Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)
Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild....
Perguntas frequentes sobre BadSuccessor
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller....
CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera....
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild....
Reduzir o tempo de correção continua sendo um desafio: como o monitoramento de vulnerabilidades da Tenable pode ajudar
A correção oportuna de vulnerabilidades é um desafio constante para as organizações, pois elas lutam para priorizar as exposições que representam o maior risco para suas operações. Os sistemas de pontuação existentes são inestimáveis, mas podem carecer de contexto. Veja como o sistema de classificação do monitoramento de vulnerabilidades da Tenable c...
CVE-2025-31324: Vulnerabilidade de dia zero no SAP NetWeaver explorada na prática
A SAP lançou um patch fora de banda para corrigir o CVE-2025-31324, uma vulnerabilidade crítica de dia zero no SAP NetWeaver que foi explorada por invasores. As organizações são fortemente encorajadas a aplicar patches o mais rápido possível....
CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices....
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation....
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security...
MITRE CVE Program Funding Extended For One Year
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be ca...
Patch Tuesday de abril de 2025 da Microsoft aborda 121 CVEs (CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild....