Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
An analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws.
CVE-2025-7775: Citrix NetScaler ADC および NetScaler Gateway のリモートコード実行のゼロデイ脆弱性の悪用が確認される
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. 直ちにパッチを適用するようにしてください。
CVE-2025-25256: Fortinet FortiSIEM の緊急なコマンドインジェクション脆弱性に対する概念実証が公開される
Exploit code is reportedly available for a critical command injection vulnerability affecting Fortinet FortiSIEM devices.BackgroundOn August 12, Fortinet published a security advisory (FG-IR-25-152) for CVE-2025-25256, a critical command injection vulnerability affecting Fortinet FortiSIEM…
マイクロソフトの 2025 年 8 月月例更新プログラム、107 件の脆弱性を修正 (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed.
CVE-2025-53786: Microsoft Exchange Server ハイブリッド展開における特権昇格の脆弱性に関するよくある質問
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments.
CVE-2025-54987、CVE-2025-54948: Trend Micro Apex One におけるコマンドインジェクションゼロデイ脆弱性の悪用が確認される
Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited.
CVE-2025-54135、CVE-2025-54136: Cursor IDE (CurXecute および MCPoison) の脆弱性に関するよくある質問
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems.
SonicWall Gen 7 ファイアウォールを標的としたランサムウェア攻撃に関するよくある質問
An increase in ransomware activity tied to SonicWall Gen 7 Firewalls has been observed, possibly linked to the exploitation of a zero-day vulnerability in its SSL VPN.
CVE-2025-53770: SharePoint のゼロデイ脆弱性の悪用に関するよくある質問
Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server, ultimately enabling unauthenticated remote code execution.
CVE-2025-54309: CrushFTP のゼロデイ脆弱性の悪用が確認される
A critical zero-day flaw in CrushFTP that can grant attackers administrator access was discovered on July 18 and is under active exploitation.
オラクル、2025 年 7 月のクリティカルパッチアップデートで 165 件の脆弱性を修正
Oracle addresses 165 CVEs in its third quarterly update of 2025 with 309 patches, including nine critical updates.
Microsoft の 2025 年 7 月月例セキュリティ更新プログラム、128 件の CVE を修正 (CVE-2025-49719)
Microsoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed.