CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 제로데이 공격이 악용되는 것으로 보고됨
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild according to researchers....
Salt Typhoon: 국가 정부에서 지원하는 행위자가 악용하는 취약성의 분석
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat ...
Oracle January 2025 중요 패치 업데이트에서 186개 CVE에 대응
Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security upda...
CVE-2024-55591: Fortinet 인증 우회 제로데이 취약성이 널리 약용됨
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024....
Microsoft의 January 2025 Patch Tuesday에서 157개 CVE에 대응 (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available....
CVE-2025-0282: Ivanti Connect Secure 제로데이 취약성이 널리 악용됨
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day....
Microsoft Patch Tuesday 2024년 한 해 검토
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities....
Microsoft의 December 2024 Patch Tuesday에서 70개 CVE를 해결(CVE-2024-49138)
Microsoft addresses 70 CVEs with 16 rated critical, including one zero-day that was exploited in the wild....
Volt Typhoon: U.S. 국가 정부에서 지원하는 행위자가 표적으로 삼는 미국 중요 인프라
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor....
CVE-2024-0012, CVE-2024-9474: Palo Alto PAN-OS에 제로데이 취약성이 널리 악용됨
Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek....
Microsoft의 November 2024 Patch Tuesday가 87개의 CVE를 해결 (CVE-2024-43451, CVE-2024-49039)
Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild....
CVE-2024-47575: FortiManager 및 FortiManager Cloud에 FortiJump Zero-Day에 대해 자주 묻는 질문
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild....