CVE-2025-64155: Fortinet の「FortiSIEM」の深刻なコマンドインジェクション脆弱性に対するエクスプロイトコードが公開される
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
マイクロソフト、2025 年 1 月の月例セキュリティ更新プログラムで 113 件の CVE を修正(CVE-2026-20805)
Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.
CVE-2025-14847 (MongoBleed): MongoDB のメモリ漏えいの脆弱性の悪用が確認される
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 のゼロデイ脆弱性の悪用が確認される
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.
2025 年マイクロソフト月例セキュリティ更新プログラム、一年の振り返り
Microsoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities.
マイクロソフト 2025 年 12 月月例セキュリティ更新プログラム、56 件の CVE を修正 (CVE-2025-62221)
Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025
CVE-2025-55182: React2Shell に関するよくある質問: React サーバー コンポーネントにおけるリモート コード実行の脆弱性
A maximum severity vulnerability (CVSS 10) was discovered in React, one of the most popular JavaScript frameworks. If your app supports React Server Components, you are likely vulnerable out of the box, even if you aren’t using Server Functions explicitly. Patch immediately.
Sha1-Hulud 2.0 に関するよくある質問: NPM リポジトリを標的としたサプライチェーン攻撃の再来
Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages.
CVE-2025-64446: フォーティネット FortiWeb のゼロデイパストラバーサル脆弱性の悪用が確認される
Fortinet has released an advisory for a recently disclosed zero-day path traversal vulnerability which has been exploited in the wild. 直ちにパッチを適用するようにしてください。
マイクロソフト 2025 年 11 月月例セキュリティ更新プログラム、63 件の CVE (CVE-2025-62215) を修正
Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.
Oracle 2025年10月のクリティカルパッチアップデートで 170 件の CVE に対処
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.
F5、「BIG-IP 」の侵害を公表: 今すぐ対処が必要な 44 件の脆弱性
Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno.Key takeaways:F5’s BIG-IP is used to secure everything…
営業チームに問い合わせる