Cisco Patches High-Severity IOS XR Vulnerabilities The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.

シスコ、深刻度の高いIOS XRの脆弱性を修正

Cisco Patches High-Severity IOS XR Vulnerabilities #SecurityWeek (Mar 12)

www.securityweek.com/cisco-patche...

Apple Updates Legacy iOS Versions to Patch Coruna Exploits The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.

Apple、iOSの旧バージョンをアップデートし、コルーニャ脆弱性を修正

Apple Updates Legacy iOS Versions to Patch Coruna Exploits #SecurityWeek (Mar 12)

www.securityweek.com/apple-update...

Splunk, Zoom Patch Severe Vulnerabilities Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.

Splunk、Zoomが深刻な脆弱性を修正

Splunk, Zoom Patch Severe Vulnerabilities #SecurityWeek (Mar 12)

www.securityweek.com/splunk-zoom-...

CISO Conversations: Aimee Cardwell Cardwell started her career at Netscape, become a VP of engineering at American Express, CISO at UnitedHealth Group, and now CISO in Residence at Transcend.

CISO 対談: エイミー・カードウェル

CISO Conversations: Aimee Cardwell #SecurityWeek (Mar 11)

www.securityweek.com/ciso-convers...

MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Stryker was targeted by the Handala group, which claims to have wiped more than 200,000 of the company’s devices.

医療技術大手ストライカー、イラン関連のハッカー攻撃で機能不全に

MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack #SecurityWeek (Mar 11)

www.securityweek.com/medtech-gian...

Michelin Confirms Data Breach Linked to Oracle EBS Attack The cybercriminals have leaked more than 300GB of files allegedly stolen from the tire giant.

ミシュラン、Oracle EBS攻撃に関連するデータ侵害を確認

Michelin Confirms Data Breach Linked to Oracle EBS Attack #SecurityWeek (Mar 11)

www.securityweek.com/michelin-con...

Adobe Patches 80 Vulnerabilities Across Eight Products Adobe has rolled out patches for 80 vulnerabilities across 8 products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro.

Adobe、8つの製品にわたる80件の脆弱性を修正

Adobe Patches 80 Vulnerabilities Across Eight Products #SecurityWeek (Mar 10)

www.securityweek.com/adobe-patche...

Microsoft Patches 83 Vulnerabilities Microsoft has fixed a critical vulnerability, but none of the flaws fixed this Patch Tuesday has been exploited in the wild.

マイクロソフト、83件の脆弱性を修正

Microsoft Patches 83 Vulnerabilities #SecurityWeek (Mar 10)

www.securityweek.com/microsoft-pa...

Internet Infrastructure TLD .arpa Abused in Phishing Attacks Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare.

インターネットインフラTLD「.arpa」がフィッシング攻撃に悪用される

Internet Infrastructure TLD .arpa Abused in Phishing Attacks #SecurityWeek (Mar 9)

www.securityweek.com/internet-inf...

ClickFix Attack Uses Windows Terminal to Evade Detection Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog.

ClickFix攻撃はWindowsターミナルを利用して検出を回避

ClickFix Attack Uses Windows Terminal to Evade Detection #SecurityWeek (Mar 9)

www.securityweek.com/clickfix-att...

FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information The bureau is working to determine the scope and impact of the problem, according to a notification sent to members of Congress.

FBI、機密監視情報を保持するシステムにおける「疑わしい」サイバー活動を捜査中

FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information #SecurityWeek (Mar 6)

www.securityweek.com/fbi-investig...

US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies Trump’s Cyber Strategy calls for stronger deterrence against cyber adversaries, modernization of federal networks, protection of critical infrastructure, and investment in technologies such as AI and…

米国のサイバー戦略は敵対勢力、重要インフラ、新興技術を標的にしている

US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies #SecurityWeek (Mar 7)

www.securityweek.com/us-cyber-str...

Over 100 GitHub Repositories Distributing BoryptGrab Stealer The malware targets browser and cryptocurrency wallet data, along with system information and user files.

100以上のGitHubリポジトリがBoryptGrab Stealerを配布

Over 100 GitHub Repositories Distributing BoryptGrab Stealer #SecurityWeek (Mar 7)

www.securityweek.com/over-100-git...

Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses.

最近のCisco Catalyst SD-WANの脆弱性が広く悪用される

Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited #SecurityWeek (Mar 8)

www.securityweek.com/recent-cisco...

LeakBase Cybercrime Forum Shut Down, Suspects Arrested The stolen credential marketplace had been active since 2021 and in late 2025 it counted 142,000 users.

