Forum Widgets
Recent Discussions
September 2025 product newsletter
Greetings. Check out our September newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. NEW! Tenable AI Exposure We have officially launched Tenable AI Exposure. It helps you see, secure and manage how your organization uses AI tools like ChatGPT Enterprise and Microsoft Copilot across your enterprise. Safeguard sensitive data, stop AI-driven attacks and establish governance for safe AI adoption. Be among the first to try it! Learn more and sign up for the private customer preview here. Tenable One August 2025 release: This month's release delivers faster insights, broader coverage and greater control over your exposure data. Release highlights: Dashboard enhancements: With daily data updates, new chart types and dedicated filters for CISA KEV and end-of-life software, Tenable One dashboards now make it easier to analyze specific risks, communicate impact and speed up response. Tenable On-Prem Connector: Install the Tenable On-Prem Connector to create a secure, encrypted connection to safely bring on-premises exposure data into Tenable One. Get the insights you need without putting your network at risk. Asset information source display: Deduplication in Tenable One is key to ensuring a clean, accurate view of each asset, without redundant information from multiple sources. With this release, the asset details screen now clearly displays the source that populates findings and property information, so your team fully understands and trusts asset data. Dynamic asset tagging: Define dynamic rule-based criteria that automatically apply tags to all Tenable One data for easier customization and greater control over tagging rules. This improvement enables smarter segmentation, precise asset management and deeper analysis across the platform. Explore all platform enhancements Tenable Connect Coming soon: Enhanced Support case experience We're excited to announce a new case creation and management experience. This release will streamline how you open and track cases while leveraging Generative AI to improve search and help you find answers faster. Stay tuned for enablement resources posted within Tenable Connect to maximize this new functionality. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager – or request a demo. Read all about it: New Tenable white paper by Analyst IDC: “Bridging cloud security and exposure management for unified risk reduction.“ This commissioned piece explores the value of exposure management and Tenable strengths. White paper • Blog Featuring fintech customer Snoop. We are honored to share the Tenable story of Snoop, using CIEM and JIT to enforce least privilege. Video [Want to tell your Tenable story? Let your Tenable rep know. We’d love to capture it!] Security alert: Tenable Research detected a supply chain attack in certain Nx build system packages that exfiltrated secrets to GitHub. GitHub has disabled the repos, yet compromised versions may persist. We’ve flagged any affected packages in your Tenable Console (Vulnerability ID: GHSA-cxm3-wv7p-598c). Act now: Update packages and rotate exposed secrets. Platform: Default Home and Favorite dashboards. Set a default Home dashboard to see your most important security insights first, and mark frequently used dashboards as Favorites for instant access. Benefit: These usability updates let you focus on what matters most in your workflow so you can work faster, make informed decisions and keep pace as the platform adapts to your needs. Japanese language support is here. You can now navigate the full Tenable Cloud Security Console in Japanese (switch via your profile menu), and access our documentation portal in Japanese for a smoother, more localized experience. Benefit: Japanese customers are the first to benefit from our new language infrastructure, designed to accelerate the rollout of additional languages. Watch this space! CWP: Workload Protection Clusters filter and column. Identify vulnerable clusters and all related vulnerabilities more easily. (The column is hidden by default.) Resolved filter. In the Workload > Vulnerabilities table, quickly display only vulnerabilities marked as resolved. Benefit: Get clear visibility into cluster-level risks and easily distinguish open from resolved issues to streamline vulnerability management and save time. CSPM: New and updated security best practice support Tenable now supports AWS Foundational Security Best Practices, CIS Azure 2.0, CIS Kubernetes 1.8 and CIS OpenShift 1.5. Benefit: Stay ahead of evolving threats and strengthen your security posture across cloud and container environments. Up-to-date best practices simplify compliance, reduce risk and make it easier to consistently implement proven security controls. DSPM: AWS RDS support for Oracle Data protection scanning is now available for Oracle on AWS RDS, for both Enterprise and Standard license holders. Benefit: Extend visibility into sensitive data stored in Oracle RDS to improve protection and compliance across more of your cloud database environments. Tenable Identity Exposure Tenable Identity Exposure uncovers Storm-0501's cloud identity threats: Financially motivated threat actor Storm-0501 is advancing cloud-based ransomware and hybrid identity compromises to move seamlessly between on-premises Active Directory (AD) and Microsoft Entra ID. Tactics include initial identity exploitation that compromises AD and abuses non-human synced Global Admin accounts in Entra ID, along with malicious persistence, where