免责声明：以下内容原文来自互联网的公共方式，仅用于有限分享，译文内容不代表蚁景网安实验室观点，因此第三方对以下内容进行分享、传播等行为，以及所带来的一切后果与译者和蚁景网安实验室无关。以下内容亦不得用于任何商业目的，若产生法律责任，译者与蚁景网安实验室一律不予承担。

1、Apple更新修复了两个关键 macOS 内核漏洞

https://www.securityweek.com/apple-warns-macos-kernel-zero-day-exploitation

2、影响多个 HP Enterprise 设备的六个严重固件漏洞尚未修补

https://securityaffairs.co/wordpress/135592/security/firmware-bugs-hp-devices.html

3、Lazarus 从 Axie Infinity 窃取的价值 3000 万美元加密货币被追回

https://securityaffairs.co/wordpress/135524/apt/30m-stolen-axie-infinity-recovered.html

4、Xalan-J 中的漏洞可能允许任意代码执行

https://portswigger.net/daily-swig/vulnerability-in-xalan-j-could-allow-arbitrary-code-execution

5、思科修补了 SD-WAN vManage 中的高危漏洞

https://www.securityweek.com/cisco-patches-high-severity-vulnerability-sd-wan-vmanage

6、CNCERT发布关于“魔盗”窃密木马大规模传播的风险提示

https://mp.weixin.qq.com/s/AXORtlDzPTgiWoSxhEJsKA

7、Lazarus黑客组织利用Log4j漏洞对美国能源供应商发起攻击

https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy

8、WordPress插件BackupBuddy存在一个0day漏洞

https://securityaffairs.co/wordpress/135518/hacking/backupbuddy-wordpress-zero-day.html

9、攻击者利用WeTransfer服务传播Lampion窃密木马

https://www.bleepingcomputer.com/news/security/lampion-malware-returns-in-phishing-attacks-abusing-wetransfer/

10、Linux 上的勒索软件攻击激增

https://www.helpnetsecurity.com/2022/09/05/ransomware-groups-target-linux/