CVE-2025-25256: Fortinet FortiSIEM の緊急なコマンドインジェクション脆弱性に対する概念実証が公開される
Exploit code is reportedly available for a critical command injection vulnerability affecting Fortinet FortiSIEM devices.BackgroundOn August 12, Fortinet published a security advisory (FG-IR-25-152) for CVE-2025-25256, a critical command injection vulnerability affecting Fortinet FortiSIEM.CVEDescri...
マイクロソフトの 2025 年 8 月月例更新プログラム、107 件の脆弱性を修正 (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed....
CVE-2025-53786: Microsoft Exchange Server ハイブリッド展開における特権昇格の脆弱性に関するよくある質問
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments....
CVE-2025-54987、CVE-2025-54948: Trend Micro Apex One におけるコマンドインジェクションゼロデイ脆弱性の悪用が確認される
Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited....
CVE-2025-54135、CVE-2025-54136: Cursor IDE (CurXecute および MCPoison) の脆弱性に関するよくある質問
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems....
SonicWall Gen 7 ファイアウォールを標的としたランサムウェア攻撃に関するよくある質問
An increase in ransomware activity tied to SonicWall Gen 7 Firewalls has been observed, possibly linked to the exploitation of a zero-day vulnerability in its SSL VPN....
CVE-2025-53770: SharePoint のゼロデイ脆弱性の悪用に関するよくある質問
Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server, ultimately enabling unauthenticated remote code execution....
CVE-2025-54309: CrushFTP のゼロデイ脆弱性の悪用が確認される
A critical zero-day flaw in CrushFTP that can grant attackers administrator access was discovered on July 18 and is under active exploitation....
オラクル、2025 年 7 月のクリティカルパッチアップデートで 165 件の脆弱性を修正
Oracle addresses 165 CVEs in its third quarterly update of 2025 with 309 patches, including nine critical updates....
Microsoft の 2025 年 7 月月例セキュリティ更新プログラム、128 件の CVE を修正 (CVE-2025-49719)
Microsoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed....
CVE-2025-5777, CVE-2025-6543: CitrixBleed 2 および Citrix NetScaler の脆弱性に関するよくある質問
Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2....
イランのサイバー作戦に関するよくある質問
Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors....