Tenable product update: Standardizing Tenable risk scoring
At Tenable, we are committed to providing the most accurate, defensible, and actionable view of organizational risk. To achieve this, we must continually refine the intelligence that powers your prioritization. On July 1, 2026, we are implementing a series of foundational updates to our risk scoring engines. As part of this update, you may see changes to your risk scores, depending on the Tenable product(s) you own. These changes simplify your workflow by standardizing scoring on a single, high-fidelity model for vulnerability and asset risk. The new standard for VPR For the past several months, many of you have utilized VPR (Beta) to gain deeper insights into exploitability. We are excited to announce that on July 1, this model will be promoted to the primary Vulnerability Priority Rating (VPR) across the Tenable platform. By standardizing on this advanced model, we are retiring legacy VPR scoring to ensure every customer benefits from our most sophisticated threat intelligence. The new version of VPR incorporates more threat intelligence and vulnerability metadata so that you can focus on the 1.6% of vulnerabilities that actually matter. Better context through enhanced asset classification Alongside the VPR update, we are enhancing our asset classification engine. This update improves how we identify the function and importance of assets across your entire attack surface, including Cloud, OT, and third-party devices. As a result, customers with access to Asset Criticality Ratings (ACR) will see these scores more accurately reflect real-world business risk. What this means for you These are backend enhancements designed to provide immediate value with zero manual configuration. On July 1, your dashboards, reports, and APIs will automatically reflect these updated metrics. Because both VPR and ACR serve as inputs to Cyber Exposure Score (CES) and Asset Exposure Score (AES), customers using these scores may see changes that reflect a more accurate understanding of exposure. Customer FAQ What happens to the VPR (Beta) score in the Tenable UI? The Beta label will be removed. The high-fidelity model you’ve been previewing will become the standard VPR. The legacy version of VPR will be retired to ensure a single, unified source or truth. Do I need to rewrite my custom API scripts using VPR? No. For customers using APIs, updated values will be mapped into legacy VPR fields on the back end to ensure compatibility and a smooth transition for your scripts and third-party tools. How does this affect my SLAs? Because many organizations use VPR as their operational prioritization layer, your SLA statistics and remediation tracking will now reflect the more precise scoring model. This helps ensure your team is meeting response goals for the vulnerabilities that pose the highest actual risk. How does Enhanced Asset Classification affect my scores? The system now automatically identifies the function and criticality of assets across Cloud, OT, and third-party sources. This improved context leads to more accurate Asset Criticality Rating (ACR) adjustments. For customers with access to ACR, this ensures your most critical business assets are effectively prioritized. For a detailed guide on our enhanced VPR, check out this FAQ. Want to see the why behind our scoring? View our scoring explained.
🚨 Announcing: Tenable AI Exposure 🚨
AI platforms like ChatGPT Enterprise and Microsoft Copilot are boosting productivity, but they also expand your attack surface. AI Exposure, now in Tenable One, gives security teams the visibility and control they need to see, secure, and govern AI use across the organization. Tenable AI Exposure is currently available as a private customer preview for companies actively using ChatGPT Enterprise and/or Microsoft Copilot. If you are interested in joining this exclusive 120-day preview, please sign up through the form found on our product page. With AI Exposure, customers will be able to: Gain deep visibility into AI usage, including prompts, data flows, and risky interactions Identify misconfigurations or unsafe integrations that may expose sensitive data Monitor for AI-specific threats like prompt injection or other AI attacks Enable enforcement of organizational policies and governance standards for AI usage Deploy quickly without agents or disruptions in five minutes or less 🔍 To learn more about AI Exposure, visit our product page.What's New in Tenable One: December 2025 Release
Hey everyone! :) This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk with confidence. Release highlights: New Tenable One Connector | OT Security | Claroty Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface, revealing how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Dashboards | Widgets Edit Edit and update widgets on dashboards you own, customizing all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. See all platform enhancements >>Webinar: Customer Product Update Webinars - July 2025
Check out the latest monthly Customer Update Webinars below and save your spot! Recordings will be posted after the live webinar has concluded. Tenable WAS, July 8, 2025, 11 am ET: Join us for a deep dive into recently released WAS features and capabilities. Tenable Nessus, July 8, 2025, 1 pm ET: Testing for specific CVEs with Nessus. Tenable OT Security, July 9, 2025, 11 am ET: Learn how Tenable OT Security 4.3 unlocks unprecedented visibility and control across your OT/IT environment. Tenable Vulnerability Management, July 9, 2025, 1 pm ET: Credentialed scans versus uncredentialed scans and how to use managed credentials. Tenable One, July 10, 2025, 11 am ET: Learn how Tenable One can now ingest important security context from non-Tenable security tools to help better identify, prioritize and reduce cyber risk. Tenable Security Center, July 10, 2025, 1 pm ET: OS breakdown: reporting exposures by operating system.March 2026 Tenable Product Newsletter
