Python Package Enumeration - Detection Updates
Summary Tenable has updated the Python package enumeration plugins to reduce false positives and to better identify vulnerabilities when multiple packages are present on the scan target. Change Before this update, the Python package enumeration plugins did not attempt to associate detected packages with an RPM or DEB package managed by the Linux distribution. This would cause some packages to report vulnerabilities both based on a Linux distribution vendor’s advisory and a CVE advisory from the Python package maintainer. In addition, some Python packages present through symbolic links (“symlinks”) on a scan target’s filesystem would report as separate files, instead of a single actual file. Finally, some vulnerability plugins did not correctly report when multiple vulnerable Python packages were present on a scan target. After this update, these issues have been addressed. Vulnerable Python packages on Linux assets will be assessed to determine if they are managed by a Linux distribution’s package manager, and if so, will be marked as “Managed” and will not report a vulnerability, unless the Show potential false alarms setting is enabled for the scan. Vulnerable Python packages detected will be assessed to determine if they are files or symlinks, and only the actual file will be reported. However, if multiple actual files are present, vulnerability detection plugins will correctly report all instances. Impact Most customers will notice a reduction in the volume of Python package vulnerabilities reported. Some scan results may show an increase in detected vulnerabilities if multiple independent installs of a Python package are present on a scan target, but this is much less likely. Detection plugins 181215 Python Installed Packages (Windows) 164122 Python Installed Packages (Linux/UNIX) 186173 Apache Superset Installed (Linux / Unix) 196906 AI/LLM Software Report 171433 Apache Airflow Installed (Linux / Unix) 201192 Horovod Detection 198067 Intel Neural Compressor Library Detection 201189 Keras Detection 201190 NumPy Detection 205587 H2O Detection 205584 LangChain Detection 205585 LLama.cpp Python Bindings Detection 206880 MLflow Detection 205586 OpenAi Detection 214312 AWS RedShift Python Connector Detection 205590 Seaborn Detection 205589 Tensorboard Detection 205588 Theano Detection 237200 Tornado Detection 206027 ZenML Detection 200977 PyTorch Detection 201193 Ray Dashboard Detection 201191 Scikit-learn Detection 195192 TensorFlow Detection 195203 Microsoft Azure Command-Line Interface (CLI) Installed (Linux) 208299 DeepSpeed Detection 208127 AIM Detection 208134 BentoML Detection 208126 Google AI Platform (VertexAI SDK) Detection 213710 Gradio Detection 208129 H2O-3 Detection 208135 H2OGPT Detection 208137 Kedro Detection 241433 Model Context Protocol (MCP) Detection 208131 MLRun Detection 208132 Neptune AI SDK Detection 208140 Ollama Detection 208136 Prefect Detection 208139 PySpark Detection 208138 Microsoft RD-Agent Detection 208141 Tensorflow-hub Detection 208130 NVIDIA TensorRT Detection 208133 Weights & Biases Detection 208128 Weights & Biases Weave Detection Vulnerability plugins 210056 NumPy 1.9.x < 1.21.0 Buffer Overflow 210055 NumPy < 1.22.0 Vulnerability - CVE-2021-34141 210057 NumPy < 1.22.2 Null Pointer Dereference 210054 NumPy < 1.19 DoS 213084 Pandas DataFrame.query Code Injection (Unpatched) 211464 torchgeo Python Library < 0.6.1 RCE 192941 Dnspython < 2.6.0rc1 DoS 193912 aioHTTP < 3.9.4 XSS 211644 aioHTTP 3.10.6 < 3.10.11 Memory Leak 211645 aioHTTP < 3.10.11 Request Smuggling 206721 Jupyterlab Python Library < 3.6.8 / 4.0 < 4.2.5 (CVE-2024-43805) 206977 LangChain Experimental Python Library <= 0.0.14 (CVE-2023-44467) 206722 Jupyter Notebook Python Library 7.0.0 < 7.2.2 (CVE-2024-43805) 212710 Pdoc Python Library <= 14.5.1 (CVE-2024-38526) 187972 PyCryptodome < 3.19.1 Side Channel Leak 193202 PyMongo < 4.6.3 Out-of-bounds Read 213287 python-libarchive Python Library <= 4.2.1 Directory Traversal (CVE-2024-55587) 204790 Python Library Certifi < 2024.07.04 Untrusted Root Certificate 206676 Python Library Django 4.2.x < 4.2.16 / 5.0.x < 5.0.9 / 5.1.x < 5.1.1 Multiple Vulnerabilities 214945 Python Library Django 4.2.x < 4.2.18 / 5.0.x < 5.0.11 / 5.1.x < 5.1.5 DoS 237889 Python Library Django 4.2.x < 4.2.22 / 5.1.x < 5.1.10 / 5.2.x < 5.2.2 Log Injection 194476 SAP BTP Python Library sap-xssec < 4.1.0 Privilege Escalation 200807 urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891) 242322 aioHTTP < 3.12.14 Request Smuggling (CVE-2025-53643) 234572 Microsoft Azure Promptflow Python Library promptflow-core < 1.17.2 RCE 234573 Microsoft Azure Promptflow Python Library promptflow-tools < 1.6.0 RCE 241329 Python Library Pillow 11.2.x < 11.3.0 Write Buffer Overflow Target Release Date November 10, 2025
October 2025 Tenable Product Newsletter
Greetings! Check out our October newsletter to learn about the latest product and research updates, upcoming, and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's New in Tenable One: September 2025 Release This month's release delivers deeper visibility, faster analysis, and more flexibility in managing your organization's risk exposure. Dashboard data drill-down: Dive deeper into your dashboards. Investigate the data behind widgets, KPIs, and trends to validate insights and easily explore details. New dashboard widgets: The widget library now includes seven additional built-in widgets for more ways to visualize and analyze your exposure data. Global Search on Findings page: Build and run complex queries directly from the findings page to pinpoint the exact data you need without switching pages. Dedupe: Information order configuration: Control which sources take priority in property deduplication, so your asset inventory always reflects the most trusted data. See all platform enhancements >> Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager or request a demo. New use cases and research insights Three new demonstrations of common Tenable Cloud Security uses to ease your path to cloudsec maturity: Ecosystem view of risk, Complete cloud lifecycle visibility and Cloud misconfiguration identification and remediation. Recently published Tenable research items: Gemini Trifecta: Read about the three (now-remediated!) vulnerabilities Tenable cloud research discovered within Google’s Gemini AI assistant suite. Security advisory: “Shai Hulud”: Find packages potentially compromised by this NPM supply chain attack flagged in your Tenable Console as “advisory vulnerabilities.” Take action: 1) Update/roll back affected packages. 