오늘의 보안 포커스

사이버 보안 위협 이미지
국내 보안 뉴스높음언론 보도

[2차 부처보고-과기부 등] 李 "AI, 결정적 기회" "개인정보유출 제재, 특...

신규 확인 | 언론 보도

상세보기
국내 보안 뉴스높음언론 보도

[2차 부처보고-과기부 등] 李 "AI, 결정적 기회" "개인정보유출 제재, 특...

사고 대상이 아직 명확히 확인되지 않은 상태에서 개인정보 또는 데이터 유출 정황이 보도됐습니다. 정보 유출 또는 노출 가능성이 보도됐으나 구체적인 범위는 공식 확인이 필요합니다.

현재 상태
신규 확인
확인 수준
언론 보도
상세보기

다가오는 패치 일정

전체 일정 보기
긴급Oracle Corporation

CVE-2026-46817 CISA KEV 조치기한

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

긴급Fortinet

CVE-2026-25089 CISA KEV 조치기한

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

긴급Fortinet

CVE-2026-39808 CISA KEV 조치기한

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

최신 보안 뉴스

전체보기

최근 업데이트된 정보

통합검색
높음 취약점
CVE-2026-56741 · jline jline3 취약점

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fix...

높음 취약점
CVE-2026-56740 · jline jline3 취약점

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables() in TelnetIO.java:1127-1180 stores each variable pair in a HashMap held by ConnectionData, allowing an unauthenticated attacker to flood unique variable pairs before the terminating IAC SE byte and exhaust JVM heap memory with an OutOfMemoryError. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.

높음 취약점
CVE-2026-56171 · Microsoft Remote Desktop Web Client, Windows Admin Center 취약점

Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.

높음 취약점
CVE-2026-49485 · hapifhir org.hl7.fhir.core 취약점

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation, and the FHIRPath functions matches(), matchesFull(), and replaceMatches() pass user-controlled regular expressions to Java's Pattern.compile() and String.replaceAll() through an incomplete timeout utility. An attacker can send a resource containing an evil regex pattern that causes catastrophic backtracking, exhausting CPU resources and causi...

긴급 취약점
CVE-2026-55518 · avo-hq avo 취약점

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach_<association>? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run the same authorization check before mutating the association through Avo::AssociationsController#create. An authenticated low-privileged Avo user can bypass hidden or disabled attach controls and directly attach related records to a parent record by sending a crafted POST request, which...

긴급 취약점 (CVE)

전체보기

KISA 최신 정보

전체보기

오늘의 보안 브리핑

전체 브리핑 보기
DAILY SECURITY REPORT

2026.07.18 · 당일 종합

오늘 하루 보안 요약

CVE-2026-41699 · Spring for GraphQL이 오늘의 최우선 검토 대상입니다. 심각도만으로 일괄 대응하기보다 영향 제품 보유 여부와 외부 노출 여부를 기준으로 조치 순서를 정해야 합니다.

  1. 01
    취약점 · 업데이트CVE-2026-41699 · Spring for GraphQL
  2. 02
    취약점 · 업데이트CVE-2026-54433 · Roundcube Webmail
보고서 구성주요 이슈 · 영향 분석 · 운영 조치 · 계속 볼 신호
오늘 보고서 읽기 →
최근 업데이트된 정보
보안뉴스·취약점·KISA에서 최신 등록 정보를 확인합니다.
긴급 CVE
실제 악용 여부와 조치 우선순위를 확인합니다.
KISA 최신 정보
보안공지·취약점정보·보고서·경보단계를 확인합니다.
오늘의 보안 브리핑
오늘 확인할 보안정보를 한 번에 정리합니다.브리핑 보기 →
많이 본 이슈
조회가 많은 보안 뉴스와 취약점을 게시판에서 확인합니다.인기 이슈 보기 →

글로벌 공격 관측 현황

전체보기

SANS ISC DShield · 글로벌 관측

자세히 보기 →
위협 단계GREEN
관측 이벤트15,125,948
주요 대상 포트22 / 23 / 51413
관측 출발지147,733
최근 7일 공격 관측 추세기준일 2026-07-16
0500만1000만1500만2000만1322만7.101588만7.111477만7.121427만7.131491만7.141463만7.151513만7.16
출처: SANS Internet Storm Center DShield최종 갱신: 2026. 07. 18. 07:16