Check out our March newsletter to learn about the latest product and research updates, upcoming and on-demand webinars, and educational content — all to help you get more value from your Tenable solutions. EXPOSURE 2026 Save 50% on the security conference of the year Don’t miss EXPOSURE 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get: Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training Practical resources and real-world insights from Tenable leaders and industry experts Register before March 31 to save 50% off admission and training with early-bird pricing. Tenable customer update webinar 11 a.m. EST/3 p.m. BST, April 9, 2026 Join our upcoming webinar for an informative, fast-paced overview of recent product updates and best practices. Hosted by a team of Tenable product experts, this session will explore how to better secure your expanding attack surface and consolidate critical security data. Register now. Tenable One Coming soon: Data portability for Tenable Attack Path Analysis (APA) We’re introducing Full Export for Tenable APA, allowing you to move beyond single-page views and transform high-level visualizations into actionable offline intelligence. Key capabilities: Comprehensive data: Export full datasets for Top Attack Paths and Top Attack Techniques into CSV or JSON formats. Risk context: Exports include critical metrics like Source NES (Node Exposure Score) and Target ACR (Asset Criticality Rating). High capacity: Easily trigger exports for up to 100K+ results via a new global UI button. API parity: Programmatically pull path data into your SIEM, SOAR, or custom tools using the Tenable Public API. Tenable Cloud Security This month’s updates focus on operational scale, synchronizing security standards, and automating remediation across complex multi-cloud environments. Highlight: Synchronized policy management With linked queries, you can now connect saved explorer searches directly to custom policies and reports. Eliminate manual version control: When you update a source query, every linked policy and report automatically syncs, so your security standards are identical across your entire organization. Operational control: Pause automated workflows for maintenance without losing your configurations using the new enable/disable toggle for automation rules. High-impact capabilities Actionable CI/CD pipelines: Maintain developer velocity by excluding unresolvable vulnerabilities from container image scans. This prevents noise from breaking builds when no patch is currently available. Confirmed reachability: Bridge the gap between theoretical risk and actual exposure with Network Endpoints now displayed in your Inventory to surface the actual, validated entry points for your resources. Dynamic IaC protection: Tenable now scans Terraform dynamic configurations to give you visibility into scaled infrastructure and complex definitions before deployment. Expanded compliance: Immediate support for CIS AWS 6.0.0 and the NIS2 Directive keeps your cloud accounts aligned with the latest global regulatory benchmarks. Strategic update: Domain transition Note: Critical for continued service. The Console URL has officially transitioned to app.tenable.com. Please update your bookmarks and firewall allow lists to include *.app.tenable.com immediately to prevent service interruption. View Full March Release Notes Tenable Vulnerability Management Introducing VM-Native OT Discovery Safely identify and profile connected PLCs, HMIs, and IoT devices using the vulnerability management toolset you already own. No specialized hardware or complex deployments required. Turn your existing IT security tools into a safe OT discovery engine today and get visibility into your IT/OT security gap. Watch the guided demo to see this new capability in action. For more information, explore the user guide documentation for Scan Templates and Discovery Settings. Clean up your scan data: New OS and app inventory dashboard Our new Operating System and Application Inventory with Data Troubleshooting dashboard gives you an instant, high-level view of your asset counts across every OS and application. By using built-in troubleshooting queries, you can identify and fix scan fidelity issues and prioritize risk based on the most accurate data possible. View the dashboard details. Nessus Maximize your vulnerability assessment strategy with our recently introduced interactive Tenable Nessus demos. Skip the manuals and get immediate, hands-on experience securing your attack surface. Explore the Nessus Professional Onboarding demo to launch your first comprehensive scans in minutes. Dive into the Nessus Expert Onboarding demo to master advanced assessment features and eliminate security blind spots, whether on-prem or in the cloud. Tenable Security Center Uncover the OT blind spots across your network If you’re not already a Tenable OT Security user, your IT environment is likely full of shadow OT, like HVAC controllers and IoT devices, that standard scans can’t see. We recently added native OT discovery capabilities directly inside Tenable Security Center, so you can safely map these assets using the tools you already own. Get deep identity data for PLCs and HMIs without risking a disruption or deploying new network sensors. See it in action in this guided demo, and find out how to configure your first scan here. Reminder: Upgrade to Tenable Security Center 6.8 Focus on the vulnerabilities that truly matter with AI-powered VPR insights and clear mitigation guidance. This release streamlines your operations with unified asset repositories for IPv4, IPv6, and Agents, and improves efficiency with new background query processing and scan optimization tools. Explore the release notes for more information before you upgrade. Tenable Patch Management Improved patching precision and reliability