2) Rotate secrets that may have been exposed. A new Insight Brief that explores key observations on complexity gleaned from our recent “State of the cloud & AI security” report. Platform: Usability and reporting/display enhancements Streamlined console navigation: Enjoy the new console navigation menu, fully redesigned for a more intuitive and efficient user experience. This major update helps you find the insights/tools you need faster. Column selection for inventory reports: Customize your inventory reports by selecting specific columns for inclusion. Create more focused, efficient reports with just the information you need. TV mode: View any dashboard in this full-screen, distraction-free mode. Use for continuous, real-time, operational display and broad visibility of security status. CWP - Workload protection Enhanced Vulnerability Priority Rating (VPR): Benefit from Tenable's enhanced VPR, now twice as efficient. Enable teams to focus on just the 1.6% of vulnerabilities posing real risk, with prioritization inclusive of industry/geo context. See the white paper. Improved coverage and accuracy in vulnerability detection: The addition of scoped NPM packages enhances visibility into Node.js workloads. No more flagging in unused kernel versions improves Linux workload vulnerability detection accuracy. Added granularity to Kubernetes workload vulnerability management: Directly map vulnerability findings in container images to specific Kubernetes workloads (e.g., EKS). This enhancement clarifies risk attribution and streamlines remediation by application or team. IAM - Identity and access management Configure trusted vendors: Tenable now lets you mark external vendors as trusted. This helps reduce finding severity and close toxic combinations, and focus monitoring on meaningful external access to make risk management more efficient. Learn more. Automatically remediate unused SSO permissions: Quickly identify and remove inactive SSO groups or users with a single click to streamline your risk mitigation process. This strengthens least-privilege enforcement and reduces identity risk. JIT - Just-In-Time Access Expanded Slack actions: We’ve enhanced Slack support with key actions available in the JIT Portal, including self-revoking active sessions and submitting recurring access requests. These updates make JIT workflows in Slack faster and more productive to drive adoption of this high-value feature. Read about JIT access here. Tenable Vulnerability Management Accelerate plugin testing with quicker agent updates Speed up your plugin testing workflows and deploy the most recent plugins faster using the new Accelerated Plugin Updates feature. This provides an additional toggle within your agent profiles. When enabled, the agent will check in more frequently than the default to look for any changes made to the plugin scheduling section “Select Plugin set from last 30 days.” This increased check-in frequency helps you shorten the time it takes to get tested plugins onto assets. Note that this feature only supports updates to the “Select Plugin set from last 30 days” setting, and does not impact any other plugin update configurations. Find more details in the documentation. Granular control with Agent scan by tag Achieve highly granular control over your vulnerability management by leveraging the new Agent Scan By Tag feature. This empowers you to target your agent scans using both the existing agent group criteria and the asset tags you have defined. This streamlines your scanning workflows by allowing you to zero in on specific asset environments, ownership groups, or criticality levels. Please note, this functionality is currently only supported for scheduled agent scans. To begin configuring your new, targeted scans, read the documentation or release notes. Tenable Nessus Nessus 10.10 Early Access for Nessus 10.10 includes the following features: Global timeout setting to define the maximum duration for a host scan. Support for the upcoming software and plugin updates via scanner profiles for Tenable Vulnerability Management-linked scanners. Support for the upcoming Tenable Vulnerability Management plugin download concurrency feature. Support for the upcoming CPU resource limit setting for Tenable Agents, which will be configurable via agent profiles in Tenable Nessus Manager. To opt in to Early Access, contact your Tenable representative or configure the Nessus Update Plan in the user interface. See release notes. Ended support for Terrascan in Nessus Tenable has ended support for the Terrascan feature, effective Sept. 30, 2025. Terrascan is no longer available for download or supported, and Tenable has removed all related Terrascan functionality from Tenable Nessus. Tenable recommends using Tenable Cloud Security for infrastructure as code (IaC) scanning going forward. For more information, see the Tenable Nessus Terrascan End-of-Service FAQ. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (Preview): Get a modern view of your assets with structured data, advanced filtering, and improved navigation that helps you identify risks faster. Triggered Agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and Reporting Enhancements: Experience faster scan ingest, improved reporting speed, and smoother backend performance that keeps up with your team. Before you upgrade: Version 6.7 supports upgrades from SC 6.3.0 and higher. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now to take advantage of these improvements and keep your environment running at peak performance. Read the release notes or upgrade now. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade Note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. See the release notes and advisories (TNS-2025-20 and TNS-2025-18) for full details and download the patches here. Tenable Patch Management Tenable Patch Management v9.3.969.2 (on-prem) We’re excited to announce Tenable Patch Management (On-Prem) 9.3.969.2. This release includes major feature upgrades, new database server requirements, quality improvements, critical security, and bug fixes across the platform. Key updates include: Cross-platform installation enhancements A new auto-upgrade process enables clients to seamlessly upgrade to match the server version (9.3+). Microsoft 365 Patching Support: Native support for Microsoft 365, Office 2024 LTS, 2024, 2021, Visio, and Project with delta Updates, to reduce monthly updates to 30-50MB from 3GB per language, saving up to 95% bandwidth. New Client Validation Tool to verify deployments For a list of covered third-party applications, please visit here and note that we are always adding more. For more information, please read the Tenable documentation and release notes and visit the downloads portal to download the latest version. Tenable OT Security Fortify your CPS security posture with Tenable OT Security 4.4 The latest version of Tenable OT Security is now available, designed to give you a more integrated, efficient, and comprehensive view of your operational environment. Key highlights in this release include: Unified enterprise reporting for your exposure management program: Sync OT asset tags directly to Tenable One and Tenable Security Center to enrich your enterprise-wide security workflows with critical OT context. Reduced alert fatigue: A new Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures first. Deep visibility for specialized environments: Gain granular asset details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. We’ve also added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the full release notes to learn more about what’s new and how to upgrade. Tenable Identity Exposure Unified Exposure Center Get the full picture, faster. The Exposure Overview and Exposure Instances pages are now combined into a single Exposure Center for a simpler, more unified experience. With new quick filters, you can instantly focus on what matters most and cut through noise with ease. Streamlined IoA deployment Deploy indicators of attack (IoAs) more securely and efficiently. The updated process now uses a signed PowerShell launcher script stored in SYSVOL to reduce complexity and improve security. Plus, Group Policy (GPO) automatically deploys the Tenable certificate, so setup is smoother than ever. See Tenable Identity Exposure documentation. Tenable Ecosystem Tenable for ServiceNow update We’re excited to announce version 6.2.0 of the Tenable apps for ServiceNow, which now support Zurich. The Tenable apps now support Washington, Yokohama, and Zurich. We are sunsetting the Tenable.ot for VR application. Please utilize the ServiceNow built application Vulnerability Response Integration with Tenable. View full details here. For more details, read the ServiceNow User Guide and visit the ServiceNow Store for the appropriate Tenable apps for ServiceNow. Tenable Add-on for Splunk v8.0.1 We’ve updated the Tenable Add-on for Splunk v8.0.1 with general bug fixes, along with improved compliance data collection by preserving original fields. For more information, please read the Tenable documentation, and visit Splunkbase to download. Tenable Connect We're excited to announce a new case creation and management experience. This release will streamline how you open and track cases while leveraging Generative AI to improve search and help you find answers faster. Tenable Research Join Tenable’s Research Special Operations (RSO) team on Tenable Connect and engage with us in the Threat Roundtable group for further discussion on the latest cyber threats. Research security operations CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234) How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 WordPress - WP Social Ninja exposed API Key WordPress - Feed Them Social exposed API Key BentoML CVE-2025-54381 (SSRF) Bypass Microsoft Learn MCP Server Server-Side Request Forgery Research release highlights Improved Printer Fingerprinting New Plugin Family: UnionTech Local Security Checks Machine Learning SinFP Model Updates for OS Fingerprinting Python Package Enumeration - Detection Updates Content coverage highlights Almost 6,000 new vulnerability plugins published, including new AI Aware detections and Shai-Hulud worm. More than 48 new audits delivered to customers! Tenable Training and Product Education Refreshed courses and better learning experience Explore the updated Introduction to Tenable Cloud Security and Introduction to Tenable Identity Exposure courses. They now feature a modernized interface and smoother navigation for an improved learning experience. Access these two no-cost courses, and many more on-demand options, anytime at Tenable University. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars Live Oct 22, 2025: Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Oct 22, 2025: Beyond the endpoint: Exposure management that’s proactive (EMEA). Why endpoint-first vulnerability management isn’t enough. (EMEA session) Nov. 4, 2025: Nessus customer update. Web application scanning with Nessus Expert. Nov. 4, 2025: Tenable OT Security customer update. What’s new in Tenable OT Security 4.4 and a sneak peek of Tenable OT Security 4.5. Nov. 5, 2025: Tenable Vulnerability Management customer update. Best practices for role-based access control (RBAC). Nov. 5, 2025: Tenable Web App Scanning Management customer update. Using WAS to identify and assess AI in your web applications. Nov. 6, 2025: Tenable One customer update. Third-party data in Tenable One. Nov. 6, 2025: Tenable Security Center customer update. How to automate reporting and remediation with alerts. On-demand Beyond the endpoint: Exposure management that’s proactive. Why endpoint-first vulnerability management isn’t enough. October Nessus customer update. Troubleshooting common Nessus issues. October Tenable Vulnerability Management customer update. Operationalizing AI Aware to discover Shadow AI in your environment. October Tenable One customer update. Identity security in an exposure management program. October Tenable Security Center customer update. In-depth guide to user roles and permissions. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable documentation Read Tenable documentation.
Plugin 135860 (wmi_not_available) No Longer Fires if No Viable WMI Credentials were found
Summary: After reports of wmi_not_available.nbin firing during Remote Scans (despite only being applicable to Local Scans), changes have been made to prevent this firing and reduce noise in Scan Results. Specifically, early exit conditions have been added to key WMI libraries that are triggered if no working WMI Credentials (Windows Credentials that can successfully connect to WMI) are found. Change: Plugin 24269 (wmi_available.nbin) has two new exit conditions: If the Scan policy is configured to Start the Server Service, plugin 144455 (wmi_start_server_svc.nbin) will actually be run before wmi_available. It will attempt a WMI connection with each Windows Credential provided in the Scan. In the case that none of the Provided Credentials could successfully connect to WMI, wmi_start_server_svc.nbin will leave an artifact for wmi_available.nbin to exit early. It’s not necessarily that WMI is not available on the Host, just that the scan couldn’t get in with what was provided. After the WMI Connection attempt, wmi_available.nbin will now check for a scan artifact that WMI Connection was attempted but no Credentials were found. Plugin 135860 (wmi_not_available.nbin) checks a new scan artifact. If WMI wasn’t available for any reason outside of “No Viable Credentials found/worked”, the plugin continues as normal. If the new scan artifact is not present, the plugin will not run. Impact: If no Windows Credentials provided in the Scan Policy work, or if none were provided at all, Plugin 135860 (wmi_not_available.nbin) will NOT fire during a scan. Target Release Date: October 8, 2025Machine Learning SinFP Model Updates for OS Fingerprinting
Summary Updates have been released for the Tenable MLSinFP model, which predicts a host's OS based on SinFP fingerprints, by rebuilding it on a newer tech stack, incorporating new features, and using a larger dataset, resulting in improved accuracy of 67%. Change Before this update, plugin 132935 “OS Identification: SinFP with Machine Learning” was targeting operating systems commonly seen up to January 2021; consequently any newer OSs were not available as predictions. Additionally, the plugin solely relied on TCP header information for model features. After this update, the plugin targets operating systems commonly seen up to May 2025. Additionally the training dataset is larger (was 700K records, now 1.8M) and more varied (was 6K distinct SinFP fingerprints, now 100K), the predicted OSs names are cleaner and more consistent, and model features other than TCP header information are relied on. Ultimately these changes resulted in the plugin's balanced accuracy increasing to 67% (was 54%). Impact Remote detection of operating systems based on the MLSinFP method will have a slightly higher confidence score. Assets whose operating system was determined based on this method might have a different detected operating system. Plugins 132935 - OS Identification: SinFP with Machine Learning Target Release Date October 27, 2025September 2025 product newsletter
Greetings. Check out our September newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. NEW! Tenable AI Exposure We have officially launched Tenable AI Exposure. It helps you see, secure and manage how your organization uses AI tools like ChatGPT Enterprise and Microsoft Copilot across your enterprise. Safeguard sensitive data, stop AI-driven attacks and establish governance for safe AI adoption. Be among the first to try it! Learn more and sign up for the private customer preview here. Tenable One August 2025 release: This month's release delivers faster insights, broader coverage and greater control over your exposure data. Release highlights: Dashboard enhancements: With daily data updates, new chart types and dedicated filters for CISA KEV and end-of-life software, Tenable One dashboards now make it easier to analyze specific risks, communicate impact and speed up response. Tenable On-Prem Connector: Install the Tenable On-Prem Connector to create a secure, encrypted connection to safely bring on-premises exposure data into Tenable One. Get the insights you need without putting your network at risk. Asset information source display: Deduplication in Tenable One is key to ensuring a clean, accurate view of each asset, without redundant information from multiple sources. With this release, the asset details screen now clearly displays the source that populates findings and property information, so your team fully understands and trusts asset data. Dynamic asset tagging: Define dynamic rule-based criteria that automatically apply tags to all Tenable One data for easier customization and greater control over tagging rules. This improvement enables smarter segmentation, precise asset management and deeper analysis across the platform. Explore all platform enhancements Tenable Connect Coming soon: Enhanced Support case experience We're excited to announce a new case creation and management experience. This release will streamline how you open and track cases while leveraging Generative AI to improve search and help you find answers faster. Stay tuned for enablement resources posted within Tenable Connect to maximize this new functionality. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager – or request a demo. Read all about it: New Tenable white paper by Analyst IDC: “Bridging cloud security and exposure management for unified risk reduction.“ This commissioned piece explores the value of exposure management and Tenable strengths. White paper • Blog Featuring fintech customer Snoop. We are honored to share the Tenable story of Snoop, using CIEM and JIT to enforce least privilege. Video [Want to tell your Tenable story? Let your Tenable rep know. We’d love to capture it!] Security alert: Tenable Research detected a supply chain attack in certain Nx build system packages that exfiltrated secrets to GitHub. GitHub has disabled the repos, yet compromised versions may persist. We’ve flagged any affected packages in your Tenable Console (Vulnerability ID: GHSA-cxm3-wv7p-598c). Act now: Update packages and rotate exposed secrets. Platform: Default Home and Favorite dashboards. Set a default Home dashboard to see your most important security insights first, and mark frequently used dashboards as Favorites for instant access. Benefit: These usability updates let you focus on what matters most in your workflow so you can work faster, make informed decisions and keep pace as the platform adapts to your needs. Japanese language support is here. You can now navigate the full Tenable Cloud Security Console in Japanese (switch via your profile menu), and access our documentation portal in Japanese for a smoother, more localized experience. Benefit: Japanese customers are the first to benefit from our new language infrastructure, designed to accelerate the rollout of additional languages. Watch this space! CWP: Workload Protection Clusters filter and column. Identify vulnerable clusters and all related vulnerabilities more easily. (The column is hidden by default.) Resolved filter. In the Workload > Vulnerabilities table, quickly display only vulnerabilities marked as resolved. Benefit: Get clear visibility into cluster-level risks and easily distinguish open from resolved issues to streamline vulnerability management and save time. CSPM: New and updated security best practice support Tenable now supports AWS Foundational Security Best Practices, CIS Azure 2.0, CIS Kubernetes 1.8 and CIS OpenShift 1.5. Benefit: Stay ahead of evolving threats and strengthen your security posture across cloud and container environments. Up-to-date best practices simplify compliance, reduce risk and make it easier to consistently implement proven security controls. DSPM: AWS RDS support for Oracle Data protection scanning is now available for Oracle on AWS RDS, for both Enterprise and Standard license holders. Benefit: Extend visibility into sensitive data stored in Oracle RDS to improve protection and compliance across more of your cloud database environments. Tenable Identity Exposure Tenable Identity Exposure uncovers Storm-0501's cloud identity threats: Financially motivated threat actor Storm-0501 is advancing cloud-based ransomware and hybrid identity compromises to move seamlessly between on-premises Active Directory (AD) and Microsoft Entra ID. Tactics include initial identity exploitation that compromises AD and abuses non-human synced Global Admin accounts in Entra ID, along with malicious persistence, where they establish backdoors by adding rogue federated domains with tools like AADInternals to gain persistent access and impersonation capabilities. Attacker tactic How Tenable Identity Exposure prevents it Initial compromise Flags high-privilege, improperly synced Entra ID accounts from on-prem AD, a configuration Microsoft advises against. MFA bypass Identifies critical, privileged accounts missing MFA, one of the most exploited gaps in hybrid identity attacks. Malicious persistence Detects backdoor federated domains and anomalous signing certificates using multiple indicators of exposure (IOEs), including: Known Federated Domain Backdoor, Federation Signing Certificates Mismatch, Unusual Federation Certificate Validity, Federated Domains List for verification against legitimate IDPs. Tenable Identity Exposure continuous monitoring of IoEs uncovers and aids remediation of critical identity risks before groups like Storm-0501 can exploit them. Tenable Identity Exposure documentation. Tenable Vulnerability Management Streamline ACSC Essential 8 compliance with new dashboards Simplify and strengthen your Essential 8 reporting with Tenable’s new ASD Essential 8 dashboards. These dashboards take your risk-mitigation SLAs to the next level, giving you a clear, real-time view of progress toward ACSC Essential 8 compliance. Quickly spot gaps, track patching and remediation efforts, and demonstrate measurable risk reduction. Monitor internet-facing assets, ensure critical applications are patched, and confidently report on SLA performance, all in one place. Explore the resources to get started: Applying Tenable’s risk-based VM to the ACSC Essential 8 ASD Essential 8 – Patch Applications dashboard ASD Essential 8 – Internet-Facing Assets dashboard Tenable Security Center Critical security patch 202508.1 now available Protect your Security Center deployment with the new patch 202508.1, which fixes critical third-party vulnerabilities in Apache, PHP and SQLite, including CVE-2025-23048, a critical Apache flaw. The update applies to versions 6.4 through 6.6 and must be installed manually. If you’re running 6.5.0, upgrade to 6.5.1 before applying it. For full details, see the release notes, security advisory, and download the patch; this update will be included in future Security Center releases. Tenable OT Security What's new in Tenable OT Security 4.4 The latest version is now available. It introduces several new features and enhancements to improve visibility, streamline workflows, and expand coverage across your industrial environment. OT asset tag data synchronization: Asset tags you create in Tenable OT Security will sync with Tenable One and Tenable Security Center to integrate OT context directly into your enterprise-wide reporting and security workflows. Policy violations dashboard: A redesigned view aggregates disparate alerts and events (e.g. unauthorized access, configuration changes) into unified and actionable Policy Violations to significantly reduce alert fatigue so you can focus on remediating your most critical exposures. Check out this guided demo to see it in action! PLC product file imports: Import PLC project files (starting with Rockwell Automation) to enrich your asset inventory. This provides deep visibility on live or sensitive OT devices without performing active queries. Merge assets: A new workflow helps you find and merge duplicate asset entries for a cleaner and more accurate OT asset inventory. Foxboro DCS support: Gain visibility into Foxboro Distributed Control Systems to extend security monitoring into complex industrial environments. VXLAN support: Analyze network traffic within Virtual Extensible LANs (VXLAN) to monitor assets and activity in modern virtualized data centers. Multi-interface sensor configuration: A simplified workflow allows a single sensor to simultaneously listen on multiple network interfaces to reduce deployment time and complexity. Review the release notes to learn more about what’s new in this release and how to upgrade. Tenable Nessus Reminder: End of support for Terrascan in all Nessus versions Tenable announced the End of Life for Terrascan in Nessus. The last day to download the affected product(s) is Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Reminder: Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education Connectors added to Tenable One Intro course The updated Introduction to Tenable One course in Tenable University now shows you how to connect third-party security tools to the exposure management platform, to give you a unified view of risk across your