they establish backdoors by adding rogue federated domains with tools like AADInternals to gain persistent access and impersonation capabilities. Attacker tactic How Tenable Identity Exposure prevents it Initial compromise Flags high-privilege, improperly synced Entra ID accounts from on-prem AD, a configuration Microsoft advises against. MFA bypass Identifies critical, privileged accounts missing MFA, one of the most exploited gaps in hybrid identity attacks. Malicious persistence Detects backdoor federated domains and anomalous signing certificates using multiple indicators of exposure (IOEs), including: Known Federated Domain Backdoor, Federation Signing Certificates Mismatch, Unusual Federation Certificate Validity, Federated Domains List for verification against legitimate IDPs. Tenable Identity Exposure continuous monitoring of IoEs uncovers and aids remediation of critical identity risks before groups like Storm-0501 can exploit them. Tenable Identity Exposure documentation. Tenable Vulnerability Management Streamline ACSC Essential 8 compliance with new dashboards Simplify and strengthen your Essential 8 reporting with Tenable’s new ASD Essential 8 dashboards. These dashboards take your risk-mitigation SLAs to the next level, giving you a clear, real-time view of progress toward ACSC Essential 8 compliance. Quickly spot gaps, track patching and remediation efforts, and demonstrate measurable risk reduction. Monitor internet-facing assets, ensure critical applications are patched, and confidently report on SLA performance, all in one place. Explore the resources to get started: Applying Tenable’s risk-based VM to the ACSC Essential 8 ASD Essential 8 – Patch Applications dashboard ASD Essential 8 – Internet-Facing Assets dashboard Tenable Security Center Critical security patch 202508.1 now available Protect your Security Center deployment with the new patch 202508.1, which fixes critical third-party vulnerabilities in Apache, PHP and SQLite, including CVE-2025-23048, a critical Apache flaw. The update applies to versions 6.4 through 6.6 and must be installed manually. If you’re running 6.5.0, upgrade to 6.5.1 before applying it. For full details, see the release notes, security advisory, and download the patch; this update will be included in future Security Center releases. Tenable OT Security What's new in Tenable OT Security 4.4 The latest version is now available. It introduces several new features and enhancements to improve visibility, streamline workflows, and expand coverage across your industrial environment. OT asset tag data synchronization: Asset tags you create in Tenable OT Security will sync with Tenable One and Tenable Security Center to integrate OT context directly into your enterprise-wide reporting and security workflows. Policy violations dashboard: A redesigned view aggregates disparate alerts and events (e.g. unauthorized access, configuration changes) into unified and actionable Policy Violations to significantly reduce alert fatigue so you can focus on remediating your most critical exposures. Check out this guided demo to see it in action! PLC product file imports: Import PLC project files (starting with Rockwell Automation) to enrich your asset inventory. This provides deep visibility on live or sensitive OT devices without performing active queries. Merge assets: A new workflow helps you find and merge duplicate asset entries for a cleaner and more accurate OT asset inventory. Foxboro DCS support: Gain visibility into Foxboro Distributed Control Systems to extend security monitoring into complex industrial environments. VXLAN support: Analyze network traffic within Virtual Extensible LANs (VXLAN) to monitor assets and activity in modern virtualized data centers. Multi-interface sensor configuration: A simplified workflow allows a single sensor to simultaneously listen on multiple network interfaces to reduce deployment time and complexity. Review the release notes to learn more about what’s new in this release and how to upgrade. Tenable Nessus Reminder: End of support for Terrascan in all Nessus versions Tenable announced the End of Life for Terrascan in Nessus. The last day to download the affected product(s) is Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Reminder: Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education Connectors added to Tenable One Intro course The updated Introduction to Tenable One course in Tenable University now shows you how to connect third-party security tools to the exposure management platform, to give you a unified view of risk across your entire attack surface. This no-cost training is open to customers, partners, prospects and the public. Start learning today at Tenable University. Tenable webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Live Oct 1, 2025: Beyond the endpoint: Exposure management that’s proactive. Why endpoint-first vulnerability management isn’t enough. Oct. 7, 2025: Nessus customer update. Troubleshooting common Nessus issues. Oct. 8, 2025: Tenable Vulnerability Management customer update. Operationalizing AI Aware to discover Shadow AI in your environment. Oct. 9, 2025: Tenable One customer update. Identity security in an exposure management program. Oct. 10, 2025: Tenable Security Center customer update. In-depth guide to user roles and permissions. On-demand September Tenable Nessus customer update: From the ground up – building a custom scan policy in Nessus. September Tenable Vulnerability Management customer update: Using Nessus agents in Tenable Vulnerability Management. September Tenable One customer update: Introducing AI Exposure, and other topics. September Tenable Security Center customer update: Answering the CISO – a guide to Assurance Report Cards. Ecosystem view of risk: Integrate cloud security with your security stack. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) Frequently Asked Questions About SonicWall Gen 7 Firewall Ransomware Activity CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability CVE-2025-7775: Citrix NetScaler ADC and NetScaler Gateway Zero-Day Remote Code Execution Vulnerability Exploited in the Wild Research release highlights Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection Nutanix Prism v4 API Compatibility Excluding the SUSE Linux Snapshots directory from Language Library enumeration Content coverage highlights Almost 17,000 new vulnerability plugins published including new AI Aware detections! Over 25 new audits delivered to customers! Quick links Join the Tenable Connect community Sign up for on-demand training Watch Tenable product education videos — more than 250 videos now available Check out all upcoming and on-demand Tenable webinars Read Tenable documentation: Documentation RSS Feed Tenable Vulnerability Management User Guide Vulnerability Management Release Notes Tenable Web App Scanning User Guide Tenable Web App Scanning Release Notes Tenable Cloud Security User Guide Tenable Cloud Security Release Notes Tenable Identify Exposure User Guide Tenable Identity Exposure Release Notes Tenable Security Center Release Notes Tenable Security Center 6.5 User Guide Tenable OT Security Release Notes Tenable OT Security User Guide Tenable Attack Surface Management User Guide Exposure View User Guide Exposure View Release Notes Asset Inventory User Guide Asset Inventory Release Notes Attack Path Analysis User Guide Attack Path Analysis Release Notes Tenable Nessus Release Notes Tenable Nessus 10.8 User Guide Tenable Nessus Agents 10.8 User Guide Tenable Nessus Agents Release Notes Tenable Nessus Network Monitor 6.5 User Guide Tenable Nessus Network Monitor Release Notes
GA Announcement – Tenable Patch Management 9.3.969.1 (On-Premise)
Release Date: September 22, 2025 Download: Get 9.3.969.1 (https://www.tenable.com/downloads/tenable-patch-management) Changelog: View Release Notes (https://docs.tenable.com/release-notes/Content/patch-management/2025.htm#-Tenable-Patch-Management-9.3.969.1-(2025-09-22) Docs: Tenable Patch Management Documentation (https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/welcome.htm) Ports & Network Requirements: Review Requirements (https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/inbound-and-outbound-ports.htm) Hi everyone, We are announcing the general availability (GA) of Tenable Patch Management 9.3.969.1. This is a major release that includes improvements to the installation process, quality enhancements, critical security updates, and bug fixes across the platform. Tenable strongly recommends upgrading to version 9.3.969.1 for all users. Summary of Highlights in 9.3.969.1: - Improved installer experience for both client and server - New Client Validation Tool to verify deployments - Java security upgrade addressing CVE-2025-30754 (https://nvd.nist.gov/vuln/detail/CVE-2025-30754) - Automatic firewall rule configuration for Linux and macOS clients - Enhanced automation and workflow stability - All clients automatically targeted when license key is added - Installation walkthroughs available via Storylane (https://app.storylane.io/share/pgn3qcolenas) What's New Installation Enhancements - Simplified setup for client and server - Post-installation checks ensure successful deployments - Server installer validates connectivity to cloud services - Linux and macOS installers automatically create firewall rules - New Adaptiva Client Validation Tool: - Verifies successful connectivity to relay, server, and content sources - Works in both silent and interactive installation modes - Logs output to ClientSetupChecks.log - Included in Windows installer and adaptivactl Security Improvements - Upgraded Java Runtime Environment to version 17.0.16 to resolve CVE-2025-30754 - Other improvements to prevent deadlocks and thread pool issues Server Updates New Features - Clients are automatically targeted once a license key is added - New background task syncs blob versions daily at 2 AM (can be configured) Fixes - Improved error handling for cloud uploads - Increased stability in workflows including signing, launching, and editing - Compatibility fixes for multi-factor authentication and password reset - Fixed issues with Business Unit filters and dashboards - Improved API error messages Client Updates New Features - Enhancements to adaptivactl - Pre- and post-installation validation checks - Required port checks for UDP and TCP - Enforced use of --server-guid parameter Firewall Enhancements - Auto-configuration of firewall rules on Debian and Ubuntu via UFW Fixes - Improved handling of patch pauses during Business Unit changes - Resolved Java environment variable issues - Fixed issues related to handling multiple inactivations Release Demos Storylane Walkthroughs (https://app.storylane.io/share/pgn3qcolenas) Questions? Reach out to your Tenable representative or Tenable Support Portal (https://connect.tenable.com/category/support) Thanks to all the teams involved in making this release a success. - Ahmad Maruf Tenable Ecosystem Product Management
Introducing Enhancements to VPR in Tenable Vulnerability Management!
Today, we launched enhancements to Vulnerability Priority Rating (VPR) in Tenable Vulnerability Management. These updates provide unmatched precision, AI-driven insights, and contextual understanding to help your security teams prioritize and remediate vulnerabilities more efficiently. How this benefits you: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this, helping your teams focus on just 1.6% of vulnerabilities that represent actual risk to your business. This is achieved by leveraging an even broader spectrum of threat intelligence and real-time data input used to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new LLM-powered insights deliver instant clarity, helping you quickly understand why an exposure matters, how it has been weaponized by threat actors, and providing clear, actionable guidance for mitigation and risk reduction. Prioritize with industry and regional context: New metadata provides crucial context, helping you understand if a vulnerability is being targeted in your specific industry or geographic region. Leverage advanced querying & filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views, which display Assets and Findings data, enabling faster investigations and response workflows. Both the original VPR and the enhanced VPR (referred to in-product as 'VPR (Beta)') will coexist for a period of time in Tenable Vulnerability Management, ensuring you can make a smooth transition. Future deprecation of the original VPR will be communicated in advance. To learn more about the enhancements to VPR, see the solution overview and click-through demo. For additional information, see our FAQ, release notes, and Scoring Explained help documentation.
What's New in Tenable One: August 2025 Release
This month's release delivers faster insights, broader coverage, and greater control over your exposure data. Release Highlights: Dashboard enhancements – With daily data updates, new chart types, and dedicated filters for CISA KEV and end-of-life software, Tenable One dashboards now make it easier to analyze specific risks, communicate impact, and speed up response. Tenable On-Prem Connector– Install the Tenable On-Prem Connector to create a secure, encrypted connection that lets you safely bring on-premises exposure data into Tenable One—so you can get the insights you need without putting your network at risk. Asset information source display– Deduplication in Tenable One is key to ensuring a clean, accurate view of each asset, without redundant information from multiple sources. With this release, the asset details screen now clearly displays the source used to populate findings and property information, ensuring your team fully understands and trusts asset data. Dynamic asset tagging– Define dynamic rule-based criteria that automatically apply tags to all Tenable One data, providing easier customization and greater control over tagging rules. This improvement enables smarter segmentation, precise asset management, and deeper analysis across the platform. → Explore all platform enhancements
August 2025 Product & Research Update Newsletter
Greetings! Check out our August newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Click here to download and read the newsletter as a PDF. Thank you! Tenable is the only vendor to be named a Customer’s Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Vulnerability Assessment. In this report, Gartner Peer Insights analyzes 1,090 reviews and ratings of nine vendors in the vulnerability assessment market. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your vulnerability assessment program. You can read the report here. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Making the Headlines Tenable Cloud Security named Major Player: In its first MarketScape for CNAPP, IDC named Tenable a Major Player after a deep evaluation of our capabilities, strategies and more. Huge thanks to all who participated in the IDC customer interviews. See the press release. Tenable Cloud Security Risk Report 2025. Have you read our cloud research team’s latest report, released in June? Make it part of your summer reading! Discover today’s top cloud risks, and how Tenable helps you stay secure: Report Webinar PR Our cloud research team never sleeps. Check out the latest discovery from our stellar team. See the blog: OCI: Remote code execution Workload Protection: Bottlerocket Monitoring and On-Demand AMI Scanning Keep reading about Tenable Cloud Security updates here. Tenable One Welcome to Tenable One Monthly Releases! Tenable One is shifting to a monthly release cadence to bring you valuable improvements more frequently. This month's release delivers streamlined workflows, smarter logic and expanded functionality. Release Highlights: New public API: Easily fetch Tenable One data into your ecosystem to automate workflows, power custom reports and streamline security operations. See Open API documentation Extended findings context: Gain deeper risk visibility with expanded findings data, now available across the platform for quicker investigations. APA is FedRAMP-Authorized: Tenable Attack Path Analysis is now FedRAMP approved for use in U.S. federal and government environments! New VPR scoring in Tenable One Inventory (Beta): We recently introduced a new VPR scoring method in Tenable Vulnerability Management. This method uses machine learning and broader threat intelligence to cut noise and highlight the top 1.6% of critical threats. This enhanced scoring is now also available in Tenable One Inventory, shown in a separate Beta column alongside your existing score. See solution overview Exposure Signals from Global Search: Create custom Exposure Signals directly from global search to streamline workflows and act faster on critical insights. Self-serve connector troubleshooting: The Connectors tab now provides greater status visibility and smarter error handling, with AI summaries and step-by-step guidance to help you resolve issues on your own. Same-source deduplication logic: Use the new Settings tab to manage how you cluster assets from the same source, so you have more control over asset merging and visibility. Dashboards enhancements: Get more refined insights and better performance with new widget-level filters, additional chart types, an improved Power BI data model and more. -> Explore all platform enhancements Tenable Identity Exposure OWASP non-human identity (NHI) Top 10: What customers need to know Machine identities now outnumber human users, and they’re often far less protected. Attackers know this and exploit non-human identities (NHIs) to move laterally, escalate privileges and maintain persistence. Tenable Identity Exposure helps you detect and manage risk across NHIs, mapped to the OWASP NHI Top 10, so you can stay ahead of evolving attack surfaces, especially across Active Directory and Entra ID. Want a deeper dive? Watch the on-demand webinar: Rage Against the Machines: How to Protect Your Org’s Machine Identities. Explore the user guide to start securing your NHIs today. Tenable Vulnerability Management (TVM) Enhancements to VPR now available! Tenable is thrilled to announce the general availability of enhanced Tenable Vulnerability Priority Rating (VPR) in the new Explore views and the Vulnerability Intelligence section within Tenable Vulnerability Management. These updates enable you to: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this so your teams can focus on just 1.6% of vulnerabilities that represent actual risk to your business. You can now leverage an even broader spectrum of threat intelligence and real-time data input to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new large language model (LLM) powered insights deliver instant clarity to quickly understand why an exposure matters, how threat actors have weaponized it and get clear, actionable guidance for mitigation and risk reduction. See Vulnerability Intelligence for more information. Prioritize with industry and regional context: New metadata provides crucial context to understand if a threat actor is targeting a vulnerability in your specific industry or geographic region. Leverage advanced querying and filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views for faster investigations and response workflows. Original VPR and the enhanced VPR ('VPR (Beta)') scores will coexist for a period of time in Tenable Vulnerability Management. We will communicate future deprecation of the original VPR in advance. For more information, see: Interactive demo Technical white paper FAQ Scoring Explained documentation Tenable OT Security Tenable OT Security 4.3: Enterprise-wide visibility and control Our latest release delivers powerful new features to enhance visibility and control across your operational technology (OT) environment and extended attack surface. Key updates in this release include: OT Agent for Windows: Extend asset discovery to hard-to-reach areas and embedded IoT systems with our new OT Agent for Windows. This lightweight, easy-to-deploy agent leverages your existing IT infrastructure to close critical visibility gaps without the need for additional hardware. Manage agents from a centralized dashboard view, with the ability to configure and schedule asset discovery and other preferences to ensure comprehensive and reliable coverage. ⚙️ Streamlined asset management: Accelerate investigations and better organize your OT/IoT inventory with new asset tags and groups. This new feature extends tagging functionality, making it easier to search for assets and reflect the structure of your environment. For Tenable Enterprise Manager users, we've also added the ability to perform centralized data updates and ruleset changes for multiple sites in batches or simultaneously, ensuring consistent administration across distributed locations. Enhanced Tenable One data integration: New data integrations allow you to accelerate investigations and proactively remediate OT risk. Tenable OT Security now reports policy events as Findings in Tenable One, giving you more visibility into events like controller code modifications and intrusion detection. This means Tenable One users can now filter for “Policy Violations" to quickly identify and address potential risks to OT environments. Additional enhancements in Tenable One include a set of new OT-related Exposure Signals, new data integrations for attack path analysis and MITRE ATT&CK mapping capabilities, and more. Additional user interface enhancements in v4.3: Asset serial number lookup via inventory Updated Sensor page navigation System Log pagination For more information, watch the latest customer update and review the full release notes. Tenable Web App Scanning API assessment enhancement: Support for GraphQL GraphQL API Assessment is now live in Tenable WAS! Use case and impact: APIs are the foundation of modern web applications and a high-value target for attackers. While Tenable already supports scanning RESTful APIs, an increasing number of applications now use GraphQL, a modern and flexible query language. With the addition of GraphQL scanning, Tenable now provides broader coverage across the modern API attack surface to help customers secure both REST and GraphQL-based applications. To get an idea of the rising popularity, both Tenable OT and Tenable Cloud Security are GraphQL APIs! For more information, see Scan Templates and Launch an API Scan in the Tenable Web App Scanning User Guide. Tenable Nessus End of support for Terrascan in all Nessus versions Tenable announces the End of Life for Terrascan in Nessus. The last day to download the affected product(s) will be Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education We have refreshed the Tenable Education web page to help you find training across our product lineup that meets your expertise, budget and schedule. You can filter courses by product, review schedules by geographic region and easily identify no-cost courses. Additionally, we recently updated and reorganized the Frequently Asked Questions (FAQs) section for easier navigation. Tenable Research Research Rapid Response Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) Oracle July 2025 Critical Patch Update Addresses 165 CVEs CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server Feature Release Highlights Azure Linux 3 Vulnerability Detection Nutanix Prism Central PAM Support Cisco Meraki Integration New Exposure Signals for OT and CS have been released for Exposure Management New Artificial Intelligence (AI) / Model Context Protocol (MCP) Detections More than 2,000 New Vulnerability Detections in July! Research Innovations How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector AI Security: Web Flaws Resurface in Rush to Use MCP Servers OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services Tenable Research Advisories SimpleHelp - Multiple Vulnerabilities Gemini Search Personalization Model - Prompt Injection Enables Memory and Location Exfiltration OpenAI ChatGPT Prompt Injection via ?q= Parameter in Web Interface
🚨 Announcing: Tenable AI Exposure 🚨
AI platforms like ChatGPT Enterprise and Microsoft Copilot are boosting productivity, but they also expand your attack surface. AI Exposure, now in Tenable One, gives security teams the visibility and control they need to see, secure, and govern AI use across the organization. Tenable AI Exposure is currently available as a private customer preview for companies actively using ChatGPT Enterprise and/or Microsoft Copilot. If you are interested in joining this exclusive 120-day preview, please sign up through the form found on our product page. With AI Exposure, customers will be able to: Gain deep visibility into AI usage, including prompts, data flows, and risky interactions Identify misconfigurations or unsafe integrations that may expose sensitive data Monitor for AI-specific threats like prompt injection or other AI attacks Enable enforcement of organizational policies and governance standards for AI usage Deploy quickly without agents or disruptions in five minutes or less 🔍 To learn more about AI Exposure, visit our product page.GA Announcement: Tenable Patch Management 9.3.968.19 (On-Premise) Release