Update (v10.0.971.26) includes critical fixes around strategy corruption and inaccurate compliance reporting. By upgrading, you keep your workflows intact, your data precise, and your environment benefits from the modernized performance and security of Java 25. View the release notes or access TPM documentation. Tenable OT Security Update required: Tenable OT Security 4.5 Service Pack (version 4.5.61) We advise all customers currently running version 4.5 apply this upgrade immediately to ensure optimal system stability and performance when processing high volumes of network conversations. This update also addresses specific communication gaps with Rockwell Stratix devices and Nessus scans. Review the release notes for the full list of fixes and improvements. Introducing Tenable OT Security 4.6 (Early Access) Our upcoming release introduces a variety of new features, performance enhancements, and streamlined workflows for large-scale industrial environments. Massive subnet scaling: Now supports up to 5,000 subnets per ICP, significantly increasing visibility for massive enterprise deployments. Centralized network management: A new Monitored Networks page includes bulk-add capabilities and the ability to stage inactive networks before monitoring. Precision scanning: New Nessus workflows let you define specific credential usage per scan for safe discovery of sensitive assets. Streamlined platform navigation: Updated workflow for SSO/SAML users helps you pivot back to the Tenable One platform instantly with the return button. Remote agent updates and query restrictions: Update OT agents directly from the ICP. and remove local site visits or manual CLI intervention. New infrastructure for OT agents also enables you to restrict specific protocol queries. Enhanced diagnostics: Exported asset logs now include deeper metadata to speed up Support and Engineering troubleshooting. IoT connector overhaul: Major stability and performance fixes for Milestone, AvigilonES, and Exacq Edge integrations for IoT asset discovery. This update focuses heavily on large-scale infrastructure, refined scan controls, and better integration with the Tenable One ecosystem. Check out the release notes and user guide for details. Tenable Web App Scanning Stop chasing dead keys: New secrets validation for WAS Don’t waste time manually verifying every leaked credential. Our new Secrets Validation automatically tests detected tokens, like GitHub or AI service API keys, to see if they are live and exploitable. By distinguishing between a harmless string and a critical vulnerability, you can prioritize your remediation efforts based on real-world risk, rather than noise. View the documentation or read the full breakdown on Tenable Connect. Tenable Training and Product Education Evolve from reactive patching to proactive risk oversight The Exposure Management Business Theory course, now available at no cost in Tenable University, guides you in self-paced modules toward building a sustainable exposure management program through the five pillars of the exposure lifecycle: scoping, discovery, prioritization, validation, and mobilization. Get strategic insight to align Tenable’s capabilities with your business goals, drive meaningful change, and make informed decisions. Get hands-on expertise with current industrial security capabilities The newly-updated Tenable OT Security Specialist instructor-led training course, now aligned with Tenable OT Security version 4.4, ensures you can effectively protect your critical infrastructure using the latest product features and workflows. You will learn to: Maximize visibility: Learn to leverage these enhancements to see and secure every asset in your OT environment. Reduce risk: Practice real-world scenarios to identify vulnerabilities and threats faster. Get expert guidance: Interact directly with instructors to master complex configurations and best practices. Visit tenable.com/education to learn more about our Tenable University education offerings, see global instructor-led training (ILT) schedules, and buy virtual ILT or on-demand courses. Tenable webinars Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. The cloud and AI velocity trap: Why governance is falling behind innovation Dynamic objects in Active Directory: The stealthy threat New malicious npm package "ambar-src" targets developers with open-source malware Research release highlights Improvement: Handling component installs for vulnerability assessment: Adds the ability to remove findings for component-based vulnerabilities from scan results New Dell OS10 compliance plugin and audit files: Customers can now measure compliance against Dell OS10 devices with new plugin ID Dell OS10 Compliance Checks (275781) on Tenable Vulnerability Management and Nessus. Content coverage highlights More than 2,700 new published vulnerability plugins. Nearly 50 new audits delivered to customers. Read Tenable documentation.Now available: VM-Native OT Discovery
VM-Native OT Discovery introduces a powerful new asset discovery engine directly inside Tenable Vulnerability Management and Tenable Security Center. This allows you to identify and profile OT assets—including PLCs, HMIs, and IoT devices—using the VM tools you already own. Use a new "OT Recon" scan template to perform safe, protocol-aware active queries. No additional hardware or sensors are needed. Get started in minutes. Discovered assets count toward your existing license at a 1:1 ratio. Watch this 2-minute guided demo to see VM-Native Discovery in action. For more information, please refer to the user guides for Tenable Vulnerability Management (Discovery Settings, Scan Templates) and Tenable Security Center (Scan Policy Options). For continuous monitoring and access to a wide range of other advanced OT/CPS security capabilities, consider upgrading to Tenable OT Security to maximize the value of your Tenable One deployment.
