Check out our April newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. 

EXPOSURE 2026 

The Tenable Exposure Management Conference

There’s still time to register for EXPOSURE 2026, the first and only in-person event dedicated to exposure management for the AI era.  Join us in Boston, Mass., from May 19-21, 2026, to:

• Get a practical blueprint for securing your AI attack surface.
• Hear real-world strategies from the industry’s top security executives.
• Master new techniques in hands-on labs and exclusive training sessions.

Register now!

 

Product update: Standardizing Tenable risk scoring

Coming July 1: A new standard for VPR

For the past several months, many customers have utilized VPR (Beta) to gain deeper insights into exploitability. We are excited to announce that on July 1, this model will be promoted to the primary Vulnerability Priority Rating (VPR) across the Tenable platform. By standardizing on this advanced model, we are retiring legacy VPR scoring to ensure every customer benefits from our most sophisticated threat intelligence. We're also enhancing our asset classification engine. As a result, customers with access to Asset Criticality Ratings (ACR) will see these scores more accurately reflect real-world business risk. Read the full update on Tenable Connect.

 

Tenable Cloud Security 

Stop chasing ghosts. Start fixing what's actually exposed.

This month, we’re trading “potential risk” for proof.

Spotlight: Reachability, validated

Network Scanner results now feed directly into our core risk engine. Instead of flagging every internet-facing asset, Tenable dynamically confirms what’s actually reachable across AWS, GCP, Azure, and OCI, so you chase toxic combinations on truly exposed assets, not shadows behind a WAF.

Also new

• Unified accounts page. One view for every cloud and identity account. Goodbye, provider silos.

More wins for your team

• Protect dev velocity. Exclude unresolvable CVEs from container scans so noise doesn’t break builds.
• Effortlessly scale triage. Turn any Explorer investigation into a permanent automation rule.
• Automate least privilege. Auto-generate custom roles for over-privileged Entra ID and GCP groups based on real usage.
• Find what others miss. Updated engine surfaces vulnerabilities buried in nested JAR files.

View full release notes →

 

Tenable Vulnerability Management

Introducing VM-Native OT Discovery 

Safely identify and profile connected PLCs, HMIs, and IoT devices using the vulnerability management toolset you already own. No specialized hardware or complex deployments required. Turn your existing IT security tools into a safe OT discovery engine today and get visibility into your IT/OT security gap.

Watch the guided demo to see this new capability in action. Review the latest documentation for Scan Templates and Discovery Settings to get started.

Find and fix hidden risks across your infrastructure

To protect your environment, you need a clear view of every asset and vulnerability. New reports and dashboards give you visibility to find hidden exposures in your Java, database, and operating system layers before they lead to a disruption.

Identify every Java vulnerability: Go beyond a simple update to secure Java and see how unmanaged applications expand your risk.

• Java visibility and exposures dashboard: Get a full view of your Java ecosystem to find legacy flaws and library exploits that could give attackers access to your internal network.
• Java visibility and exposures report: Turn complex scan data into a clear map of your assets to find hidden weaknesses in unpatched installations before they cause a disruption.

Prioritize your database security: Protecting your data depends on knowing which databases are most vulnerable. This new report and dashboard help your team close exposures and meet audit requirements by highlighting critical gaps.

• Database application visibility and exposures dashboard: Use this one-stop shop to see all supported and unsupported databases in one place. You can quickly see which assets are exploitable or have been active for too long, so you know what to patch first.
• Database visibility and exposures report: Streamline your compliance audits and vulnerability assessments with a clear breakdown of your database risks and best practices. 

Inventory your assets and improve scan accuracy: Full visibility requires knowing exactly what is running on your network. 

• Operating system and application inventory with data troubleshooting report: Get a high-level summary of your OS and application instances. Includes specific queries to help you identify and fix scan fidelity issues for data accuracy and effective security operations.

 

Tenable Nessus

We’re thrilled to announce that Tenable Nessus v10.12 is now available for early access, with general availability expected later this month. This release streamlines your workflow with a revised interface and updated security protocols.

• Organize scans: Simply drag and drop existing scans from a list view directly into a folder or directory for easier organization.
• Import files: Instantly import a scan file (like .nessus) by dragging it from the local desktop into Nessus.
• OpenSSL 3.5 support: Nessus now fully supports OpenSSL 3.5, ensuring your vulnerability assessment operations meet the latest cryptographic standards.
• FIPS-140.3 support: Support for the FIPS 140-3 standard has been added.

View Nessus 10.12 product documentation for more info

 

Tenable Security Center

Tenable Security Center 6.8 

Focus on the vulnerabilities that truly matter with AI-powered VPR insights and clear mitigation guidance. This release streamlines your operations with unified asset repositories for IPv4, IPv6, and Agents, and improves efficiency with new background query processing and scan optimization tools.

Foundational visibility for cyber-physical systems with VM-native OT Discovery 

We recently added native OT discovery capabilities in Tenable Security Center, allowing you to quickly map unknown/unmanaged cyber-physical systems (PLCs, IoT devices, etc.) using the tools you already own. Get insight into mission-critical OT assets across your network without risking disruption or the need for additional agents or add-on purchases.

Find out how to configure your first scan here.

View full release notes → 

 

Tenable OT Security

Introducing Tenable OT Security 4.6

Our latest release introduces a variety of new features and performance enhancements, including refined scan controls and streamlined workflows for large-scale enterprise environments. 

• Massive subnet scaling: Now supports up to 5,000 subnets per ICP, significantly increasing visibility for distributed large enterprise deployments.
• Centralized network management: A new Monitored Networks page includes bulk-add capabilities and the ability to stage inactive networks before monitoring.
• Precision scanning: New scan customization options allow you to define specific credential usage per scan for safe discovery of sensitive assets.
• Streamlined platform navigation: Updated workflow for SSO/SAML users allows you to instantly pivot back to the Tenable One platform with a single click.
• Remote agent updates and query restrictions: Update OT agents directly from the ICP, remove local site visits or manual CLI intervention, and restrict specific protocol queries with OT agents.
• Enhanced diagnostics: Deeper metadata in asset log exports for faster troubleshooting.
• IoT connector updates: Major stability and performance upgrades for Milestone, AvigilonES, and Exacq Edge integrations for IoT asset discovery.

Update required: Tenable OT Security 4.5 Service Pack (version 4.5.61)

All customers running version 4.5 should apply this upgrade immediately for optimal system stability and performance when processing high volumes of network conversations. This update also addresses communication gaps with Rockwell Stratix devices and Nessus scans.

View full release notes → 

 

Tenable Identity Exposure

Sharper signal. Steadier platform.

This month, we are  making the detections you rely on more precise, and the platform underneath more resilient.

Detections that cut through the noise

• Golden Ticket IoA, now directory-aware. Smarter logic means fewer false positives and fewer missed hits in multi-domain environments.
• Richer PetitPotam context. Detections now surface hostnames and source IPs, so triage starts with answers, not questions.

Platform you can count on

• Accurate API pagination. Iterate through result sets cleanly for faster, more reliable reporting.
• Self-healing listeners. RabbitMQ and Sysvol connections now auto-recover after restarts or network blips.

View full release notes →

 

Tenable PCI ASV

Tenable PCI ASV interface update

The Tenable PCI ASV interface will change on or around May 8, 2026, to simplify your compliance workflow. Changes will not affect your data, scan history, attestation records, or scan configurations.  Here’s what’s changing:

• Renamed actions: Submit PCI is becoming Import to ASV Workbench, and the In Remediation tab changes to Scan Customer Review.                                      
• Easier review: A new Accept button and compliance dialog let you confirm requirements in fewer clicks, with a progress indicator to track your status in real-time.                                                     
• Unified vulnerability view: Failures and Disputes merge into a single Vulnerability Review & Disputes tab.                                                                                                           
• Updated Navigation: The Submit to ASV Review button is moving to a more intuitive position in the workflow.

The changes will happen automatically. You don’t need to take action. Questions? Contact Tenable Support or your Customer Success Manager.

 

Tenable Training and Product Education

Enhanced Tenable Vulnerability Management training now available

Maximize your security investment with the redesigned Introduction to Tenable Vulnerability Management course, available at no cost in Tenable University. This updated experience includes interactive elements, demonstration videos, and knowledge checks to help you quickly gain practical expertise. You will navigate the latest user interface with ease while implementing recommended settings to optimize your platform configuration from day one.

Tenable Connect

Join the Tenable Connect Office Hours group

Missed a live Office Hours session? No problem! We are excited to launch the official Office Hours group to provide you with a centralized hub for Office Hours sessions and support. 

When you join the group, you’ll be able to:

• Watch recordings: Access the library of past regional Office Hours sessions at your convenience.
• Review key Q&As: Review important questions and expert answers from every call so you can find solutions without watching the full video.
• Search with ease: Use Tenable Connect’s unified search to find specific topics discussed across any of our recorded sessions.

Don't miss a beat! Join the group to catch up on the latest sessions and stay ahead of the curve. And register for upcoming live Office Hours sessions here.

 

Tenable Webinars

Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at tenable.com/webinars.

On-demand 

Tenable customer update: April 2026: Watch this quarterly Tenable customer update to learn how to use AI to augment your security team, secure your expanding AI attack surface, uncover hidden risk across your connected IT/OT environments, and more. Products covered: Tenable One, AI Exposure, Tenable Vulnerability Management, OT functionality, third-party data connections, and Tenable Security Center. 

Customer Office Hours 

Recurring ask-me-anything sessions for Tenable One, Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including Middle East and Africa), and Asia Pacific (APJ). Register here. 

 

Tenable Research

Research Security Operations blog posts

Subscribe to the Research team blog posts here.

• The hidden cost of AI speed: Unmanaged cyber risk
• Supply chain attack on Axios npm package: Scope, impact, and remediations

Research release highlights

Potential Vulnerabilities:  Tenable Research is officially introducing Potential Vulnerabilities. A potential vulnerability is a finding that has a lower degree of certainty as to whether the assessed application is or is not vulnerable.

Improvement to printer OS fingerprinting: Scanned printers will now have an OS artifact surfaced in their scan host metadata if the target has been identified as a printer when the Scan Network Printers policy option is disabled. 

Content coverage highlights

• Almost 4,500 new published vulnerability plugins.
• More than 130 new audits delivered to customers.

 

Read Tenable documentation.