Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

March 6, 2026 - None

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":April 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	-		-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API lay… New	CWE-639 CWE-862 Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-40480	2026-04-21 03:59	2026-04-18
2	-		-	-	ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0. New	CWE-89 SQL Injection	CVE-2026-40482	2026-04-21 03:59	2026-04-18
3	5.4	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An authenticated user with Finance permissions can inject HTML attribute-breaking ch… New	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40483	2026-04-21 03:59	2026-04-18
4	9.1	CRITICAL Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which performs no file ext… New	CWE-269 CWE-434 CWE-552 Improper Privilege Management Unrestricted Upload of File with Dangerous Type Files or Directories Accessible to External Parties	CVE-2026-40484	2026-04-21 03:59	2026-04-18
5	5.3	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An un… New	CWE-204 CWE-307 Response Discrepancy Information Exposure mproper Restriction of Excessive Authentication Attempts	CVE-2026-40485	2026-04-21 03:59	2026-04-18
6	8.1	HIGH Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a… New	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2026-40581	2026-04-21 03:59	2026-04-18
7	-		-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication ch… New	CWE-288 CWE-305 Authentication Bypass Using an Alternate Path or Channel Authentication Bypass by Primary Weakness	CVE-2026-40582	2026-04-21 03:59	2026-04-18
8	4.8	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML attribute-breaking charac… New	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40593	2026-04-21 03:59	2026-04-18
9	-		-	-	editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted direc… New	CWE-121 CWE-787 Stack-based Buffer Overflow Out-of-bounds Write	CVE-2026-40489	2026-04-21 03:59	2026-04-18
10	6.8	MEDIUM Network	-	-	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization header… New	CWE-200 Information Exposure	CVE-2026-40490	2026-04-21 03:59	2026-04-18

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2025-48780	2026-02-6 10:41	2025-06-6
2	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48781	2026-02-6 10:41	2025-06-6
3	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-48782	2026-02-6 10:41	2025-06-6
4	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48783	2026-02-6 10:41	2025-06-6
5	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-48784	2026-02-6 10:41	2025-06-6
6	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2025-5192	2026-02-6 10:41	2025-06-6
7	6.8	警告 Physics	Elspec LTD	G5DFR ファームウェア	Elspec LTDのG5DFR ファームウェアにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2025-59392	2026-02-6 10:41	2025-11-6
8	7.2	重要 Network	Sangoma	freepbx	SangomaのfreepbxにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2025-64328	2026-02-6 10:41	2025-11-7
9	6.5	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-10875	2026-02-6 10:41	2025-11-4
10	7.5	重要 Network	Intelbras	ICIP 30 Firmware	IntelbrasのICIP 30 Firmwareにおける複数の脆弱性	CWE-255 CWE-256 CWE-522	CVE-2025-13187	2026-02-6 10:41	2025-11-14

Version update history excerpt Go To Version Update History

Target Period : 2026-04-15 〜 2026-04-22

No	Name	Genre	Version	Release date	Security Fix	Release Information
1	New!! Cockpit	systemadmin	360	2026-04-18	Yes	Show
2	New!! Linux Kernel 5.10（LTS）	os	5.10.253	2026-04-18	Yes	Show

Support Expiration Date Go to Support Expiration Information

Target Period : 2026-03-01 〜 2026-07-31

No	Name	Normal Support	Security Support	Extended Support
1	Ruby 3.2	2026-03-31
2	MySQL 8	2026-04-19
3	Django4.2 LTS	2023-12-31		2026-04-30
4	Red Hat OpenJDK 8 for Windows		2026-05-31
5	Red Hat OpenJDK 8		2026-05-31
6	Java 8 (LTS)		2026-05-31
7	MariaDB 10.6	2026-06-30
8	SQL Server 2016 Service Pack 2	2021-07-13		2026-07-14

