漏洞 Vulnerability CVE-2021-40444: MSHTML组件在野0day漏洞通告 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 Akkadian Console多个严重漏洞 https://www.rapid7.com/blog/post/2021/09/07/cve-2021-3546-78-akkadian-console-server-vulnerabilities-fixed/?utm_source=twitter&utm_medium=organic-social&utm_campaign=sm-blog 安全事件 Security Incident Lazarus APT组织近期针对区块链金融、能源行业的攻击活动分析 https://mp.weixin.qq.com/s/axdINLybUO3b7U-i8H-Bww 当心伪装成关于朝鲜近期局势专栏的朝鲜“Geumseong 121”APT攻击 https://blog.alyac.co.kr/4084 不断改变传播的恶意DOC宏——TA551趋势（二） https://asec.ahnlab.com/ko/26777/ BladeHawk 组织：针对库尔德族群的 Android 间谍活动 https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/ 三边行动：针对南亚、中东多国长达数年的网络间谍活动 http://report.threatbook.cn/%E4%B8%89%E8%BE%B9.pdf Jenkins 项目的服务器被利用 Confluence 漏洞入侵 https://securityaffairs.co/wordpress/121934/hacking/jenkins-server-security-breach.html 摄像头漏洞被黑客利用 https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html 爱尔兰警方破坏了 HSE 攻击者的行动 https://www.databreachtoday.com/irish-police-significantly-disrupt-hse-attackers-ops-a-17466 这个每周下载数百万次的 NPM 包修补了 RCE 缺陷 https://www.ehackingnews.com/2021/09/this-npm-package-with-millions-of.html 麦当劳将数据库的密码泄露给游戏获胜者 https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/