エピック・フューリー作戦: イランに対するサイバー反攻作戦
Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors.
CVE-2026-20127: Cisco Catalyst SD-WAN コントローラ/マネージャのゼロデイ認証バイパス脆弱性の悪用が確認される
Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks.
マイクロソフトの 2026 年 2 月月例セキュリティ更新プログラム 55 件の CVE に対処 (CVE-2026-21510、CVE-2026-21513)
Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.
Notepad++ サプライチェーン侵害に関するよくある質問
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes.
CVE-2026-1281、CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) のゼロデイ脆弱性の悪用が確認される
Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks
オラクル、2026 年 1 月クリティカルパッチアップデートで 158 件の脆弱性を修正
Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates.
CVE-2025-64155: Fortinet の「FortiSIEM」の深刻なコマンドインジェクション脆弱性に対するエクスプロイトコードが公開される
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
マイクロソフト、2025 年 1 月の月例セキュリティ更新プログラムで 113 件の CVE を修正(CVE-2026-20805)
Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.
CVE-2025-14847 (MongoBleed): MongoDB のメモリ漏えいの脆弱性の悪用が確認される
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 のゼロデイ脆弱性の悪用が確認される
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.
2025 年マイクロソフト月例セキュリティ更新プログラム、一年の振り返り
Microsoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities.
マイクロソフト 2025 年 12 月月例セキュリティ更新プログラム、56 件の CVE を修正 (CVE-2025-62221)
Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025