December 2025 Tenable Product Newsletter
Greetings! Check out our December newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's new in Tenable One: November 2025 release This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk. Release highlights: New Tenable One Connector: Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface to reveal how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Edit widgets: Edit and update widgets on dashboards you own. Customize all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. RBAC new roles: Unlock more precise access control with a new custom exposure management role for more granular access to the different modules in Tenable One, including tag enforcement, along with a dedicated read-only role for improved oversight. See all platform enhancements >> Tenable Is a Leader in the First-Ever Gartner®️ Magic Quadrant™️ for Exposure Assessment Platforms We’re proud to share that Tenable has been named a Leader in the first-ever 2025 Gartner Magic Quadrant for Exposure Assessment Platforms, ranking highest for both Ability to Execute and Completeness of Vision. Tenable was also positioned as a Leader in both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™️: Unified Vulnerability Management, Q3 2025. This recognition wouldn’t be possible without you — our customers. Your insights, feedback, and collaboration have been instrumental in shaping Tenable One, helping organizations around the world reduce exposure risk across their entire attack surface. Get the report > Tenable Cloud Security Console | Unified cross-cloud view: Explorer is the new unified page. Get a complete cross-cloud view of all resources and findings. Query across objects, export results, and use Graph view to visualize risk paths. Network | Validate real-world exposure: Network Scanner now validates actual external exposure to identify truly reachable cloud resources and exposed endpoints. Use real-world data to cut false positives and sharpen prioritization. IAM | Full entitlement insight: Inventory now displays all roles and identity-based policies across AWS, Azure, GCP, Entra ID, and Google Workspace, including unused ones. Proactively reduce entitlement risk by creating custom least-privilege policies for any supported role. Vulnerability management | Public AMI scanning: Expanded AWS coverage now supports scanning public AMIs (cloud-managed AMIs), including vendor and AWS-published images in your posture assessments for a comprehensive security view. View all updates>> Tenable Vulnerability Management Mobilize your VM data Unify teams and streamline remediation workflows with the initial release of mobilization services, beginning with ticketing integrations in Tenable Vulnerability Management. Automatically or manually create bi-directional tickets in Jira Cloud via Exposure Response Initiatives. This capability accelerates response times by synchronizing your security findings with tickets in Jira Cloud. See mobilization in action: Watch this walkthrough to see how to set up and use the new ticketing integration. Review the documentation and Quick Reference Guide for detailed steps. Note: ServiceNow ITSM ticketing mobilization is coming soon. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and read the release notes to take advantage of these improvements and keep your environment running at peak performance. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. Refer to the release notes and advisories (TNS-2025-20 and TNS-2025-18) for more information and download patches here. Tenable OT Security Introducing Tenable OT Security 4.5 (Early Access) The upcoming release of Tenable OT Security 4.5 – now available in Early Access – focuses on scalability for enterprise environments, enhanced power grid visibility, and improved integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting at scale with the ability to create rule-based groups and tags using multiple filters, including asset type, risk score, and criticality. Enhanced grid visibility (IEC 61850): Added support for IEC 61850 to improve passive detection of intelligent electronic devices (IEDs) with safer, deeper visibility for substation and power generation environments. RBAC for enterprise manager: New role-based access controls (RBAC) enable administrators to assign users to specific ICPs using user groups, so users only view the zones they are authorized to see while inheriting ICP-level roles. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: The Compliance Dashboard now includes direct mapping for IEC 62443-3-3 and NIST-CSF to simplify how you measure and report against these critical security frameworks. In case you missed it: What’s new in Tenable OT Security 4.4 Unified exposure management: Sync your OT asset tags directly to Tenable One and Tenable Security Center to enrich enterprise IT security workflows with OT context. Deep visibility for specialized environments: Gain granular details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. Reduced alert fatigue: A redesigned Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures. Expanded protocols: Added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the release notes to see what’s new and how to upgrade. Tenable Identity Exposure Attack path optimization: Complex attack path queries now time out after three minutes and automatically revert to the shortest, most viable path. Get critical findings faster when dealing with large-scale domain environments. (v3.109) Syslog direct linking: Syslog alerts now contain a new time-based URL. Use this link to jump instantly to the exact incident details within Tenable Identity Exposure to accelerate your investigation and response workflow. (v3.108) Kerberos IoE clarity: The Dangerous Kerberos Delegation Indicator of Exposure (IoE) now features dedicated paragraphs for each vulnerability reason to simplify understanding and make remediation steps clearer and more concise. (v3.108) View all updates>> Tenable Web App Scanning Optimized scanning for production environments Eliminate conflicts with peak traffic hours using enhanced scan windows. You can now define granular scan (green) or pause (red) windows for individual scans, independent of global settings. Whether spanning multiple days or scheduling multiple windows per day, your assessments automatically progress during approved hours without manual restarts. For more details, review the documentation for pause and resume scans and basic scan settings. Tenable Enclave Security Tenable Enclave Security and Container Security 1.7 now generally available This release brings Security Center 6.7 into the Enclave Security platform and introduces exposure response for container security. See our announcement above for more information on the benefits of Security Center 6.7. With exposure response in container security, customers can better track and prioritize remediation efforts by: Creating initiatives to identify critical exposures, assign ownership and apply SLAs Managing initiatives through customizable dashboards Using advanced query capabilities to drill into specific findings, assets or vulnerability combinations. For more information review the Tenable Enclave Security 1.7 release notes. Tenable Cloud Security FedRAMP Tenable Cloud Security now available through GSA OneGov Federal agencies can now purchase Tenable Cloud Security FedRAMP through the GSA OneGov program at a 65% discount through March 2027. This partnership makes it easier and more cost effective for federal agencies to identify and reduce cloud risk by gaining visibility into misconfigurations, vulnerabilities and excessive permission across cloud environments, supporting federal cloud first policies and zero trust initiatives. Interested agencies should request more information on our Tenable and GSA webpage or email publicsector-gsa@tenable.com. For more information: Attend our webinar on January 15, 2026: Cloud security for federal agencies: Threats, best practices and the GSA OneGov advantage Read our blog: Tenable partners with GSA OneGov to help federal government boost its cloud security Tenable Training and Product Education Enhance your attack surface management skills Benefit from a superior learning experience with the updated Introduction to Tenable Attack Surface Management course. We've introduced a modernized interface and smoother navigation for immediate improvement. Access this no-cost course, along with many other on-demand options, anytime at Tenable University. Start learning today to gain essential skills and better manage your organization's external attack surface. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. Agentic AI security: Keep your cyber hygiene failures from becoming a global breach A practical defense against AI-led attacks CVE-2025-55182: Frequently asked questions about React2Shell: React server components remote code execution vulnerability FAQ About Sha1-Hulud 2.0: The "second coming" of the npm supply-chain campaign CVE-2025-64446: Fortinet FortiWeb zero-day path traversal vulnerability exploited in the wild Microsoft Patch Tuesday 2025 Year in Review Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025 Research release highlights Introducing new plugins to assess security posture for the transition toward Post-Quantum Cryptography (PQC)! Tenable Research PQC support helps customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. For more information, see the Release Highlight. Content coverage highlights More than 5,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach. More than 50 new audits delivered to customers. Read Tenable documentation.New Feature: Mobilize your data with Jira Cloud Ticketing!
