AI セキュリティのジレンマ: クラウド AI のハイステークスな世界をナビゲートする
AI presents an incredible opportunity for organizations even as it expands the attack surface in new and complex ways. For security leaders, the goal isn't to stop AI adoption but to enable it securely.Artificial Intelligence is no longer on the horizon; it's here, and it's being built and deployed ...
OCI、Oh My: Oracle Cloud Shell とコードエディタ統合サービスにおけるリモートコード実行の脆弱性
Tenable Research discovered a Remote Code Execution (RCE) vulnerability (now remediated) in Oracle Cloud Infrastructure (OCI) Code Editor. We demonstrated how an attacker could silently 1-click hijack a victim’s Cloud Shell environment and potentially pivot across OCI services. The vulnerability als...
Tenable Research がいかに Anthropic MCP Inspector の緊急なリモートコード実行の脆弱性を発見したか
Tenable Research recently discovered a critical vulnerability impacting Anthropic's MCP Inspector tool, a core element of the MCP ecosystem. In this blog, we provide details on how we discovered the vulnerability in this widely used open-source tool — and what users can do about it.....
AI セキュリティ:MCP サーバーの使用急増により Web の欠陥が再浮上
In the rush to implement AI tools and services, developers are rapidly embracing the Model Context Protocol (MCP). In the process, classic vulnerabilities are resurfacing and new ones are being introduced. In this blog, we outline key areas of concern and how Tenable Web App Scanning can help....
GerriScary: 人気の Google 製品 (ChromiumOS、Chromium、Bazel、Dart など) のサプライチェーンをハッキング
Tenable Cloud Research discovered a supply chain compromise vulnerability in Google's Gerrit code-collaboration platform which we dubbed GerriScary. GerriScary allowed unauthorized code submission to at least 18 Google projects including ChromiumOS (CVE-2025-1568), Chromium, Dart and Bazel, which ar...
クライアントサイド拡張機能 (CSE) の悪用: AD 環境へのバックドア
Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors. Rather than cover well-documented common abuses of built-in CSEs, this article demonstrates how to create c...
能力と機会が出会う所:Tenable Research 特別作戦チームの紹介
Meet the elite squad that’s hunting the next major cyberattack. With more than 150 years of combined research experience and expert analysis, the Tenable Research Special Operations team arms organizations with the critical and actionable intelligence necessary to proactively defend the modern attac...
攻撃者が使用するリモート監視および管理ツールの検出
Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments....
Frequently Asked Questions About Vibe Coding
Vibe coding has attracted much attention in recent weeks with the release of many AI-driven tools. This blog answers some of the Frequently Asked Questions (FAQ) around vibe coding....
MCP プロンプト インジェクション: セキュリティ対策にも利用可能
MCP tools are implicated in several new attack techniques. Here's a look at how they can be manipulated for good, such as logging tool usage and filtering unauthorized commands....
最近のセキュリティ強化にもかかわらず、Entra ID 同期機能には悪用されるリスクが残っている
ハイブリッド環境における ID 管理を行うための Microsoft の同期機能には、リスクがないわけではありません。本ブログ記事では、Tenable Research がこれらの同期オプションに潜む潜在的な脆弱性と、それがどのように悪用されうるかについて掘り下げています。...
Verizon 2025 DBIR: Tenable Research とのコラボレーションにより CVE 修正のトレンドが明らかに
2025 年版 Verizon Data Breach Investigations Report (DBIR) によると、脆弱性の悪用が関与した侵害は全体の 20% に上り、前年比で 34% 増加 したことが明らかになりました。このレポートを支えるために、Tenable Research は最も悪用された脆弱性に関する強化データを提供しています。本ブログ記事では、その中でも特に注目すべき...
