MITRE CVE プログラムの失効と更新に関するよくある質問
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
オラクル、2025 年 4月 「Critical Patch Update」で 171 件の CVE を修正
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378…
MITRE CVE プログラムの資金が 1 年間延長
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be…
マイクロソフトの 2025 年 4 月月例セキュリティ更新プログラム: 121 件の CVE を修正(CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
CVE-2025-1097、CVE-2025-1098、CVE-2025-1974、CVE-2025-24513、CVE-2025-24514: Ingress Nightmare に関するよくある質問
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
DeepSeek Deep Dive: キーロガーやランサムウェアなどのマルウェアの作成
Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging.
マイクロソフト 2025 年 3 月月例セキュリティ更新プログラム、56 件の CVE を修正 (CVE-2025-26633、CVE-2025-24983、CVE-2025-24993)
Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.
CVE-2025-22224、CVE-2025-22225、CVE-2025-22226: VMware ESXi、Workstation、Fusion のゼロデイ脆弱性が悪用される
Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
マイクロソフトの 2025 年 2 月月例セキュリティ更新プログラム 55 件の CVE に対処 (CVE-2025-21418、CVE-2025-21391)
Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.
CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 のゼロデイ脆弱性の悪用が確認される
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild according to researchers.
Salt Typhoon: 国家支援を受けた攻撃者が悪用した脆弱性の分析
Salt Typhoon という、中華人民共和国に関連する国家主導の攻撃者グループが、少なくとも 9 つの米国拠点の通信企業に侵入しました。その目的は、高官や政治関係者を標的にすることです。 Tenable Research examines the tactics, techniques and procedures of this threat…
営業チームに問い合わせる