漏洞 Vulnerability CVE-2021-32609: Apache Superset XSS漏洞安全更新 https://seclists.org/oss-sec/2021/q4/34 CVE-2021-21796: Nitro Pro PDF UAF漏洞安全更新 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1265 安全事件 Security Incident 以色列一家医院首次遭到重大勒索袭击 https://securityaffairs.co/wordpress/123350/hacking/israeli-hospital-ransomware-attack.html DocuSign网络钓鱼活动的目标是低级别员工 https://www.bleepingcomputer.com/news/security/docusign-phishing-campaign-targets-low-ranking-employees/ 厄瓜多尔的比钦查银行在遭受网络攻击后尚未恢复 https://securityaffairs.co/wordpress/123465/cyber-crime/ecuadors-banco-pichincha-cyberattack.html MirrorBlast活动的目标是使用宏的金融部门 https://www.databreachtoday.com/mirrorblast-campaign-targets-finance-sector-using-macros-a-17745 AtomSilo勒索软件进入双重勒索联盟 https://www.zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion 美国将价值52亿美元的比特币交易与勒索软件挂钩 https://www.bleepingcomputer.com/news/security/us-links-52-billion-worth-of-bitcoin-transactions-to-ransomware/ 密苏里州起诉泄露数据的黑客 https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/ APT-C-48（CNC）组织攻击利用pub文件攻击活动分析 https://mp.weixin.qq.com/s/XbKjW7B2VrM877wBTRWr4g Operation EICAR（APT-Q-28）：针对证券金融行业的定向猎杀活动 https://mp.weixin.qq.com/s/F9fJCDeZZWlWDeyqpV_ltw 使用特定论文分发恶意文档的APT攻击活动 https://asec.ahnlab.com/ko/27760/