We are excited to announce the initial release of mobilization services in Tenable Vulnerability Management and Tenable One, designed to streamline your remediation workflows! This foundational capability provides native, unified ticketing integrations that ensure a current, bidirectional view between your security findings and third-party tickets. No more manual updates or guesswork! What This Means for You: The first iteration focuses on Exposure Response in Tenable Vulnerability Management and Tenable One Inventory Findings: You can now automatically or manually create tickets directly in Jira Cloud via Exposure Response Initiatives in Tenable Vulnerability Management. This synchronization significantly accelerates response times by immediately converting critical security findings into actionable tickets for your remediation teams. Mobilization capabilities are also available in Tenable One: Manually generate tickets from Inventory findings into Jira Cloud. Expose and close critical risks from a single platform across multiple domains, including third-party data. See Mobilization in Action! Ready to see how fast you can turn findings into tickets? Watch the Walkthrough Demo: Learn how to set up and use the new ticketing integration to automate your workflow! Get Started Today: Review the release notes and Quick Reference Guide for detailed setup steps. See the VM User Guide for guidance on creating an initiative and the EM User Guide on how to create a Jira Cloud Ticket. Start leveraging this integration to boost your team's efficiency. What's Next? Note: ServiceNow ITSM mobilization is coming soon!Tenable Cloud Vulnerability Management is now available
Identifying and remediating vulnerabilities is too important to settle for incomplete, inadequate, or poorly supported solutions. Tenable Cloud Vulnerability Management provides full visibility across your cloud environments to deliver detailed prioritization and remediation all in one user-friendly interface. This simplifies multi-cloud visibility and offers Tenable’s leading vulnerability management intelligence. To learn more about how your organization can benefit from Tenable Cloud VM, contact your Tenable account team or view these resources: Product Highlights Data Sheet: Vulnerability management for multi-cloud environments Product Overview: Tenable Cloud Vulnerability Management Blog: Reducing Vulnerability Risk in the Cloud Era Interactive Demo
Tenable Patch Management TPM SaaS is Now Live [GA Announcement]
Release Date: November 17, 2025 We are thrilled to announce that Tenable Patch Management TPM is now available as a fully managed SaaS solution. For too long, IT and Security teams have been stuck in a paradox. Security demands speed to reduce risk, while IT demands stability to ensure uptime. This friction creates a dangerous gap between vulnerability discovery and remediation. Today, we are closing that gap. With the launch of TPM SaaS, you can now replace reactive, manual patching with autonomous, cloud-native remediation. By moving to the cloud, we are empowering your teams to shift their focus from maintaining patch servers to managing business risk. Why Move to the Cloud? Legacy on-premise tools like BigFix, Tanium, and SCCM were built for a different era. TPM SaaS offers a modern approach that is scalable, secure, and effortless to maintain. Zero Infrastructure Overhead Eliminate the need for on-prem hardware, database management, and manual maintenance. Our platform updates automatically, ensuring you always have the latest features without the downtime. Prioritize Risk, Not Volume Stop drowning in patch Tuesdays. TPM leverages Tenable’s Vulnerability Priority Rating VPR and Asset Criticality Rating ACR to automatically identify and remediate the vulnerabilities that pose the greatest risk to your specific environment. Global Scalability Whether you are a local business or a global enterprise, TPM SaaS scales instantly. We have launched with global data centers in the US, UK, Germany, Japan, Australia, and Singapore, ensuring low-latency performance and data sovereignty wherever you operate. Unmatched Coverage Secure your entire estate with industry-leading support for Windows, Linux, and macOS, covering over 20,000 third-party applications and 250,000 unique patches. Key Capabilities at a Glance Autonomous Set and Forget Policies: Define your risk tolerance and let the engine handle the rest. 100 Percent Granular Control: Maintain full authority with tiered deployments, rollbacks, and flexible approval workflows. Resilient Architecture: Built-in redundancy, failover, and our signature Peer-to-Peer (P2P) content distribution to protect your network bandwidth. Centralized Management: Manage admin accounts and identity providers OIDC SAML directly through the Tenable Workspace. Ready to Get Started? Stop managing servers. Start managing risk. Deliver fully autonomous, closed-loop remediation that finally bridges the gap between IT and Security. Start Now at https://www.tenable.com/products/patch-management Read the Release Notes at https://docs.tenable.com/release-notes/Content/patch-management/2025.htm Dive Deeper at https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/welcome.htm – Tenable Patch Product Management
