{"id":79319,"date":"2026-05-13T09:09:26","date_gmt":"2026-05-13T02:09:26","guid":{"rendered":"https:\/\/hbbgroup.net\/hackers-insert-malware-into-mistral-ai-software-download\/"},"modified":"2026-05-13T10:14:57","modified_gmt":"2026-05-13T03:14:57","slug":"hackers-insert-malware-into-mistral-ai-software-download","status":"publish","type":"post","link":"https:\/\/hbbgroup.net\/zh\/hackers-insert-malware-into-mistral-ai-software-download\/","title":{"rendered":"Tin t\u1eb7c ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o ph\u1ea7n m\u1ec1m t\u1ea3i xu\u1ed1ng c\u1ee7a Mistral AI."},"content":{"rendered":"<div>\n<p><strong>T\u00f3m t\u1eaft nhanh<\/strong><\/p>\n<ul>\n<li>Microsoft cho bi\u1ebft tin t\u1eb7c \u0111\u00e3 x\u00e2m nh\u1eadp v\u00e0o m\u1ed9t g\u00f3i ph\u1ea7n m\u1ec1m t\u1ea3i xu\u1ed1ng c\u1ee7a Mistral AI \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n s\u1eed d\u1ee5ng.<\/li>\n<li>M\u00e3 \u0111\u1ed9c b\u1ecb c\u00e1o bu\u1ed9c \u0111\u00e3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin x\u00e1c th\u1ef1c v\u00e0 c\u00f3 th\u1ec3 g\u00e2y h\u01b0 h\u1ea1i cho m\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng Linux.<\/li>\n<li>Mistral cho bi\u1ebft kh\u00f4ng c\u00f3 b\u1eb1ng ch\u1ee9ng cho th\u1ea5y c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a h\u1ecd b\u1ecb x\u00e2m nh\u1eadp.<\/li>\n<\/ul>\n<p>Microsoft Threat Intelligence cho bi\u1ebft h\u00f4m th\u1ee9 Hai r\u1eb1ng tin t\u1eb7c \u0111\u00e3 ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o m\u1ed9t g\u00f3i ph\u1ea7n m\u1ec1m c\u1ee7a Mistral AI \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i th\u00f4ng qua PyPI, m\u1ed9t n\u1ec1n t\u1ea3ng ph\u1ed5 bi\u1ebfn m\u00e0 c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea3i c\u00e1c c\u00f4ng c\u1ee5 ph\u1ea7n m\u1ec1m Python.<\/p>\n<p>Trong m\u1ed9t b\u00e0i \u0111\u0103ng tr\u00ean X, Microsoft cho bi\u1ebft m\u00e3 \u0111\u1ed9c s\u1ebd t\u1ef1 \u0111\u1ed9ng ch\u1ea1y khi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m tr\u00ean h\u1ec7 th\u1ed1ng Linux. \u0110o\u1ea1n m\u00e3 n\u00e0y t\u1ea3i xu\u1ed1ng m\u1ed9t t\u1ec7p \u0111\u1ed9c h\u1ea1i th\u1ee9 hai c\u00f3 t\u00ean transformers.pyz t\u1eeb m\u1ed9t m\u00e1y ch\u1ee7 t\u1eeb xa v\u00e0 kh\u1edfi ch\u1ea1y n\u00f3 \u1edf ch\u1ebf \u0111\u1ed9 n\u1ec1n.<\/p>\n<p>\u201cT\u00ean t\u1ec7p transformers.pyz d\u01b0\u1eddng nh\u01b0 \u0111\u01b0\u1ee3c c\u1ed1 t\u00ecnh l\u1ef1a ch\u1ecdn \u0111\u1ec3 b\u1eaft ch\u01b0\u1edbc th\u01b0 vi\u1ec7n Hugging Face Transformers ph\u1ed5 bi\u1ebfn v\u00e0 h\u00f2a l\u1eabn v\u00e0o c\u00e1c m\u00f4i tr\u01b0\u1eddng ML\/dev,\u201d Microsoft vi\u1ebft.<\/p>\n<p>C\u00f4ng ty cho bi\u1ebft m\u00e3 \u0111\u1ed9c ch\u1ee7 y\u1ebfu ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t c\u00f4ng c\u1ee5 \u0111\u00e1nh c\u1eafp th\u00f4ng tin x\u00e1c th\u1ef1c, c\u00f3 kh\u1ea3 n\u0103ng thu th\u1eadp th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u1ee7a nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 c\u00e1c access token. Microsoft c\u0169ng cho bi\u1ebft m\u00e3 \u0111\u1ed9c tr\u00e1nh ho\u1ea1t \u0111\u1ed9ng tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng ng\u00f4n ng\u1eef Nga v\u00e0 ch\u1ee9a \u0111o\u1ea1n m\u00e3 c\u00f3 th\u1ec3 x\u00f3a ng\u1eabu nhi\u00ean c\u00e1c t\u1ec7p tr\u00ean m\u1ed9t s\u1ed1 h\u1ec7 th\u1ed1ng d\u01b0\u1eddng nh\u01b0 \u0111\u1eb7t t\u1ea1i Israel ho\u1eb7c Iran.