LeakBaseサイバー犯罪フォーラムが閉鎖、容疑者逮捕

LeakBase Cybercrime Forum Shut Down, Suspects Arrested #SecurityWeek (Mar 5)

www.securityweek.com/leakbase-cyb...

Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities.

シスコ、Catalyst SD-WANの脆弱性がさらに悪用される可能性があると警告

Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild #SecurityWeek (Mar 5)

www.securityweek.com/cisco-warns-...

Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead.

Google：2025年に悪用されるゼロデイ脆弱性90件のうち半分は企業を狙っている

Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises #SecurityWeek (Mar 5)

www.securityweek.com/google-half-...

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware.

海賊版ソフトウェアがいかにして有能な従業員をマルウェア配信エージェントに変えるか

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents #SecurityWeek (Mar 4)

www.securityweek.com/how-pirated-...

Tycoon 2FA Phishing Platform Dismantled in Global Takedown The phishing-as-a-service platform was used to send fraudulent emails to over 500,000 organizations every month.

Tycoon 2FAフィッシングプラットフォームがグローバル削除で解体される

Tycoon 2FA Phishing Platform Dismantled in Global Takedown #SecurityWeek (Mar 4)

www.securityweek.com/tycoon-2fa-p...

Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively A Belgian national, De Ceukelaire’ did not set out to be a hacker. Like many hackers he was born with the potential to become one and only gradually realized he is one.

ハッカーとの対話：インティ・デ・セウクレレール、創造的に機械に抗う

Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively #SecurityWeek (Mar 4)

www.securityweek.com/hacker-conve...

Quantum Decryption of RSA is Much Closer than Expected For decades, the quantum threat to RSA and ECC encryption has been tied to Shor’s algorithm and the assumption that we would need million-qubit quantum computers to make it practical. A newly…

RSA暗号の量子解読は予想よりはるかに近い

Quantum Decryption of RSA is Much Closer than Expected #SecurityWeek (Mar 3)

www.securityweek.com/quantum-decr...

Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby.

イランによるアマゾンデータセンターへの攻撃は、業界の物理的災害に対する脆弱性を浮き彫りにする

Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters #SecurityWeek (Mar 3)

www.securityweek.com/iranian-stri...

Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low The cybersecurity industry is monitoring the landscape and says many of the big claims made by hacktivist groups remain unverified.

イランのサイバー戦線：ハクティビストの活動は増加、しかし国家支援による攻撃は低調

Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low #SecurityWeek (Mar 3)

www.securityweek.com/iran-cyber-f...

Madison Square Garden Data Breach Confirmed Months After Hacker Attack The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.

マディソン・スクエア・ガーデンのデータ侵害、ハッカー攻撃から数ヶ月後に確認

Madison Square Garden Data Breach Confirmed Months After Hacker Attack #SecurityWeek (Mar 2)

www.securityweek.com/madison-squa...

US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure.

米・イスラエル・イランのサイバー攻撃の応酬：親西側ハッカーによる混乱、テヘランの報復で混乱

US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates #SecurityWeek (Mar 2)

www.securityweek.com/us-israel-an...

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent.

OpenClawの脆弱性により、ウェブサイトがAIエージェントを乗っ取ることが可能に

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents #SecurityWeek (Mar 2)

www.securityweek.com/openclaw-vul...

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.

脆弱性によりChromeのGemini Live AIアシスタントが乗っ取られる可能性

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant #SecurityWeek (Mar 2)

www.securityweek.com/vulnerabilit...

Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking Gardyn smart gardens were until recently affected by potentially serious vulnerabilities that could have been exploited for remote hacking.

Critical Flaws Exposed Gardyn Smart hydroponic Gardens to Remote Hacking | #SecurityWeek

www.securityweek.com/critical-fla...

Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology OpenAI and Google, along with Elon Musk’s xAI, also have contracts to supply their AI models to the military.

トランプ大統領、全連邦機関に人類工学技術の使用を段階的に廃止するよう命令

Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology #SecurityWeek (Feb 27)

www.securityweek.com/trump-orders...

Hackers Weaponize Claude Code in Mexican Government Cyberattack The AI was abused to write exploits, create tools, and automatically exfiltrate over 150GB of data.

メキシコ政府のサイバー攻撃でハッカーがクロード・コードを武器化

Hackers Weaponize Claude Code in Mexican Government Cyberattack #SecurityWeek (Mar 1)

www.securityweek.com/hackers-weap...