全球网络安全事件汇总：高危Lucee漏洞允许认证管理员执行远程代码；Apache Tomcat和Camel遭遇大规模攻击；恶意Firefox扩展窃取加密货币；微软Edge修复高危漏洞；巴西CIEE数据泄露；Azure API漏洞泄露VPN密钥；新型Hpingbot发动DDoS攻击；PHP高危漏洞需紧急修复；Anthropic MCP服务器漏洞可能导致远程代码执行；黑客伪造Cloudflare界面传播恶意软件。

本周「FreeBuf周报」总结了多个高危漏洞，包括Linux Sudo、Lucee和Apache，建议及时更新修复。同时，介绍了新型macOS恶意软件及AI生成网址的安全风险，强调加强安全防护和意识培训。

高性能开源CFML应用服务器Lucee存在严重安全漏洞CVE-2025-34074，CVSS评分9.4，允许认证管理员滥用计划任务执行任意代码。所有支持计划任务的Lucee版本均受影响，建议立即限制管理界面访问并审计任务。

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL. ColdFusion / Lucee and OpenSSL As far as I know...

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL. ColdFusion / Lucee and OpenSSL As far as I know...

A really handy feature of the arrayEach() function is the parallel argument. It has been supported in Lucee since 4.5, but ColdFusion 2021 now supports it as well. What does the arrayEach function...