Release Date: July 31, 2025 Download & Instal/Upgrade: Download the latest version (9.3.968.19) here (https://www.tenable.com/downloads/tenable-patch-management) Changelog: See Tenable Patch Management Release Notes (https://docs.tenable.com/release-notes/Content/patch-management/2025.htm#July-31,-2025-) Documentation: Tenable Patch Management Documentation (https://docs.tenable.com/integrations/patch-management/Content/welcome.htm) Hi everyone, Tenable is pleased to announce the release of Tenable Patch Management 9.3.968.19, featuring major feature upgrades, new database server requirements, quality improvements, critical security, and bug fixes across the platform. Tenable strongly recommends upgrading to 9.3.968.19. Key Release Highlights - Cross Platform Installation Enhancements: Cross-platform installers now support runtime parameters, eliminating the need to edit and distribute config files. Use switches similar to the Windows installer. See Tenable Patch Client Installation and Uninstallation (https://docs.tenable.com/integrations/patch-management/Content/client-installation.htm) for guidance. - New Client Auto-Upgrade Feature: A new auto-upgrade process enables clients to seamlessly upgrade to match the server version (9.3+). See Upgrade Tenable Patch Clients Using Automatic Deployments (https://docs.tenable.com/integrations/patch-management/Content/use-auto-deplpys.htm) for steps. - Minimum SQL Server Version Requirement Updated: SQL Server 2017 or higher is now required. Recommended: SQL Server 2019+ with compatibility level 150+. See Database Requirements and Configurations (https://docs.tenable.com/integrations/patch-management/Content/db-req-config.htm) for details. - Resolved SQL Injection Vulnerability: Fixed a SQL injection vulnerability in the login process affecting versions prior to 9.2.XXX, 9.1.XXX, and prior versions. The issue was resolved by implementing parameterized queries. Therefore, Tenable strongly recommends upgrading to 9.3.968.19. See the related Tenable Security Advisory (https://www.tenable.com/security/tns-2025-15) - Microsoft 365 Patching Support: Native Patching Support for the following versions of Microsoft Office: MS 365, Office 2024 LTS, Office 2024, Office 2021, Office 2019 and 2016 (EOL scheduled for Oct 2025), Visio and Project (starting with version 2021). No more manual packaging! Using the new delta updates, monthly updates now reduced to 30-50MB from 3GB per language, saving up to 95% bandwidth. - Fix for Missing DLL Causing Dell Driver Installation Failures: Resolves an issue where Dell drivers failed to install and Compliance Status showed "Non-Compliant" on Clients running 9.2.XXX due to a missing DLL. This release restores the required DLL, ensuring proper functionality for new installations going forward. Please note: Upgraded clients from version 9.1 or 9.0 do include this DLL and will not experience the issue. Server Updates Improvements: -Dynamic Logging Config: Automatically reloads logging settings when config file is updated. -Optimized Bulk Messaging: Default bulk_messaging_batch size reduced from 100 → 25. -Secure Login Queries: Emails are now securely passed via parameterized queries during login. Bug Fixes: -Flexible ACR Input: Now supports both float and integer in ACR field. -Patch Submission Cleanup: Deletes associated strategy records when patch is removed. -Device Status Filtering: Device table only displays relevant product installations. -Workflow Validation: Better validation for runtime expressions in file system operation nodes. -Deployment Approval Checks: Fixed issue where patches deployed without full approval. -STRING_AGG Overflow: Crash resolved when string length exceeds 8,000 chars. -Business Unit & Metadata Health Fixes: Improved accuracy in patch system health and business unit filters. Client Updates New Features: Client Auto-Upgrade UI Support: - Manage upgrade settings. - View current version info. - Pause or trigger upgrades manually. Microsoft 365 Auto-Update Logic: - Disables auto-updates when WSUS is licensed and wsus.O365 = true. - Enables proper scan classification for M365 products. Improvements: -AngularJS upgraded from 19.1.3 → ^19.2.10 -Auto-Reload Logging Config: Log config changes take effect instantly. -jemalloc for Linux Clients: Improves memory efficiency. -Better Filter UI: More readable operators in advanced filters. Bug Fixes: -SMTP Email Blocking: Fixed server startup failure due to invalid SMTP config. -Patch Rescan Delay: Rescan now triggered promptly when patch removed from block list. -macOS VPN Fix: Resolved connection issue over VPN. -Compliance State: Now updates when new patches are found. -UI Menu Fixes: Corrected header icons in User and Patching dashboards. -Data Provider Editor: Fixed switching errors in the data provider settings. - Advanced Filter UI: Enforced correct behavior for NOT operator child conditions. - Folder Search Fix: Resolved parent folder search override in object tables. Questions? We’re a ping away! Reach us at connect.tenable.com. Thanks to everyone involved in making this release happen! – Ahmad Maruf Product Manager Tenable Patch ManagementGA Release 6.1.0 – Tenable Apps on ServiceNow Store Are Now Yokohama Platform Compatible!
Release Date: July 30, 2025 Download and Install/Upgrade: - Service Graph Connector for Tenable (https://store.servicenow.com/store/app/d102bfea1ba46a50a85b16db234bcbf7) - Tenable for ITSM (https://store.servicenow.com/store/app/524caf6e1b246a50a85b16db234bcb3b) - Tenable.ot for Vulnerability Response (https://store.servicenow.com/store/app/b9bcefee1b246a50a85b16db234bcb47) Documentation: ServiceNow Documentation (https://docs.tenable.com/integrations/ServiceNow/Content/Welcome.htm) What’s New: Tenable announces the General Availability of version 6.1.0 for our ServiceNow applications. This release ensures full compatibility with the Yokohama Platform Release. Included Tenable Applications on ServiceNow Store: Service Graph Connector for Tenable, Tenable for ITSM, and Tenable.ot for Vulnerability Response Platform Compatibility: - Tenable Vulnerability Management - Tenable Security Center version 5.7 or later - Tenable OT Security - ServiceNow releases: Washington, Xanadu, Yokohama Required Plugins: If you are upgrading from a legacy version, the following plugins must be installed and updated: Required: - ITOM Discovery License – version 1.0.0 - ITOM Licensing – version 1.0.0 - CMDB CI Class Models – version 1.76.0 - Integration Commons for CMDB – version 2.19.0 Optional (based on use case): - Domain Separation (required when using Domain Separation) - ServiceNow Vulnerability Response – version 23.0.0 (required for Vulnerability Response functionality) - Incident – version 1.0.0 (required for ITSM functionality) Looking Ahead: We are currently finalizing our engineering efforts and are nearing code completion for the upcoming ServiceNow Zurich release. We anticipate that all of our applications will be certified and published either shortly before or soon after the official release. Questions? We're here to help!Reach out to us at connect.tenable.com. Ahmad Maruf Product Manager Tenable EcosystemWelcome to Tenable One Monthly Releases!
Hi Everyone! We're excited to announce that Tenable One is shifting to a monthly release cadence to bring you valuable improvements more frequently. This month's release delivers streamlined workflows, smarter logic, and expanded functionality. July Release Highlights: ✨ New Public API: Easily fetch Tenable One data into your ecosystem to automate workflows, power custom reports, and streamline security operations. 🔗 See Developer Portal Extended Findings Context: Gain deeper risk visibility with expanded findings data, now available across the platform for quicker investigations. ✨APA is FedRAMP-Authorized: Our Attack Path Analysis is now FedRAMP approved for use in U.S. federal and government environments! New VPR Scoring in Tenable One Inventory (Beta): We recently introduced a new VPR scoring method in Tenable VM, using machine learning and broader threat intelligence to cut noise and highlight the top 1.6% of critical threats. This enhanced scoring is now also available in Tenable One Inventory, shown in a separate Beta column alongside your existing score. 🔗 See solution overview ✨ Exposure Signals from Global Search: Create custom Exposure Signals directly from global search to streamline workflows and act faster on critical insights. Self-Serve Connector Troubleshooting: The Connectors tab now provides greater status visibility and smarter error handling, with AI summaries and step-by-step guidance to help you resolve issues on your own. Same-Source Deduplication Logic: Use the new Settings tab to manage how assets from the same source are clustered, giving you more control over asset merging and visibility. Dashboards Enhancements: Get more refined insights and better performance with new widget-level filters, additional chart types, an improved Power BI data model, and more. ➡️ Explore all platform enhancementsGeneral Availability (GA) of version 3.1.0 of the Tenable App for Microsoft Sentinel!
Release Date: July 17, 2025 Hi Everyone! We're excited to announce the general availability (GA) of version 3.1.0 of the Tenable App for Microsoft Sentinel! This release includes several key updates, enhancements, and expanded functionality to help you get the most from your integration. Download and Install the App: Tenable App for Microsoft Sentinel - Azure Marketplace (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/tenable.tenable-sentinel-integration) Documentation: Installation and Upgrade Guide (https://docs.tenable.com/integrations/Microsoft/Azure/Content/install-sentinel.htm) Changelog: What's New in v3.1.0? Updated Python runtime to 3.12 Upgraded pyTenable SDK to v1.7.4 Added Support for Web Application Scanning (WAS) Asset and Vulnerability data ingestion Bug fixes and Architectural Redesign Replaced Queue Trigger functions with Durable Functions Added support for Microsoft's Log Ingestion API, including updated papers and playbooks Important Upgrade Information Do not attempt an in-place upgrade. You must remove the existing Function App and associated resources before deploying 3.1.0. This release conforms to Microsoft's new requirements and uses Microsoft's new Log Ingestion API (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-portal), which relies on Data Collection Rules (DCRs) and Data Collection Endpoints (DCEs). Due to DCR constraints, tables from previous versions are not compatible and cannot be used. For detailed, step-by-step guidance, refer to the official documentation above. Questions? We're here to help! Reach out to us at connect.tenable.com. - Ahmad Maruf Product Manager Tenable Ecosystem