entire attack surface. This no-cost training is open to customers, partners, prospects and the public. Start learning today at Tenable University. Tenable webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Live Oct 1, 2025: Beyond the endpoint: Exposure management that’s proactive. Why endpoint-first vulnerability management isn’t enough. Oct. 7, 2025: Nessus customer update. Troubleshooting common Nessus issues. Oct. 8, 2025: Tenable Vulnerability Management customer update. Operationalizing AI Aware to discover Shadow AI in your environment. Oct. 9, 2025: Tenable One customer update. Identity security in an exposure management program. Oct. 10, 2025: Tenable Security Center customer update. In-depth guide to user roles and permissions. On-demand September Tenable Nessus customer update: From the ground up – building a custom scan policy in Nessus. September Tenable Vulnerability Management customer update: Using Nessus agents in Tenable Vulnerability Management. September Tenable One customer update: Introducing AI Exposure, and other topics. September Tenable Security Center customer update: Answering the CISO – a guide to Assurance Report Cards. Ecosystem view of risk: Integrate cloud security with your security stack. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) Frequently Asked Questions About SonicWall Gen 7 Firewall Ransomware Activity CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability CVE-2025-7775: Citrix NetScaler ADC and NetScaler Gateway Zero-Day Remote Code Execution Vulnerability Exploited in the Wild Research release highlights Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection Nutanix Prism v4 API Compatibility Excluding the SUSE Linux Snapshots directory from Language Library enumeration Content coverage highlights Almost 17,000 new vulnerability plugins published including new AI Aware detections! Over 25 new audits delivered to customers! Quick links Join the Tenable Connect community Sign up for on-demand training Watch Tenable product education videos — more than 250 videos now available Check out all upcoming and on-demand Tenable webinars Read Tenable documentation: Documentation RSS Feed Tenable Vulnerability Management User Guide Vulnerability Management Release Notes Tenable Web App Scanning User Guide Tenable Web App Scanning Release Notes Tenable Cloud Security User Guide Tenable Cloud Security Release Notes Tenable Identify Exposure User Guide Tenable Identity Exposure Release Notes Tenable Security Center Release Notes Tenable Security Center 6.5 User Guide Tenable OT Security Release Notes Tenable OT Security User Guide Tenable Attack Surface Management User Guide Exposure View User Guide Exposure View Release Notes Asset Inventory User Guide Asset Inventory Release Notes Attack Path Analysis User Guide Attack Path Analysis Release Notes Tenable Nessus Release Notes Tenable Nessus 10.8 User Guide Tenable Nessus Agents 10.8 User Guide Tenable Nessus Agents Release Notes Tenable Nessus Network Monitor 6.5 User Guide Tenable Nessus Network Monitor Release Notes
New Plugin Family: UnionTech Local Security Checks
Summary Tenable will now provide vulnerability check plugins for UnionTech Unity Operating System (UOS). Impact Customers with UnionTech Unity Operating System (ServerA and ServerE) systems in their environments will be able to scan them for vulnerabilities. These plugins will have the family “UnionTech Local Security Checks”. These plugins will not have agent support at this time, but this support is expected in a future release. Target Release Date September 30, 2025Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection
Summary Tenable has updated the Apache Log4j detection plugins. The Windows plugin will now honor the Include/Exclude Filepath configuration option. The Linux/UNIX plugin will now use the version of ‘unzip’ supplied with the Nessus Agent, when enabled in the Agent’s configuration, and correctly inspect the MANIFEST.MF and pom.properties files. Change Before this update, plugin 156000, Apache Log4j Installed (Linux / Unix), would fail to detect Log4j in specific scan scenarios. The plugin uses several inspection methods to determine if a JAR file is a copy of Log4j. During Nessus Agent scans, as well as scans with ‘localhost’ as a target, the plugin was not properly executing the unzip command to inspect META-INF/MANIFEST.MF and pom.properties files in the JAR archive. If this method was the only option that would result in a successful detection, the copy of Log4j would not be detected properly. In addition, the plugin had failed to launch the unzip binary supplied with the Agent when inspecting files in JAR archives. Note: The Nessus Agent can be configured to use find and unzip binaries that it provides, instead of those supplied by the asset’s operating system. See https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Agent_Performance_Options for more information. Also before this update, plugin 156001, Apache Log4j JAR Detection (Windows), would fail to honor the directories included or excluded for full-disk searches configured in the Windows Include Filepath and Windows Exclude Filepath directives in the Advanced Settings of a scan config. Note: Configuration of these options is described in https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Windows_filesearchOptions. After this update, plugin 156000 will use the Agent-supplied copy of unzip when configured to do so. If this option is not enabled in the scan config, the plugin will use the existing method to find and execute an archive utility supplied by the asset’s operating system. In either case, the plugin will properly inspect Log4j’s MANIFEST.MF and pom.properties files as a version source. Plugin 156001 already properly inspects these files. Also after this update, plugin 156001’s Powershell code will now honor directories included or excluded by the Filepath directives. Plugin 156000 already supported this feature. Impact When scanning Linux / UNIX assets via 'localhost' (i.e. scanning the scanner itself) or with the Nessus Agent, additional Log4j instances from MANIFEST.MF or pom.properties sources may be reported. For Linux Nessus Agents with "Use Tenable supplied binaries for find and unzip" enabled and "Agent CPU Resource Control - Scan Performance Mode" set to Low, plugin 156000 will now properly limit CPU usage during scans. As noted in the product documentation, “Note: Setting your process_priority preference value to low could cause longer running scans. You may need to increase your scan-window timeframe to account for this value.” Customers should be aware of this configuration setting and potential changes to the results provided in the Log4J detection results. When scanning Windows targets, Log4j JAR files stored in paths specified in the Windows Exclude Filepath configuration will no longer be detected. Log4j JAR files stored in paths or drives specified in the Windows Include Filepath configuration that had not been previously scanned will now be detected, assuming they can be assessed before the plugin’s configured timeout has been reached. Plugins 156000 - Apache Log4j Installed (Linux / Unix) 156001 - Apache Log4j JAR Detection (Windows) Target Release Date September 1, 2025Excluding the SUSE Linux Snapshots directory from Language Library enumeration
Summary The “language library” enumeration plugins will now exclude SUSE Linux’s snapshots directory when searching the filesystem. Change Before the update, when enumerating “language libraries” - such as Python packages, Node.js modules, etc. - on SUSE Linux hosts that use btrfs as their filesystem, reduced scan performance was observed. This is because btrfs creates and maintains snapshots in the /.snapshots directory, which can contain multiple redundant copies of files. This caused unnecessary processing on thorough scans. After the update, this snapshots directory has been excluded from searches executed by the find command for language library enumeration plugins on SUSE Linux. Impact This change is expected to improve the performance of scans on SUSE Linux assets. If language libraries were present in snapshots directory, they will no longer show up in Tenable scan results, along with any associated vulnerabilities. If customers would like to scan the snapshots directory, the "Include Filepath" option in the Advanced Scan Settings configuration can be used to force the scanning of these paths. Plugins 178772 - Node.js Modules Installed (Linux / Unix) 190687 - NuGet Installed Packages (Linux / Unix) 164122 - Python Installed Packages (Linux / Unix) 207584 - Ruby Gem Modules Installed (Linux / Unix) Target Release Date September 3, 2025August 2025 Product & Research Update Newsletter
Greetings! Check out our August newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Click here to download and read the newsletter as a PDF. Thank you! Tenable is the only vendor to be named a Customer’s Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Vulnerability Assessment. In this report, Gartner Peer Insights analyzes 1,090 reviews and ratings of nine vendors in the vulnerability assessment market. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your vulnerability assessment program. You can read the report here. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Making the Headlines Tenable Cloud Security named Major Player: In its first MarketScape for CNAPP, IDC named Tenable a Major Player after a deep evaluation of our capabilities, strategies and more. Huge thanks to all who participated in the IDC customer interviews. See the press release. Tenable Cloud Security Risk Report 2025. Have you read our cloud research team’s latest report, released in June? Make it part of your summer reading! Discover today’s top cloud risks, and how Tenable helps you stay secure: Report Webinar PR Our cloud research team never sleeps. Check out the latest discovery from our stellar team. See the blog: OCI: Remote code execution Workload Protection: Bottlerocket Monitoring and On-Demand AMI Scanning Keep reading about Tenable Cloud Security updates here. Tenable One Welcome to Tenable One Monthly Releases! Tenable One is shifting to a monthly release cadence to bring you valuable improvements more frequently. This month's release delivers streamlined workflows, smarter logic and expanded functionality. Release Highlights: New public API: Easily fetch Tenable One data into your ecosystem to automate workflows, power custom reports and streamline security operations. See Open API documentation Extended findings context: Gain deeper risk visibility with expanded findings data, now available across the platform for quicker investigations. APA is FedRAMP-Authorized: Tenable Attack Path Analysis is now FedRAMP approved for use in U.S. federal and government environments! New VPR scoring in Tenable One Inventory (Beta): We recently introduced a new VPR scoring method in Tenable Vulnerability Management. This method uses machine learning and broader threat intelligence to cut noise and highlight the top 1.6% of critical threats. This enhanced scoring is now also available in Tenable One Inventory, shown in a separate Beta column alongside your existing score. See solution overview Exposure Signals from Global Search: Create custom Exposure Signals directly from global search to streamline workflows and act faster on critical insights. Self-serve connector troubleshooting: The Connectors tab now provides greater status visibility and smarter error handling, with AI summaries and step-by-step guidance to help you resolve issues on your own. Same-source deduplication logic: Use the new Settings tab to manage how you cluster assets from the same source, so you have more control over asset merging and visibility. Dashboards enhancements: Get more refined insights and better performance with new widget-level filters, additional chart types, an improved Power BI data model and more. -> Explore all platform enhancements Tenable Identity Exposure OWASP non-human identity (NHI) Top 10: What customers need to know Machine identities now outnumber human users, and they’re often far less protected. Attackers know this and exploit non-human identities (NHIs) to move laterally, escalate privileges and maintain persistence. Tenable Identity Exposure helps you detect and manage risk across NHIs, mapped to the OWASP NHI Top 10, so you can stay ahead of evolving attack surfaces, especially across Active Directory and Entra ID. Want a deeper dive? Watch the on-demand webinar: Rage Against the Machines: How to Protect Your Org’s Machine Identities. Explore the user guide to start securing your NHIs today. Tenable Vulnerability Management (TVM) Enhancements to VPR now available! Tenable is thrilled to announce the general availability of enhanced Tenable Vulnerability Priority Rating (VPR) in the new Explore views and the Vulnerability Intelligence section within Tenable Vulnerability Management. These updates enable you to: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this so your teams can focus on just 1.6% of vulnerabilities that represent actual risk to your business. You