Action Required: Preparation for January 2026 Tenable Security Center Feed Update
We are writing to announce an important upcoming change to the Tenable Security Center feed data. Starting in mid-January 2026, the size of Tenable Security Center feeds will increase due to the addition of new Vulnerability Priority Rating (VPR) data; this data will be available in Tenable Security Center 6.8, anticipated for release later in Q1 2026. This update ensures you continue to receive comprehensive vulnerability data, but it requires immediate action to ensure your environment is prepared. What you need to do To prevent the feed size from causing PHP memory exhaustion in your environment, please follow the resolution path for your specific version: Versions 6.5.1 – 6.7.2: Patch 202601.1 is now available. Applying this patch will automatically modify the PHP configuration to increase the memory limit. Versions Prior to 6.5.1: Follow the instructions outlined in this Knowledge Base article to modify the PHP configuration. Note: Tenable Security Center consoles with less than 8 GB RAM may need to have their hardware resources updated. Review Tenable Security Center hardware recommendations Why this matters Taking action now allows you to adopt a proactive approach to this feed expansion, ensuring your nightly updates continue seamlessly. Prevent SC Feed Update Failures: Without this fix, SC Feed updates may fail and log an "Allowed memory size... exhausted" error or terminate abnormally with error status '255'. Protect Disk Space: Failing feed updates can leave behind orphaned files in /opt/sc/data/feed.XXXXX folders, which may build up and cause disk space issues over time. Access our related documentation to learn more: Tenable Security Center Patch 202601.1 (2026-01-06) Knowledge Base: Tenable Security Center Feed Update Failing with "terminated abnormally with error status '255'" Due to PHP Memory ExhaustionTenable product update: Standardizing Tenable risk scoring
At Tenable, we are committed to providing the most accurate, defensible, and actionable view of organizational risk. To achieve this, we must continually refine the intelligence that powers your prioritization. On July 1, 2026, we are implementing a series of foundational updates to our risk scoring engines. As part of this update, you may see changes to your risk scores, depending on the Tenable product(s) you own. These changes simplify your workflow by standardizing scoring on a single, high-fidelity model for vulnerability and asset risk. The new standard for VPR For the past several months, many of you have utilized VPR (Beta) to gain deeper insights into exploitability. We are excited to announce that on July 1, this model will be promoted to the primary Vulnerability Priority Rating (VPR) across the Tenable platform. By standardizing on this advanced model, we are retiring legacy VPR scoring to ensure every customer benefits from our most sophisticated threat intelligence. The new version of VPR incorporates more threat intelligence and vulnerability metadata so that you can focus on the 1.6% of vulnerabilities that actually matter. Better context through enhanced asset classification Alongside the VPR update, we are enhancing our asset classification engine. This update improves how we identify the function and importance of assets across your entire attack surface, including Cloud, OT, and third-party devices. As a result, customers with access to Asset Criticality Ratings (ACR) will see these scores more accurately reflect real-world business risk. What this means for you These are backend enhancements designed to provide immediate value with zero manual configuration. On July 1, your dashboards, reports, and APIs will automatically reflect these updated metrics. Because both VPR and ACR serve as inputs to Cyber Exposure Score (CES) and Asset Exposure Score (AES), customers using these scores may see changes that reflect a more accurate understanding of exposure. Customer FAQ What happens to the VPR (Beta) score in the Tenable UI? The Beta label will be removed. The high-fidelity model you’ve been previewing will become the standard VPR. The legacy version of VPR will be retired to ensure a single, unified source or truth. Do I need to rewrite my custom API scripts using VPR? No. For customers using APIs, updated values will be mapped into legacy VPR fields on the back end to ensure compatibility and a smooth transition for your scripts and third-party tools. How does this affect my SLAs? Because many organizations use VPR as their operational prioritization layer, your SLA statistics and remediation tracking will now reflect the more precise scoring model. This helps ensure your team is meeting response goals for the vulnerabilities that pose the highest actual risk. How does Enhanced Asset Classification affect my scores? The system now automatically identifies the function and criticality of assets across Cloud, OT, and third-party sources. This improved context leads to more accurate Asset Criticality Rating (ACR) adjustments. For customers with access to ACR, this ensures your most critical business assets are effectively prioritized. For a detailed guide on our enhanced VPR, check out this FAQ. Want to see the why behind our scoring? View our scoring explained.Now available: VM-Native OT Discovery
VM-Native OT Discovery introduces a powerful new asset discovery engine directly inside Tenable Vulnerability Management and Tenable Security Center. This allows you to identify and profile OT assets—including PLCs, HMIs, and IoT devices—using the VM tools you already own. Use a new "OT Recon" scan template to perform safe, protocol-aware active queries. No additional hardware or sensors are needed. Get started in minutes. Discovered assets count toward your existing license at a 1:1 ratio. Watch this 2-minute guided demo to see VM-Native Discovery in action. For more information, please refer to the user guides for Tenable Vulnerability Management (Discovery Settings, Scan Templates) and Tenable Security Center (Scan Policy Options). For continuous monitoring and access to a wide range of other advanced OT/CPS security capabilities, consider upgrading to Tenable OT Security to maximize the value of your Tenable One deployment.Introducing Tenable Security Center 6.8
Our latest release, Tenable Security Center 6.8, introduces several new features and enhancements to streamline your security operations: Focus on real risk: Stop chasing 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical. Start focusing on the 3% of CVEs that truly matter. Enhanced VPR logic and new AI-powered insights explain why an exposure is significant and provide clear mitigation guidance based on regional and industry-specific threat actor behavior. Streamlined infrastructure: We’ve unified IPv4, IPv6, and Agent repositories into a single, flexible Asset Repository type to reduce administrative overhead and give you more freedom in how you bucket and analyze your data. You can now target any data, including agent, network scan, and passive data, into any repository. Asset grouping and customization: The Explore Assets page includes new "Group By" options for Microsoft ID, Network, System Type, and Asset Criticality Rating (ACR). Other enhancements to the Explore Assets page include the ability to edit ACR scores (available in Tenable Security Center Plus) directly in the Explore interface. You can also export findings and installed software for specific assets to a comma-separated values (CSV) file. Background queries: Start a query and keep working. Tenable Security Center now processes long-running asset searches in the background. Scan optimization: Prevent performance issues with new per-host timeouts that keep your scan schedules on track to prevent a single host from increasing overall scan time. Enhanced security: Use at-rest encryption for External PostgreSQL databases and expanded PAM integration for Delinea and BeyondTrust. Before you upgrade: Tenable Security Center 6.8 supports upgrades from version 6.4.0 and later. Please review the latest updates to Tenable Security Center hardware specifications in the release notes for optimal performance.
January 2026 Tenable Product Newsletter
Greetings! Check out our January newsletter to learn about the latest product updates, research insights, and educational content — all to help you get more value from your Tenable solutions. Tenable One New Tenable One Connector | ORDR Bridge the gap between IT and OT. Connect Tenable One with ORDR to get a single view of your entire attack surface, showing exactly how a simple IT exposure can reach your critical operational technology. By treating IT and OT as a single, connected environment, you can better protect your uptime and ensure smooth and safe operations. Learn more >> Tenable Cloud Security Tenable named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs) We are excited to share that Tenable is named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs). In this report, Gartner Peer Insights provides a rigorous analysis of 1,664 reviews and ratings of 10 vendors in the CNAPP market. In the 18-month eligibility window, we received an average of 4.8 out of 5 stars for Tenable Cloud Security based on 71 reviews as of October 2025. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your cloud security program. You can read the report here. Exclusions | Strategic risk management: Streamline exception handling with a new centralized framework. Define business scenarios to ignore non-actionable findings or adjust their severity using flexible conditions like tags and attributes. All legacy exceptions now migrate here for a single, auditable source of truth. Reports | Query-to-report automation: Transform any search in Explorer into a scheduled or on-demand report. Leverage a redesigned, full-screen reporting experience featuring live data previews and local timezone support to ensure stakeholders receive actionable data exactly when they need it. IAM | AWS ABAC and granular visibility: Permission evaluations now support AWS attribute-based access control (ABAC) for highly accurate least-privilege recommendations. Additionally, a new dedicated Access Level section in resource profiles replaces generic summaries with a detailed breakdown of permission categories. Projects | Scalable API automation: Manage high-volume environments with new GraphQL API support for Projects. Programmatically create, modify, or delete projects and role assignments to align security governance with rapid DevOps workflows. Data security | Precision classification: Enhance data discovery by using Regex to exclude known or irrelevant values from classification to ensure your data security findings focus on actual sensitive information while filtering out noise. View full cloud release notes Tenable Identity Exposure This month, we are focusing on removing deployment friction for indicators of attack (IoA). To maintain a high-velocity security posture, we have simplified the process of authorizing installation scripts within your existing EDR/AV environments. Frictionless IoA deployment: We’ve added three new parameters to the IoA installation script to ensure your security stack works in harmony. This enhancement accelerates time-to-protection by pre-authorizing deployment scripts and preventing false-positive blocks from security tools. Proactive authorization: Use OutputCertificate or GetSignatureToWhitelist to retrieve the Tenable certificate or script hash for immediate allowlisting. Controlled execution: The TimerInMinutes parameter allows you to delay installation, ensuring your environment has processed allowlist updates before the script runs. View full identity release notes By focusing on these specific parameters, your team can avoid the manual overhead of troubleshooting blocked installations and move directly to monitoring for identity-based threats. Tenable Vulnerability Management Streamline your Microsoft Patch Tuesday remediation Master the monthly operational challenge of Microsoft Patch Tuesday with the updated one-stop-shop dashboard. You can now balance critical deployments against user disruption with a comprehensive view of your organization's remediation status to quickly detect vulnerable devices and prioritize the most difficult issues. This update leverages three key advancements: Enhanced VPR analysis: Utilize the newest algorithm to focus on your most critical vulnerabilities. The enhanced analysis reduces your workload and offers greater explainability for risk scoring. Granular asset tracking: Leverage new software inventory attributes to distinctly analyze risk across operating systems versus applications and packages. Reboot detection: Instantly identify assets with applied patches that are vulnerable due to a pending reboot, so you can close security gaps completely. Download a new copy of this dashboard to access the new widgets and data visualizations. Nessus SSH Session Re-use feature added for credential scans Nessus now supports an opt-in feature to reuse SSH sessions during a scan when running Nessus version 10.9.0 or greater. Added in response to numerous requests from customers like you, this update will reduce the number of new SSH connections established during remote network scans and the associated increase in network traffic. Access more information in Tenable Research Release Highlights here. Tenable Security Center Action required: Preparing for upcoming VPR feed update Starting mid-January 2026, the Tenable Security Center feed will expand to support new Vulnerability Priority Rating (VPR) data. To prevent PHP memory exhaustion and ensure your daily updates continue seamlessly, you must take immediate action. Versions 6.5.1 – 6.7.2: Patch 202601.1 is now available. Applying this patch will automatically modify the PHP configuration to increase the memory limit. Versions prior to 6.5.1: Follow the instructions outlined here to modify the PHP configuration. Note: Consoles with less than 8 GB RAM may require a hardware resource update. In case you missed it: Tenable Security Center 6.7 is now available See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive UX that improves usability, scalability, and efficiency across your workflows. Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on defined conditions, so you can catch vulnerabilities sooner and respond with confidence. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. The release updates hardware specifications. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and view the release notes for details. Tenable Patch Management Get the magic of simplicity and deep control On Jan. 22, your patching experience transforms into a single, unified powerhouse. You no longer have to choose between speed and granular control. You now have full access to our most robust engine designed for autonomous patching. We’ve streamlined your workflow to help you close security gaps faster: Set up in minutes, not hours, with the new 6-step onboarding wizard. Eliminate guesswork using the intuitive "What, When, & How" strategy builder. Act fast with front-and-center emergency controls like Global Pause. Rest assured, your current strategies remain untouched and will continue to function exactly as designed. Explore the new features. Tenable OT Security Now available: Tenable OT Security 4.5 This release delivers improved scalability for enterprise environments, enhanced power grid visibility, and new integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality. Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: Simplify how you measure and report against critical security frameworks with support for IEC 62443-3-3 and NIST-CSF in the Compliance Dashboard. Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles. Tenable Training and Product Education Introducing the Tenable Universal Education SKU Maximize your team’s expertise without the pressure of immediate decision-making. Tenable Universal Education SKUs streamline your procurement by consolidating all training needs into a single, flexible entitlement. You can secure your budget today and choose your specific product or certification path later as your security priorities evolve. This flexibility also applies to your existing Enrollment Codes, which you can now use for any applicable course. When you are ready to train, simply visit Tenable University, select your course from the eligible catalog, and apply your code to start learning. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars here. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. CVE-2025-64155: Exploit code released for critical Fortinet FortiSIEM command injection vulnerability Microsoft’s January 2026 Patch Tuesday addresses 113 CVEs (CVE-2026-20805) Research release highlights SSH Session Reuse: Opt-in to this feature to reduce the number of SSH connections made during remote network scans within Tenable Vulnerability Management and Nessus Miracle Linux Local Security Checks: Scan for Miracle Linux vulnerabilities using the newly released plugins. SNMPv3 for CyberArk and HashiCorp Vault: Choose to query the CyberArk or Hashicorp vaults using the SNMPv3 credentials. Content coverage highlights More than 4,700 new published vulnerability plugins. More than 60 new audits delivered to customers. Read Tenable documentation.Tenable Security Center 6.7: Modern Visibility, Smarter Automation, Stronger Performance
With Tenable Security Center 6.7, you gain a faster, clearer, and more flexible way to manage vulnerabilities across your environment. This release modernizes the experience, strengthens automation, and improves performance to help you reduce risk more efficiently. What’s New: Explore – Assets (Preview): See your environment through a modernized interface with structured data, flexible filtering, and grouping tools that make asset analysis faster and easier. Get a walkthrough > Triggered Agent Scanning: Automate Tenable Agent scans using your own triggers—like time intervals or file changes—so vulnerabilities are found as soon as they appear. See in action > Credential Verification Scan Policy: Confirm that your Windows and Unix credentials are working as expected with a simple scan policy designed to verify authentication success. Watch demo on demand > What’s Improved: Consistent Asset Tracking: Asset tracking logic now matches Universal Repository behavior, giving you consistent visibility across IPv4 and IPv6 assets. Simplified Naming: Asset Lists are now Asset Tags, and object identifiers (formerly Tags) are now Labels for greater clarity. Smarter Scanning: Advanced scan policies can now toggle off new plugin families by default—so your customized scan policies don’t change unexpectedly. Get more details > More Accurate Results: Configure Freeze Windows to mark scans as Complete (not Partial) when impacted, so you always get full visibility into your results. See more here > Optimized Performance: Enjoy faster scan ingest and query performance, plus improved PostgreSQL security and efficiency. Expanded Integrations: Use updated PAM support for BeyondTrust and VMware vCenter, along with enhanced Red Hat repository mapping capabilities (more information is available here). Before You Upgrade: You can upgrade directly from Security Center 6.3.0 or higher. Hardware specifications have been updated—systems below the new recommendations will still upgrade, but performance may vary. Tenable Support can help you fine-tune configurations if needed. Important Changes in 6.7.0: Web Application Scanning via Nessus is deprecated. Move your web app scanners to Tenable Core or Docker-based scanners. Kubernetes deployment support ends in this version. Security Center Kubernetes customers will migrate to Tenable Enclave Security, which delivers a secure, modern foundation for Kubernetes-based environments. With these updates, you’ll gain a more responsive, scalable, and unified way to secure your environment—helping you move from detection to action with greater speed and confidence. [Read the Full Release Notes] or [Upgrade Now]
Stop Choosing Between Simple and Powerful. Get Both with TPM 10.0
On January 22, we are thrilled to unveil Tenable Patch Management (TPM) 10.0. This update is a significant transformation of our patch product, designed to deliver the promise of modern, frictionless, and autonomous patching for everyone. We are officially retiring the "Express" vs. "Enterprise" distinction. Moving forward, TPM is a Single SKU model. Whether you need high-speed simplicity or deep granular control, you no longer have to choose. Every user now has access to the full power of the Tenable patching engine. TPM 10.0 reduces operational complexity, and focuses on the daily workflow of the administrator. Highlights of TPM 10.0 (SaaS & On-Premise) We’re moving away from executive ROI charts to focus on an Administrator-First interface. The new homepage prioritizes "Blind Spots" and "Delta Numbers," giving you an instant view of your unpatched gaps. A Simple Setup Wizard: A new 6-step onboarding guide replaces hours of manual setup, covering integration, device verification, and your first patching strategy in minutes. "What, When, & How" Strategy Builder Workflow: Build strategies and leverage Deployment Rings (formerly Waves) and automated Transitions (Success, Approval, or Delay) to control exactly how patches roll out. The Emergency Kit: A "Global Pause" button, instant rollback, and exception controls are now front-and-center on your dashboard. Single-Pane Visibility: The updated Monitoring & Deployments Dashboards offer a clear view of scheduled, in-progress, and finished deployments, allowing you to bypass approvals or skip ahead without menu-hopping. RBAC Enhancements (TPM On-Premise): Expanded Role-Based Access Control (RBAC) is now available for TPM On-Premise. New built-in security roles allow scoped access for specific locations (e.g., branch offices, testing labs) and read-only access for security audits. For the Power Users We haven’t removed the deep customization you love; we’ve just organized it. All advanced features like Intent Schema and Flex Controls have moved to the new Advanced Settings hub. This keeps the main interface clean for daily tasks while ensuring your "under-the-hood" configurations remain just one click away. Migration & Licensing: What It Means For You Customer Type What Happens on Jan 22? Action Required SaaS / Cloud Automatic upgrade to the v10 UI. None. Your subscription transitions at your next renewal. On-Premise Stay on your current UI until you choose to upgrade. Optional Upgrade: Contact us for a Zero-Dollar Exchange Order to unlock v10 features today. Get Started with These Resources To help you hit the ground running, we’ve attached two essential resources to this post: What's New in TPM 10.0 (PDF): A comprehensive feature guide, FAQ, and a navigation map to help you find your favorite v9 tools in the v10 interface. TPM 10.0 Video Walkthrough: Join Ahmad Maruf, Principal Product Manager of Tenable Patch Management for a deep dive into the new dashboard, wizard-driven onboarding, strategy creation, and emergency controls here. Your current product and strategies remain completely untouched and will continue to function as designed. Log in on January 22nd to explore the new dashboard, and experience the magic of simplicity combined with deep control. Happy Patching, Tenable Patch Product Management
December 2025 Tenable Product Newsletter
