Tenable Vulnerability Management

The new “Vulnerability Age: Managing SLAs with VPR” widget is now live in TVM dashboards

This new matrix widget lets you quickly assess vulnerabilities by VPR and age. It is especially useful for tracking compliance with SLAs and policies. Columns display the counts of vulnerabilities discovered within a specified time period, and rows categorize vulnerabilities by VPR range.

The widget is available in these dashboards:

• PCI Quarterly Internal Vulnerability Scanning (Explore)
• Vulnerability Management Overview (Explore)
• PCI Scan Monitoring (Explore)
• Fundamental Cyber Hygiene Report Card (Explore)

Find it in the widget library under its name and add it to your custom dashboards.

Note: Not on the TVM landing page yet? Simply add the Vulnerability Management Overview (Explore) dashboard from the library.

Asset Criticality Rating (ACR)/Asset Exposure Scores (AES) Updates

Tenable Vulnerability Management now includes a new AES (beta) score. We have enhanced our prioritization models with diversified data sources and updated algorithms to further improve exposure score accuracy. These changes should enhance remediation prioritization efforts and explainability. Please check out the knowledge base for more details on algorithm changes.

Tenable Patch Management

Tenable Patch Management now supports Cross-Platform

We’re pleased to announce that Tenable Patch Management now supports Mac and Linux operating systems in addition to Windows. With this release, we now cover over 20,000 third-party applications. 

Please click here for a full list of covered applications, and note that we are always adding more. Check out the related Documentation for additional information and visit the Downloads Portal to download the latest version. 

Tenable Identity Exposure

Find Hidden Risks in Exchange and Active Directory

Attackers target outdated servers and messy AD groups. New Indicators of Exposure (IoEs) help you spot and fix these weaknesses—fast.

Detect Outdated Exchange Servers

• Find end-of-life Exchange servers
• Flag missing critical updates
• Reduce ransomware and breach risks

 See Exchange Server Detection ➔

Clean Up Non-Essential AD Groups

• Flag empty and single-member groups
• Consolidate alerts for faster remediation
• Strengthen AD security and shrink your attack surface

 See AD Group Hygiene ➔

Secure your infrastructure by anticipating threats, detecting breaches, and responding to incidents and attacks. See all Tenable Indicators of Exposure.

Tenable OT Security

Coming soon: Deeper visibility. Smarter asset intelligence. Greater control.

From enhanced visibility and asset discovery to hardware lifecycle intelligence and a new flexible, Windows-based deployment option—this release empowers security teams to manage cyber risk across converged IT/OT environments with confidence.

Join us at  11 am EDT on May 7 for a live customer update and be among the first to see what’s new in Tenable OT Security 4.2. Register here.

Now available: Tenable OT Security 4.1

Our latest release delivered powerful new capabilities for on-prem and hybrid environments—streamlining security operations, simplifying NERC-CIP compliance, and enhancing visibility across complex OT/IoT networks. Additional enhancements include expanded support for electrical substations and threat detection for AI-related risk.

Upgrade to the latest version to unlock the full potential of your security program. For more details, check out the release notes or watch the customer update replay.

Vulnerability and device coverage updates

Recent coverage updates published by Tenable Research include end-of-life plugins for Rockwell devices and plugins for multiple CVEs with critical CvSS ratings for devices from Wiesemann & Theis, Elspec, Sprecher Automation, Schneider Electric, and others. 

Find a detailed breakdown of the latest plugins and supported devices here.

Ecosystem

PyTenable 1.7.4

Tenable is pleased to release pyTenable v1.7.4. This update includes significant usability improvements, including:

• TASM API improvements
• Updated export sub-pkg
• Added metadata change field to the default response

For details, refer to the releases page in GitHub and Tenable Documentation.

Tenable Web App Scanning

Tenable WAS now supports Pause Windows, giving you precise control over when scans can run. This is ideal for production environments where scanning during peak hours could impact performance. Define windows of time when scans should automatically pause, and they’ll resume right where they left off—no more restarting from scratch or breaking scans into pieces.

This release also includes manual Pause and Resume controls, available via both the user interface and API. Pause Windows and Pause/Resume both support multi-FQDN scans, helping ensure broader coverage with less disruption.

For more information, see the Tenable Web App Scanning documentation.

Tenable Webinars

CUSTOMER UPDATE WEBINARS

Tune in for product updates, demos, how-to advice, and live Q&A to help you get more value from your investment in Tenable solutions. 

LIVE  

May 2025 

• Tenable Nessus, May 6, 2025, 1 pm ET: Effective use of Nessus reporting options.
• Tenable OT Security, May 7, 2025, 11 am ET: Join us to explore new features and capabilities in Tenable OT Security 4.2.
• Tenable Vulnerability Management, May 7, 2025, 1 pm ET: Key things to know about using remediation scans for identifying fixed vulnerabilities.
• Tenable One, May 8, 2025, 11 am ET: Learn how Exposure Signals and the new Installed Software capability help you enhance prioritization and achieve your risk reduction goals.
• Tenable Security Center, May 8, 2025, 1 pm ET:  Understand Tenable Security Center remediation logic.

ON-DEMAND 

April 2025

• Tenable WAS: Explore the recent Tenable Attack Surface Management integration with Tenable WAS.
• Tenable Nessus: Identify potential attack paths using port scanning and service discovery.
• Tenable Vulnerability Management: Create scans using the Tenable API and PyTenable.
• Tenable One: Learn how new Tenable One updates streamline navigation and improve access to important exposure context.
• Tenable Security Center: Learn how to do asset-based reporting using the Iterator in Tenable Security Center.

CUSTOMER OFFICE HOURS 

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APAC). Learn more and register here.

OTHER WEBINARS OF INTEREST

• May 13, 2025: How Public Sector Orgs Secure Smarter with Exposure Management
• April 23, 2025: Cloud Security Without Identity Isn’t Cloud Security at All (2 of 4)
• April 17, 2025: 2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud
• On-demand: How does an industry leader like Tenable protect its own cloud environments?
• On-demand: Detox Your Cloud: Proactive Risk Prioritization in a Multi-Cloud World

FOR MORE WEBINARS

Please visit tenable.com/webinars for the most up-to-date schedule.

Tenable Research

Security Response Team

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare: Five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.

Tenable Research reports and blogs

Who's Afraid of AI Risk in Cloud Environments? The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability, and that risky permissions defaults plague AI developer services. Find out what to know as your organization ramps up its AI game.

Vulnerability detections

Over 1,5766 new plugins were published between March 14 and April 11, with 178 having a CVSSv3 severity rating of critical. 

thanks

thanks