8 之前的版本Citrix Virtual Apps and Desktops 1912 LTSR 中 CU9 hotfix 19.12.9100.6 之前的版本Citrix Virtual Apps and Desktops 2203 LTSR 中 CU5 hotfix 22.03.5100.11 之前的版本Citrix Virtual Apps and Desktops 2402 LTSR 中 CU1 hotfix 24.02.1200.16 之前的版本NetScaler ADC 和 NetScaler Gateway 14.1 中 14.1-29.72 之前的版本NetScaler ADC 和 NetScaler Gateway 13.1 中 13.1-55.34 之前的版本NetScaler ADC 13.1-FIPS 中 13.1-37.207 之前的版本NetScaler ADC 12.1-FIPS 中 12.1-55.321 之前的版本NetScaler ADC 12.1-NDcPP 中 12.1-55.321 之前的版本三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_UShttps://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_UShttps://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploithttps://www.cisa.gov/news-events/alerts/2025/08/25/cisa-adds-three-known-exploited-vulnerabilities-catalog https://www.kjintelligent.com/en/hot_521867.html [Cybersecurity Vulnerability Notice] Citrix 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521867.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521867.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521867.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、洩露敏感資料及阻斷服務狀況。二、存在風險        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發仿冒、洩露敏感資料及阻斷服務狀況,受影響之系統或技術如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.3.1, 18.2.5 及 18.1.5 以前的版本GitLab Enterprise Edition (EE) 18.3.1, 18.2.5 及 18.1.5 以前的版本 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/ https://www.kjintelligent.com/en/hot_522299.html [Cybersecurity Vulnerability Notice] GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522299.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522299.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522299.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Docker Windows桌機版是一款在Windows系統上運行的容器管理工具,透過容器技術簡化應用部署與管理。Docker發布重大資安漏洞更新公告(CVE-2025-9074,CVSS 4.x:9.3)並釋出更新版本,此為伺服器請求偽造(SSRF)漏洞,允許攻擊者利用API執行各種特權指令,包括控制其他容器、管理映像等,此外,該漏洞還允許與執行Docker Desktop 的使用者以相同的權限掛載主機磁碟機。◎建議措施:更新至 Docker Desktop 4.44.3(含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://docs.docker.com/desktop/release-notes/#44432. https://nvd.nist.gov/vuln/detail/CVE-2025-9074 https://www.kjintelligent.com/en/hot_521871.html [TWCERT 分享資安情資] Docker Windows版存在SSRF漏洞(CVE-2025-9074) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521871.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521871.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521871.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證。二、存在風險        Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證,受影響之系統或技術如下:受影響之系統/漏洞描述:Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 25.04三、建議改善措施:         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://ubuntu.com/security/notices/USN-7671-3https://ubuntu.com/security/notices/USN-7681-2https://ubuntu.com/security/notices/USN-7681-3https://ubuntu.com/security/notices/USN-7682-2https://ubuntu.com/security/notices/USN-7682-3https://ubuntu.com/security/notices/USN-7682-4https://ubuntu.com/security/notices/USN-7682-5https://ubuntu.com/security/notices/USN-7683-1https://ubuntu.com/security/notices/USN-7683-2https://ubuntu.com/security/notices/USN-7683-3https://ubuntu.com/security/notices/USN-7684-1https://ubuntu.com/security/notices/USN-7684-2https://ubuntu.com/security/notices/USN-7684-3https://ubuntu.com/security/notices/USN-7685-1https://ubuntu.com/security/notices/USN-7685-2https://ubuntu.com/security/notices/USN-7685-3https://ubuntu.com/security/notices/USN-7685-4https://ubuntu.com/security/notices/USN-7685-5https://ubuntu.com/security/notices/USN-7686-1https://ubuntu.com/security/notices/USN-7699-1https://ubuntu.com/security/notices/USN-7699-2https://ubuntu.com/security/notices/USN-7701-1https://ubuntu.com/security/notices/USN-7701-2https://ubuntu.com/security/notices/USN-7701-3https://ubuntu.com/security/notices/USN-7703-1https://ubuntu.com/security/notices/USN-7703-2https://ubuntu.com/security/notices/USN-7704-1https://ubuntu.com/security/notices/USN-7704-2https://ubuntu.com/security/notices/USN-7704-3 https://www.kjintelligent.com/en/hot_521865.html [Cybersecurity Vulnerability Notice] Ubuntu Linux 存在核心多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521865.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521865.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521865.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、權限提升、繞過身份驗證遠端執行程式碼、阻斷服務狀況及資料篡改。二、存在風險       SUSE Linux 內核存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發洩露敏感資料、權限提升、繞過身份驗證遠端執行程式碼、阻斷服務狀況及資料篡改,受影響之系統或技術如下:受影響之系統/漏洞描述:Confidential Computing Module 15-SP6openSUSE Leap 15.3SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Live Patching 15-SP3SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3openSUSE Leap 15.4openSUSE Leap 15.5openSUSE Leap 15.6SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Availability Extension 15 SP3SUSE Linux Enterprise High Availability Extension 15 SP4SUSE Linux Enterprise High Performance Computing 12 SP5SUSE Linux Enterprise High Performance Computing 15 SP4SUSE Linux Enterprise High Performance Computing 15 SP5SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5SUSE Linux Enterprise High Performance Computing LTSS 15 SP4SUSE Linux Enterprise High Performance Computing LTSS 15 SP5SUSE Linux Enterprise Live Patching 12-SP5SUSE Linux Enterprise Live Patching 15-SP4SUSE Linux Enterprise Live Patching 15-SP5SUSE Linux Enterprise Live Patching 15-SP6SUSE Linux Enterprise Live Patching 15-SP7SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Micro for Rancher 5.2SUSE Linux Enterprise Micro for Rancher 5.3SUSE Linux Enterprise Micro for Rancher 5.4SUSE Linux Enterprise Real Time 15 SP4SUSE Linux Enterprise Real Time 15 SP5SUSE Linux Enterprise Real Time 15 SP6SUSE Linux Enterprise Real Time 15 SP7SUSE Linux Enterprise Server 11 SP4SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORESUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server 12 SP5 LTSSSUSE Linux Enterprise Server 12 SP5 LTSS Extended SecuritySUSE Linux Enterprise Server 15 SP3 Business Critical LinuxSUSE Linux Enterprise Server 15 SP3 LTSSSUSE Linux Enterprise Server 15 SP4SUSE Linux Enterprise Server 15 SP4 LTSSSUSE Linux Enterprise Server 15 SP5SUSE Linux Enterprise Server 15 SP5 LTSSSUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 12 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP3SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP6SUSE Linux Enterprise Server for SAP Applications 15 SP7SUSE Manager Proxy 4.2SUSE Manager Proxy 4.3SUSE Manager Proxy 4.3 LTSSUSE Manager Retail Branch Server 4.2SUSE Manager Retail Branch Server 4.3SUSE Manager Retail Branch Server 4.3 LTSSUSE Manager Server 4.2SUSE Manager Server 4.3SUSE Manager Server 4.3 LTSSUSE Real Time Module 15-SP7 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.suse.com/support/update/announcement/2025/suse-su-202502588-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502601-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502602-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502604-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502606-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502607-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502608-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502610-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502611-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502618-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502619-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502626-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502627-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502632-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502637-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502638-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502647-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502648-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502652-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502671-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502673-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502676-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502687-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502688-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502691-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502689-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502693-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502697-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502698-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502699-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502704-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502707-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502708-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502710-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502821-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502820-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502823-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502827-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502830-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502832-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502833-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502834-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502844-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502846-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502849-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502850-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502851-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502852-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502853-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502854-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502857-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502858-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502859-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502860-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502871-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502873-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502878-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502876-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502883-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502884-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502875-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502894-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502902-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502897-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502908-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502909-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502911-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502917-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502918-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502922-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502923-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502926-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502930-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502932-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502933-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502934-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502936-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502937-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502938-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502942-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502943-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502944-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502945-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502955-1/ https://www.kjintelligent.com/en/hot_521863.html [Cybersecurity Vulnerability Notice] SUSE Linux 內核存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521863.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521863.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521863.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Microsoft Edge 存在漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險       Microsoft Edge 存在漏洞,允許遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼,受影響之系統或技術如下:受影響之系統/漏洞描述:Microsoft Edge Stable Channel 139.0.3405.111 之前的版本Microsoft Edge Extended Stable Channel 138.0.3351.144 之前的版本 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。           情資報告連結:https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#august-21-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132 https://www.kjintelligent.com/en/hot_521864.html [Cybersecurity Vulnerability Notice] Microsoft Edge 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521864.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521864.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521864.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-48384】Git Link Following Vulnerability (CVSS v3.1: 8.0)【是否遭勒索軟體利用:未知】Git存在連結追蹤漏洞,該漏洞源於Git對設定檔中carriage return characters的處理不一致。【CVE-2024-8068】Citrix Session Recording Improper Privilege Management Vulnerability (CVSS v3.1: 8.0)【是否遭勒索軟體利用:未知】Citrix Session Recording存在權限管理不當漏洞,可能導致權限提升至NetworkService帳戶存取層級。【CVE-2024-8069】Citrix Session Recording Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.0)【是否遭勒索軟體利用:未知】Citrix Session Recording存在未經信任資料反序列化漏洞,可能允許在NetworkService帳戶權限下執行有限的遠端程式碼。【CVE-2025-7775】Citrix NetScaler Memory Overflow Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Citrix NetScaler ADC和NetScaler Gateway存在記憶體溢位漏洞,可能導致遠端程式碼執行及/或阻斷服務攻擊。【CVE-2025-57819】Sangoma FreePBX Authentication Bypass Vulnerability (CVSS v4.0: 10.0)【是否遭勒索軟體利用:未知】Sangoma FreePBX存在身分驗證繞過漏洞,由於在處理使用者提供的輸入資料時未進行充分的驗證與清理,攻擊者可在未經驗證的情況下存取 FreePBX 管理介面,進而引發任意資料庫操作及遠端程式碼執行。◎建議措施:【CVE-2025-48384】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9【CVE-2024-8068】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.citrix.com/external/article?articleUrl=CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069&language=en_US【CVE-2024-8069】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.citrix.com/external/article?articleUrl=CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069&language=en_US【CVE-2025-7775】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938【CVE-2025-57819】官方已針對漏洞釋出修復更新,請更新至相關版本https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h◎相關IOC資訊:◎備註:TLP: CLEAR TWCERT-TWISAC-202509-0003◎參考資料:【CVE-2025-48384】1.https://nvd.nist.gov/vuln/detail/cve-2025-483842.https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9【CVE-2024-8068】1.https://nvd.nist.gov/vuln/detail/cve-2024-80682.https://support.citrix.com/external/article?articleUrl=CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069&language=en_US【CVE-2024-8069】1.https://nvd.nist.gov/vuln/detail/cve-2024-80692.https://support.citrix.com/external/article?articleUrl=CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069&language=en_US【CVE-2025-7775】1.https://nvd.nist.gov/vuln/detail/cve-2025-77752.https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938【CVE-2025-57819】1.https://nvd.nist.gov/vuln/detail/cve-2025-578192.https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h https://www.kjintelligent.com/en/hot_522225.html [TWCERT 分享資安情資]CISA新增5個已知遭駭客利用之漏洞至KEV目錄(2025/08/25-2025/08/31) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522225.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_522225.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_522225.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】近日Openfind 電子郵件威脅實驗室於分析存取紀錄時,發現MailGates / MailAudit系統中使用的第三方工具存在安全漏洞,目前已發現有攻擊者以 XSS 跨站腳本攻擊成功,可能導致用戶資料外洩及檔案系統未授權存取。Openfind 已更新受影響的第三方模組版本,並釋出安全性修補程式(Security Patch),建議使用者儘速完成更新。◎建議措施:MailGates / MailAudit 標準版至 [線上更新] 頁面更新:v6.0 版本請依序更新 Patch 至 6.1.9.050v5.0 版本請依序更新 Patch 至 5.2.10.097◎相關IOC資訊:◎備註:◎參考資料:1. https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-25-002.pdf https://www.kjintelligent.com/en/hot_521868.html [TWCERT 分享資安情資] Openfind 使用第三方工具存在安全漏洞,可能引發XSS跨腳本攻擊 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521868.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521868.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險       Google Chrome 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼,受影響之系統或技術如下:受影響之系統/漏洞描述:Google Chrome 139.0.7258.138 (Linux) 之前的版本Google Chrome 139.0.7258.138/.139 (Mac) 之前的版本Google Chrome 139.0.7258.138/.139 (Windows) 之前的版本三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新:請更新 139.0.7258.138 (Linux) 或之後的版本。請更新 139.0.7258.138/.139 (Mac) 或之後的版本。請更新 139.0.7258.138/.139 (Windows) 或之後的版本。        情資報告連結:https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html https://www.kjintelligent.com/en/hot_521733.html [Cybersecurity Vulnerability Notice] Google Chrome 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521733.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521733.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521733.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發彷冒、遠端執行任意程式碼、洩露敏感資料、權限提升及繞過身份驗證。二、存在風險       RedHat Linux核心存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發彷冒、遠端執行任意程式碼、洩露敏感資料、權限提升及繞過身份驗證,受影響之系統或技術如下:受影響之系統或技術描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64Red Hat CodeReady Linux Builder for ARM 64 10 aarch64Red Hat CodeReady Linux Builder for ARM 64 9 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390xRed Hat CodeReady Linux Builder for IBM z Systems 10 s390xRed Hat CodeReady Linux Builder for IBM z Systems 9 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 10 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 9 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64Red Hat CodeReady Linux Builder for x86_64 10 x86_64Red Hat CodeReady Linux Builder for x86_64 9 x86_64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64Red Hat Enterprise Linux for ARM 64 10 aarch64Red Hat Enterprise Linux for ARM 64 9 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390xRed Hat Enterprise Linux for IBM z Systems 10 s390xRed Hat Enterprise Linux for IBM z Systems 9 s390xRed Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat Enterprise Linux for Power, little endian 10 ppc64leRed Hat Enterprise Linux for Power, little endian 9 ppc64leRed Hat Enterprise Linux for Real Time 8 x86_64Red Hat Enterprise Linux for Real Time for NFV 8 x86_64Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64Red Hat Enterprise Linux for x86_64 10 x86_64Red Hat Enterprise Linux for x86_64 9 x86_64Red Hat Enterprise Linux Server - AUS 8.2 x86_64Red Hat Enterprise Linux Server - AUS 8.4 x86_64Red Hat Enterprise Linux Server - AUS 9.4 x86_64Red Hat Enterprise Linux Server - AUS 9.6 x86_64Red Hat Enterprise Linux Server - TUS 8.8 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64leRed Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390xRed Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64leRed Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64leRed Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64leRed Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le三、存在風險:        盡速更新受影響之系統或技術、解決方案、漏洞識別碼及相關連結。         情資報告連結:https://access.redhat.com/errata/RHSA-2025:11669https://access.redhat.com/errata/RHSA-2025:11677https://access.redhat.com/errata/RHSA-2025:11678https://access.redhat.com/errata/RHSA-2025:12525https://access.redhat.com/errata/RHSA-2025:12623https://access.redhat.com/errata/RHSA-2025:12662https://access.redhat.com/errata/RHSA-2025:12746https://access.redhat.com/errata/RHSA-2025:12753https://access.redhat.com/errata/RHSA-2025:12976https://access.redhat.com/errata/RHSA-2025:12977https://access.redhat.com/errata/RHSA-2025:13029https://access.redhat.com/errata/RHSA-2025:13030https://access.redhat.com/errata/RHSA-2025:13061https://access.redhat.com/errata/RHSA-2025:13120https://access.redhat.com/errata/RHSA-2025:13135 https://www.kjintelligent.com/en/hot_520920.html [Cybersecurity Vulnerability Notice] RedHat Linux核心多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520920.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520920.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520920.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】備份與資料保護軟體廠商 CommVault,以企業級整合資料管理解決方案著稱,支援多平台、多環境的備份與還原,並提供高效的資料保護技術及雲端整合能力。近期發布重大資安漏洞公告(CVE-2025-57790,CVSS 3.x:8.8),此漏洞允許遠端攻擊者利用路徑遍歷執行未經授權的檔案系統存取,可能導致遠端程式碼執行。◎建議措施:更新至 Commvault 11.32.102 (含)之後版本、Commvault 11.36.60 (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html2. https://nvd.nist.gov/vuln/detail/cve-2025-57790 https://www.kjintelligent.com/en/hot_521870.html [TWCERT 分享資安情資] Commvault 存在重大資安漏洞(CVE-2025-57790) 備 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521870.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521870.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521870.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        蘋果產品存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。二、存在風險         蘋果產品存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況,其影響系統如下:受影響之系統/漏洞描述:iPadOS 17.7.10以前的版本iOS 18.6.2 and iPadOS 18.6.2以前的版本macOS Sequoia 15.6.1以前的版本macOS Sonoma 14.7.8以前的版本macOS Ventura 13.7.8以前的版本三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://support.apple.com/en-us/124925https://support.apple.com/en-us/124926https://support.apple.com/en-us/124927https://support.apple.com/en-us/124928https://support.apple.com/en-us/124929 https://www.kjintelligent.com/en/hot_521734.html [Cybersecurity Vulnerability Notice] 蘋果產品存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521734.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521734.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521734.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、仿冒、跨網站指令碼及繞過身份驗證。二、存在風險       Mozilla 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、仿冒、跨網站指令碼及繞過身份驗證,受影響之系統或技術如下:受影響之系統/漏洞描述:Firefox 142Firefox ESR 115.27Firefox ESR 128.14Firefox ESR 140.2Firefox for iOS 142Focus for iOS 142Thunderbird 128.14Thunderbird 140.2Thunderbird 142 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://www.mozilla.org/en-US/security/advisories/mfsa2025-64https://www.mozilla.org/en-US/security/advisories/mfsa2025-65https://www.mozilla.org/en-US/security/advisories/mfsa2025-66https://www.mozilla.org/en-US/security/advisories/mfsa2025-67https://www.mozilla.org/en-US/security/advisories/mfsa2025-68https://www.mozilla.org/en-US/security/advisories/mfsa2025-69https://www.mozilla.org/en-US/security/advisories/mfsa2025-70https://www.mozilla.org/en-US/security/advisories/mfsa2025-71https://www.mozilla.org/en-US/security/advisories/mfsa2025-72 https://www.kjintelligent.com/en/hot_521732.html [Cybersecurity Vulnerability Notice] Mozilla 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521732.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521732.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521732.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Citrix旗下NetScaler ADC (原名為Citrix ADC)是一款網路設備,專為優化、保護及管理企業應用程式與雲端服務而設計;NetScaler Gateway (原名為Citrix Gateway)則提供安全的遠端存取解決方案,讓使用者能夠從任何地點安全存取應用程式和資料。Citrix發布重大資安漏洞公告(CVE-2025-7775,CVSS 4.x:9.2 和 CVE-2025-7776,CVSS 4.x:8.8),CVE-2025-7775為記憶體溢位漏洞,導致遠端程式碼或DoS攻擊;CVE-2025-7776為記憶體溢位漏洞,導致不可預測或錯誤行為和DoS攻擊。另外,CVE-2025-7775目前已觀察到有攻擊者利用,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。備註:受影響產品NetScaler ADC 和 NetScaler Gateway 12.1和13.0已是EoL(End of Life)的產品,Citrix建議升級至支援版本◎建議措施:請更新至以下版本:NetScaler ADC 和 NetScaler Gateway 14.1-47.48 (含)之後版本、NetScaler ADC 和 NetScaler Gateway 13.1-59.22 (含)之後版本、NetScaler ADC 13.1-FIPS 與 NDcPP 13.1-37.241-FIPS 與 NDcPP (含)之後版本、NetScaler ADC 12.1-FIPS 與 NDcPP 12.1-55.330-FIPS 與 NDcPP (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX6949382. https://nvd.nist.gov/vuln/detail/CVE-2025-77753. https://nvd.nist.gov/vuln/detail/CVE-2025-7776 https://www.kjintelligent.com/en/hot_521869.html [TWCERT 分享資安情資] Citrix旗下NetScaler ADC 和 NetScaler Gateway 存在2個重大資安漏洞(CVE-2025-77 75和CVE-2025-7776) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521869.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521869.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521869.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        ChromeOS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證、遠端執行任意程式碼及跨網站指令碼。二、存在風險        ChromeOS 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證、遠端執行任意程式碼及跨網站指令碼,其影響系統如下:受影響之系統/漏洞描述:ChromeOS 16328.55.0 (瀏覽器版本 139.0.7258.137)之前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新:請更新至ChromeOS 16328.55.0 (瀏覽器版本 139.0.7258.137)。       情資報告連結:https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-chromeos.html https://www.kjintelligent.com/en/hot_521731.html [Cybersecurity Vulnerability Notice] ChromeOS 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521731.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521731.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521731.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         SUSE Linux 核心存在多個安全漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發彷冒、遠端執行任意程式碼、洩露敏感資料、阻斷服務狀況、資料篡改、權限提升及繞過身份驗證。二、存在風險    SUSE Linux 核心存在多個安全漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發彷冒、遠端執行任意程式碼、洩露敏感資料、阻斷服務狀況、資料篡改、權限提升及繞過身份驗證,其影響系統或版本如下:受影響之系統/漏洞描述:Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64Red Hat CodeReady Linux Builder for ARM 64 10 aarch64Red Hat CodeReady Linux Builder for ARM 64 9 aarch64Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390xRed Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390xRed Hat CodeReady Linux Builder for IBM z Systems 10 s390xRed Hat CodeReady Linux Builder for IBM z Systems 9 s390xRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 10 ppc64leRed Hat CodeReady Linux Builder for Power, little endian 9 ppc64leRed Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64Red Hat CodeReady Linux Builder for x86_64 10 x86_64Red Hat CodeReady Linux Builder for x86_64 9 x86_64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64Red Hat Enterprise Linux for ARM 64 10 aarch64Red Hat Enterprise Linux for ARM 64 9 aarch64Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390xRed Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390xRed Hat Enterprise Linux for IBM z Systems 10 s390xRed Hat Enterprise Linux for IBM z Systems 9 s390xRed Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64leRed Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64leRed Hat Enterprise Linux for Power, little endian 10 ppc64leRed Hat Enterprise Linux for Power, little endian 9 ppc64leRed Hat Enterprise Linux for Real Time 8 x86_64Red Hat Enterprise Linux for Real Time for NFV 8 x86_64Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64Red Hat Enterprise Linux for x86_64 10 x86_64Red Hat Enterprise Linux for x86_64 9 x86_64Red Hat Enterprise Linux Server - AUS 8.2 x86_64Red Hat Enterprise Linux Server - AUS 8.4 x86_64Red Hat Enterprise Linux Server - AUS 9.4 x86_64Red Hat Enterprise Linux Server - AUS 9.6 x86_64Red Hat Enterprise Linux Server - TUS 8.8 x86_64Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64leRed Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64leRed Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390xRed Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390xRed Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64leRed Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64leRed Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64leRed Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.suse.com/support/update/announcement/2025/suse-su-202502588-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502601-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502602-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502604-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502606-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502607-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502608-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502610-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502611-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502618-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502619-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502626-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502627-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502632-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502637-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502638-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502647-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502648-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502652-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502671-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502673-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502676-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502687-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502688-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502691-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502689-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502693-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502697-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502698-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502699-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502704-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502707-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502708-1/https://www.suse.com/support/update/announcement/2025/suse-su-202502710-1/ https://www.kjintelligent.com/en/hot_520921.html [Cybersecurity Vulnerability Notice] SUSE Linux 內核多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520921.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520921.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520921.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Palo Alto PAN-OS 存在漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發敏感資料洩露。二、存在風險          Palo Alto PAN-OS 存在漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發敏感資料洩露,受影響之系統或技術如下: 受影響之系統/漏洞描述:PA-7500 系列中:PAN-OS 11.1.10 之前的 PAN-OS 11.1 版本PAN-OS 11.2.8 之前的 PAN-OS 11.2 版本三、建議改善措施:          企業及使用者如有上述漏洞版本應儘速更新:請將 PAN-OS 11.1.10 之前的 PAN-OS 11.1 版本更新至 11.1.10 或更高版本。請將 PAN-OS 11.2.8 之前的 PAN-OS 11.2 版本更新至 11.2.8 或更高版本。       情資報告連結:https://security.paloaltonetworks.com/CVE-2025-2182 https://www.kjintelligent.com/en/hot_521466.html [Cybersecurity Vulnerability Notice] Palo Alto PAN-OS 存在敏感資料洩露漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521466.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521466.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521466.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          思科旗下威脅情報團隊 Talos 揭露近期活動升溫的勒索軟體組織 Chaos 疑似由 BlackSuit 前成員建立,並透過俄羅斯網路犯罪論壇招募加盟主合作,以「滲透測試」為名進行攻擊。Chaos 的攻擊手法包含透過大量垃圾郵件接觸受害者、利用語音網釣取得初始存取權限、濫用遠端管理工具(RMM)維持存取,以及透過檔案共享軟體外傳竊得資料。二、存在風險        Talos 揭露Chaos 的攻擊手法包含透過大量垃圾郵件接觸受害者、利用語音網釣取得初始存取權限、濫用遠端管理工具(RMM)維持存取,以及透過檔案共享軟體外傳竊得資料。若受害組織檔案遭加密,Chaos 會留下勒索訊息,聲稱自己是在進行「專業資安測試」,並已成功突破防護、竊取所有內部機密。若受害組織拒絕支付贖金,駭客將威脅外流資料,進一步造成嚴重影響。 IoC: Emmenhtal and Amadey:4e3951e668464efe8195d45fea7967857070a7d20d2c0e22f3c0f10bb2a8f8b87618787e1032bbf6a6ca8b3388ea3803be20a49e4afaba1df38a6116085062f718be762e8bd513283cd5e21634dc65bd160e47121716fd058daf5f3be42728a9bcfc98998b9e42b86204e66605b65462eeb8cfd8a0661b3ceebc99d4277e83cc62e7aca9bf6c20f7394d6d59b202af56150defbb6fae06e8443b7c6d71244d21cf7da02e01b3c2317178395eff873e50ab9b8f27a23ffed37b2efff8fd6b9035c1eb5ff8913c4ca4feb712e05354772146247bdb4b337868c687730f2010230334cd1b8ab17203179da1ae77c1fad97ddf794cc63a6048aca664956d10b2cahttp://pivqmane[.]com/doc/fb[.]mp4http://pivqmane[.]com/testonload[.]mp4http://185.215.113[.]16/test/amnew.exehttp://185[.]215[.]113[.]43/Zu7JuNko/index.phpNew Chaos Ransomware:7c4b465159e1c7dbbe67f0eeb3f58de1caba293999a49843a0818480f05be14e 11cfea4100ba3731d859148d2011c7225d337db22797f7e111c0f2876e986490 1d846592ffcc19ed03a34316520aa31369218a88afa4e17ac547686d0348aa5b 144[.]172[.]103[.]42 45[.]61[.]134[.]36 107[.]170[.]35[.]225LLMs for Reverse Engineering:7412945177641e9b9b27e601eeda32fda02eae10d0247035039b9174dcc01d12       建議改善措施:定期更新系統和軟體。定期執行安全評估。將IoC匯入相關資安設備,藉以偵測和阻擋內部主機之惡意行為。對內部員工實施教育訓練(如:勒索病毒、社交工程、惡意郵件),藉以提供員工資安意識。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。        情資報告連結:https://blog.talosintelligence.com/new-chaos-ransomware/ https://www.kjintelligent.com/en/hot_521465.html 勒索軟體BlackSuit成員打造Chaos並提供租用服務 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521465.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521465.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521465.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、篡改、洩露敏感資料、阻斷服務狀況及繞過身份驗證。二、存在風險        GitLab 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發跨網站指令碼、篡改、洩露敏感資料、阻斷服務狀況及繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:GitLab Community Edition (CE) 18.2.2, 18.1.4 及 18.0.6 以前的版本GitLab Enterprise Edition (EE) 18.2.2, 18.1.4 及 18.0.6 以前的版本三、建議改善措施        企業及使用者如有上述漏洞版本應儘速更新。      情資報告連結:https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/ https://www.kjintelligent.com/en/hot_521467.html [Cybersecurity Vulnerability Notice] GitLab 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521467.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521467.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521467.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-54948】Trend Micro Apex One OS Command Injection Vulnerability (CVSS v3.1: 9.4)【是否遭勒索軟體利用:未知】Trend Micro Apex One本地部署版本存在作業系統指令注入漏洞,未經身分鑑別之遠端攻擊者可於管理主控台上傳惡意程式碼並達成遠端執行任意程式碼。【CVE-2025-43300】Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Apple iOS、iPadOS和macOS的Image I/O架構中存在越界寫入漏洞。◎建議措施:【CVE-2025-54948】官方已針對漏洞釋出修復更新,請更新至相關版本https://success.trendmicro.com/en-US/solution/KA-0020652【CVE-2025-43300】官方已針對漏洞釋出修復更新,請更新至相關版本https://support.apple.com/en-us/124925https://support.apple.com/en-us/124926https://support.apple.com/en-us/124927https://support.apple.com/en-us/124928https://support.apple.com/en-us/124929◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-54948】1.https://nvd.nist.gov/vuln/detail/cve-2025-549482.https://success.trendmicro.com/en-US/solution/KA-0020652【CVE-2025-43300】1.https://nvd.nist.gov/vuln/detail/cve-2025-433002.https://support.apple.com/en-us/1249253.https://support.apple.com/en-us/1249264.https://support.apple.com/en-us/1249275.https://support.apple.com/en-us/1249286.https://support.apple.com/en-us/124929 https://www.kjintelligent.com/en/hot_521730.html [TWCERT 分享資安情資] CISA新增2個已知遭駭客利用之漏洞至KEV目錄(2025/08/18-2025/08/24) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521730.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521730.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521730.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況及遠端執行任意程式碼。 二、存在風險          Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發資料篡改、阻斷服務狀況及遠端執行任意程式碼,受影響之系統或技術如下: 受影響之系統/漏洞描述:Microsoft Edge 139.0.3405.102 之前的版本三、建議改善措施:          企業及使用者如有上述漏洞版本應儘速更新:請更新至 139.0.3405.102 或之後版本。       情資報告連結:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901 https://www.kjintelligent.com/en/hot_521469.html [Cybersecurity Vulnerability Notice] Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521469.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521469.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521469.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco Secure Firewall Management Center(FMC)是一套集中式管理平台,用於統一管理與監控 Cisco 防火牆產品,提供完整的威脅防禦視野,並支援政策制定、事件分析、流量監控與裝置設定等功能。Cisco發布重大資安漏洞公告(CVE-2025-20265,CVSS:10.0)並釋出更新版本,此漏洞存在於該透過RADIUS進行身份驗證時,允許未經身份驗證的遠端攻擊者注入任意 Shell 指令並使該裝置執行指令。◎建議措施:根據官方網站釋出解決方式進行修補:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 https://www.kjintelligent.com/en/hot_521474.html [TWCERT 分享資安情資] Cisco 旗下防火牆系統存在重大資安漏洞(CVE-2025-20265) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521474.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521474.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521474.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證。二、存在風險        Ubuntu Linux 核心存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露及繞過身份驗證,受影響之系統或技術如下:受影響之系統或技術描述:Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTSUbuntu 24.04 LTSUbuntu 25.04三、存在風險:        企業及使用者如有上述漏洞版本應儘速更新。         情資報告連結:https://ubuntu.com/security/notices/USN-7671-3https://ubuntu.com/security/notices/USN-7681-2https://ubuntu.com/security/notices/USN-7682-2https://ubuntu.com/security/notices/USN-7682-3https://ubuntu.com/security/notices/USN-7682-4https://ubuntu.com/security/notices/USN-7683-1https://ubuntu.com/security/notices/USN-7683-2https://ubuntu.com/security/notices/USN-7683-3https://ubuntu.com/security/notices/USN-7684-1https://ubuntu.com/security/notices/USN-7684-2https://ubuntu.com/security/notices/USN-7684-3https://ubuntu.com/security/notices/USN-7685-1https://ubuntu.com/security/notices/USN-7685-2https://ubuntu.com/security/notices/USN-7685-3https://ubuntu.com/security/notices/USN-7685-4https://ubuntu.com/security/notices/USN-7686-1 https://www.kjintelligent.com/en/hot_521099.html [Cybersecurity Vulnerability Notice] Ubuntu Linux 核心存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521099.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521099.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521099.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          資安業者 Bitdefender 揭露一個新興的俄羅斯駭客組織 Curly COMrades活動行為,他們的主要目標是政府、司法機構與能源公司,並利用代理伺服器工具(Resocks、SSH、Stunnel) 與被入侵的合法網站來隱匿流量。駭客部署的核心惡意程式 MucorAgent 可透過 CLSID 劫持 Windows NGEN 達成持久化,並從網域控制器與 LSASS 竊取帳號雜湊、認證憑證與明文密碼。二、存在風險        駭客透過 MucorAgent 惡意程式,並利用 CLSID 劫持 Windows NGEN 的方式達成持久化,讓惡意程式即使在系統重啟後依然存留於受害端。這種技術手法顯示攻擊者具備熟練的系統層級操作能力,能長期維持對受害環境的控制。一旦取得初步存取,攻擊者會鎖定網域控制器與 LSASS 程序,執行記憶體傾印竊取帳號雜湊、驗證憑證與明文密碼。這意味著組織的高權限帳號極易遭到破解與濫用,使駭客得以進行橫向移動,全面掌控內部網路資源。更進一步地,駭客利用代理伺服器及遭入侵的合法網站來轉送惡意流量,使其行為與正常網路活動混淆,降低被偵測的機率。這不僅讓組織難以及時察覺異常,還可能導致長期潛伏,造成敏感資訊外洩、基礎設施癱瘓與營運中斷等嚴重後果。 IoC: Main object:c:\program files (x86)\google\googleupdate.exe:MD5: b55e8e1d84d03ffe885e63a53a9acc7d, dd253f7403644cfa09d8e42a7120180dc:\programdata\hp.exe, c:\programdata\microsoft\mf\mf.exe:MD5: 44a57a7c388af4d96771ab23e85b7f1ec:\programdata\intel\logs\data\tasklauncher.dllMD5: 5a8ff502d94fe51ba84e4c0627d43791, c1cdca4f765f38675a4c4dfc5e5f7e59c:\programdata\results.exe:MD5: 5ed6b17103b231e9ff2abda1094083e3c:\programdata\tb.exe:MD5: 171f097c66ee0c6a69dde5da994ed8a7Dropped Files:c:\programdata\{1.bat, ca.exe, ch_prm.bat, curl.taskhandler.xml, drm.exe, rar.bat, run.bat}c:\users\\appdata\roaming\microsoft\windows\templates\curl\{icon.png, index.png}c:\programdata\microsoft\{drm\msedge.exe, edgeupdate\{checkupdate.exe, msedge.exe}}Connections:75.127.13.136207.180.194.10991.107.174.19096.30.124.10345.43.91.10194.87.31.171Scheduled Tasks:\microsoft\windows\devicedirectoryclient\{registerdevicesusb, registerdeviceprotectionusb}\microsoft\windows\updateorchestrator\check_acjavaupdate\mozilla\browser.visualupdatemicrosoftedgeupdatetaskmachinebackupWindows Services:oraclejavasvcmsedgesvc       建議改善措施:定期更新系統和軟體。定期執行安全評估。將IoC匯入相關資安設備,藉以偵測和阻擋內部主機之惡意行為。啟用多因素驗證,並定期更新系統與應用程式,避免帳號被盜用。對內部網路與可疑程式行為進行監控,偵測異常存取或惡意後門活動。對內部員工實施教育訓練(如:勒索病毒、社交工程、惡意郵件),藉以提供員工資安意識。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。        情資報告連結:https://www.bitdefender.com/en-us/blog/businessinsights/curly-comrades-new-threat-actor-targeting-geopolitical-hotbeds https://www.kjintelligent.com/en/hot_521472.html [Cybersecurity Vulnerability Notice] 俄羅斯駭客Curly COMrades鎖定前蘇聯國家進行網路間諜活動 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521472.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521472.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521472.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         F5 BIG-IP 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及權限提升。 二、存在風險          F5 BIG-IP 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及權限提升,受影響之系統或技術如下: 受影響之系統/漏洞描述:BIG-IP (所有模組)版本 15.1.0 - 15.1.10版本 16.1.0 - 16.1.6版本 17.1.0 - 17.1.2版本 17.5.0 - 17.5.1BIG-IP Next (所有模組)版本 20.3.0BIG-IP Next SPK版本 2.0.0 - 2.0.2版本 1.7.0 - 1.9.2BIG-IP Next CNF版本 2.0.0 - 2.0.2版本 1.1.0 - 1.4.1BIG-IP Next for Kubernetes版本 2.0.0APM Clients版本 7.2.5三、建議改善措施:          企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://my.f5.com/manage/s/article/K000141436https://my.f5.com/manage/s/article/K000151546https://my.f5.com/manage/s/article/K000151782https://my.f5.com/manage/s/article/K000152001 https://www.kjintelligent.com/en/hot_521463.html [Cybersecurity Vulnerability Notice] F5 BIG-IP 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521463.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521463.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521463.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及繞過身份驗證。二、存在風險        思科產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及繞過身份驗證,受影響之系統或技術如下:受影響之系統/漏洞描述:Cisco IOS SoftwareCisco IOS XE SoftwareCisco Secure Firewall Adaptive Security Appliance (ASA) SoftwareCisco Secure Firewall Threat Defense (FTD) Software 三、建議改善措施:        企業及使用者如有上述漏洞版本應儘速更新。       情資報告連結:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-buffer-overflow-PyRUhWBChttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-acl-bypass-mtPze9Yhhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmdinj-VEhFeZQ3https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dhcp-qj7nGs4Nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-http-file-hUyX2jL4https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHyhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-nat-dns-dos-bqhynHTMhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZehttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6ehttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsXhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO https://www.kjintelligent.com/en/hot_521470.html [Cybersecurity Vulnerability Notice] 思科產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521470.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521470.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521470.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-42957,CVSS:9.9】此漏洞存在於SAP S/4HANA 和 SAP SCM Characteristic Propagation,允許具有使用者權限的攻擊者利用RFC公開功能模組的漏洞,將任意ABAP程式碼注入系統,從而繞過必要的授權檢查。【CVE-2025-42950,CVSS:9.9】該漏洞存在於SAP Landscape Transformation (SLT) ,允許具有使用者權限的攻擊者透過RFC公開功能模組的漏洞,將任意ABAP程式碼注入系統,從而繞過必要的授權檢查。【CVE-2025-42951,CVSS:8.8】SAP Business One(SLD) 存在授權漏洞,允許經過驗證的攻擊者透過呼叫對應的API取得資料庫的管理員權限。◎建議措施:根據官方網站釋出的解決方式進行修補:https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html◎相關IOC資訊:◎備註:◎參考資料:1. https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html2. https://www.cve.org/CVERecord?id=CVE-2025-429573. https://www.cve.org/CVERecord?id=CVE-2025-429504. https://www.cve.org/CVERecord?id=CVE-2025-42951 https://www.kjintelligent.com/en/hot_521174.html [TWCERT 分享資安情資] SAP針對旗下多款產品發布重大資安公告 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521174.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521174.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521174.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Fortinet FortiWeb 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證。二、存在風險        Fortinet FortiWeb 存在一個漏洞,允許遠端攻擊者利用此漏洞,於目標系統觸發繞過身份驗證,其影響系統如下:受影響之系統/漏洞描述:FortiWeb 7.6 版本 7.6.0 至 7.6.3FortiWeb 7.4 版本 7.4.0 至 7.4.7FortiWeb 7.2 版本 7.2.0 至 7.2.10FortiWeb 7.0 版本 7.0.0 至 7.0.10三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將 FortiWeb 7.6 版本 7.6.0 至 7.6.3 更新至 7.6.4 或更高版本。請將 FortiWeb 7.4 版本 7.4.0 至 7.4.7 更新至 7.4.8 或更高版本。請將 FortiWeb 7.2 版本 7.2.0 至 7.2.10 更新至 7.2.11 或更高版本。請將 FortiWeb 7.0 版本 7.0.0 至 7.0.10 更新至 7.0.11 或更高版本。       情資報告連結:https://fortiguard.fortinet.com/psirt/FG-IR-25-448 https://www.kjintelligent.com/en/hot_521468.html [Cybersecurity Vulnerability Notice] Fortinet FortiWeb 繞過身份驗證漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521468.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521468.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521468.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          微軟揭露俄羅斯駭客Secret Blizzard、Turla、Waterbug、Venomous Bear的一系列網路間諜活動行為,他們利用對手中間人(AiTM)手法,攻擊位於莫斯科的各國大使館、外交單位,以及其他敏感的組織,並散布名為ApolloShadow的惡意程式。惡意程式啟動後會檢查受害裝置的權限層級,若是以非預設的管理員組態執行,就會顯示使用者存取控制(UAC)彈出式視窗,要求使用者執行CertificateDB.exe來安裝憑證。值得注意的是,此執行檔偽裝成卡巴斯基的安裝程式,於受害電腦植入根憑證,從而讓攻擊者能夠提升系統權限層級。二、存在風險        微軟揭露俄羅斯駭客Secret Blizzard、Turla、Waterbug、Venomous Bear的一系列網路間諜活動行為,他們利用對手中間人(AiTM)手法,攻擊位於莫斯科的各國大使館、外交單位,以及其他敏感的組織,並散布名為ApolloShadow的惡意程式。惡意程式啟動後會檢查受害裝置的權限層級,若是以非預設的管理員組態執行,就會顯示使用者存取控制(UAC)彈出式視窗,要求使用者執行CertificateDB.exe來安裝憑證。值得注意的是,此執行檔偽裝成卡巴斯基的安裝程式,於受害電腦植入根憑證,從而讓攻擊者能夠提升系統權限層級。這波攻擊活動,駭客透過旅館或機場會出現的公共Wi-Fi登入網站Captive Portal,並將目標設備放置在這種登入網站的後面,一旦Windows的測試連線狀態指示器啟動,就會發出HTTP GET請求,此時攻擊者會將受害者重新導向到他們控制的網域,並疑似藉由憑證錯誤的理由,要求受害者下載ApolloShadow並執行。 IoC:kav-certificates[.]info 45.61.149[.]109 13fafb1ae2d5de024e68f2e2fc820bc79ef0690c40dbfd70246bcc394c52ea20CertificateDB.exe         建議改善措施: 定期更新存在漏洞之系統。加強憑證與加密驗證。對內部網路與可疑程式行為進行監控,偵測異常存取或惡意後門活動。如內部有相關資安設備(防火牆、防毒軟體等),可評估將IoC匯入,藉以強化資安防護。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。         情資報告連結:https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/ https://www.kjintelligent.com/en/hot_521473.html [Cybersecurity Vulnerability Notice] 俄羅斯駭客Secret Blizzard鎖定大使館濫用ISP發動AiTM網釣 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521473.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521473.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521473.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Adobe針對Java企業版(JEE)的Adobe Experience Manager Forms發布重大資安漏洞(CVE-2025-54253,CVSS:10.0),此漏洞源於配置錯誤,攻擊者可利用此漏洞繞過安全機制並執行任意程式碼。◎建議措施:更新Adobe Experience Manager (AEM) Forms on JEE 至 6.5.0-0108版本◎相關IOC資訊:◎備註:◎參考資料:1. https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html2. https://nvd.nist.gov/vuln/detail/CVE-2025-54253 https://www.kjintelligent.com/en/hot_520928.html [TWCERT 分享資安情資] Adobe Experience Manager (JEE) 存在重大資安漏洞(CVE-2025-54253) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520928.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520928.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520928.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。二、存在風險        Microsoft Edge 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況,其影響系統或版本如下:受影響之系統/漏洞描述:Microsoft Edge 138.0.3351.95 之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新: 請更新至 138.0.3351.95 或之後版本。       情資報告連結:https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-16-2025https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6558https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7656https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7657 https://www.kjintelligent.com/en/hot_519820.html [Cybersecurity Vulnerability Notice] Microsoft Edge 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519820.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519820.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519820.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要        Trend Micro 產品存在多個漏洞,允許攻擊者利用這些漏洞,於目標系統觸發遠端執行程式碼。二、存在風險        於 Trend Micro 產品發現多個漏洞。攻擊者可利用這些漏洞,於目標系統觸發遠端執行程式碼,其影響系統如下:受影響之系統/漏洞描述:Trend Micro Apex One - 2019 (On-prem)Trend Micro Apex One - Management Server 14039 及之前的版本Trend Micro Apex One as a Service (SaaS)Trend Vision One™ Endpoint Security - Standard Endpoint Protection三、建議改善措施         企業及使用者如有上述漏洞版本應儘速更新:請將Trend Micro Apex One (on-prem) 更新至FixTool_Aug2025或更高版本。       情資報告連結:https://success.trendmicro.com/en-US/solution/KA-0020652 https://www.kjintelligent.com/en/hot_520919.html [Cybersecurity Vulnerability Notice] Trend Micro 產品多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520919.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520919.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520919.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Zoom 是一款跨平台雲端視訊會議軟體,支持多人線上會議、螢幕分享及會議錄製,適用於遠距工作與教學。Zoom日前發布重大資安漏洞公告(CVE-2025-49457,CVSS:9.6),部分Windows版Zoom客戶端存在不受信任的搜尋路徑漏洞,可能允許未經身分驗證的攻擊者,透過網路存取進行權限提升攻擊。◎建議措施:根據官方網站釋出解決方式進行修補:https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null&lang=null◎相關IOC資訊:◎備註:◎參考資料:1. https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null&lang=null2. https://nvd.nist.gov/vuln/detail/CVE-2025-49457 https://www.kjintelligent.com/en/hot_521173.html [TWCERT 分享資安情資] Windows版Zoom用戶端存在重大資安漏洞(CVE-2025-49457) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521173.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521173.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521173.