Microsoft 2025 年 7 月补丁星期二解决了 128 个 CVE (CVE-2025-49719)
Microsoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed.
CVE-2025-5777、CVE-2025-6543:有关 CitrixBleed 2 和 Citrix NetScaler 漏洞利用的常见问题
Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.
有关伊朗网络运营的常见问题
Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors.
Microsoft 的 2025 年 6 月补丁星期二解决了 65 个 CVE (CVE-2025-33053)
Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild.
关于 BadSuccessor 的常见问题
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller.
CVE-2025-32756:多个 Fortinet 产品存在已在现实中遭利用的零日漏洞
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.
CVE-2025-4427、CVE-2025-4428:Ivanti Endpoint Manager Mobile (EPMM) 远程代码执行
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Microsoft 的 2025 年 5 月补丁星期二解决了 71 个 CVE(CVE-2025-32701、CVE-2025-32706、CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.
缩短修复时间仍是一项挑战:Tenable Vulnerability Watch 如何提供帮助
Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system…
CVE-2025-31324:SAP NetWeaver 在现实环境中遭利用的零日漏洞
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.
CVE-2025-32433:Erlang/OTP SSH 未经身份验证的远程代码执行漏洞
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
有关 MITRE CVE 计划到期和续订的常见问题
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.