CVE-2025-31324: تم استغلال ثغرة يوم الصفر في SAP NetWeaver تم استغلالها في الإنتاج الفعلية
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible....
Cybersecurity Snapshot: Verizon DBIR Finds Attackers Feast on Vulnerability Exploits for Initial Access, While MITRE ATT&CK Adds Mobile, Cloud, ESXi Threat Intel
Check out highlights from this year’s Verizon DBIR, including a surge in zero-day exploits targeting edge devices and VPNs. Plus, find out what’s new in the latest version of MITRE ATT&CK. Also, see what Tenable webinar attendees said about AI security. And get the latest on ransomware preparedness ...
على الرغم من إجراءات الأمن المشددة الأخيرة، لا تزال ميزة مزامنة معرف Entra عرضة لإساءة الاستخدام
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited....
أمان سحابي أقوى في خمسة دقائق: كيفية حماية أعباء العمل السحابية
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the applications...
Verizon 2025 DBIR: يُسلط تعاون Tenable Research الضوء على اتجاهات معالجة الثغرات الأمنية وحالات التعرّض للمخاطر الشائعة (CVE)
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-...
الامتثال لمعيار CISA BOD 25-01: ما تحتاج وكالات الحكومة الأمريكية إلى معرفته
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help....
ConfusedComposer: ثغرة تصعيد الامتيازات التي تؤثر على GCP Composer
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate pri...
Turn to Exposure Management to Prioritize Risks Based on Business Impact
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have ...
CVE-2025-32433: ثغرة تنفيذ التعليمات البرمجية عن بُعد غير المصادق عليها في Erlang/OTP SSH
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices....
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on a...
الأسئلة الشائعة حول انتهاء صلاحية برنامج MITRE CVE وتجديده
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation....
تحديث التصحيح الحرج لشهر أبريل 2025 من Oracle يعالج 171 ثغرة أمنية شائعة
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security...