can now leverage an even broader spectrum of threat intelligence and real-time data input to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new large language model (LLM) powered insights deliver instant clarity to quickly understand why an exposure matters, how threat actors have weaponized it and get clear, actionable guidance for mitigation and risk reduction. See Vulnerability Intelligence for more information. Prioritize with industry and regional context: New metadata provides crucial context to understand if a threat actor is targeting a vulnerability in your specific industry or geographic region. Leverage advanced querying and filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views for faster investigations and response workflows. Original VPR and the enhanced VPR ('VPR (Beta)') scores will coexist for a period of time in Tenable Vulnerability Management. We will communicate future deprecation of the original VPR in advance. For more information, see: Interactive demo Technical white paper FAQ Scoring Explained documentation Tenable OT Security Tenable OT Security 4.3: Enterprise-wide visibility and control Our latest release delivers powerful new features to enhance visibility and control across your operational technology (OT) environment and extended attack surface. Key updates in this release include: OT Agent for Windows: Extend asset discovery to hard-to-reach areas and embedded IoT systems with our new OT Agent for Windows. This lightweight, easy-to-deploy agent leverages your existing IT infrastructure to close critical visibility gaps without the need for additional hardware. Manage agents from a centralized dashboard view, with the ability to configure and schedule asset discovery and other preferences to ensure comprehensive and reliable coverage. ⚙️ Streamlined asset management: Accelerate investigations and better organize your OT/IoT inventory with new asset tags and groups. This new feature extends tagging functionality, making it easier to search for assets and reflect the structure of your environment. For Tenable Enterprise Manager users, we've also added the ability to perform centralized data updates and ruleset changes for multiple sites in batches or simultaneously, ensuring consistent administration across distributed locations. Enhanced Tenable One data integration: New data integrations allow you to accelerate investigations and proactively remediate OT risk. Tenable OT Security now reports policy events as Findings in Tenable One, giving you more visibility into events like controller code modifications and intrusion detection. This means Tenable One users can now filter for “Policy Violations" to quickly identify and address potential risks to OT environments. Additional enhancements in Tenable One include a set of new OT-related Exposure Signals, new data integrations for attack path analysis and MITRE ATT&CK mapping capabilities, and more. Additional user interface enhancements in v4.3: Asset serial number lookup via inventory Updated Sensor page navigation System Log pagination For more information, watch the latest customer update and review the full release notes. Tenable Web App Scanning API assessment enhancement: Support for GraphQL GraphQL API Assessment is now live in Tenable WAS! Use case and impact: APIs are the foundation of modern web applications and a high-value target for attackers. While Tenable already supports scanning RESTful APIs, an increasing number of applications now use GraphQL, a modern and flexible query language. With the addition of GraphQL scanning, Tenable now provides broader coverage across the modern API attack surface to help customers secure both REST and GraphQL-based applications. To get an idea of the rising popularity, both Tenable OT and Tenable Cloud Security are GraphQL APIs! For more information, see Scan Templates and Launch an API Scan in the Tenable Web App Scanning User Guide. Tenable Nessus End of support for Terrascan in all Nessus versions Tenable announces the End of Life for Terrascan in Nessus. The last day to download the affected product(s) will be Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education We have refreshed the Tenable Education web page to help you find training across our product lineup that meets your expertise, budget and schedule. You can filter courses by product, review schedules by geographic region and easily identify no-cost courses. Additionally, we recently updated and reorganized the Frequently Asked Questions (FAQs) section for easier navigation. Tenable Research Research Rapid Response Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) Oracle July 2025 Critical Patch Update Addresses 165 CVEs CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server Feature Release Highlights Azure Linux 3 Vulnerability Detection Nutanix Prism Central PAM Support Cisco Meraki Integration New Exposure Signals for OT and CS have been released for Exposure Management New Artificial Intelligence (AI) / Model Context Protocol (MCP) Detections More than 2,000 New Vulnerability Detections in July! Research Innovations How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector AI Security: Web Flaws Resurface in Rush to Use MCP Servers OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services Tenable Research Advisories SimpleHelp - Multiple Vulnerabilities Gemini Search Personalization Model - Prompt Injection Enables Memory and Location Exfiltration OpenAI ChatGPT Prompt Injection via ?q= Parameter in Web InterfaceFAQ on SharePoint Zero-Day Vulnerability Exploitation (CVE-2025-53770)
On July 19, researchers at Eye Security identified active exploitation in Microsoft SharePoint Server. Originally, this exploitation was believed to have been linked to a pair of flaws (CVE-2025-49704, CVE-2025-49706) dubbed “ToolShell” that was disclosed at Pwn2Own Berlin and patched in Microsoft’s July 2025 Patch Tuesday release, Microsoft published its own blog post stating that the flaw was actually a zero-day. CVE Description CVSSv3 CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability 9.8 Microsoft confirmed that CVE-2025-53770 is a “variant” of CVE-2025-49706. As of July 20 at 2PM PST, CVE-2025-53770 remains unpatched. Update: Since we published our community and FAQ blog post, Microsoft has created an additional CVE and added in some preliminary patches for SharePoint Subscription Edition and SharePoint Server 2019. CVE Description CVSSv3 CVE-2025-53771 Microsoft SharePoint Server Spoofing Vulnerability 6.3 For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.
