August 2025 Product & Research Update Newsletter
Greetings! Check out our August newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Click here to download and read the newsletter as a PDF. Thank you! Tenable is the only vendor to be named a Customer’s Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Vulnerability Assessment. In this report, Gartner Peer Insights analyzes 1,090 reviews and ratings of nine vendors in the vulnerability assessment market. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your vulnerability assessment program. You can read the report here. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Making the Headlines Tenable Cloud Security named Major Player: In its first MarketScape for CNAPP, IDC named Tenable a Major Player after a deep evaluation of our capabilities, strategies and more. Huge thanks to all who participated in the IDC customer interviews. See the press release. Tenable Cloud Security Risk Report 2025. Have you read our cloud research team’s latest report, released in June? Make it part of your summer reading! Discover today’s top cloud risks, and how Tenable helps you stay secure: Report Webinar PR Our cloud research team never sleeps. Check out the latest discovery from our stellar team. See the blog: OCI: Remote code execution Workload Protection: Bottlerocket Monitoring and On-Demand AMI Scanning Keep reading about Tenable Cloud Security updates here. Tenable One Welcome to Tenable One Monthly Releases! Tenable One is shifting to a monthly release cadence to bring you valuable improvements more frequently. This month's release delivers streamlined workflows, smarter logic and expanded functionality. Release Highlights: New public API: Easily fetch Tenable One data into your ecosystem to automate workflows, power custom reports and streamline security operations. See Open API documentation Extended findings context: Gain deeper risk visibility with expanded findings data, now available across the platform for quicker investigations. APA is FedRAMP-Authorized: Tenable Attack Path Analysis is now FedRAMP approved for use in U.S. federal and government environments! New VPR scoring in Tenable One Inventory (Beta): We recently introduced a new VPR scoring method in Tenable Vulnerability Management. This method uses machine learning and broader threat intelligence to cut noise and highlight the top 1.6% of critical threats. This enhanced scoring is now also available in Tenable One Inventory, shown in a separate Beta column alongside your existing score. See solution overview Exposure Signals from Global Search: Create custom Exposure Signals directly from global search to streamline workflows and act faster on critical insights. Self-serve connector troubleshooting: The Connectors tab now provides greater status visibility and smarter error handling, with AI summaries and step-by-step guidance to help you resolve issues on your own. Same-source deduplication logic: Use the new Settings tab to manage how you cluster assets from the same source, so you have more control over asset merging and visibility. Dashboards enhancements: Get more refined insights and better performance with new widget-level filters, additional chart types, an improved Power BI data model and more. -> Explore all platform enhancements Tenable Identity Exposure OWASP non-human identity (NHI) Top 10: What customers need to know Machine identities now outnumber human users, and they’re often far less protected. Attackers know this and exploit non-human identities (NHIs) to move laterally, escalate privileges and maintain persistence. Tenable Identity Exposure helps you detect and manage risk across NHIs, mapped to the OWASP NHI Top 10, so you can stay ahead of evolving attack surfaces, especially across Active Directory and Entra ID. Want a deeper dive? Watch the on-demand webinar: Rage Against the Machines: How to Protect Your Org’s Machine Identities. Explore the user guide to start securing your NHIs today. Tenable Vulnerability Management (TVM) Enhancements to VPR now available! Tenable is thrilled to announce the general availability of enhanced Tenable Vulnerability Priority Rating (VPR) in the new Explore views and the Vulnerability Intelligence section within Tenable Vulnerability Management. These updates enable you to: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this so your teams can focus on just 1.6% of vulnerabilities that represent actual risk to your business. You can now leverage an even broader spectrum of threat intelligence and real-time data input to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new large language model (LLM) powered insights deliver instant clarity to quickly understand why an exposure matters, how threat actors have weaponized it and get clear, actionable guidance for mitigation and risk reduction. See Vulnerability Intelligence for more information. Prioritize with industry and regional context: New metadata provides crucial context to understand if a threat actor is targeting a vulnerability in your specific industry or geographic region. Leverage advanced querying and filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views for faster investigations and response workflows. Original VPR and the enhanced VPR ('VPR (Beta)') scores will coexist for a period of time in Tenable Vulnerability Management. We will communicate future deprecation of the original VPR in advance. For more information, see: Interactive demo Technical white paper FAQ Scoring Explained documentation Tenable OT Security Tenable OT Security 4.3: Enterprise-wide visibility and control Our latest release delivers powerful new features to enhance visibility and control across your operational technology (OT) environment and extended attack surface. Key updates in this release include: OT Agent for Windows: Extend asset discovery to hard-to-reach areas and embedded IoT systems with our new OT Agent for Windows. This lightweight, easy-to-deploy agent leverages your existing IT infrastructure to close critical visibility gaps without the need for additional hardware. Manage agents from a centralized dashboard view, with the ability to configure and schedule asset discovery and other preferences to ensure comprehensive and reliable coverage. ⚙️ Streamlined asset management: Accelerate investigations and better organize your OT/IoT inventory with new asset tags and groups. This new feature extends tagging functionality, making it easier to search for assets and reflect the structure of your environment. For Tenable Enterprise Manager users, we've also added the ability to perform centralized data updates and ruleset changes for multiple sites in batches or simultaneously, ensuring consistent administration across distributed locations. Enhanced Tenable One data integration: New data integrations allow you to accelerate investigations and proactively remediate OT risk. Tenable OT Security now reports policy events as Findings in Tenable One, giving you more visibility into events like controller code modifications and intrusion detection. This means Tenable One users can now filter for “Policy Violations" to quickly identify and address potential risks to OT environments. Additional enhancements in Tenable One include a set of new OT-related Exposure Signals, new data integrations for attack path analysis and MITRE ATT&CK mapping capabilities, and more. Additional user interface enhancements in v4.3: Asset serial number lookup via inventory Updated Sensor page navigation System Log pagination For more information, watch the latest customer update and review the full release notes. Tenable Web App Scanning API assessment enhancement: Support for GraphQL GraphQL API Assessment is now live in Tenable WAS! Use case and impact: APIs are the foundation of modern web applications and a high-value target for attackers. While Tenable already supports scanning RESTful APIs, an increasing number of applications now use GraphQL, a modern and flexible query language. With the addition of GraphQL scanning, Tenable now provides broader coverage across the modern API attack surface to help customers secure both REST and GraphQL-based applications. To get an idea of the rising popularity, both Tenable OT and Tenable Cloud Security are GraphQL APIs! For more information, see Scan Templates and Launch an API Scan in the Tenable Web App Scanning User Guide. Tenable Nessus End of support for Terrascan in all Nessus versions Tenable announces the End of Life for Terrascan in Nessus. The last day to download the affected product(s) will be Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education We have refreshed the Tenable Education web page to help you find training across our product lineup that meets your expertise, budget and schedule. You can filter courses by product, review schedules by geographic region and easily identify no-cost courses. Additionally, we recently updated and reorganized the Frequently Asked Questions (FAQs) section for easier navigation. Tenable Research Research Rapid Response Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) Oracle July 2025 Critical Patch Update Addresses 165 CVEs CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server Feature Release Highlights Azure Linux 3 Vulnerability Detection Nutanix Prism Central PAM Support Cisco Meraki Integration New Exposure Signals for OT and CS have been released for Exposure Management New Artificial Intelligence (AI) / Model Context Protocol (MCP) Detections More than 2,000 New Vulnerability Detections in July! Research Innovations How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector AI Security: Web Flaws Resurface in Rush to Use MCP Servers OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services Tenable Research Advisories SimpleHelp - Multiple Vulnerabilities Gemini Search Personalization Model - Prompt Injection Enables Memory and Location Exfiltration OpenAI ChatGPT Prompt Injection via ?q= Parameter in Web Interface