<\/p>\n<p>C\u00e1c b\u00e1o c\u00e1o li\u00ean k\u1ebft cu\u1ed9c t\u1ea5n c\u00f4ng m\u1edbi nh\u1ea5t n\u00e0y v\u1edbi chi\u1ebfn d\u1ecbch m\u00e3 \u0111\u1ed9c \u201cShai-Hulud\u201d l\u1edbn h\u01a1n, b\u1eaft \u0111\u1ea7u t\u1eeb th\u00e1ng 9 v\u00e0 nh\u1eafm v\u00e0o chu\u1ed7i cung \u1ee9ng ph\u1ea7n m\u1ec1m b\u1eb1ng c\u00e1ch l\u00e2y nhi\u1ec5m v\u00e0o c\u00e1c g\u00f3i ph\u1ea7n m\u1ec1m \u0111\u00e1ng tin c\u1eady d\u00e0nh cho nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 \u0111\u00e1nh c\u1eafp th\u00f4ng tin x\u00e1c th\u1ef1c t\u1eeb c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m nh\u1eadp.<\/p>\n<p>\u201cShai-Hulud, con s\u00e2u Git \u0111\u00e1ng s\u1ee3 m\u00e0 m\u1ecdi ng\u01b0\u1eddi li\u00ean t\u1ee5c b\u00e0n t\u00e1n, hi\u1ec7n \u0111\u00e3 \u0111\u01b0\u1ee3c m\u00e3 ngu\u1ed3n m\u1edf,\u201d c\u00f4ng ty an ninh m\u1ea1ng VX Underground vi\u1ebft tr\u00ean X. \u201c\u0110i\u1ec1u \u0111\u00f3 c\u00f3 ngh\u0129a l\u00e0 g\u00ec? TeamPCP ho\u1eb7c m\u1ed9t ai \u0111\u00f3 kh\u00e1c \u0111\u00e3 ph\u00e1t h\u00e0nh ho\u00e0n to\u00e0n con s\u00e2u \u0111\u01b0\u1ee3c v\u0169 kh\u00ed h\u00f3a \u0111\u1ec3 b\u1ea1n s\u1eed d\u1ee5ng.\u201d<\/p>\n<p>Microsoft khuy\u1ebfn ngh\u1ecb c\u00e1c t\u1ed5 ch\u1ee9c c\u00f4 l\u1eadp c\u00e1c h\u1ec7 th\u1ed1ng Linux b\u1ecb \u1ea3nh h\u01b0\u1edfng, ch\u1eb7n \u0111\u1ecba ch\u1ec9 internet li\u00ean quan, t\u00ecm ki\u1ebfm d\u1ea5u hi\u1ec7u l\u00e2y nhi\u1ec5m v\u00e0 thay th\u1ebf c\u00e1c th\u00f4ng tin x\u00e1c th\u1ef1c c\u00f3 kh\u1ea3 n\u0103ng \u0111\u00e3 b\u1ecb l\u1ed9.<\/p>\n<p>V\u00e0o th\u1ee9 Ba, Mistral cho bi\u1ebft tr\u00ean trang web c\u1ee7a m\u00ecnh r\u1eb1ng c\u00f4ng ty \u0111\u00e3 b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng li\u00ean quan \u0111\u1ebfn s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt TanStack quy m\u00f4 l\u1edbn h\u01a1n. C\u00f4ng ty cho bi\u1ebft m\u1ed9t con s\u00e2u t\u1ef1 \u0111\u1ed9ng li\u00ean quan \u0111\u1ebfn cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e3 d\u1eabn \u0111\u1ebfn vi\u1ec7c ph\u00e1t h\u00e0nh c\u00e1c phi\u00ean b\u1ea3n g\u00f3i NPM v\u00e0 PyPI b\u1ecb x\u00e2m nh\u1eadp.<\/p>\n<p>\u201cCu\u1ed9c \u0111i\u1ec1u tra hi\u1ec7n t\u1ea1i cho th\u1ea5y c\u00f3 li\u00ean quan \u0111\u1ebfn m\u1ed9t thi\u1ebft b\u1ecb c\u1ee7a nh\u00e0 ph\u00e1t tri\u1ec3n \u0111\u00e3 b\u1ecb \u1ea3nh h\u01b0\u1edfng,\u201d c\u00f4ng ty vi\u1ebft. \u201cCh\u00fang t\u00f4i kh\u00f4ng c\u00f3 d\u1ea5u hi\u1ec7u n\u00e0o cho th\u1ea5y c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a Mistral b\u1ecb x\u00e2m nh\u1eadp.