CVE-2025-4427、CVE-2025-4428:Ivanti Endpoint Manager Mobile (EPMM) 远程代码执行
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Microsoft 的 2025 年 5 月补丁星期二解决了 71 个 CVE(CVE-2025-32701、CVE-2025-32706、CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.
缩短修复时间仍是一项挑战:Tenable Vulnerability Watch 如何提供帮助
Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system…
CVE-2025-31324:SAP NetWeaver 在现实环境中遭利用的零日漏洞
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.
CVE-2025-32433:Erlang/OTP SSH 未经身份验证的远程代码执行漏洞
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
有关 MITRE CVE 计划到期和续订的常见问题
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
Oracle 2025 年重要补丁更新解决了 171 个 CVE
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378…
MITRE CVE 计划资金资助延长一年
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be…
Microsoft 2025 年 4 月补丁星期二解决了 121 个 CVE (CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
DeepSeek Deep Dive: Creating Malware, Including Keyloggers and Ransomware
Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging.
Microsoft 2025 年 3 月补丁星期二解决了 56 个 CVE(CVE-2025-26633、CVE-2025-24983、CVE-2025-24993)
Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.
联系我们的销售团队