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2026-4-22 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	181,Pentagon wants $54B for drones, more than most nations’ military budgets,The proposed Pentagon drone investment rivals Ukraine’s entire military budget.,Jeremy Hsu,–,4/21/2026,\|,32,Mozilla: Anthro ...	English News Foreign Country Blog Site Information Gathering
2	Bleeping Computer®	https://www.bleepingcomputer.com/	French govt agency confirms breach as hacker offers to sell data,New Lotus data wiper used against Venezuelan energy, utility firms,Lifetime cybersecurity training is on sale for a one-time $53,Stoppi ...	English News Foreign Country Information Provision
3	cnet	https://www.cnet.com/	Apple CEO Tim Cook Steps Down, John Ternus Replaces Him,02,Top 5 Apple Products That Tim Cook Launched,03,Survey: Less Than 40% of Us Recycle Old Tech,04,05,A Compact Short-Throw Projector for Tiny Li ...	English News Foreign Country Blog
4	Cyber Security Intelligence	https://www.cybersecurityintelligence.com/	2026-04-21,Top Website Security Threats Every Site Owner Should Know,Small enterprises are targeted constantly and not one is 'too small to target'. Here are the pressing threats they genuinely need t ...	English News Foreign Country Information Provision
5	Cybersecurity News	https://securityonline.info/	April 21, 2026,Three Silent Vulnerabilities Discovered in the glibc Core,Ddos,April 21, 2026,0,Vulnerability Report,The Dual CVSS 10.0 RCE Flaws Threatening Spinnaker Pipelines,Ddos,April 21, 2026,0,V ...	English News Foreign Country Information Provision
6	Engadget	https://www.engadget.com/	Xbox cuts Game Pass prices but new Call of Duty games will no longer hit the service on day one,Effective immediately, both Game Pass Ultimate and PC Game Pass will be a bit cheaper.,Kris Holt,7 hours ...	English News Foreign Country Blog
7	Gizmodo	https://gizmodo.com/	NASA Breaks Silence on Deaths and Disappearances of Scientists With Ties to Space Tech,Eleven missing or dead scientists are now at the center of a federal investigation, and three had direct ties to ...	English News Foreign Country Blog
8	HELPNETSECURITY	https://www.helpnetsecurity.com/	Ransomware negotiator admits role in attacks he was hired to resolve,April 21, 2026,Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency,April 21, 2026,CISA flags another Cis ...	English News Foreign Country Information Provision
9	Krebs on Security	https://krebsonsecurity.com/	‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty,April 21, 2026,3 Comments,A 24-year-old British national and senior member of the cybercrime group “,Scattered Spider,” has pleaded guilty to wire frau ...	English News Foreign Country Blog
10	Mashable	https://mashable.com/	Mashable Selects,AI audiobooks are invading Libby. Here’s how I avoid them.,End of an era,Tim Cook to step back, John Ternus named Apple CEO,test that 8x zoom,Marvel at Earthset video from Artemis II, ...	English News Foreign Country Blog
11	ScanNetSecurity	https://scan.netsecurity.ne.jp/	2026.04.22（水）,2026.4.21 Tue 8:05,受託業務で受領したデータの様式を同意なく別業務へ流用、非表示設定となっていたワークシート内に顧客情報が残存,SocioFuture株式会社は4月3日、同社がGMOあおぞらネット銀行株式会社から受託している事務業務での顧客情報流出について発表した。GMOあおぞらネット銀行でも同日、文字のコピーができないPDFファイルで公開している。, ...	Japanese News Information Provision
12	Schneier on Security	https://www.schneier.com/	Mexican Surveillance Company,Grupo Seguritech,is a Mexican surveillance company that is expanding into the US.,Tags:,Mexico,,,privacy,,,surveillance,Posted on April 21, 2026 at 7:04 AM,•,5 Comments,20 ...	English News Foreign Country Blog
13	scmagazine	https://www.scmagazine.com/	Another Cisco Catalyst SD-WAN Manager bug added to CISA list,Steve,Zurier,April 21, 2026,CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.,SOC,From OODA to SUDA: Why ...	English News Foreign Country Information Provision
14	securityledger.com	https://securityledger.com/	Tuesday, April 21, 2026,BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation,April 21, 2026,\|,cybernewswire,New York, United States, 21st April 2 ...	English News Foreign Country Information Provision
15	securityweek	https://www.securityweek.com/	Third US Security Expert Admits Helping Ransomware Gang,Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator.,Dozen ...	English News Foreign Country Information Provision
16	TechCrunch	https://techcrunch.com/	AI,SpaceX is working with Cursor and has an option to buy the startup for $60 billion,Tim Fernholz,11 minutes ago,Hardware,Apple’s John Ternus will run one of the world’s most powerful companies; the ...	English News Foreign Country Blog Site Information Gathering
17	TechNadu.com	https://www.technadu.com/	Poste Italiane and Postepay Fined €12.5 Million for Illegally Processing Personal Data of Millions ⁠of Users,By,Lore Apostol,\|,Published,KelpDAO Crypto Theft: Lazarus Hackers Linked to $290 Million He ...	English News Foreign Country Information Provision
18	TechRadar	https://www.techradar.com/	Apple after Tim Cook — John Ternus will take the helm at a pivotal moment,What challenges does Apple's incoming CEO face? And what will Apple do — and be — under John Ternus?,I asked ChatGPT and Gemin ...	English News Foreign Country Blog
19	The Verge	https://www.theverge.com/	Latest,Tim Cook was an innovator — just not the Jobs kind,Cook’s relentless optimization propelled Apple’s fortunes to new heights and an era of predictable profitability.,Allison Johnson,7:15 PM UTC, ...	English News Foreign Country Blog
20	wired	https://www.wired.com/	Hardened Hearts,They Built a Legendary Privacy Tool. Now They’re Sworn Enemies,There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love b ...	English News Blog
21	ZDNet Japan Security	https://japan.zdnet.com/security/	ぐるなび、VPNを廃止してゼロトラストセキュリティ基盤を構築,2026-04-21 13:46,AIで企業がオープンソースを断念した理由,HPE、ジュニパー統合で「全方位統合セキュリティ」を展開--超高性能小型FWなど発表,今や攻撃標的と化したVPN、境界防御は限界に。ゼロトラストによる新アクセスモデルでセキュリティ強化,AI活用の成否を分かつ「データの構造化」——営業DXを加速させる次世代基盤の ...	Japanese News Information Provision
22	CyberSecurity.com	https://cybersecurity-jp.com/	2026/04/21,ランサム感染調査の結果、計7,304人分の個人情報漏えいの可能性│テイン,2026/04/21,患者の顔写真データが保存されたSDカード紛失│さわ病院,2026/04/20,社員メールアカウントが不正利用されて不審メール│株式会社トーホー,2026/04/20,役員Xアカウントが不正アクセス被害、不審メッセージ送信を確認│株式会社ミズカラ,ゼロトラストセキュリティ,【マシンス ...	Japanese News Company Blog Information Provision
23	Malware Information Bureau	https://eset-info.canon-its.jp/malware_info/	情報局｜特集（/special/）,2026.4.21,シャドーAIは最大のセキュリティの盲点になり得る,意図しない情報漏えいからプログラムの不具合に至るまで、AIの使用には見過ごせないリスクが潜んでいる。本記事では、企業において承認されていないAIの使用に注意すべき理由について解説する。,2026.4.21,シャドーAIは最大のセキュリティの盲点になり得る,セキュリティ強化・対策,情報システム担 ...	Japanese News Information Provision

