Tenable ブログ
エピック・フューリー作戦:エクスポージャー データが、イランによるサイバー・キネティック作戦のすべてを一変させる
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
Oracle published an out-of-band security alert for a critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager, following in-the-wild exploitation of a related flaw in the same component in November 2025.
Bolster your defenses and close the code-to-cloud gap with Tenable and OX
Today, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is…
CVE-2026-21514 に関するよくある質問: Microsoft Word における OLE をバイパスする N-Day 脆弱性
An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings.
2026 年以降の NERC CIP 遵守期限への準備方法
Explore key cybersecurity requirements and implementation deadlines for electric power utilities included in the NERC CIP-003-9 standard for Low-Impact BES (Bulk Electric System) Cyber Systems, and how Tenable can help deliver the comprehensive visibility required to ensure compliance.
資産インベントリとエクスポージャー管理を混同しない
Asset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can't connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don't have exposure management. You have inventory.
報復のサイバー攻撃:エピック・フューリー作戦後のイランのサイバー活動の分析
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat…
マイクロソフト 2026 年 3 月月例セキュリティ更新プログラム、83 件の CVE を修正 (CVE-2026-21262、CVE-2026-26127)
Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.
LeakyLooker: 危険な Looker Studio の脆弱性を利用した Google Cloud のデータハッキング
Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets. Google has since remediated all identified issues.
トランプ政権の米国サイバー戦略:米国にとっての意味と世界的に重要な理由
President Trump's Cyber Strategy for America signals a shift toward risk-based security and cooperation across emerging technologies. While centered on U.S. interests, the strategy provides a blueprint to collectively strengthen global cyber resilience.