Greetings! Check out our December newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's new in Tenable One: November 2025 release This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk. Release highlights: New Tenable One Connector: Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface to reveal how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Edit widgets: Edit and update widgets on dashboards you own. Customize all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. RBAC new roles: Unlock more precise access control with a new custom exposure management role for more granular access to the different modules in Tenable One, including tag enforcement, along with a dedicated read-only role for improved oversight. See all platform enhancements >> Tenable Is a Leader in the First-Ever Gartner®️ Magic Quadrant™️ for Exposure Assessment Platforms We’re proud to share that Tenable has been named a Leader in the first-ever 2025 Gartner Magic Quadrant for Exposure Assessment Platforms, ranking highest for both Ability to Execute and Completeness of Vision. Tenable was also positioned as a Leader in both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™️: Unified Vulnerability Management, Q3 2025. This recognition wouldn’t be possible without you — our customers. Your insights, feedback, and collaboration have been instrumental in shaping Tenable One, helping organizations around the world reduce exposure risk across their entire attack surface. Get the report > Tenable Cloud Security Console | Unified cross-cloud view: Explorer is the new unified page. Get a complete cross-cloud view of all resources and findings. Query across objects, export results, and use Graph view to visualize risk paths. Network | Validate real-world exposure: Network Scanner now validates actual external exposure to identify truly reachable cloud resources and exposed endpoints. Use real-world data to cut false positives and sharpen prioritization. IAM | Full entitlement insight: Inventory now displays all roles and identity-based policies across AWS, Azure, GCP, Entra ID, and Google Workspace, including unused ones. Proactively reduce entitlement risk by creating custom least-privilege policies for any supported role. Vulnerability management | Public AMI scanning: Expanded AWS coverage now supports scanning public AMIs (cloud-managed AMIs), including vendor and AWS-published images in your posture assessments for a comprehensive security view. View all updates>> Tenable Vulnerability Management Mobilize your VM data Unify teams and streamline remediation workflows with the initial release of mobilization services, beginning with ticketing integrations in Tenable Vulnerability Management. Automatically or manually create bi-directional tickets in Jira Cloud via Exposure Response Initiatives. This capability accelerates response times by synchronizing your security findings with tickets in Jira Cloud. See mobilization in action: Watch this walkthrough to see how to set up and use the new ticketing integration. Review the documentation and Quick Reference Guide for detailed steps. Note: ServiceNow ITSM ticketing mobilization is coming soon. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and read the release notes to take advantage of these improvements and keep your environment running at peak performance. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. Refer to the release notes and advisories (TNS-2025-20 and TNS-2025-18) for more information and download patches here. Tenable OT Security Introducing Tenable OT Security 4.5 (Early Access) The upcoming release of Tenable OT Security 4.5 – now available in Early Access – focuses on scalability for enterprise environments, enhanced power grid visibility, and improved integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting at scale with the ability to create rule-based groups and tags using multiple filters, including asset type, risk score, and criticality. Enhanced grid visibility (IEC 61850): Added support for IEC 61850 to improve passive detection of intelligent electronic devices (IEDs) with safer, deeper visibility for substation and power generation environments. RBAC for enterprise manager: New role-based access controls (RBAC) enable administrators to assign users to specific ICPs using user groups, so users only view the zones they are authorized to see while inheriting ICP-level roles. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: The Compliance Dashboard now includes direct mapping for IEC 62443-3-3 and NIST-CSF to simplify how you measure and report against these critical security frameworks. In case you missed it: What’s new in Tenable OT Security 4.4 Unified exposure management: Sync your OT asset tags directly to Tenable One and Tenable Security Center to enrich enterprise IT security workflows with OT context. Deep visibility for specialized environments: Gain granular details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. Reduced alert fatigue: A redesigned Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures. Expanded protocols: Added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the release notes to see what’s new and how to upgrade. Tenable Identity Exposure Attack path optimization: Complex attack path queries now time out after three minutes and automatically revert to the shortest, most viable path. Get critical findings faster when dealing with large-scale domain environments. (v3.109) Syslog direct linking: Syslog alerts now contain a new time-based URL. Use this link to jump instantly to the exact incident details within Tenable Identity Exposure to accelerate your investigation and response workflow. (v3.108) Kerberos IoE clarity: The Dangerous Kerberos Delegation Indicator of Exposure (IoE) now features dedicated paragraphs for each vulnerability reason to simplify understanding and make remediation steps clearer and more concise. (v3.108) View all updates>> Tenable Web App Scanning Optimized scanning for production environments Eliminate conflicts with peak traffic hours using enhanced scan windows. You can now define granular scan (green) or pause (red) windows for individual scans, independent of global settings. Whether spanning multiple days or scheduling multiple windows per day, your assessments automatically progress during approved hours without manual restarts. For more details, review the documentation for pause and resume scans and basic scan settings. Tenable Enclave Security Tenable Enclave Security and Container Security 1.7 now generally available This release brings Security Center 6.7 into the Enclave Security platform and introduces exposure response for container security. See our announcement above for more information on the benefits of Security Center 6.7. With exposure response in container security, customers can better track and prioritize remediation efforts by: Creating initiatives to identify critical exposures, assign ownership and apply SLAs Managing initiatives through customizable dashboards Using advanced query capabilities to drill into specific findings, assets or vulnerability combinations. For more information review the Tenable Enclave Security 1.7 release notes. Tenable Cloud Security FedRAMP Tenable Cloud Security now available through GSA OneGov Federal agencies can now purchase Tenable Cloud Security FedRAMP through the GSA OneGov program at a 65% discount through March 2027. This partnership makes it easier and more cost effective for federal agencies to identify and reduce cloud risk by gaining visibility into misconfigurations, vulnerabilities and excessive permission across cloud environments, supporting federal cloud first policies and zero trust initiatives. Interested agencies should request more information on our Tenable and GSA webpage or email publicsector-gsa@tenable.com. For more information: Attend our webinar on January 15, 2026: Cloud security for federal agencies: Threats, best practices and the GSA OneGov advantage Read our blog: Tenable partners with GSA OneGov to help federal government boost its cloud security Tenable Training and Product Education Enhance your attack surface management skills Benefit from a superior learning experience with the updated Introduction to Tenable Attack Surface Management course. We've introduced a modernized interface and smoother navigation for immediate improvement. Access this no-cost course, along with many other on-demand options, anytime at Tenable University. Start learning today to gain essential skills and better manage your organization's external attack surface. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. Agentic AI security: Keep your cyber hygiene failures from becoming a global breach A practical defense against AI-led attacks CVE-2025-55182: Frequently asked questions about React2Shell: React server components remote code execution vulnerability FAQ About Sha1-Hulud 2.0: The "second coming" of the npm supply-chain campaign CVE-2025-64446: Fortinet FortiWeb zero-day path traversal vulnerability exploited in the wild Microsoft Patch Tuesday 2025 Year in Review Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025 Research release highlights Introducing new plugins to assess security posture for the transition toward Post-Quantum Cryptography (PQC)! Tenable Research PQC support helps customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. For more information, see the Release Highlight. Content coverage highlights More than 5,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach. More than 50 new audits delivered to customers. Read Tenable documentation.February 2026 Tenable Product Newsletter
Greetings! Check out our February newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Exposure 2026 Save 50% on the security conference of the year Don’t miss Exposure 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get: Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training Practical resources and real-world insights from Tenable leaders and industry experts Register before March 31 to save 50% off admission and training with early bird pricing. Tenable One Say hello to the Tenable One Open Connector We know your security stack is disparate, but your visibility shouldn't be. That's why we're thrilled to introduce the Tenable One Open Connector — a powerful new way to bridge the gaps across your attack surface and create a truly unified, context-aware view of risk. Bring your own data: Don't wait for a pre-built connector. Whether it’s pentesting reports or external vulnerability scans, you can now ingest data from across your entire stack on your own terms. Seamless uploads: Use in-platform drag-and-drop functionality to upload CSV, Excel, or ZIP files in seconds — no complex APIs or coding required. Customizable mapping: Customize exactly how you organize data for precise segmentation and more accurate reporting. Ready to unify your security data? Explore the Tenable One Open Connector. AI Exposure Tenable One AI Exposure now gives you visibility and control to close your AI exposure management gap through three core capabilities: Discover AI across your entire environment: Continuously discover shadow AI across your environment, so your security teams have a complete, risk-aware view of where AI exists, its connections, and where exposure begins. Protect AI workloads and agents: Reduce real-world AI risk by protecting the systems that power AI to close the gaps that attackers exploit across infrastructure, agents, and attack paths. Govern AI usage (add-on): Enable secure, compliant AI adoption by eliminating blind spots in how employees interact with GenAI and autonomous agents to ensure your workforce adopts generative tools within a governed framework that prevents data leakage and maintains alignment with organizational policies. For more information, visit our webpage or view the data sheet. Reach out to your customer success manager to get started today! Tenable Cloud Security At Tenable, we are obsessed with your uptime. This month’s updates focus on one goal… shortening the distance between discovering a risk and fixing it. The Highlight: Patch faster, firefight less We’ve integrated Remediation Patches (including Tenable Plugin IDs) directly into your vulnerability tables and workload profiles. The outcome: Drastically reduce Mean Time to Remediation (MTTR) by giving DevOps the exact patch name they need without all the manual research required. Where to find it: Check the new "Patch Name" column in your Vulnerabilities table or click into any Patch Profile for deep context. Validated vision: The Forrester Wave™ Q1 2026 Tenable has been named a Strong Performer in the Forrester Wave™: Cloud Native Application Protection Solutions (CNAPP), Q1 2026. Platform power: Forrester validated our vision for reducing tool sprawl, awarding Tenable a "superior" rating for simplifying exposure management. Perfect scores: We earned 5/5 scores in critical categories: CIEM, Container Orchestration Protection, Reporting, Vision, and Community. Technical edge: The report specifically highlighted our excellence in identifying toxic combinations of permissions and our "extra mile" customer support. Impactful updates Strategic risk management: Use our new Exclusions framework to silence non-actionable findings and focus your team on risks that actually move the needle. AWS ABAC support: Achieve True Least Privilege with granular identity visibility and highly accurate permission recommendations. Automation at scale: New GraphQL API support for Projects allows you to bake security governance directly into rapid DevOps workflows. View Full Cloud Release Notes Tenable Vulnerability Management Streamline AI and MCP risk tracking Monitor artificial intelligence exposure with the updated Tracking AI Exposure dashboard and report. This release replaces complex plugin output filters with simplified plugin family filters, allowing you to identify AI-related vulnerabilities across your environment. This also introduces dedicated content for the Model Context Protocol (MCP), ensuring you can secure AI connectivity alongside your LLM deployments. By utilizing these tools, you gain insight into your AI attack surface to better prioritize exposure. See the dashboard and report here. Navigate the transition to post-quantum cryptography Secure against the threat of quantum computing with Post Quantum Ciphers Analysis report and dashboards. As quantum computers advance, the standard RSA and Elliptic Curve Cryptography (ECC) algorithms for web browsing, VPNs, and identity verification will become vulnerable. By leveraging specialized plugins you can inventory your cryptographic landscape. This allows you to: Identify where RSA and ECC are currently deployed to prioritize your transition to quantum-resistant standards. Detect remote services and Web Application Scanning (WAS) environments that lack post-quantum cipher support. Pinpoint specific vulnerable ciphers, certificates, and assets that require immediate attention. This empowers you to manage the shift to post-quantum security, ensuring your data remains protected as computing capabilities evolve. See the dashboard and report to dive in. Maximize scan efficiency while protecting host & network performance Take full control of your sensor fleet with CPU resource and plugin download concurrency controls. This empowers you to balance essential security visibility with the performance needs of your business-critical infrastructure. CPU resource management: Protect host productivity by setting specific CPU utilization limits for Windows and Linux agents within your agent profiles. This ensures your security scans run efficiently without impacting the user experience or system stability. Bandwidth optimization: Avoid network congestion by governing how many agents or scanners download plugin updates at once. These global settings allow you to throttle traffic to accommodate limited internet pipes, ensuring your network remains responsive. These tools offer flexibility to scale your deployment without compromising network or host stability. For further information, see the release notes. Tenable Security Center Introducing Tenable Security Center 6.8 Our latest release introduces several new features and enhancements to streamline your security operations. Focus on real risk: Stop chasing 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical. Start focusing on the 3% of CVEs that truly matter. Enhanced VPR logic and new AI-powered insights explain why an exposure is significant and provide clear mitigation guidance based on regional and industry-specific threat actor behavior. Streamlined infrastructure: We’ve unified IPv4, IPv6, and Agent repositories into a single, flexible Asset Repository type to reduce administrative overhead and give you more freedom in how you bucket and