CVE-2025-32756:多个 Fortinet 产品存在已在现实中遭利用的零日漏洞
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera....
CVE-2024-55591:Fortinet 身份验证绕过零日漏洞在现实环境中遭到利用
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024....
Microsoft 补丁星期二 2024 年回顾
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities....
Volt Typhoon:美国国家资助的攻击者将重要基础设施作为攻击目标
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor....
CVE-2024-47575:有关 FortiManager 和 FortiManager Cloud 中 FortiJump 零日漏洞的常见问题
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild....
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub)....
CVE-2024-4358、CVE-2024-1800:正在运行的 Telerik Report Server 中的重要漏洞利用链中存在利用漏洞代码
Researchers have released an exploit chain to achieve remote code execution on unpatched instances of Progress Telerik Report Server. Immediate patching is recommended....
Microsoft 2024 年 4 月补丁星期二解决了 147 个 CVE (CVE-2024-29988)
Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities....
Microsoft 2024 年 2 月补丁星期二解决了 73 个 CVE(CVE-2024-21351、CVE-2024-21412)
Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild....
CVE-2024-21762:严重的 Fortinet FortiOS 越界写入 SSL VPN 漏洞
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities...
CVE-2023-29357、CVE-2023-24955:针对 Microsoft SharePoint Server 漏洞发布的漏洞利用链
A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution....
Microsoft 2023 年 9 月补丁星期二修复了 61 个 CVE (CVE-2023-36761)
Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild...