CVE-2025-32433: Vulnerabilidad de ejecución de código remoto no autenticado de Erlang/OTP SSH
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
Preguntas frecuentes acerca del programa de vencimiento y renovación de MITRE CVE
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
Actualización de parche crítica de abril de 2025 de Oracle aborda 171 CVE
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378…
El financiamiento del programa MITRE CVE es ampliado por un año
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be…
El Martes de parches de Microsoft de abril de 2025 aborda 121 CVE (CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
DeepSeek Deep Dive: Creating Malware, Including Keyloggers and Ransomware
Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging.
El Martes de parches de Microsoft de marzo de 2025 aborda 56 CVE (CVE-2025-26633, CVE-2025-24983 y CVE-2025-24993)
Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
El Martes de parches de febrero de 2025 de Microsoft aborda 55 CVE (CVE-2025-21418, CVE-2025-21391)
Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.
CVE-2025-23006: vulnerabilidad de día cero de SonicWall Secure Mobile Access (SMA) 1000 supuestamente explotada
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild according to researchers.
Póngase en contacto con nuestro equipo de ventas