analyze your data. You can now target any data, including agent, network scan, and passive data, into any repository. Asset grouping and customization: The Explore Assets page includes new Group By options for Microsoft ID, Network, System Type, and Asset Criticality Rating (ACR). Other enhancements to the Explore Assets page include the ability to edit ACR scores (available in Tenable Security Center Plus) directly in the Explore interface. You can also export findings and installed software for specific assets to a comma-separated values (CSV) file. Background queries: Start a query and keep working. Tenable Security Center now processes long-running asset searches in the background. Scan optimization: Prevent performance issues with new per-host timeouts that keep your scan schedules on track to prevent a single host from increasing overall scan time. Enhanced security: Use at-rest encryption for External PostgreSQL databases and expanded PAM integration for Delinea and BeyondTrust. Before you upgrade: Tenable Security Center 6.8 supports upgrades from version 6.4.0 and later. Please review the updated hardware specifications in the release notes for optimal performance. Tenable OT Security Now available: Tenable OT Security 4.5 Our latest release delivers improved scalability for enterprise environments, enhanced power grid visibility, and enhanced Tenable One platform integration. Policy violation findings widgets: New widgets for High-Risk Violations and Operational Violations replace the former Events widgets in the Overview Dashboard, making it easier to distinguish between critical exposures from non-critical operational issues. Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality. Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access, failed logins or risky configuration changes, within Tenable Security Center dashboards and reports to give your security operations center (SOC) and IT security teams a unified view of both OT vulnerabilities and OT policy issues. Expanded compliance mapping: Simplify how you track, measure, and report against critical security frameworks with the ability to directly map asset data and policies to NIST CSF as well as IEC 62443-3-3 to improve visibility for electrical substation and power grid environments. Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles. New protocol and device coverage: Tenable identifies several new vulnerabilities in this release for devices from multiple vendors, including ABB, ANDRITZ HYDRO GmbH, Barco, General Electric, Generex, HP, Lexmark, Schneider, and others. See the complete list here. Note: Upgrades from versions prior to 4.4 may take longer than usual due to the migration of policy events. If you have hundreds of thousands of events, upgrades can take about 30 minutes. Access the release notes to learn more. Tenable Identity Exposure Our February rollout focuses on hardening the Active Directory attack surface and ensuring the integrity of your detection engine. To maintain a resilient identity posture, we have introduced visibility into transient objects and streamlined health monitoring for your infrastructure. Hardening dynamic AD environments: This new Indicator of Exposure (IoE) detects Dynamic Objects Misconfiguration and Usage. This enhancement mitigates risk by identifying transient objects that attackers could exploit for unauthorized access or persistence. Detection engine integrity: We have optimized Domain Installation health checks to ensure your security stack operates at peak performance: Conflict resolution: The system now flags redundant "Tenable IoA GPO EVT Subscribe Listener" files within your SYSVOL. System optimization: Identifying these multiple versions ensures you are running the latest configuration, preventing detection lag or GPO conflicts. View Full Identity Release Notes Tenable Ecosystem Tenable Add-on for Splunk v8.0.2 Tenable has released version 8.0.2 of the Tenable Add-on for Splunk. This latest quality update improves data reliability by resolving a specific index_time race condition previously affecting Tenable Security Center. For more information, please read the Tenable Documentation, and visit Splunkbase to download. Tenable WAS Integration for ServiceNow VR v30.2.0 Tenable has fully integrated Tenable Web App Scanning (WAS) with the ServiceNow Vulnerability Response (VR) app (v30.2.0). This update enables security teams to automatically synchronize application metadata and DAST vulnerability findings directly into ServiceNow to unify remediation workflows. Key benefits: CMDB correlation: Automatically map WAS findings to your CMDB applications for enhanced asset context. Scalable ingestion: Uses Tenable Export APIs to retrieve data in chunks, ensuring high performance for large-scale environments. Flexible lookups: A new Lookup Strategy field enables independent configuration of CI Lookup or Product Model settings for each integration. Broad compatibility: Fully compatible with ServiceNow’s Zurich, Yokohama, Washington, and Xanadu releases. For more details, read the ServiceNow User Guide and visit the ServiceNow Store for the appropriate Tenable apps for ServiceNow. Tenable Plugin for Jira On-premises v11.0.0 Tenable has released version 11.0.0 of the Tenable Plug-in for Jira (On-Prem), adding full support for Jira 11.x Data Center environments. This update modernizes the tech stack to streamline vulnerability remediation workflows. Automatically synchronize findings from Tenable Vulnerability Management, Security Center, and Web App Scanning directly into Jira tickets. Please note: This version is not backward compatible with Jira versions earlier than 11.x; users on Jira 9.x or 10.x must upgrade their Jira environment to use this plugin. For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. Tenable Connect The Tenable Connect Resource Center expansion now better supports your Tenable journey! Look for the question mark in the bottom right-hand corner of any Tenable Connect page for quick access to submit feature requests, and find essential onboarding materials and info on upcoming office hours. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APJ). Learn more and register here. Tenable Webinars See all upcoming live and on-demand webinars here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. I pretended to be an AI agent on Moltbook, so you don’t have to LookOut: Discovering RCE and internal access on Looker (Google Cloud & On-prem) From Clawdbot to Moltbot to OpenClaw: Security experts detail critical vulnerabilities and 6 immediate hardening steps for the viral AI agent Tenable discovers SSRF vulnerability in Java TLS handshakes that creates DoS risk Research release highlights Improvements to live kernel patching detection: Tenable has improved the logic used to detect live-patched kernels to include the running kernel to support KernelCare for Alma Linux, CentOS, CentOS Stream, Fedora, Oracle Linux, Red Hat Linux, and Ubuntu Linux. Backported vulnerability detection improvements: Banners that indicate a Linux distribution will be considered backported by default. Content coverage highlights Almost 15,000 new published vulnerability plugins. More than 38 new audits were delivered to customers. Read Tenable documentation.November 2025 Tenable Product Newsletter
Greetings! Check out our November newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What’s new in Tenable One: October 2025 release This month’s release delivers greater visibility, faster analysis, and more flexibility across APA and Inventory to help you manage risk with ease. APA enhanced public APIs: We’ve improved our public APIs with a higher chunk limit and standardized naming conventions for smoother integrations and a more consistent experience. Inventory export: Easily export asset and finding information to CSV or JSON, so it’s simpler to share insights and collaborate across teams. APA new filters: Analyze paths and techniques more efficiently with new filtering options, including MITRE ID and “Archived by User,” for faster, more focused investigations. Create tickets in inventory findings: Drive action across all your assets in Tenable One by creating a direct link between security findings and workflows to improve collaboration and accelerate response times. See all platform enhancements. Tenable is named a Leader in the first-ever Gartner® Magic Quadrant™ for Exposure Assessment Platforms We believe Tenable’s recognition as a Leader, positioned highest in Ability to Execute and furthest in Completeness of Vision among all vendors evaluated, is validation of the path we've forged together with our customers. Together, we’re redefining exposure management. This exciting report comes on the heels of both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™: Unified Vulnerability Management, Q3 2025. Tenable is the only vendor recognized as a Leader across all three of these trusted industry reports. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager or request a demo. Accelerate your cloud security maturity! Now launched: Tenable Cloud Vulnerability Management! This new offering, part of Tenable One, delivers foundational risk prevention and container security for hybrid environments, granting vulnerability management stakeholders key capabilities to: Achieve an agentless inventory of all cloud virtual machines, images and containers Unify vulnerability risk visibility across on-premises and multi-cloud environments Receive clear remediation steps for closing risk while laying the foundation for a holistic exposure management program tomorrow Tenable Cloud Vulnerability Management extends the power of Tenable's leading vulnerability management expertise directly into the cloud for consistent security controls across your entire attack surface. New, actionable use cases to accelerate your cloud security program: Enforce least privilege across cloud identities Mitigate the blast radius of vulnerabilities New Tenable research/accolades: New AI discovery: 7 novel AI vulnerabilities in ChatGPT New insights brief from our State of the Cloud and AI Security research Named CTEM Leader in Latio’s 2025 Cloud Security Market Report Console New finding insights widgets: See risk and response at a glance. Get sharper visibility into your cloud risk posture with new widgets for findings, trending, mean time to resolve (MTTR), and resolved findings. Quickly spot patterns, track progress, and measure response efficiency, all from your dashboard. These new measurement tools equip you to better assess and quantify your cloud security program’s progress and response efficiency. Smarter, custom dashboards for deeper, side-by-side insights: Go beyond static views. Apply granular filters to dashboard widgets, further customization of your dashboards to address your specific needs. Add the same widget multiple times with different filters to instantly reveal insights such as severity trends, without navigating away. Bulk resource labeling: Organize at scale in seconds. Save time and maintain a clean cloud inventory. Apply one or more custom labels to multiple resources at once, like tagging all Production EC2 instances in a single action, for faster organization, enriched context, and more efficient reporting. These features contribute to an ever-more tailored solution, giving you the flexibility to secure your dynamic cloud environment while meeting your operational needs. Data Snowflake data scanning: Find sensitive data fast, now in Snowflake. Tenable Cloud Security now supports inventory and data protection for Snowflake, scanning the platform to detect and classify sensitive data, and give visibility into where critical data lives and if it’s at risk. Reduce your exposure across this popular cloud data platform. Learn more in the Snowflake FAQ in the Documentation. Workload Smarter Linux vulnerability detection: No more noise. Tenable now improves Linux vulnerability detection by ignoring unused kernel versions left after upgrades. Expect fewer unnecessary findings and a clearer picture of the real risks affecting your Linux workloads. Identity IAM access visibility: Spot high-risk resources fast. The IAM Access Level column in Inventory now covers both Azure and AWS. See the highest (maximum) access level any principal has to a resource across your multicloud environment, quickly identify publicly or externally exposed resources, and reduce the risk of over-permissioned accounts. Upcoming changes New network scanning: We’re excited to inform all Tenable Cloud Security users that, starting in December, a powerful new network scanner capability will be available, activated by default. This feature improves your cloud visibility by actively verifying which resources are truly reachable from the internet. It also helps prioritize verified risks more effectively and reduce false positives, so your teams can focus on what truly matters. No further configuration needed. Find results under Inventory > Network Endpoints. To opt out, please go to Settings > Cloud Security > Network > Scanner. Tenable Vulnerability Management Get control over vulnerability exceptions with query-based recast You need to trust your vulnerability data, and that means your exceptions must be spot-on. We've enhanced Tenable Vulnerability Management with Query-Based Recast to give you the precision and automation necessary to confidently manage your risk posture. Here’s how you gain control and speed: Gain precision: Create highly granular vulnerability exceptions using 14 new criteria like Asset Tags, CVEs, networks and multiple plugins. You define the rule exactly, so your exceptions are exactly right. Simplify management: The modernized Rules Management experience now helps you avoid administrative headaches. You see Related Rules upfront, which means you eliminate confusing, conflicting policy outcomes before they take effect. Automate your workflow: Use the new Recast API to fully automate the creation and deployment of your Recast rules. You can integrate exception management directly into your existing security and ticketing workflows. Streamline your operations and get to a more accurate view of your risk faster. Read the Release Notes and review the Documentation. Accelerate your plugin deployment Significantly speed up plugin testing and deployment using the new Accelerated Plugin Updates toggle in agent profiles. When enabled, your agents check in more frequently, about every 33 minutes, to rapidly detect changes to the "Select Plugin set from the last 30 days" scheduling setting. This allows you to quickly push the latest plugins to production systems to minimize deployment latency. For more information, see documentation. Centralized management with scanner profiles Streamline scanner management using new Scanner Profiles, mirroring the functionality of Agent Profiles. Access this feature on the Sensors page under the Scanners menu. Profiles enable you to centrally control: Disabling scanner software version updates Pinning the scanner software version Configuring declarative plugin scheduling options This control simplifies maintenance and ensures consistency across your deployment. Note that Nessus scanners version 10.10.0 and above support this feature. For details, see the Release Note and User Guide. Nessus Tenable Nessus 10.10 now available We released Tenable Nessus 10.10, which includes a new global scan timeout setting so you can define a maximum duration for a host scan for greater control over scan windows. See the release notes for more details on new features and performance enhancements. Additionally, Terrascan has been removed from all standalone Nessus products. iIt is no longer supported. Refer to the Tenable Nessus Terrascan End-of-Service FAQ for more information. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (Preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered Agent Scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential Verification Scan Policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and Reporting Enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now to take advantage of these improvements and keep your environment running at peak performance. Read the release notes or upgrade now. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade Note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. See the Release Notes and advisories (TNS-2025-20 and TNS-2025-18) for full details and download the patches here. Tenable Patch Management Tenable Patch Management now available in the cloud! We’re excited to announce that Tenable Patch Management is now available in the cloud. It’s easily accessible through your Tenable Workspace. This version includes all the great features you’ve grown to love in the on-premises version of Tenable Patch Management. Please note: if you’re currently on an on-premises version of Tenable Patch Management and would like to migrate to the cloud version, please contact your account team. See a list of third-party applications covered here and note that we are always adding more. For more information, please read the Tenable documentation and release notes. Tenable OT Security Fortify your CPS security posture with Tenable OT Security 4.4 The latest version of Tenable OT Security is now available, designed to give you a more integrated, efficient, and comprehensive view of your operational environment. New features and enhancements in this release include: Unified enterprise reporting for your exposure management program: Sync OT asset tags directly to Tenable One and Tenable Security Center to enrich your enterprise-wide security workflows with critical OT context. Reduced alert fatigue: A new Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures first. Deep visibility for specialized environments: Gain granular asset details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. We’ve also added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the full release notes to learn more about what’s new and how to upgrade. Tenable Identity Exposure Tenable Identity Exposure (SaaS) v3.106 available now With this release, we’re strengthening our ability to surface the identity hygiene issues most likely to enable privilege abuse. The enhanced Password Weaknesses Indicator of Exposure now delivers deeper analysis and clearer guidance, so your teams can move faster from discovery to risk reduction. For full details, please review the release notes: https://docs.tenable.com/release-notes/Content/identity-exposure/saas/2025.htm Tenable Identity Exposure (On-Prem) v3.77.14 now shipping To support customers running complex or regulated environments, this update focuses on resilience and operational integrity. Improvements to RabbitMQ recovery and identity telemetry processing help ensure consistent, dependable analysis, so teams always have the visibility they need to act with confidence. Full release notes are available here. Tenable Ecosystem Tenable App for Microsoft Sentinel v3.1.1 This update for the Tenable App for Microsoft Sentinel v3.1.1 includes: Azure Gov Cloud support with a dedicated link on the Data Connector UI for Azure Gov Cloud. Update to the Azure Sentinel Tenable Vulnerability Management Connector’s Function Extension Bundle to the latest version. Improved performance and general bug fixes. For more details, check out the Tenable documentation and visit the Azure Marketplace to download. Note: this application is also available via Microsoft Azure Gov Cloud marketplace. Tenable Web Application Scanning Scan management just got smarter Two features, Scan by Tag and Add New Application, are now available. These fundamentally change how you manage and scan your web application portfolio, shifting your focus from individual scans to application-centric security. Scan by Tag: Now use your established tagging structure to define scan targets. You no longer need to manually enter or maintain extensive lists of web applications for every scan. By leveraging tags, you ensure consistency, making it easier to manage RBAC and efficiently filter and organize your scan data. Tags are configured in the "Settings" page. Add New Application: You have the power to define your applications manually or via the API before scanning them. This lets you define targets with greater precision, using criteria like port, protocol, or path in addition to the FQDN. By defining your application targets upfront, you ensure scan results consolidation into the correct, cumulative application data, for more accurate and meaningful findings. For more details, please refer to the Documentation and the Release Notes. Tenable Enclave Security Tenable Enclave Security: Now available as a hosted FedRAMP High and IL5 offering Tenable Enclave Security is now available as a hosted and managed solution for high security environments, delivered in partnership with Tenable partner, UberEther. This new offering brings the power of Tenable Security Center and container security to the cloud with full FedRAMP High and DoD IL5 compliance. For more information review the UberEther FedRAMP Marketplace listing, or read our latest blog to learn why container security is critical in restricted environments. Tenable Connect New in Tenable Connect: Innovators Roundtable We're excited to announce the launch of a new Tenable Connect group designed to foster a stronger community and enhance knowledge sharing: Innovators Roundtable. This group is dedicated to maximizing the value and success of our platform through active collaboration and the sharing of knowledge. A central hub for our most forward-thinking users to exchange cutting-edge resources, share best practices, and collectively push the boundaries of platform utilization. Join the conversation! Join the group today to learn and grow with your peers. Tenable Training and Product Education No-cost course: Introduction to Tenable Web Application Scanning Learn how to secure your web applications with Tenable’s new free, interactive on-demand course. You’ll explore how Tenable Web App Scanning differs from traditional vulnerability management, discover its key capabilities and sensors, and see demos of scan setup and results analysis in Tenable Vulnerability Management and the Tenable One Exposure Management Platform. Available now on Tenable University for everyone! Tenable Webinars Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Live customer workshops: November 25 & 26, 2025 (EMEA): Hands-on workshops on Tenable One Connectors. December 3, 2025: From fundamentals to focus (EMEA): Strengthening identity and access management in the Cloud. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Beyond the endpoint: Exposure management that’s proactive (EMEA). Why endpoint-first vulnerability management isn’t enough. (EMEA session) Nov. 4, 2025: Nessus customer update. Web application scanning with Nessus Expert. Nov. 4, 2025: Tenable OT Security customer update. What’s new in Tenable OT Security 4.4 and a sneak peek of Tenable OT Security 4.5. Nov. 5, 2025: Tenable Vulnerability Management customer update. Best practices for role-based access control (RBAC). Nov. 5, 2025: Tenable Web App Scanning Management customer update. Using WAS to identify and assess AI in your web applications. Nov. 6, 2025: Tenable One customer update. Third-party data in Tenable One. Nov. 6, 2025: Tenable Security Center customer update. How to automate reporting and remediation with alerts. Live Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APJ). Learn more and register here. Tenable Research Research blog posts Why Early Visibility Matters: Risk Lurks in the Vulnerability Disclosure Gaps F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Frequently Asked Questions About The August 2025 F5 Security Incident CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities Oracle October 2025 Critical Patch Update Addresses 170 CVEs< Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 Content coverage highlights Almost 6,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach! More than 90 new audits delivered to customers! Documentation Read Tenable documentation.
