El Martes de parches de Microsoft de junio de 2025 aborda 65 CVE (CVE-2025-33053)
Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild....
Preguntas frecuentes acerca de BadSuccessor
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller....
CVE-2025-32756: vulnerabilidad de día cero en múltiples productos de Fortinet explotada en la realidad
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera....
CVE-2025-4427, CVE-2025-4428: Ejecución remota de código de Ivanti Endpoint Manager Mobile (EPMM)
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
El Martes de parches de Microsoft de mayo de 2025 aborda 71 CVE (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild....
La reducción del tiempo de corrección sigue siendo un desafío: cómo puede ayudar Tenable Vulnerability Watch
Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system c...
CVE-2025-31324: Vulnerabilidad de día cero en SAP NetWeaver explotada en la realidad
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible....
CVE-2025-32433: Vulnerabilidad de ejecución de código remoto no autenticado de Erlang/OTP SSH
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices....
Preguntas frecuentes acerca del programa de vencimiento y renovación de MITRE CVE
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation....
Actualización de parche crítica de abril de 2025 de Oracle aborda 171 CVE
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security...
El financiamiento del programa MITRE CVE es ampliado por un año
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be ca...
El Martes de parches de Microsoft de abril de 2025 aborda 121 CVE (CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild....