Microsoft の 2024 年 10 月 月例パッチが 167 件の CVE (CVE-2025-24990、CVE-2025-59230) を修正
Microsoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2025-61882: Oracle E-Business Suite (EBS) のゼロデイ脆弱性および関連する脆弱性に関するよくある質問
Following reports the Cl0p ransomware group has been extorting Oracle E-Business Suite customers, Oracle released an advisory for a zero-day that was exploited in the wild.
CVE-2025-20333、CVE-2025-20362: Cisco Adaptive Security Appliance (ASA) および Firewall Threat Defense (FTD) のゼロデイ脆弱性に関するよくある質問
Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor campaign.
マイクロソフト、2025 年 9 月の月例セキュリティ更新プログラムで 80 件の CVE を修正 (CVE-2025-55234)
Microsoft addresses 80 CVEs, including eight flaws rated critical with one publicly disclosed.
中国政府の支援を受けたハッカーがグローバルネットワークに侵入する事例に関するよくある質問
An analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws.
CVE-2025-7775: Citrix NetScaler ADC および NetScaler Gateway のリモートコード実行のゼロデイ脆弱性の悪用が確認される
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. 直ちにパッチを適用するようにしてください。
CVE-2025-25256: Fortinet FortiSIEM の緊急なコマンドインジェクション脆弱性に対する概念実証が公開される
Exploit code is reportedly available for a critical command injection vulnerability affecting Fortinet FortiSIEM devices.BackgroundOn August 12, Fortinet published a security advisory (FG-IR-25-152) for CVE-2025-25256, a critical command injection vulnerability affecting Fortinet FortiSIEM…
マイクロソフトの 2025 年 8 月月例更新プログラム、107 件の脆弱性を修正 (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed.
CVE-2025-53786: Microsoft Exchange Server ハイブリッド展開における特権昇格の脆弱性に関するよくある質問
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments.
CVE-2025-54987、CVE-2025-54948: Trend Micro Apex One におけるコマンドインジェクションゼロデイ脆弱性の悪用が確認される
Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited.
CVE-2025-54135、CVE-2025-54136: Cursor IDE (CurXecute および MCPoison) の脆弱性に関するよくある質問
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems.
SonicWall Gen 7 ファイアウォールを標的としたランサムウェア攻撃に関するよくある質問
An increase in ransomware activity tied to SonicWall Gen 7 Firewalls has been observed, possibly linked to the exploitation of a zero-day vulnerability in its SSL VPN.
営業チームに問い合わせる