Community Update

Introducing Tenable Connect, your new customer community! Check out your new hub to connect, learn and grow with Tenable. Here’s what you’ll find:

• Ability to open and manage support cases
• Easy access to the improved account management portal
• Dedicated pages for product resources and training
• Discussion boards and opportunities to engage with your peers and Tenable

Log into Tenable Connect before July 1 for a chance to win a limited edition Tenable Connect t-shirt!

Tenable Identity Exposure

Tenable’s Research-Driven Identity Defense Expands

Tenable continues to deepen its coverage of real-world identity risks with a series of new indicators of exposure (IoEs) across both Active Directory (AD) and Entra ID. 

BadSuccessor—a rare, but forest-level critical, zero-day privilege escalation vulnerability in AD, was recently disclosed. Introduced with delegated Managed Service Accounts (dMSAs) in Windows Server 2025, its exposure depends on the presence of a 2025 domain controller, but the impact can be severe. An attacker with the right permissions could use a dMSA to inherit domain admin-level access and compromise the entire forest.

Tenable has responded quickly with a dedicated IoE: BadSuccessor – Dangerous dMSA Permissions, now available in Tenable Identity Exposure (SaaS) v3.95. This detection flags risky dMSA inheritance paths that could enable exploitation, helping organizations stay ahead even in the absence of a Microsoft patch.

Review Tenable’s technical advisory and FAQ for detailed context.

More IoEs targeting real-world risk

Other new IoEs target misconfigurations and gaps attackers routinely exploit, spanning Tier 0 risks in AD and hygiene issues in Entra ID. Each IoE is designed to be practical, observable and relevant, shaped by real attack behaviors, not just theoretical risks. Check out this product documentation for more information.

Active Directory 

• Tenable IoE “Sensitive Exchange Group Members”
• Who really sits in the most privileged Exchange groups: a Tier‑0 foothold.

• Tenable IoE “Exchange Permissions”
• Risky ACLs where Exchange rights bleed into domain control.

Entra ID

• Tenable IoE “Users Allowed to Join Devices”
• Tenant setting that lets any user enroll a rogue workstation.

• Tenable IoE “Managed Devices Not Required for Auth”
• Conditional‑access gap allowing unmanaged logins.

• Tenable IoE “Auth‑Methods Migration Incomplete”
• Legacy authentication policy is still exposed.

• Tenable IoE “Dangerous Application Permissions”
• Third‑party app scopes that can exfiltrate data.

• Tenable IoE “Risky Users Without Enforcement”
• Risk‑based access policy missing for high‑risk accounts.

Tenable Cloud Security

Reminder: Tenable Cloud Security requires you to log in to view documentation. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. 

Enhanced CVE detection and customizable severity metrics

Tenable Cloud Security now enhances CVE detection by integrating Tenable's vulnerability logic, leveraging the Tenable vulnerability data lake (TVDL) and Nessus. This improves accuracy and coverage in detecting new CVEs regardless of National Vulnerability Database (NVD) delays. The integration aligns CVE detection between Tenable Cloud Security and Tenable Vulnerability Management, reducing inconsistencies and boosting reliability within Tenable One. Users can select which CVE severity metric to display first: CVSS (static) or VPR (dynamic, factoring exploit likelihood). The metric chosen as primary impacts finding creation: severity changes can cause related findings to open or close.

Just-in-time by resource groups and recurring access 

Thanks to your feedback, Just-in-Time (JIT) access is now even more powerful and flexible. Azure users can request access at the resource group level, not just by subscription, giving you greater granularity and control across your cloud environments. And for all JIT users, building on existing immediate/scheduled access request support, we’ve added recurring access scheduling — to better support business workflows, such as a contractor needing project access for a specified repeat duration or the need for access to a routine audit that lasts a full quarter. Easily set daily, weekly or monthly schedules with end dates — all through an intuitive UI. Consider using recurring access to replace standing permissions that some JIT users may still have, for more granular time-bound least privilege.

Powerful Tenable cloud vulnerability insights within ServiceNow

Tenable now integrates with ServiceNow’s new Vulnerability Response platform, enabling you to seamlessly import prioritized, actionable vulnerability data directly into ServiceNow. This streamlined integration, which also supports government environments, helps teams focus on what matters most by aligning Tenable findings with your existing remediation workflows, making it easier to act fast on critical risks. Already using ServiceNow ticketing? You can now sync Tenable findings with ServiceNow incidents, mapping severity and status to priority and state (such as open findings to new incidents). Note: Syncing incident states requires additional permissions and configuration within ServiceNow. 

Selectively scan data resources by exclusion tags

You can now add exclusion tags to fine-tune scans of both managed databases and object storage in Tenable Cloud Security. Exclusion tags enable you to scope out resources starting from the next scanning cycle by specifying tags as configured at the resource level, for tailoring scans to your environment. This new capability helps you decrease costs by reducing unnecessary resource usage.

Object storage comes to OCI

As part of our growing capabilities around Oracle Cloud, Tenable Cloud Security now offers data analysis of object storage buckets in OCI. Out of the box, the feature is on a par with all other object storage that Tenable Cloud Security supports and is part of routine CSPM onboarding. In other updates, new dynamic scan scoping by tag is also supported for OCI.

Tenable Vulnerability Management (TVM)

Tenable Data Stream (TDS) now supports the streaming of TVM Host Audit Findings data as well as WAS assets, tags and findings data.

TDS already supports TVM host assets, tags and vulnerabilities data streaming to AWS S3 buckets and is used by some of the largest TVM customers. Learn more about TDS here.

Besides the new payloads, there are a few more improvements:

1. Additional new fields in TVM findings payload like Resurfaced Data and Time Taken to Fix
2. Grouping of the files written in the AWS S3 buckets is now based on timestamp, resulting in fewer files written, which in turn improves consumption and reduces latency. (Previously, this was based on both scan ID and timestamp, which resulted in writing a large number of small files.)

Tenable Patch Management

Tenable Patch Management now supports Red Hat Enterprise Linux (RHEL)

We’re excited to announce that Tenable Patch Management (On-Prem) 9.2.967.20 now supports RHEL 8 and RHEL 9. This release also includes performance improvements, bug fixes, and an important security update to Java 17 JRE. Please note that Patch Notification Bots using WhatsApp require review and modification as they can no longer be combined with other providers.

Please visit here for a list of third-party applications covered. Note: We are always adding more. 

For more information, please read the Tenable Documentation and Release Notes and visit the Downloads Portal for the latest version.

Tenable OT Security

Upgrade to Tenable OT Security 4.2 to unlock new layers of visibility across your OT/IT environment. Key enhancements in this release include:

• Advanced SNMP-based asset discovery: Gain deeper OT network topology insight. Our new SNMP Crawler discovers and maps all connected devices and switches, including previously hidden ones, down to the specific switch port.
• Intelligent hardware lifecycle management: Proactively manage obsolescence with EOL tracking for OT/IoT assets from vendors such as Schneider Electric and Siemens, complementing existing software EOL capabilities.
• Flexible Windows-based deployment (beta): Install OT Security sensors directly on Windows devices — ideal for segmented subnets or where deploying dedicated physical hardware appliances isn’t feasible.
• Enhanced IoT & VMS risk insights: With improved IoT connectors and expanded VMS support through enhanced credentialed authentication, extract richer data from IoT devices and VMS (including asset names, models and stream details).
• Navigation enhancements: A redesigned main menu and intuitive side panel simplify access to critical OT data, speeding workflows and improving usability.

Additional improvements:

• Fewer operational reboots 
• New vulnerability detections
• Expanded virtualization support for Microsoft Hyper-V and KVM-based platforms
• Upgraded embedded Tenable applications (Nessus, Nessus Network Monitor)
• Expanded Device Fingerprint Engine coverage for devices from various vendors

To learn more about what’s new in Tenable OT Security, watch the latest customer update or review the release notes.

Tenable Security Center

Patch 202505.1 is now live 

This patch addresses high-severity CVEs in SQLite. It applies to SC versions 6.5.1 and 6.4.x and requires manual application.

• Release notes for 6.5.1 and 6.4x
• Download: https://www.tenable.com/downloads/security-center

Security advisory: https://www.tenable.com/security/tns-2025-09

Tenable Ecosystem

Tenable Plugin for Jira on-premises v10.4.1 now supports Tenable Web App Scanning

We’re excited to launch Tenable Plugin for Jira v10.4.1. This release includes:

• Support for Tenable Web App Scanning (TWAS)
• Security update
• Cleaner logs regarding API responses
• And bug fixes

For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. 

Tenable App for Splunk v6.1.0

The Tenable App for Splunk v6.1.0 is now available. This release includes:

• Added support for Tenable Web App Scanning (TWAS) and Tenable OT Security (TOT)
• New “Assets Dashboard” for visualizing asset details across TVM, TSC, TOT, TWAS, and TASM

For more information, please read the Tenable Documentation and visit Splunkbase to download.

Tenable Nessus

Early Access Release of Nessus 10.9.0 

We’re excited to announce the early access of Nessus 10.9.0. For standalone Nessus Expert users, this includes web application scanning functionality for Nessus instances in air-gapped/offline environments. For more information, please see our release documentation.

Tenable Training and Product Education

Tenable University is excited to announce the refreshed Introduction to Tenable One course. This course covers key features of the Exposure Management platform, including the workspace, Exposure Signals, Attack Path Analysis, Inventory and more, giving you a strong foundation to understand and act on your exposure data.

Tenable Professional Services

Tenable Professional Services offers two levels of Tenable One Deployment Service, both of which provide a structured, end-to-end approach for implementing and optimizing the Exposure Management platform. With this guidance, your team can gain the visibility, confidence and capabilities needed to actively manage exposure and reduce cyber risk.

Tenable Webinars

Customer Update Webinars

Tune in for product updates, demos, how-to advice and live Q&A to help you get more value from your investment in Tenable solutions. 

LIVE  

July 2025 

• Tenable WAS, July  8, 2025, 11 am ET: Join us for a deep dive into recently released WAS features and capabilities.
• Tenable Nessus, July 8, 2025, 1 pm ET: Testing for specific CVEs with Nessus.
• Tenable OT Security, July 9, 2025, 11 am ET: Learn how Tenable OT Security 4.3 unlocks unprecedented visibility and control across your OT/IT environment.
• Tenable Vulnerability Management, July 9, 2025, 1 pm ET: Credentialed scans versus uncredentialed scans and how to use managed credentials.
• Tenable One, July 10, 2025, 11 am ET: Learn how Tenable One can now ingest important security context from non-Tenable security tools to help better identify, prioritize and reduce cyber risk.
• Tenable Security Center, July 10, 2025, 1 pm ET: OS breakdown: reporting exposures by operating system.

ON-DEMAND 

June 2025

• Tenable Identity Exposure: Join us to explore new features and capabilities in the latest release of Tenable Identity Exposure.
• Tenable Nessus: Discovery scan templates and when to use them.
• Tenable Cloud Security: Just-in-time (JIT) access dramatically reduces exposure from compromised identities. Join us to learn how this capability is enabled with Tenable Cloud Security.
• Tenable Vulnerability Management: Develop exposure response strategies with Tenable Vulnerability Management.
• Tenable One: Learn how Exposure Signals and Installed Software leverage data from your security stack to enrich Tenable One findings and strengthen the impact of your exposure management efforts.
• Tenable Security Center: Learn when and how to use triggered Agent scanning in Security Center.

Customer Office Hours 

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas and Europe (including the Middle East and Africa, and Asia Pacific). Learn more and register here.

Other Webinars of Interest

• June 25, 2025: Research Insights from the 2025 Verizon DBIR: What You Need to Know to Secure Smarter
• June 24, 2025: From Fundamentals to Focus: Enhancing Cloud Security with Tenable - Customer Workshop Series
• June 17, 2025: Beyond Cyber Chaos: How Public Sector Orgs Secure Smarter with Exposure Management
• On-demand: Security Without Silos: How to Gain Real Risk Insights with Unified Exposure Management

For More Webinars

Please visit tenable.com/webinars for the most up-to-date schedule.

Tenable Research

Research Security Operations

Announcement

• Where Capability Meets Opportunity: Meet the Tenable Research Special Operations Team

Rapid Response

• Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
• CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
• CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
• CVE-2025-31324: Vulnerability in SAP NetWeaver Exploited in the Wild

Tenable Research Advisories

• HPE Insight Remote Support Multiple Vulnerabilities
• Siemens User Management Component V2.15 Multiple Vulnerabilities

Feature Release Highlights

• New Plugin Family: Tencent Linux Local Security Checks
• Azure Cloud Infrastructure Scanning for Government
• Windows LAPS Support in Nessus-based scanners
• Over 400  New Vulnerability Detections in June!