Tenable Product and Research Update Newsletter - April 2025...

Tenable Web App Scanning

Tenable WAS now supports Pause Windows, giving you precise control over when scans can run. This is ideal for production environments where scanning during peak hours could impact performance. Define windows of time when scans should automatically pause, and they’ll resume right where they left off—no more restarting from scratch or breaking scans into pieces.

This release also includes manual Pause and Resume controls, available via both the user interface and API. Pause Windows and Pause/Resume both support multi-FQDN scans, helping ensure broader coverage with less disruption.

For more information, see the Tenable Web App Scanning documentation.

Tenable Webinars

CUSTOMER UPDATE WEBINARS

Tune in for product updates, demos, how-to advice, and live Q&A to help you get more value from your investment in Tenable solutions. 

LIVE  

May 2025 

• Tenable Nessus, May 6, 2025, 1 pm ET: Effective use of Nessus reporting options.
• Tenable OT Security, May 7, 2025, 11 am ET: Join us to explore new features and capabilities in Tenable OT Security 4.2.
• Tenable Vulnerability Management, May 7, 2025, 1 pm ET: Key things to know about using remediation scans for identifying fixed vulnerabilities.
• Tenable One, May 8, 2025, 11 am ET: Learn how Exposure Signals and the new Installed Software capability help you enhance prioritization and achieve your risk reduction goals.
• Tenable Security Center, May 8, 2025, 1 pm ET:  Understand Tenable Security Center remediation logic.

ON-DEMAND 

April 2025

• Tenable WAS: Explore the recent Tenable Attack Surface Management integration with Tenable WAS.
• Tenable Nessus: Identify potential attack paths using port scanning and service discovery.
• Tenable Vulnerability Management: Create scans using the Tenable API and PyTenable.
• Tenable One: Learn how new Tenable One updates streamline navigation and improve access to important exposure context.
• Tenable Security Center: Learn how to do asset-based reporting using the Iterator in Tenable Security Center.

CUSTOMER OFFICE HOURS 

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APAC). Learn more and register here.

OTHER WEBINARS OF INTEREST

• May 13, 2025: How Public Sector Orgs Secure Smarter with Exposure Management
• April 23, 2025: Cloud Security Without Identity Isn’t Cloud Security at All (2 of 4)
• April 17, 2025: 2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud
• On-demand: How does an industry leader like Tenable protect its own cloud environments?
• On-demand: Detox Your Cloud: Proactive Risk Prioritization in a Multi-Cloud World

FOR MORE WEBINARS

Please visit tenable.com/webinars for the most up-to-date schedule.

Tenable Research

Security Response Team

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare: Five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.

Tenable Research reports and blogs

Who's Afraid of AI Risk in Cloud Environments? The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability, and that risky permissions defaults plague AI developer services. Find out what to know as your organization ramps up its AI game.

Vulnerability detections

Over 1,5766 new plugins were published between March 14 and April 11, with 178 having a CVSSv3 severity rating of critical.