Salt Typhoon: un análisis de las vulnerabilidades explotadas por este agente patrocinado por Estado
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat…
La actualización de parche crítico de Oracle para enero de 2025 aborda 186 CVE
Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security…
CVE-2024-55591: vulnerabilidad de día cero de evasión de autenticación de Fortinet explotada en la realidad
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.
El Martes de parches de Microsoft de enero de 2025 aborda 157 CVE (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.
CVE-2025-0282: vulnerabilidad de día cero de Ivanti Connect explotada en la realidad
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day.
Revisión anual del Martes de parches de Microsoft 2024
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities.
El Martes de parches de diciembre de 2024 de Microsoft aborda 70 CVE (CVE-2024-49138)
Microsoft addresses 70 CVEs with 16 rated critical, including one zero-day that was exploited in the wild.
Volt Typhoon: infraestructura crítica de los EE. UU. es blanco de agentes patrocinados por Estados
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.
CVE-2024-0012, CVE-2024-9474: vulnerabilidades de día cero en Palo Alto PAN-OS explotadas en la realidad
Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek.
El Martes de parches de Microsoft de noviembre de 2024 aborda 87 CVE (CVE-2024-43451, CVE-2024-49039)
Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.
CVE-2024-47575: preguntas frecuentes sobre FortiJump Zero-Day en FortiManager y FortiManager Cloud
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.
Desde errores hasta vulneraciones: 25 CVE significativas mientras que la CVE de MITRE tiene 25
Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.
Póngase en contacto con nuestro equipo de ventas