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】微軟針對旗下產品Exchange Server發布重大資安漏洞公告(CVE-2025-53786,CVSS:8.0),此漏洞允許取得管理者權限的攻擊者,針對雲地混合部署的環境提升權限。目前雲端環境的日誌監控工具無法紀錄此漏洞的惡意活動。該漏洞相關PoC已於近日在美國黑帽大會 (Black Hat) 公開展示,可能加速攻擊者的後續利用,Microsoft 已釋出安全性更新與提供暫時緩解措施,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。◎建議措施:根據官方網站釋出解決方式進行修補:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786◎相關IOC資訊:◎備註:◎參考資料:1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-537862. https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments3. https://nvd.nist.gov/vuln/detail/CVE-2025-53786 https://www.kjintelligent.com/en/hot_520917.html [TWCERT 分享資安情資] Microsoft Exchange Server 存在重大資安漏洞(CVE-2025-53786) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520917.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520917.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520917.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】FortiSIEM是Fortinet旗下的次世代安全資訊與事件管理平台,運用AI和自動化技術,提升威脅偵測與安全營運效率,降低管理複雜度。近日,Fortinet發布重大資安漏洞公告(CVE-2025-25256,CVSS:9.8),此為作業系統指令注入漏洞,可能允許未經身分驗證的攻擊者,透過精心設計的命令列介面(CLI)請求,執行未經授權的程式碼或命令。◎建議措施:請更新至以下版本:FortiSIEM 7.3.2版本、FortiSIEM 7.2.6版本、FortiSIEM 7.1.8版本、FortiSIEM 7.0.4版本、FortiSIEM 6.7.10版本、FortiSIEM 6.6(含)以下版本遷移至固定版本◎相關IOC資訊:◎備註:◎參考資料:1. https://fortiguard.fortinet.com/psirt/FG-IR-25-1522. https://nvd.nist.gov/vuln/detail/CVE-2025-25256 https://www.kjintelligent.com/en/hot_521172.html [TWCERT 分享資安情資] Fortinet旗下FortiSIEM存在重大資安漏洞(CVE-2025-25256) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521172.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521172.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521172.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          資安業者Seqrite揭露攻擊行動Operation Cobalt Whisper,駭客針對香港與巴基斯坦而來,大部分的目標是關鍵基礎設施,其結合ClickFix手法網路釣魚從事新一波Operation AmberMist活動。駭客主要透過20種感染鏈對國防、電工、民航組織而來,但新一波的活動Operation AmberMist,他們將攻擊範圍延伸到電玩、軟體開發、學術機構,並使用Shadow RAT、Blister DLL、INET RAT等輕量級的作案工具。駭客偏好使用Windows捷徑檔(LNK)、VBScript指令碼,以及Cobalt Strike與Metsploit兩款滲透測試工具,並主要以應徵工作為誘餌接觸受害者。二、存在風險        Seqrite提及駭客運用的新手法,他們將運用幾個以假亂真的履歷來鎖定特定產業,例如:會冒充著名機構的遊戲UI設計師,或是計算機科學系學生;接著,他們會利用假的CAPTCHA圖靈驗證進行ClickFix攻擊,藉此引誘使用者上鉤,從而在受害電腦執行惡意PowerShell指令碼。UNG0002採取多階段攻擊,藉由LNK檔、VBScript、批次檔、PowerShell來形成複雜的感染鏈,來植入惡意程式,然後濫用Rasphone、Node-Webkit等應用程式,以DLL側載手法執行惡意酬載。 IoC:LNK (Shortcut):4ca4f673e4389a352854f5feb0793dac43519ade8049b5dd9356d0cbe0f0614855dc772d1b59c387b5f33428d5167437dc2d6e2423765f4080ee3b6a04947ae94b410c47465359ef40d470c9286fb980e656698c4ee4d969c86c84fbd012af0dSCT (Scriptlet):c49e9b556d271a853449ec915e4a929f5fa7ae04da4dc714c220ed0d703a36f7VBS (VBScript):ad97b1c79735b1b97c4c4432cacac2fce6316889eafb41a0d97f2b0e565ee850c722651d72c47e224007c2111e0489a028521ccdf5331c92e6cd9cfe070769182140adec9cde046b35634e93b83da4cc9a8aa0a71c21e32ba1dce2742314e8dcBatch Script (.bat):a31d742d7e36fefed01971d8cba827c71e69d59167e080d2f551210c85fddaa5PowerShell (.ps1):a31d742d7e36fefed01971d8cba827c71e69d59167e080d2f551210c85fddaa5TXT – C2 Config:2df309018ab935c47306b06ebf5700dcf790fff7cebabfb99274fe867042ecf0b7f1d82fb80e02b9ebe955e8f061f31dc60f7513d1f9ad0a831407c1ba0df87eShellcode (.dat):2c700126b22ea8b22b8b05c2da05de79df4ab7db9f88267316530fa662b4db2cHash (SHA-256):Blister DLL Implantc3ccfe415c3d3b89bde029669f42b7f04df72ad2da4bd15d82495b58ebde46d64c79934beb1ea19f17e39fd1946158d3dd7d075aa29d8cd259834f8cd7e04ef8NET RAT2bdd086a5fce1f32ea41be86febfb4be7782c997cfcb028d2f58fee5dd4b0f8aShadow RAT90c9e0ee1d74b596a0acf1e04b41c2c5f15d16b2acd39d3dc8f90b071888ac99      建議改善措施:定期更新系統和軟體。定期執行安全評估。對內部員工實施教育訓練(如:勒索病毒、社交工程、惡意郵件),藉以提供員工資安意識。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。        情資報告連結:https://www.proofpoint.com/us/blog/threat-insight/phish-china-aligned-espionage-actors-ramp-up-taiwan-semiconductor-targeting https://www.kjintelligent.com/en/hot_520918.html [Cybersecurity Vulnerability Notice] 資安威脅趨勢 - 駭客組織UNG0002鎖定中國、香港、巴基斯坦並利用LNK檔案從事攻擊 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520918.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520918.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520918.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2020-25078】D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability (CVSS v3.1: 7.5)【是否遭勒索軟體利用:未知】D-Link DCS-2530L和DCS-2670L裝置存在一個未具體說明的漏洞,可能導致遠端管理員密碼洩露。【CVE-2020-25079】D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】D-Link DCS-2530L和DCS-2670L裝置在cgi-bin/ddns_enc.cgi存在指令注入漏洞。【CVE-2022-40799】D-Link DNR-322L Download of Code Without Integrity Check Vulnerability (CVSS v3.1:8.8)【是否遭勒索軟體利用:未知】D-Link DNR-322L存在下載程式碼時未進行完整性檢查漏洞,可能允許已驗證的攻擊者在裝置上執行作業系統層級的指令。◎建議措施:【CVE-2020-25078】受影響的產品可能已達到產品生命週期終點(EoL)和/或終止服務(EoS)。建議使用者停止使用這些產品。【CVE-2020-25079】受影響的產品可能已達到產品生命週期終點(EoL)和/或終止服務(EoS)。建議使用者停止使用這些產品。【CVE-2022-40799】受影響的產品可能已達到產品生命週期終點(EoL)和/或終止服務(EoS)。建議使用者停止使用這些產品。◎相關IOC資訊:◎備註:◎參考資料:【CVE-2020-25078】1.https://nvd.nist.gov/vuln/detail/cve-2020-250782.https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180【CVE-2020-25079】1.https://nvd.nist.gov/vuln/detail/cve-2020-250792.https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180【CVE-2022-40799】1.https://nvd.nist.gov/vuln/detail/cve-2022-407992.https://gitlab.com/rtfmkiesel/cve-2022-40799 https://www.kjintelligent.com/en/hot_521101.html [TWCERT 分享資安情資] CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2025/08/04-2025/08/10) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521101.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_521101.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_521101.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          中國駭客組織鎖定SharePoint Server零時差漏洞攻擊事件,全球已有上百組織受害,目前已證實至早3組中國駭客積極利用這項漏洞來攻擊,還有新加坡關鍵基礎設施遭入侵的狀況,該國網路安全局指出此攻擊與中國駭客UNC3886有關。二、存在風險        資安業者Eye Security揭露中國駭客組織鎖定SharePoint Server零時差漏洞攻擊之事件,其說明該攻擊行為發現時已有29個企業組織受害,且研究人員發現攻擊者並非自己發明滲透伎倆,而是將稍早紅隊演練業者Code White公布的ToolShell攻擊手法,予以成功運用。微軟也確認此事,並將漏洞登記為CVE-2025-53770,且緊急釋出修補,而其根本原因是7月中兩個漏洞的錯誤組合造成(CVE-2025-49706、CVE-2025-49704),目前這三項漏洞均已遭駭客利用。攻擊者第一階段的惡意工具是以C#打造而成,主要的功能包含提供SignedConnection.exe的圖形介面,並將黑白惡意軟體元件複製到電腦以及竄改登錄檔,讓這些惡意軟體隨著電腦開機載入。另一個惡意程式Qt5Core.dll,則是由secur32.dll改名後,再透過FileCoAuth.exe載入,並透過GitHub、Google Drive取得C2伺服器位址和建立通訊。 IoC:92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a51424480dbe306597da1ba393b6e30d542673066f98826cc07ac4b9033137f37dbfb5a78616f709859a0d9f830d28ff2f9dbbb2387df1753739407917e96dadf6b0c27b725ff66fdfb11dd6487a3815d1d1eba89d61b0e919e4d06ed3ac6a74fe941eb914c09c873f0a7bcf81475ab0f6bdfaccc6b63bf7e5f2dbf19295106af1924c1750a14915bf2c0b093c2cb59063912dfa039a2adfe6d26d6914804e2ae928f54ae00a9bae73da001c4d3d690d26ddf5e8e006b5562f936df472ec5e2994416753b840cec65dfba0d7d326ec768bff2495784c60db6a139f51c5e83349ac4db180ab0a5845ed619939154f67526d2b04d28713fcc1904fbd666275538f431d567cb8e8c8bd0d909870c656b292b57bcb24eb55a8582b884e0a228e298e7443445a37279d3a229ed18513e85f0c8d861c6f560e0f914a5869df14a74b679b86ffbc9dfc284b147e07a430fe9471e66c716a84a1f18976474a54bee82605fa9a6b273c2179518dacb1218201fd37ee2492a5e1713be907e69bf7ea56ceca53a5c2c1fec7856e8d49f5d49267e69993837575dbbec99cd702c5be134a85b2c1396f6db63ece791c6dc1054f1e1231b5bbcf6c051a49bad0784569271753e24619d6da885c90a5d1fb88d0a3f0b5d9817a82d5772d5510a0773c80ca581ce2486d62881359e75c9e8899c4bc9f452ef9743e68ce467f8b3e4398bebacde9550deac34718cbb4c6.ngrok-free[.]app/file.ps1msupdate[.]updatemicfosoft[.]comupdate[.]updatemicfosoft[.]com131.226.2[.]6134.199.202[.]205104.238.159[.]149188.130.206[.]168 65.38.121[.]198        建議改善措施: 定期更新存在漏洞之系統。強化密碼政策與實施遠端存取控管,如內部有相關資安設備(防火牆、防毒軟體等),可評估將IoC匯入,藉以強化資安防護。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。         情資報告連結:https://threatbook.io/blog/id/1095 https://www.kjintelligent.com/en/hot_520836.html [Cybersecurity Vulnerability Notice] 中國駭客鎖定SharePoint Server零時差漏洞發動大規模攻擊 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520836.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520836.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520836.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Apex One是趨勢科技旗下一款端點安全整合式方案,提供集中式管理功能,可有效防護企業端點免受各種網路安全威脅侵害。日前,趨勢科技發布2個重大資安漏洞(CVE-2025-54948,CVSS:9.4 和CVE-2025-54987,CVSS:9.4 ),皆屬於作業系統指令注入漏洞,允許預授權的遠端攻擊者上傳惡意程式碼並執行命令。◎建議措施:根據官方網站釋出解決方式進行修補:https://success.trendmicro.com/en-US/solution/KA-0020652◎相關IOC資訊:◎備註:◎參考資料:1. https://success.trendmicro.com/en-US/solution/KA-00206522. https://nvd.nist.gov/vuln/detail/CVE-2025-549483. https://nvd.nist.gov/vuln/detail/CVE-2025-54987 https://www.kjintelligent.com/en/hot_520833.html [TWCERT 分享資安情資] 趨勢科技旗下Apex One管理控制台存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520833.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520833.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520833.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          資安業者 Proofpoint 揭露,由中國資助的駭客組織針對臺灣半導體產業所發動的精密網路釣魚攻擊,其目標涵蓋半導體研發設計、製造測試企業、相關供應鏈業者及專門研究臺灣市場的投資分析師。攻擊手法是利用社交工程,並結合後門植入工具,如 Cobalt Strike、Voldemort、HealthKick 與反向 Shell,甚至部署 Intel EMA 遠端管理程式。部分攻擊透過已入侵的大專院校信箱及釣魚網站誘騙收件人開啟含惡意程式的檔案或連結,企圖進行機密竊取與帳密外洩。二、存在風險      駭客假借剛畢業的學生,並以求職的名義為誘餌對半導體製造商進行攻擊,他們冒充研究生求職,盜用臺灣大專院校遭侵入的電子郵件信箱,寄信給多家半導體公司與機構的人資部門。如收信人開啟附件的履歷,並點選內含的URL,就會被帶往Zendesk或Filemail檔案共用服務下載檔案,最終導致電腦被植入Cobalt Strike或是後門程式「佛地魔(Voldemort)」。 IoC:Main object – Intro.zip:sha256:7bffd21315e324ef7d6c4401d1bf955817370b65ae57736b20ced2c5c08b9814Dropped executable file:sha256C:\ProgramData\zumArSAB\libcef.dll 9b2cbcf2e0124d79130c4049f7b502246510ab681a3a84224b78613ef322bc79DNS requests:moctw[.]infoConnections:82[.]118[.]16[.]72HTTP/HTTPS requests:hxxps://api[.]moctw[.]info/Intro.pdfEmail:amelia_w_chavez@proton[.]me      建議改善措施:不要開啟來自不明發件人的履歷或合作邀約信件。對所有 ZIP、EXE、Office 等檔案啟動行為進行行為監控。對內部員工定期進行資安教育訓練,提升防釣魚與社交工程意識。儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險。        情資報告連結:https://www.proofpoint.com/us/blog/threat-insight/phish-china-aligned-espionage-actors-ramp-up-taiwan-semiconductor-targeting https://www.kjintelligent.com/en/hot_520835.html [Cybersecurity Vulnerability Notice] 資安威脅趨勢 - 中國駭客鎖定臺灣半導體生態系狂發研究生求職釣魚信 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520835.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520835.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520835.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2023-2533】PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability (CVSS v3.1: 8.4)【是否遭勒索軟體利用:未知】PaperCut NG/MF存在跨站請求偽造漏洞,在特定條件下,攻擊者可能利用此漏洞修改安全設定或執行任意程式碼。【CVE-2025-20337】CiscoIdentity Services Engine Injection Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Cisco Identity Services Engine(ISE)和Cisco ISE-PIC中的特定API因未充分驗證使用者提供的輸入而存在注入漏洞。攻擊者可藉由提交特製的 API 請求來利用此漏洞。若成功被利用,該漏洞可能允許攻擊者在受影響的裝置上執行遠端程式碼並取得root權限。【CVE-2025-20281】CiscoIdentity Services Engine Injection Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Cisco Identity Services Engine(ISE)和Cisco ISE-PIC中的特定API因未充分驗證使用者提供的輸入而存在注入漏洞。攻擊者可藉由提交特製的 API 請求來利用此漏洞。若成功被利用,該漏洞可能允許攻擊者在受影響的裝置上執行遠端程式碼並取得root權限。◎建議措施:【CVE-2023-2533】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.papercut.com/kb/Main/SecurityBulletinJune2023【CVE-2025-20337】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6【CVE-2025-20281】官方已針對漏洞釋出修復更新,請更新至相關版本https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6◎相關IOC資訊:◎備註:◎參考資料:【CVE-2023-2533】1.https://nvd.nist.gov/vuln/detail/cve-2023-25332.https://www.papercut.com/kb/Main/SecurityBulletinJune2023【CVE-2025-20337】1.https://nvd.nist.gov/vuln/detail/cve-2025-203372.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6【CVE-2025-20281】1.https://nvd.nist.gov/vuln/detail/cve-2025-202812.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 https://www.kjintelligent.com/en/hot_520834.html [TWCERT 分享資安情資] CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2025/07/28-2025/08/03) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520834.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520834.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520834.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-2775】SysAid On-Prem Improper Restriction of XML External EntityReference Vulnerability (CVSS v3.1: 9.3)【是否遭勒索軟體利用:未知】SysAid On-Prem在Checkin處理功能中存在對XML外部實體參考的不當限制漏洞,可能允許攻擊者接管管理員帳號並讀取任意檔案。【CVE-2025-2776】SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】SysAid On-Prem在伺服器URL處理功能中存在對XML外部實體參考的不當限制漏洞,可能允許攻擊者接管管理員帳號並讀取任意檔案。【CVE-2025-6558】Google Chromium ANGLE and GPU Improper Input Validation Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:未知】Google Chromium在ANGLE與GPU元件中存在輸入驗證不當漏洞,攻擊者可透過特製的HTML頁面實現沙箱逃逸。此漏洞可能影響多款基於Chromium的網頁瀏覽器,包括但不限於Google Chrome、Microsoft Edge和Opera。【CVE-2025-54309】CrushFTP Unprotected Alternate Channel Vulnerability (CVSS v3.1: 9.0)【是否遭勒索軟體利用:未知】CrushFTP存在未受保護的替代通道漏洞。當未啟用DMZ Proxy功能時,系統錯誤處理AS2驗證,可能允許遠端攻擊者透過HTTPS取得管理員存取權限。【CVE-2025-49704】Microsoft SharePoint Code Injection Vulnerability (CVSS v3.1: 8.8)【是否遭勒索軟體利用:是】Microsoft SharePoint存在程式碼注入漏洞,可能允許已授權的攻擊者透過網路執行任意程式碼。【CVE-2025-49706】Microsoft SharePoint Improper Authentication Vulnerability (CVSS v3.1: 6.5)【是否遭勒索軟體利用:是】Microsoft SharePoint存在驗證不當漏洞,可能允許已授權的攻擊者透過網路進行身分偽造。若成功被利用,攻擊者可檢視敏感資訊,並對部分已揭露資訊進行修改。◎建議措施:【CVE-2025-2775】官方已針對漏洞釋出修復更新,請更新至相關版本https://documentation.sysaid.com/docs/24-40-60【CVE-2025-2776】官方已針對漏洞釋出修復更新,請更新至相關版本https://documentation.sysaid.com/docs/24-40-60【CVE-2025-6558】官方已針對漏洞釋出修復更新,請更新至相關版本https://chromereleases.googleblog.com/2025/07/stablechannel-update-for-desktop_15.html【CVE-2025-54309】官方已針對漏洞釋出修復更新,請更新至相關版本https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025【CVE-2025-49704】官方已針對漏洞釋出修復更新,請更新至相關版本https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704【CVE-2025-49706】官方已針對漏洞釋出修復更新,請更新至相關版本https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-2775】1.https://nvd.nist.gov/vuln/detail/cve-2025-27752.https://documentation.sysaid.com/docs/24-40-60【CVE-2025-2776】1.https://nvd.nist.gov/vuln/detail/cve-2025-27762.https://documentation.sysaid.com/docs/24-40-60【CVE-2025-6558】1.https://nvd.nist.gov/vuln/detail/cve-2025-65582.https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html【CVE-2025-54309】1.https://nvd.nist.gov/vuln/detail/cve-2025-543092.https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025【CVE-2025-49704】1.https://nvd.nist.gov/vuln/detail/cve-2025-497042.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704【CVE-2025-49706】1.https://nvd.nist.gov/vuln/detail/cve-2025-497062.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 https://www.kjintelligent.com/en/hot_520510.html [TWCERT 分享資安情資] CISA新增6個已知遭駭客利用之漏洞至KEV目錄(2025/07/21-2025/07/27) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520510.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520510.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520510.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         SonicWall 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及跨網站指令碼。二、存在風險        SonicWall 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼及跨網站指令碼,其影響系統或版本如下:受影響之系統/漏洞描述:SMA 100 Series (SMA 210, 410, 500v) 10.2.1.15-81sv 及之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。 請將SMA 100 Series(SMA 210, 410, 500v)更新至10.2.2.1-90sv或更高版本。       情資報告連結:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0012 https://www.kjintelligent.com/en/hot_520511.html [Cybersecurity Vulnerability Notice] SonicWall 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520511.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_520511.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_520511.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Sophos 防火牆存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        Sophos 防火牆存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統或版本如下:受影響之系統/漏洞描述:CVE-2024-13974, CVE-2024-13973影響版本:Sophos Firewall v21.0 GA (21.0.0) and olderCVE-2025-6704, CVE-2025-7624, CVE-2025-7382影響版本:Sophos Firewall v21.5 GA (21.5.0) and older 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce https://www.kjintelligent.com/en/hot_519822.html [Cybersecurity Vulnerability Notice] Sophos 防火牆存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519822.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519822.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519822.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。二、存在風險        Google Chrome 存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況,其影響系統或版本如下:受影響之系統/漏洞描述:Google Chrome prior to 138.0.7204.157 (Linux) 之前的版本Google Chrome 138.0.7204.157/.158 (Mac) 之前的版本Google Chrome 138.0.7204.157/.158 (Windows) 之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新: 請更新至 138.0.7204.157 (Linux) 或之後版本。請更新至 138.0.7204.157/.158 (Mac) 或之後版本。請更新至 138.0.7204.157/.158 (Windows) 或之後版本。       情資報告連結:https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html https://www.kjintelligent.com/en/hot_519819.html [Cybersecurity Vulnerability Notice] Google Chrome 存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519819.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519819.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519819.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          Apache 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、資料篡改及繞過身份驗證。二、存在風險        Apache 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況、資料篡改及繞過身份驗證,其影響系統或版本如下:受影響之系統/漏洞描述:Apache HTTP Server 2.4.64 之前的版本Apache Tomcat 9.0.107 之前的版本Apache Tomcat 10.1.43 之前的版本Apache Tomcat 11.0.9 之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新: 請更新至 Apache HTTP Server 2.4.64 版本。請更新至 Apache Tomcat 9.0.107 版本。請更新至 Apache Tomcat 10.1.43 版本。請更新至 Apache Tomcat 11.0.9 版本。       情資報告連結:https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://tomcat.apache.org/security-9.htmlhttps://tomcat.apache.org/security-10.htmlhttps://tomcat.apache.org/security-11.html https://www.kjintelligent.com/en/hot_519817.html [Cybersecurity Vulnerability Notice] Apache 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519817.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519817.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519817.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         IBM WebSphere 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證。二、存在風險        IBM WebSphere 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發阻斷服務狀況及繞過身份驗證,其影響系統或版本如下:受影響之系統/漏洞描述:IBM WebSphere Application Server 9.0IBM WebSphere Application Server Liberty 17.0.0.3-25.0.0.7 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.ibm.com/support/pages/node/7239856https://www.ibm.com/support/pages/node/7239955 https://www.kjintelligent.com/en/hot_519823.html [Cybersecurity Vulnerability Notice] IBM WebSphere 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519823.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519823.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519823.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】SonicWall針對SMA100系列產品發布重大資安漏洞(CVE-2025-40599,CVSS:9.1),SMA100系列產品的Web管理介面存在經過驗證的任意檔案上傳漏洞,遠端攻擊者若具有管理員權限,便可藉此上傳任意檔案至系統,可能導致遠端程式碼執行。◎建議措施:更新SMA 100系列產品至 10.2.2.1-90sv (含)之後版本◎相關IOC資訊:◎備註:◎參考資料:1. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-00142. https://nvd.nist.gov/vuln/detail/CVE-2025-40599 https://www.kjintelligent.com/en/hot_519866.html [TWCERT 分享資安情資] SonicWall 旗下SMA100系列產品存在重大資安漏洞(CVE-2025-40599) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519866.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519866.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          甲骨文產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露、篡改及繞過身份驗證。二、存在風險        甲骨文產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發權限提升、阻斷服務狀況、遠端執行程式碼、敏感資料洩露、篡改及繞過身份驗證,其影響系統或版本如下:受影響之系統/漏洞描述:Oracle MySQLJava SEOracle Database ServerWebLogic ServerVirtualBox 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。        情資報告連結:https://www.oracle.com/security-alerts/cpujul2025.html https://www.kjintelligent.com/en/hot_519818.html [Cybersecurity Vulnerability Notice] 甲骨文產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519818.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519818.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519818.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】近日Sophos發布關於 Intercept X for Windows 的資安公告,指出旗下該產品存在2個重大資安漏洞,並提出修補版本,呼籲用戶儘快檢查系統是否套用相關更新。【CVE-2024-13972,CVSS:8.8】此漏洞存在於Sophos Intercept X for Windows 的更新程式中,與登錄檔權限設定有關。攻擊者可能在產品升級期間,透過本機使用者取得系統層級的權限。【CVE-2025-7433,CVSS:8.8】在Sophos Intercept X for Windows 的裝置加密元件中存在本機權限提升漏洞,此漏洞允許攻擊者執行任意程式碼。◎建議措施:根據官方網站釋出解決方式進行修補:https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe◎相關IOC資訊:◎備註:◎參考資料:1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe2. https://www.cve.org/CVERecord?id=CVE-2024-139723. https://www.cve.org/CVERecord?id=CVE-2025-7433 https://www.kjintelligent.com/en/hot_519724.html [TWCERT 分享資安情資] Sophos 旗下Intercept X for Windows 存在2個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519724.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519724.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519724.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證、阻斷服務狀況及洩露敏感資料。二、存在風險        Zoom 產品存在多個漏洞,允許遠端攻擊者利用這些漏洞,於目標系統觸發繞過身份驗證、阻斷服務狀況及洩露敏感資料,其影響系統或版本如下:受影響之系統/漏洞描述:Zoom Meeting SDK for Android 6.4.5 之前的版本Zoom Meeting SDK for iOS 6.4.5 之前的版本Zoom Meeting SDK for Linux 6.4.13 之前的版本Zoom Meeting SDK for Linux 6.4.5 之前的版本Zoom Meeting SDK for macOS 6.4.5 之前的版本Zoom Meeting SDK for Windows 6.4.0 之前的版本Zoom Meeting SDK for Windows 6.4.5 之前的版本Zoom Rooms Controller for Android 6.4.5 之前的版本Zoom Rooms Controller for iPad 6.4.5 之前的版本Zoom Rooms Controller for Linux 6.4.5 之前的版本Zoom Rooms Controller for macOS 6.4.5 之前的版本Zoom Rooms Controller for Windows 6.4.0 之前的版本Zoom Rooms Controller for Windows 6.4.5 之前的版本Zoom Rooms Client for Android 6.4.5 之前的版本Zoom Rooms Client for iPad 6.4.5 之前的版本Zoom Rooms Client for macOS 6.4.5 之前的版本Zoom Rooms Client for Windows 6.4.0 之前的版本Zoom Rooms Client for Windows 6.4.5 之前的版本Zoom Workplace VDI Client for Windows 6.3.10 之前的版本 (除了 6.1.7 及 6.2.15 版本)Zoom Workplace VDI Client for Windows 6.3.12 之前的版本 (除了 6.2.15 版本)Zoom Workplace App for Android 6.4.5 之前的版本Zoom Workplace Desktop App for Linux 6.4.13 之前的版本Zoom Workplace Desktop App for Linux 6.4.5 之前的版本Zoom Workplace Desktop App for Windows 6.4.0 之前的版本Zoom Workplace Desktop App for Windows 6.4.5 之前的版本Zoom Workplace App for iOS 6.4.5 之前的版本Zoom Workplace Desktop App for macOS 6.4.5 之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新。       情資報告連結:https://www.zoom.com/en/trust/security-bulletin/zsb-25023https://www.zoom.com/en/trust/security-bulletin/zsb-25024https://www.zoom.com/en/trust/security-bulletin/zsb-25025https://www.zoom.com/en/trust/security-bulletin/zsb-25026https://www.zoom.com/en/trust/security-bulletin/zsb-25027https://www.zoom.com/en/trust/security-bulletin/zsb-25028 https://www.kjintelligent.com/en/hot_519375.html [Cybersecurity Vulnerability Notice] Zoom 產品存在多個漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519375.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519375.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519375.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要          F5 產品存在一個漏洞,允許遠端攻擊者利用這漏洞,於目標系統觸發阻斷服務狀況。二、存在風險        F5 產品存在一個漏洞,允許遠端攻擊者利用這漏洞,於目標系統觸發阻斷服務狀況,其影響系統或版本如下:受影響之系統/漏洞描述:BIG-IP15.1.0 - 15.1.1016.1.0 - 16.1.617.1.0 - 17.1.217.5.0 - 17.5.1Traffix SDC5.2.0 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速實施以下臨時方法: 阻止通過自身 IP 地址訪問配置工具和 SSH。阻止通過管理介面訪問配置工具和 SSH       情資報告連結:https://my.f5.com/manage/s/article/K000152614 https://www.kjintelligent.com/en/hot_519821.html [Cybersecurity Vulnerability Notice] F5 產品存在阻斷服務漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519821.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519821.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519821.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Sophos發布關於防火牆的資安公告,指出旗下的防火牆產品存在3個重大資安漏洞,並提出修補版本,呼籲用戶儘快檢查系統是否套用相關更新。【CVE-2025-6704,CVSS:9.8】安全PDF交換(Secure PDF eXchange,SPX)功能存在任意文件寫入漏洞,若啟用SPX的特定配置且防火牆處於高可用性(HA)模式,可能導致預授權遠端程式碼執行。【CVE-2025-7624,CVSS:9.8】Legacy(transparent) SMTP proxy存在一項SQL注入漏洞,若電子郵件啟用隔離政策,且系統從21.0 GA之前的版本升級至現有版本,可能導致遠端程式碼執行。【CVE-2025-7382,CVSS:8.8】WebAdmin 存在命令注入漏洞,若管理員啟用OTP驗證,則可能導致相鄰攻擊者在高可用性(HA)輔助設備上實現預授權程式碼執行。◎建議措施:根據官方網站釋出解決方式進行修補:https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce◎相關IOC資訊:◎備註:◎參考資料:1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfosrce2. https://nvd.nist.gov/vuln/detail/CVE-2025-67043. https://nvd.nist.gov/vuln/detail/CVE-2025-76244. https://nvd.nist.gov/vuln/detail/CVE-2025-7382 https://www.kjintelligent.com/en/hot_519815.html [TWCERT 分享資安情資] Sophos 的防火牆系統存在3個重大資安漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519815.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519815.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519815.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】【CVE-2025-47812】Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability (CVSS v3.1: 10.0)【是否遭勒索軟體利用:未知】Wing FTP Server存在對空位元組或NUL字元處理不當漏洞,可能允許將任意Lua程式碼注入使用者工作階段檔案。攻擊者可藉此執行任意系統指令,並以FTP服務的權限執行(預設為root或SYSTEM權限)。【CVE-2025-25257】Fortinet FortiWeb SQL Injection Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】Fortinet FortiWeb存在SQL注入漏洞,可能允許未經驗證的攻擊者透過特製的HTTP或HTTPS請求執行未經授權的SQL程式碼或指令。【CVE-2025-53770】Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.8)【是否遭勒索軟體利用:未知】本地端部署的Microsoft SharePoint Server存在未信任資料反序列化漏洞,可能允許未經授權的攻擊者透過網路執行程式碼。◎建議措施:【CVE-2025-47812】對應產品升級至以下版本(或更高)Wing FTP Server 7.4.4【CVE-2025-25257】官方已針對漏洞釋出修復更新,請更新至相關版本https://fortiguard.fortinet.com/psirt/FG-IR-25-151【CVE-2025-53770】官方已針對漏洞釋出修復更新,請更新至相關版本https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770◎相關IOC資訊:◎備註:◎參考資料:【CVE-2025-47812】1.https://nvd.nist.gov/vuln/detail/cve-2025-478122.https://www.wftpserver.com/serverhistory.htm【CVE-2025-25257】1.https://nvd.nist.gov/vuln/detail/cve-2025-252572.https://fortiguard.fortinet.com/psirt/FG-IR-25-151【CVE-2025-53770】1.https://nvd.nist.gov/vuln/detail/cve-2025-537702.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 https://www.kjintelligent.com/en/hot_519816.html [TWCERT 分享資安情資] CISA新增3個已知遭駭客利用之漏洞至KEV目錄(2025/07/14-2025/07/20) 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519816.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519816.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519816.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         IBM WebSphere Application Server存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發遠端執行任意程式碼。二、存在風險        IBM WebSphere Application Server存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發遠端執行任意程式碼,其影響系統或版本如下:受影響之系統/漏洞描述:IBM WebSphere Application Server 8.5.0.0 ~ 8.5.5.27IBM WebSphere Application Server 9.0.0.0 ~ 9.0.5.24 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新: 請將 IBM WebSphere Application Server 8.5.0.0 ~ 8.5.5.27 更新至8.5.5.28 或更高版本。請將 IBM WebSphere Application Server 9.0.0.0 ~ 9.0.5.24更新至9.0.5.25 或更高版本。       情資報告連結:https://www.ibm.com/support/pages/node/7237967 https://www.kjintelligent.com/en/hot_519153.html [Cybersecurity Vulnerability Notice] IBM WebSphere Application Server 存在遠端執行程式碼漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519153.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519153.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519153.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【雲智維資安預警通知】一、摘要         Google Chrome 存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發篡改及洩露敏感資料。二、存在風險        Google Chrome 存在一個漏洞,允許遠端攻擊者利用這個漏洞,於目標系統觸發篡改及洩露敏感資料,其影響系統或版本如下:受影響之系統/漏洞描述:Google Chrome 138.0.7204.92 (Linux) 之前的版本Google Chrome 138.0.7204.92/.93 (Mac) 之前的版本Google Chrome 138.0.7204.96/.97 (Windows) 之前的版本Google Chrome 138.0.7204.63 (Android) 之前的版本 三、建議改善措施:           企業及使用者如有上述漏洞版本應儘速更新: 請更新至 138.0.7204.92 (Linux) 或之後版本。請更新至 138.0.7204.92/.93 (Mac) 或之後版本。請更新至 138.0.7204.96/.97 (Windows) 或之後版本。請更新至 138.0.7204.63 (Android) 或之後版本。       情資報告連結:https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.htmlhttps://chromereleases.googleblog.com/2025/06/chrome-for-android-update_30.html https://www.kjintelligent.com/en/hot_519155.html [Cybersecurity Vulnerability Notice] Google Chrome 產品存在篡改漏洞 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519155.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519155.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519155.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.)
【出處:台灣電腦緊急應變小組 TWCert】Cisco 旗下身分識別服務引擎(Identity Services Engine,ISE)是一款基於身分的安全管理平台,可從網路、使用者設備收集資訊,並在網路基礎設施中實施策略和制定監管決策。Cisco發布重大資安漏洞公告(CVE-2025-20337,CVSS:10.0)並釋出更新版本,此漏洞存在於Cisco ISE和 Cisco ISE-PIC的特定API,攻擊者無需任何有效憑證即可利用此漏洞,允許未經身分驗證的遠端攻擊者以root身分在底層作業系統上執行任意程式碼。◎建議措施:根據官方網站釋出解決方式進行修補:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6◎相關IOC資訊:◎備註:◎參考資料:1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ62. https://nvd.nist.gov/vuln/detail/CVE-2025-20337 https://www.kjintelligent.com/en/hot_519590.html [TWCERT 分享資安情資] Cisco 旗下身分識別服務存在重大資安漏洞(CVE-2025-20337) Cisco 2026-05-08 2027-05-08
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519590.html
KJ Intelligent Corp. 4F. 5A, No. 7, Sec. 3, New Taipei Blvd., Xinzhuang Dist., New Taipei City 242032 , Taiwan (R.O.C.) https://www.kjintelligent.com/en/hot_519590.html
https://schema.org/EventMovedOnline https://schema.org/OfflineEventAttendanceMode
2026-05-08 http://schema.org/InStock TWD 0 https://www.kjintelligent.com/en/hot_519590.html
Hot News
others

  • Subscribe to Newsletter

    Please enter your Email:
Home Hot News