\u201d<\/p>\n<p>Node Package Manager hay NPM l\u00e0 m\u1ed9t trong nh\u1eefng n\u1ec1n t\u1ea3ng t\u1ea3i ph\u1ea7n m\u1ec1m l\u1edbn nh\u1ea5t th\u1ebf gi\u1edbi d\u00e0nh cho c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n JavaScript. N\u1ec1n t\u1ea3ng n\u00e0y ng\u00e0y c\u00e0ng tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng li\u00ean quan \u0111\u1ebfn crypto v\u00ec nhi\u1ec1u \u1ee9ng d\u1ee5ng blockchain, v\u00ed v\u00e0 n\u1ec1n t\u1ea3ng giao d\u1ecbch ph\u1ee5 thu\u1ed9c v\u00e0o ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i qua d\u1ecbch v\u1ee5 n\u00e0y. V\u00e0o th\u00e1ng 9, CTO c\u1ee7a Ledger l\u00e0 Charles Guillemet \u0111\u00e3 c\u1ea3nh b\u00e1o r\u1eb1ng tin t\u1eb7c \u0111\u00e3 x\u00e2m nh\u1eadp c\u00e1c g\u00f3i NPM \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chuy\u1ec3n h\u01b0\u1edbng giao d\u1ecbch crypto v\u00e0 \u0111\u00e1nh c\u1eafp t\u00e0i s\u1ea3n.<\/p>\n<p>\u201cC\u00e1c g\u00f3i b\u1ecb \u1ea3nh h\u01b0\u1edfng \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea3i xu\u1ed1ng h\u01a1n 1 t\u1ef7 l\u1ea7n, \u0111\u1ed3ng ngh\u0129a to\u00e0n b\u1ed9 h\u1ec7 sinh th\u00e1i JavaScript c\u00f3 th\u1ec3 \u0111ang g\u1eb7p r\u1ee7i ro,\u201d Guillemet vi\u1ebft tr\u00ean X v\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3.<\/p>\n<p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng g\u1ea7n \u0111\u00e2y kh\u00e1c c\u0169ng s\u1eed d\u1ee5ng c\u00e1c g\u00f3i NPM b\u1ecb \u0111\u1ea7u \u0111\u1ed9c li\u00ean quan \u0111\u1ebfn bot giao d\u1ecbch crypto gi\u1ea3 m\u1ea1o v\u00e0 c\u00e1c c\u00f4ng c\u1ee5 blockchain nh\u1eb1m ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c th\u00f4ng qua smart contract Ethereum.<\/p>\n<\/div>\n<div>\n<h2>B\u1ea3n tin Daily Debrief<\/h2>\n<p>B\u1eaft \u0111\u1ea7u m\u1ed7i ng\u00e0y v\u1edbi nh\u1eefng tin t\u1ee9c n\u1ed5i b\u1eadt nh\u1ea5t hi\u1ec7n t\u1ea1i, c\u00f9ng c\u00e1c b\u00e0i vi\u1ebft \u0111\u1ed9c quy\u1ec1n, podcast, video v\u00e0 nhi\u1ec1u n\u1ed9i dung kh\u00e1c.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>T\u00f3m t\u1eaft nhanh Microsoft cho bi\u1ebft tin t\u1eb7c \u0111\u00e3 x\u00e2m nh\u1eadp v\u00e0o m\u1ed9t g\u00f3i ph\u1ea7n m\u1ec1m t\u1ea3i xu\u1ed1ng c\u1ee7a Mistral [&hellip;]<\/p>","protected":false},"author":5,"featured_media":79321,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[220],"tags":[],"class_list":["post-79319","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tien-dien-tu"],"acf":[],"_links":{"self":[{"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/posts\/79319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/comments?post=79319"}],"version-history":[{"count":1,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/posts\/79319\/revisions"}],"predecessor-version":[{"id":79494,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/posts\/79319\/revisions\/79494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/media\/79321"}],"wp:attachment":[{"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/media?parent=79319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/categories?post=79319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hbbgroup.net\/zh\/wp-json\/wp\/v2\/tags?post=79319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}