Microsoft의 April 2025 Patch Tuesday에서 121개 CVE에 대응(CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
DeepSeek Deep Dive: Creating Malware, Including Keyloggers and Ransomware
Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging.
Microsoft의 March 2025 Patch Tuesday에서 56개 CVE를 해결(CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
Microsoft의 February 2025 Patch Tuesday에서 55개 CVE를 처리(CVE-2025-21418, CVE-2025-21391)
Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.
CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 제로데이 공격이 악용되는 것으로 보고됨
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild according to researchers.
Salt Typhoon: 국가 정부에서 지원하는 행위자가 악용하는 취약성의 분석
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat…
Oracle January 2025 중요 패치 업데이트에서 186개 CVE에 대응
Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security…
CVE-2024-55591: Fortinet 인증 우회 제로데이 취약성이 널리 약용됨
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.
Microsoft의 January 2025 Patch Tuesday에서 157개 CVE에 대응 (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.