security_company

No	Name	URL	Excerpt Of Changes	Tag
1	Offensive Security	https://www.offsec.com/	for hands-on offensive operations in artificial intelligence environments,Train in live labs. Hack purpose-built environments. Level up where it matters. From individual contributors to global teams, ...	English Tools Company Consulting Qualifications Education Pentest E-Learning
2	NTT Advanced Technology Corporation	https://www.ntt-at.co.jp/	04.21,[火],ニュースリリース,商品・サービス,[PR TIMES配信],NTT-AT、「RelAiナレッジアシスタント」および「窓口AIエージェント（仮称）」を「自治体・公共Week 2026／第6回自治体DX展」に出展,～自治体窓口を起点とした生成AIソリューションを提案～,2026/,05.19,[火],05.21,[木],ドイツ,Cologne, Exhibition Centre ...	Japanese Web Audit Network Audit Company Consulting Education Endpoint Detection and Response(EDR) Incident Response Forensic Security enhancement support Security enhancement support Automatic Audit tools Targeted Email Attack Training SIEM Cloud IDS/IPS Management DDos protection Endpoint Audit Monitoring CSPM（Cloud Security Posture Management） Internal information leakage countermeasures
3	Ierae Security, Inc.	https://ierae.co.jp/	脅威モデリングによる潜在的なリスクの可視化で、攻めのセキュリティ対策,パーソルキャリア株式会社,脅威モデリング,2026.04.20,お知らせ,ゴールデンウィーク休業期間のお知らせ	Japanese Web Audit Network Audit Company Game Audit Smartphone Audit IoT Audit Consulting CTF Forensic Pentest Cloud Security Automotive Audit Virtual Currency Audit Anti-tampering Audit
4	UBsecure, Inc.	https://www.ubsecure.jp/	パーソルクロステクノロジー株式会社様,育成×派遣でセキュリティ人材不足に挑む ─ Vexトレーニングを軸にした即戦力エンジニア輩出の仕組み	Japanese News Web Audit Network Audit Source Code Audit Smartphone Audit Qualifications Education Support for PCIDSS
5	LAC Co., Ltd	https://www.lac.co.jp/	2026年4月21日,プレス,ラック、セキュリティ運用の高度化とコスト最適化を実現する統合SOCサービス「JSOC xPDR Advanced」を提供	Japanese Web Audit Network Audit Major Company Source Code Audit Smartphone Audit IoT Audit Consulting Qualifications WAF Education Incident Response Forensic Pentest E-Learning Security enhancement support Requirements Consulting Automatic Audit tools System Development Targeted Email Attack Training Manipulation Detection Log Management SOC Hardware Audit Information Provision Support for PCIDSS Building CSIRTs Wireless LAN Audit APT Attack Resistance Audit IP address research Malware and ransomware support

blog

No	Name	URL	Excerpt Of Changes	Tag
1	Hacking Articles	https://www.hackingarticles.in/	DACL Attacks,GPO Abuse: Exploiting Vulnerable Group Policy Objects,April 21, 2026,April 21, 2026,by,raj,15 Min Reading,This article walks through a complete GPO-abuse attack chain in a lab domain name ...	English Web Audit Foreign Country Hacking Education Blog Pentest Information Provision
2	Rapid7 Blog	https://www.rapid7.com/blog/	3685,Artificial Intelligence,Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action,Craig Adams	English Major Foreign Country Company Blog Information Provision
3	Redhat's Official Blog	https://www.redhat.com/ja/blog	AI から量子コンピューティングまで、RHEL 10 の新機能をご紹介します。,Red Hat は、当社のお客様が直面する多様なインフラストラクチャ・ランドスケープを認識しており、すべての主要なパブリッククラウド・プロバイダーに Red Hat OpenShift Virtualization を提供できるよう取り組んでいます。	English Major Company Blog Information Provision
4	UBsecure Blog	https://www.ubsecure.jp/blog	パーソルクロステクノロジー株式会社様,育成×派遣でセキュリティ人材不足に挑む ─ Vexトレーニングを軸にした即戦力エンジニア輩出の仕組み	Japanese Company Blog Information Provision
5	Security hole memo	http://www.st.ryukoku.ac.jp/~kjm/security/memo/	Last modified: Tue Apr 21 13:07:01 2026,■,2026.04.21,》,ソメイヨシノ、“寒さ不足”で「満開とならず」　九州南部などの開花異常、岡山理科大学など分析,(ITmedia, 4/17),》,朗報！　Googleが「戻るボタン→広告」がスパムに……次は「×ボタン小さすぎ広告」を何とかしてほしい,(ITmedia, 4/20),そもそも、あの手の広告で商 ...	Japanese Celebrated Person Celebrated Person Blog Blog Information Provision Information Provision

organization

No	Name	URL	Excerpt Of Changes	Tag
1	Center for Internet Security	https://www.cisecurity.org/	04.21.2026,Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings,Read More,White Paper,04.20.2026,CIS, Astrix, and Cequence Release New AI Security Companion Guides,White Pa ...	English Foreign Country Organization Information Provision
2	Information-technology Promotion Agency	https://www.ipa.go.jp/	試験情報,2026年4月21日,令和7年度「iパス（ITパスポート試験）」の年間応募者数等について,セキュリティ,2026年4月21日,「令和7年度セキュリティ人材活用環境整備に係る業務」報告書を公開しました,人材育成,2026年4月21日,デジタル人材キャリアインタビューVol.11を公開,2026年4月21日,令和7年度「iパス（ITパスポート試験）」の年間応募者数等について,2026年4月2 ...	Japanese Organization Government Qualifications Information Provision
3	National Vulnerability Database	https://nvd.nist.gov/	CVE-2013-3346,- Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via un ...	English Organization Government
4	NICT: National Institute of Information and Communications Technology	http://www.nict.go.jp/	情報処理安全確保支援士向け実践サイバー演習「,RPCI,(,リプシィ,）,」2026年度受講申込受付を開始,2026年,4月21日,国立研究開発法人情報通信研究機構（,NICT,（,エヌアイシーティー,）,、理事長: 大野英男）は、情報処理安全確保支援士の資格更新のための実践講習実践サイバー演習「,RPCI,(,リプシィ,」の2026年度の受講申込受付を4月21日（火）に開始しました。RPCI ...	Japanese Organization Government
5	OWASP	https://www.owasp.org/	Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together,Jordan Harband and Przemyslaw (Rogue) Roguski,, April 15, 2026,OpenEoX and CLE are two emerging standards that work ...	English Organization

ctf_bug_bounty

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Hacker One	https://www.hackerone.com/	h1 Validation: built to turn AI findings into verified fixes \|,Not every vulnerability matters.,Fix the ones that do.,Focus on what’s,real,. The HackerOne Platform reduces risk by uncovering,,validati ...	English Hacking Bug Bounty

wordpress

No	Image	Name	URL	Excerpt Of Changes	Tag
1		All In One WP Security & Firewall	https://ja.wordpress.org/plugins/all-in-one-wp-security-and-firewall/	Always getting error on Cookie-based brute force,ashik193,2026年4月21日,Always Redirecting to 127.0.0 even if we use secret code,1,700件のレビューをすべて表示,4週間,1,539 5-星レビュー,1,539,Your review,18 / 32	Japanese WordPress WordPress Security Enhancement

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Packet Storm	https://packetstormsecurity.com/	2026/04/21 - Had a couple real egg on face moments. The bookmarking flow for researchers had some remnant code that still disclosed email addresses without inheritance from the user profiles if mappe ...	English News Tools Foreign Country Hacking Exploit
2		Vulnerability countermeasure information database	https://jvndb.jvn.jp/index.html	最終更新日：2026/04/21,現在の登録件数：279701件,2026/04/21,JVNDB-2026-012056,サイレックス・テクノロジー製SD-330ACおよびAMC Managerにおける複数の脆弱性,8.8（重要）,2026/04/21,JVNDB-2026-012055,PowerDNSのPowerDNS Recursorにおける制限またはスロットリング無しのリソースの割り当て ...	Japanese News Organization Government Windows Linux/Unix Mac OS Information Provision

Security Advisary

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Drupal Security Information	https://www.drupal.org/security	JavaScript is disabled in your browser.,Please enable JavaScript to proceed.,A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settin ...	English Foreign Country Security Advisories

Document

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Guidelines for Information Security Measures for Small and Medium Enterprises	https://www.ipa.go.jp/security/guide/sme/about.html	最終更新日：2026年4月21日,付録1：中小企業のためのセキュリティ人材の確保・育成の実践ガイドブック（全14ページ）(PDF:2.4 MB),「中小企業の情報セキュリティ対策ガイドライン」説明資料(全34ページ)(PDF:4.5 MB),「中小企業のためのクラウドサービス安全利用の手引き」説明資料(全32ページ)(PDF:1.4 MB),「中小企業のためのセキュリティインシデント対応の手引き」 ...	Japanese Organization Information Provision Documents

2026-4-21 JST

security_company

No	Name	URL	Excerpt Of Changes	Tag
1	crowdstrike	https://www.crowdstrike.jp/	年次イベント”CrowdTour”ご登録受付中！TOKYO（5/22開催）ご登録は,こちら,\| OSAKA（ 5/21開催）ご登録は,こちら	English Foreign Country Company Endpoint Detection and Response(EDR) Incident Response
2	SentinelOne	https://www.sentinelone.com/	Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.,Join the Virtual Cyber Forum: Threat Intel,Register Now,Join the Virtual Cyber Forum: Threat Intel,Virtu ...	English Foreign Country Company Endpoint Detection and Response(EDR)
3	NTT DATA INTELLILINK Corporation	http://www.intellilink.co.jp/	2026年4月20日,ニュースリリース,オンプレミスAIの簡単導入「INTELLILINK Private AI スタートパック」において「tsuzumi® 2」の対応検証を開始,2026年4月16日,コラム,PQCや証明書47日問題に備えるクリプトインベントリ管理自動化,2026年4月16日,セキュリティ,PQCや証明書47日問題に備えるクリプトインベントリ管理自動化,04.20,ニュースリリー ...	Japanese Web Audit Network Audit Major Company Source Code Audit Smartphone Audit Smartphone Audit Consulting Consulting Education Endpoint Detection and Response(EDR) Pentest Security enhancement support Requirements Consulting SOC Support for PCIDSS
4	3-shake Inc.	https://3-shake.com/	2026.04.20,プレスリリース,【 AI-Ready に関する実態調査】AI活用は約4割にとどまり、二極化が進む実態が明らかに,2026.04.13,プレスリリース,クラウド型ETLツール「Reckoner」、Python・JavaScriptによる「コード実行機能」をリリース―ノーコードとコードを組み合わせた柔軟なデータ連携を実現,2026.04.20,プレスリリース,【 AI-Ready ...	Japanese Web Audit Company Requirements Consulting Automatic Audit tools Cloud Security Cloud AWS GCP
5	LEON TECHNOLOGY Inc.	https://www.leon-tec.co.jp/	2026/04/20,申込受付中,2026年5月20日(水)PCI DSSセミナー開催！”もしも”に備える – PCI DSSを踏まえた実務的インシデント対応強化策,過去のセミナー,過去のセミナー,過去のセミナー,2026年5月20日(水)PCI DSSセミナー開催！”もしも”に備える – PCI DSSを踏まえた実務的インシデント対応強化策,申込受付中,過去のセミナー,過去のセミナー	Japanese Web Audit Network Audit Company WordPress Source Code Audit Consulting Education Forensic Security Advisor Targeted Email Attack Training SIEM Building CSIRTs Building Active Directory
6	Sompo Risk Management Inc.	https://www.sompocybersecurity.com/index.html	2026/04/20,リスクアセスメントで築く持続可能な事業インフラ Part 4：バックアップの正しい理解とリカバリ計画（4/20),サイバーセキュリティブログ,記事一覧,セキュリティ対策,コラム,詳しく見る	Japanese Web Audit Network Audit Major Consulting WAF Pentest Requirements Consulting Automatic Audit tools SOC Malware Audit IDS/IPS Management Privacy Mark Antivirus software Monitoring GDPR compliance Cyber Security for Medical Institutions Cyber Security Exercise Antiphishing ISO27001 Threat Intelligence

tool

No	Image	Name	URL	Excerpt Of Changes	Tag
1		GreyNoise	https://www.greynoise.io/	Ten Days Before Zero: How Activity Surges in GreyNoise Data Precede Vulnerability Disclosure,April 20, 2026,Our latest analysis identified that attack activity typically spikes before a vulnerability ...	Japanese Tools Foreign Country Information Provision OSINT
2		HCL App Scan	https://www.hcljapan.co.jp/software/products/appscan/	ログインしてオーサリング機能を使用する,「サイト」メニューを開く,サイト,まだ開催中: 最大のセールは継続中!,3 月 31 日まで、AppSec スキャンの 90% 割引と HCL AppScan on Cloud の 1 年間サブスクリプションを利用して、アプリケーションを保護します。	Japanese Major Tools Foreign Country Automatic Audit tools

blog

No	Name	URL	Excerpt Of Changes	Tag
1	Qualys Security Blog	https://blog.qualys.com/	Lavish Jhamb,April 20, 2026,- 7 min read,Enterprise Remediation Benchmark: How Does Your Organization Compare?,Posted in,Qualys Insights,29,4	English Major Foreign Country Blog Information Provision
2	Ubuntu Official Blog	https://ubuntu.com/blog	AI,Hybrid search and reranking: a deeper look at RAG,by,robgibbon,on 20 April 2026,Many of us are familiar with the retrieval augmented generative AI (RAG) pattern for building agentic AI applications ...	English Major Foreign Country Blog Information Provision
3	LAC security hodgepodge blog	https://devblog.lac.co.jp/	20,PMPに最短距離で受かる秘訣を伝授,マきむら,普段、アプリケーションペネトレーションテストチームにて、PMらしき働きで活動してますマきむらです。みなさんプロジェクト、マネジメントしてますか。今回は、PMP（Project Management Professional）に受かる秘訣ということで、合格ほかほかのテ…,#,セキュリティ,#,PMP,#,合格,2026,-,04,- ...	Japanese Major Blog Information Provision

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		JPCERT/CC	https://www.jpcert.or.jp/	2026-04-20 14:00,SKYSEA Client ViewおよびSKYMEC IT Managerにおける不適切なファイルアクセス権設定の脆弱性,2026-04-20 11:30,サイレックス・テクノロジー製SD-330ACおよびAMC Managerにおける複数の脆弱性,2026-04-17 12:00,CubeCartにおける複数の脆弱性,2026-04-17 10:00,2026 ...	Japanese Organization Government Incident Response

proxy

No	Image	Name	URL	Excerpt Of Changes	Tag
1		charlesproxy	https://www.charlesproxy.com/	21 4月 2026,Charles 5.1 released with performance and UI/UX improvements.,Read more.,Show more news...,Version 5.1,. All content is copyright 2026. Site design by	English Tools