Fudo Security API v2 Compatibility
Summary Tenable is proud to announce compatibility with Fudo API v2. Customers now have the option to use both the API v2 and API v1 of the Fudo Security Privileged Access Management (PAM) solution. The API v2 uses API key authentication and not username and password, so customers using the integration credential now have a field for API URL and API Key. Further information regarding these changes and other helpful configuration tips for scans can be found by following the provided link to the FUDO section of Tenable's documentation page. Impact Existing scan configurations remain unaffected. Customers utilizing the integration will observe that the integration collects identical information, irrespective of the API version employed. Target Release Date 09/16/2025 for TVM and Nessus, TBD for SC
Introducing Enhancements to VPR in Tenable Vulnerability Management!
Today, we launched enhancements to Vulnerability Priority Rating (VPR) in Tenable Vulnerability Management. These updates provide unmatched precision, AI-driven insights, and contextual understanding to help your security teams prioritize and remediate vulnerabilities more efficiently. How this benefits you: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this, helping your teams focus on just 1.6% of vulnerabilities that represent actual risk to your business. This is achieved by leveraging an even broader spectrum of threat intelligence and real-time data input used to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new LLM-powered insights deliver instant clarity, helping you quickly understand why an exposure matters, how it has been weaponized by threat actors, and providing clear, actionable guidance for mitigation and risk reduction. Prioritize with industry and regional context: New metadata provides crucial context, helping you understand if a vulnerability is being targeted in your specific industry or geographic region. Leverage advanced querying & filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views, which display Assets and Findings data, enabling faster investigations and response workflows. Both the original VPR and the enhanced VPR (referred to in-product as 'VPR (Beta)') will coexist for a period of time in Tenable Vulnerability Management, ensuring you can make a smooth transition. Future deprecation of the original VPR will be communicated in advance. To learn more about the enhancements to VPR, see the solution overview and click-through demo. For additional information, see our FAQ, release notes, and Scoring Explained help documentation.
Include/Exclude Path and Tenable Utils Unzip added to Log4j Detection
Summary Tenable has updated the Apache Log4j detection plugins. The Windows plugin will now honor the Include/Exclude Filepath configuration option. The Linux/UNIX plugin will now use the version of ‘unzip’ supplied with the Nessus Agent, when enabled in the Agent’s configuration, and correctly inspect the MANIFEST.MF and pom.properties files. Change Before this update, plugin 156000, Apache Log4j Installed (Linux / Unix), would fail to detect Log4j in specific scan scenarios. The plugin uses several inspection methods to determine if a JAR file is a copy of Log4j. During Nessus Agent scans, as well as scans with ‘localhost’ as a target, the plugin was not properly executing the unzip command to inspect META-INF/MANIFEST.MF and pom.properties files in the JAR archive. If this method was the only option that would result in a successful detection, the copy of Log4j would not be detected properly. In addition, the plugin had failed to launch the unzip binary supplied with the Agent when inspecting files in JAR archives. Note: The Nessus Agent can be configured to use find and unzip binaries that it provides, instead of those supplied by the asset’s operating system. See https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Agent_Performance_Options for more information. Also before this update, plugin 156001, Apache Log4j JAR Detection (Windows), would fail to honor the directories included or excluded for full-disk searches configured in the Windows Include Filepath and Windows Exclude Filepath directives in the Advanced Settings of a scan config. Note: Configuration of these options is described in https://docs.tenable.com/vulnerability-management/Content/Scans/AdvancedSettings.htm#Windows_filesearchOptions. After this update, plugin 156000 will use the Agent-supplied copy of unzip when configured to do so. If this option is not enabled in the scan config, the plugin will use the existing method to find and execute an archive utility supplied by the asset’s operating system. In either case, the plugin will properly inspect Log4j’s MANIFEST.MF and pom.properties files as a version source. Plugin 156001 already properly inspects these files. Also after this update, plugin 156001’s Powershell code will now honor directories included or excluded by the Filepath directives. Plugin 156000 already supported this feature. Impact When scanning Linux / UNIX assets via 'localhost' (i.e. scanning the scanner itself) or with the Nessus Agent, additional Log4j instances from MANIFEST.MF or pom.properties sources may be reported. For Linux Nessus Agents with "Use Tenable supplied binaries for find and unzip" enabled and "Agent CPU Resource Control - Scan Performance Mode" set to Low, plugin 156000 will now properly limit CPU usage during scans. As noted in the product documentation, “Note: Setting your process_priority preference value to low could cause longer running scans. You may need to increase your scan-window timeframe to account for this value.” Customers should be aware of this configuration setting and potential changes to the results provided in the Log4J detection results. When scanning Windows targets, Log4j JAR files stored in paths specified in the Windows Exclude Filepath configuration will no longer be detected. Log4j JAR files stored in paths or drives specified in the Windows Include Filepath configuration that had not been previously scanned will now be detected, assuming they can be assessed before the plugin’s configured timeout has been reached. Plugins 156000 - Apache Log4j Installed (Linux / Unix) 156001 - Apache Log4j JAR Detection (Windows) Target Release Date September 1, 2025Nutanix Prism v4 API Compatibility
Summary Tenable is proud to announce compatibility with the version 4 of the Nutanix Prism Central REST API. This provides compatibility with current and future versions of Nutanix Prism. Change Tenable is adding support for API v4 but preserving support for API v3. Customers for whom API v4 is not available will continue to use v3. For all other customers, Tenable’s Nutanix Prism integration will automatically use API v4. Impact Customers should not see scan results change. The integration collects the same information regardless of the API version in use. Customers with Nutanix Prism Central are encouraged to update plugins to utilize the latest version of the integration. Target Release Date 26 Aug 2025 for T.VM, Nessus, and T.SC.Excluding the SUSE Linux Snapshots directory from Language Library enumeration
Summary The “language library” enumeration plugins will now exclude SUSE Linux’s snapshots directory when searching the filesystem. Change Before the update, when enumerating “language libraries” - such as Python packages, Node.js modules, etc. - on SUSE Linux hosts that use btrfs as their filesystem, reduced scan performance was observed. This is because btrfs creates and maintains snapshots in the /.snapshots directory, which can contain multiple redundant copies of files. This caused unnecessary processing on thorough scans. After the update, this snapshots directory has been excluded from searches executed by the find command for language library enumeration plugins on SUSE Linux. Impact This change is expected to improve the performance of scans on SUSE Linux assets. If language libraries were present in snapshots directory, they will no longer show up in Tenable scan results, along with any associated vulnerabilities. If customers would like to scan the snapshots directory, the "Include Filepath" option in the Advanced Scan Settings configuration can be used to force the scanning of these paths. Plugins 178772 - Node.js Modules Installed (Linux / Unix) 190687 - NuGet Installed Packages (Linux / Unix) 164122 - Python Installed Packages (Linux / Unix) 207584 - Ruby Gem Modules Installed (Linux / Unix) Target Release Date September 3, 2025
August 2025 Product & Research Update Newsletter
Greetings! Check out our August newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Click here to download and read the newsletter as a PDF. Thank you! Tenable is the only vendor to be named a Customer’s Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Vulnerability Assessment. In this report, Gartner Peer Insights analyzes 1,090 reviews and ratings of nine vendors in the vulnerability assessment market. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your vulnerability assessment program. You can read the report here. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Making the Headlines Tenable Cloud Security named Major Player: In its first MarketScape for CNAPP, IDC named Tenable a Major Player after a deep evaluation of our capabilities, strategies and more. Huge thanks to all who participated in the IDC customer interviews. See the press release. Tenable Cloud Security Risk Report 2025. Have you read our cloud research team’s latest report, released in June? Make it part of your summer reading! Discover today’s top cloud risks, and how Tenable helps you stay secure: Report Webinar PR Our cloud research team never sleeps. Check out the latest discovery from our stellar team. See the blog: OCI: Remote code execution Workload Protection: Bottlerocket Monitoring and On-Demand AMI Scanning Keep reading about Tenable Cloud Security updates here. Tenable One Welcome to Tenable One Monthly Releases! Tenable One is shifting to a monthly release cadence to bring you valuable improvements more frequently. This month's release delivers streamlined workflows, smarter logic and expanded functionality. Release Highlights: New public API: Easily fetch Tenable One data into your ecosystem to automate workflows, power custom reports and streamline security operations. See Open API documentation Extended findings context: Gain deeper risk visibility with expanded findings data, now available across the platform for quicker investigations. APA is FedRAMP-Authorized: Tenable Attack Path Analysis is now FedRAMP approved for use in U.S. federal and government environments! New VPR scoring in Tenable One Inventory (Beta): We recently introduced a new VPR scoring method in Tenable Vulnerability Management. This method uses machine learning and broader threat intelligence to cut noise and highlight the top 1.6% of critical threats. This enhanced scoring is now also available in Tenable One Inventory, shown in a separate Beta column alongside your existing score. See solution overview Exposure Signals from Global Search: Create custom Exposure Signals directly from global search to streamline workflows and act faster on critical insights. Self-serve connector troubleshooting: The Connectors tab now provides greater status visibility and smarter error handling, with AI summaries and step-by-step guidance to help you resolve issues on your own. Same-source deduplication logic: Use the new Settings tab to manage how you cluster assets from the same source, so you have more control over asset merging and visibility. Dashboards enhancements: Get more refined insights and better performance with new widget-level filters, additional chart types, an improved Power BI data model and more. -> Explore all platform enhancements Tenable Identity Exposure OWASP non-human identity (NHI) Top 10: What customers need to know Machine identities now outnumber human users, and they’re often far less protected. Attackers know this and exploit non-human identities (NHIs) to move laterally, escalate privileges and maintain persistence. Tenable Identity Exposure helps you detect and manage risk across NHIs, mapped to the OWASP NHI Top 10, so you can stay ahead of evolving attack surfaces, especially across Active Directory and Entra ID. Want a deeper dive? Watch the on-demand webinar: Rage Against the Machines: How to Protect Your Org’s Machine Identities. Explore the user guide to start securing your NHIs today. Tenable Vulnerability Management (TVM) Enhancements to VPR now available! Tenable is thrilled to announce the general availability of enhanced Tenable Vulnerability Priority Rating (VPR) in the new Explore views and the Vulnerability Intelligence section within Tenable Vulnerability Management. These updates enable you to: Sharpen precision to focus on what matters most: While traditional CVSS scores classify 60% of CVEs as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this so your teams can focus on just 1.6% of vulnerabilities that represent actual risk to your business. You can now leverage an even broader spectrum of threat intelligence and real-time data input to predict near-term exploitation in the wild. Unlock AI-driven insights and explainability: Our new large language model (LLM) powered insights deliver instant clarity to quickly understand why an exposure matters, how threat actors have weaponized it and get clear, actionable guidance for mitigation and risk reduction. See Vulnerability Intelligence for more information. Prioritize with industry and regional context: New metadata provides crucial context to understand if a threat actor is targeting a vulnerability in your specific industry or geographic region. Leverage advanced querying and filtering: The enhanced VPR model is easily accessible for filtering and querying in the new Explore views for faster investigations and response workflows. Original VPR and the enhanced VPR ('VPR (Beta)') scores will coexist for a period of time in Tenable Vulnerability Management. We will communicate future deprecation of the original VPR in advance. For more information, see: Interactive demo Technical white paper FAQ Scoring Explained documentation Tenable OT Security Tenable OT Security 4.3: Enterprise-wide visibility and control Our latest release delivers powerful new features to enhance visibility and control across your operational technology (OT) environment and extended attack surface. Key updates in this release include: OT Agent for Windows: Extend asset discovery to hard-to-reach areas and embedded IoT systems with our new OT Agent for Windows. This lightweight, easy-to-deploy agent leverages your existing IT infrastructure to close critical visibility gaps without the need for additional hardware. Manage agents from a centralized dashboard view, with the ability to configure and schedule asset discovery and other preferences to ensure comprehensive and reliable coverage. ⚙️ Streamlined asset management: Accelerate investigations and better organize your OT/IoT inventory with new asset tags and groups. This new feature extends tagging functionality, making it easier to search for assets and reflect the structure of your environment. For Tenable Enterprise Manager users, we've also added the ability to perform centralized data updates and ruleset changes for multiple sites in batches or simultaneously, ensuring consistent administration across distributed locations. Enhanced Tenable One data integration: New data integrations allow you to accelerate investigations and proactively remediate OT risk. Tenable OT Security now reports policy events as Findings in Tenable One, giving you more visibility into events like controller code modifications and intrusion detection. This means Tenable One users can now filter for “Policy Violations" to quickly identify and address potential risks to OT environments. Additional enhancements in Tenable One include a set of new OT-related Exposure Signals, new data integrations for attack path analysis and MITRE ATT&CK mapping capabilities, and more. Additional user interface enhancements in v4.3: Asset serial number lookup via inventory Updated Sensor page navigation System Log pagination For more information, watch the latest customer update and review the full release notes. Tenable Web App Scanning API assessment enhancement: Support for GraphQL GraphQL API Assessment is now live in Tenable WAS! Use case and impact: APIs are the foundation of modern web applications and a high-value target for attackers. While Tenable already supports scanning RESTful APIs, an increasing number of applications now use GraphQL, a modern and flexible query language. With the addition of GraphQL scanning, Tenable now provides broader coverage across the modern API attack surface to help customers secure both REST and GraphQL-based applications. To get an idea of the rising popularity, both Tenable OT and Tenable Cloud Security are GraphQL APIs! For more information, see Scan Templates and Launch an API Scan in the Tenable Web App Scanning User Guide. Tenable Nessus End of support for Terrascan in all Nessus versions Tenable announces the End of Life for Terrascan in Nessus. The last day to download the affected product(s) will be Sept. 30, 2025. Customers will receive continued support through the Last Date of Support. For more information, please refer to the bulletin announcement. Nessus 10.9 is generally available Nessus 10.9 introduces several key features to empower your security teams, including offline web application scanning in Nessus Expert. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. Tenable Training and Product Education We have refreshed the Tenable Education web page to help you find training across our product lineup that meets your expertise, budget and schedule. You can filter courses by product, review schedules by geographic region and easily identify no-cost courses. Additionally, we recently updated and reorganized the Frequently Asked Questions (FAQs) section for easier navigation. Tenable Research Research Rapid Response Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) Oracle July 2025 Critical Patch Update Addresses 165 CVEs CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server Feature Release Highlights Azure Linux 3 Vulnerability Detection Nutanix Prism Central PAM Support Cisco Meraki Integration New Exposure Signals for OT and CS have been released for Exposure Management New Artificial Intelligence (AI) / Model Context Protocol (MCP) Detections More than 2,000 New Vulnerability Detections in July! Research Innovations How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector AI Security: Web Flaws Resurface in Rush to Use MCP Servers OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services Tenable Research Advisories SimpleHelp - Multiple Vulnerabilities Gemini Search Personalization Model - Prompt Injection Enables Memory and Location Exfiltration OpenAI ChatGPT Prompt Injection via ?q= Parameter in Web InterfaceFAQ on Microsoft Exchange Server Hybrid Deployment Vulnerability (CVE-2025-53786)
On August 6, Microsoft published a security advisory for a vulnerability in its Microsoft Exchange Server Hybrid Deployments. CVE Description CVSSv3 CVE-2025-53786 Microsoft Exchange Server Elevation of Privilege Vulnerability (Hybrid Deployments) 8.0 The vulnerability was not exploited in the wild, but Microsoft assessed it as “Exploitation More Likely” according to its Exploitability Index. The flaw was discovered after investigating a non-security Hot Fix released on April 18. In addition to its advisory, Microsoft have issued an Emergency Directive, ED 25-02: Mitigate Microsoft Exchange Vulnerability on August 7 that requires federal agencies to take immediate action by August 11 at 9AM EST. For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.CurXecute and MCPoison: Two Recently Disclosed Vulnerabilities in Cursor IDE
Over the past few days, researchers have disclosed two new vulnerabilities in Cursor, the AI-assisted code editor used by over a million users including notable Fortune 500 companies. CVE Description CVSSv3 CVE-2025-54135 Cursor Arbitrary Code Execution Vulnerability (“CurXecute”) 8.5 CVE-2025-54136 Cursor Remote Code Execution via Unverified Configuration Modification Vulnerability (“MCPoison”) 7.2 Both vulnerabilities have the potential to be severe, but they are context dependent. The common thread shared between CurXecute and MCPoison is how Cursor handles interaction with MCP servers. For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.FAQ on SonicWall Gen 7 Firewall Ransomware Activity
On August 4, SonicWall issued a threat activity notice following reports of malicious activity by several vendors including Arctic Wolf and Huntress. According to the researchers, they've observed a notable uptick in targeting of SonicWall Gen 7 firewalls with SSLVPN enabled. Based on their observations, it appears that attackers may be utilizing a possible zero-day vulnerability against these devices. So far, the attacks appear to be centered around deployment of the Akira ransomware. SonicWall is currently investigating these reports. No patches and no CVE have been assigned as of yet. For more information about the possible zero-day vulnerability, including the future availability of patches and Tenable product coverage, please visit our blog.Nutanix Prism Central PAM Support
Summary Tenable is pleased to announce the addition of another authentication method for the Nutanix Prism Central credential. We now offer Privilege Access Manager (PAM) Integration support within the Nutanix Prism Central credential. This feature allows customers to authenticate to Nutanix Prism Central using either username and password credentials or one of our PAM integrations. Scope When configuring credentials for Nutanix Prism Central under Miscellaneous credentials, customers will now find a new dropdown option ‘Nutanix Prism Central Authentication Method’. This allows them to authenticate using a username and password or by selecting a PAM and subsequently inputting the necessary credential fields for the chosen PAM. Supported PAM Integrations in this Release: Arcon BeyondTrust Password Safe CyberArk Delinea Secret Server Fudo HashiCorp Vault QiAnXin SenhaSegura WALLIX Bastion Plugin Impact For any issues related to the use of PAM authentication with Nutanix Prism Central, please refer to the new log located within the Debugging Log Report. Example If using Nutanix Prism Central with Fudo support, the file will display as “nutanix_settings.nasl~Fudo”. Release Date Tenable Vulnerability Management and Nessus Manager: July 21st, 2025 Tenable Security Center: TDB
