Sha1-Hulud 2.0 に関するよくある質問: NPM リポジトリを標的としたサプライチェーン攻撃の再来
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages.
CVE-2025-64446: フォーティネット FortiWeb のゼロデイパストラバーサル脆弱性の悪用が確認される
Fortinet has released an advisory for a recently disclosed zero-day path traversal vulnerability which has been exploited in the wild. 直ちにパッチを適用するようにしてください。
マイクロソフト 2025 年 11 月月例セキュリティ更新プログラム、63 件の CVE (CVE-2025-62215) を修正
Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.
Oracle 2025年10月のクリティカルパッチアップデートで 170 件の CVE に対処
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.
F5、「BIG-IP 」の侵害を公表: 今すぐ対処が必要な 44 件の脆弱性
Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno.Key takeaways:F5’s BIG-IP is used to secure everything…
2025 年 8 月の F5 セキュリティインシデントに関するよくある質問
Frequently asked questions about the August 2025 security incident at F5 and the release of multiple BIG-IP product patches.
Microsoft の 2025 年 10 月 月例パッチが 167 件の CVE (CVE-2025-24990、CVE-2025-59230) を修正
Microsoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2025-61882: Oracle E-Business Suite (EBS) のゼロデイ脆弱性および関連する脆弱性に関するよくある質問
Following reports the Cl0p ransomware group has been extorting Oracle E-Business Suite customers, Oracle released an advisory for a zero-day that was exploited in the wild.
CVE-2025-20333、CVE-2025-20362: Cisco Adaptive Security Appliance (ASA) および Firewall Threat Defense (FTD) のゼロデイ脆弱性に関するよくある質問
Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor campaign.
マイクロソフト、2025 年 9 月の月例セキュリティ更新プログラムで 80 件の CVE を修正 (CVE-2025-55234)
Microsoft addresses 80 CVEs, including eight flaws rated critical with one publicly disclosed.
中国政府の支援を受けたハッカーがグローバルネットワークに侵入する事例に関するよくある質問
An analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws.
CVE-2025-7775: Citrix NetScaler ADC および NetScaler Gateway のリモートコード実行のゼロデイ脆弱性の悪用が確認される
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. 直ちにパッチを適用するようにしてください。
営業チームに問い合わせる