Stop Choosing Between Simple and Powerful. Get Both with TPM 10.0
On January 22, we are thrilled to unveil Tenable Patch Management (TPM) 10.0. This update is a significant transformation of our patch product, designed to deliver the promise of modern, frictionless, and autonomous patching for everyone. We are officially retiring the "Express" vs. "Enterprise" distinction. Moving forward, TPM is a Single SKU model. Whether you need high-speed simplicity or deep granular control, you no longer have to choose. Every user now has access to the full power of the Tenable patching engine. TPM 10.0 reduces operational complexity, and focuses on the daily workflow of the administrator. Highlights of TPM 10.0 (SaaS & On-Premise) We’re moving away from executive ROI charts to focus on an Administrator-First interface. The new homepage prioritizes "Blind Spots" and "Delta Numbers," giving you an instant view of your unpatched gaps. A Simple Setup Wizard: A new 6-step onboarding guide replaces hours of manual setup, covering integration, device verification, and your first patching strategy in minutes. "What, When, & How" Strategy Builder Workflow: Build strategies and leverage Deployment Rings (formerly Waves) and automated Transitions (Success, Approval, or Delay) to control exactly how patches roll out. The Emergency Kit: A "Global Pause" button, instant rollback, and exception controls are now front-and-center on your dashboard. Single-Pane Visibility: The updated Monitoring & Deployments Dashboards offer a clear view of scheduled, in-progress, and finished deployments, allowing you to bypass approvals or skip ahead without menu-hopping. RBAC Enhancements (TPM On-Premise): Expanded Role-Based Access Control (RBAC) is now available for TPM On-Premise. New built-in security roles allow scoped access for specific locations (e.g., branch offices, testing labs) and read-only access for security audits. For the Power Users We haven’t removed the deep customization you love; we’ve just organized it. All advanced features like Intent Schema and Flex Controls have moved to the new Advanced Settings hub. This keeps the main interface clean for daily tasks while ensuring your "under-the-hood" configurations remain just one click away. Migration & Licensing: What It Means For You Customer Type What Happens on Jan 22? Action Required SaaS / Cloud Automatic upgrade to the v10 UI. None. Your subscription transitions at your next renewal. On-Premise Stay on your current UI until you choose to upgrade. Optional Upgrade: Contact us for a Zero-Dollar Exchange Order to unlock v10 features today. Get Started with These Resources To help you hit the ground running, we’ve attached two essential resources to this post: What's New in TPM 10.0 (PDF): A comprehensive feature guide, FAQ, and a navigation map to help you find your favorite v9 tools in the v10 interface. TPM 10.0 Video Walkthrough: Join Ahmad Maruf, Principal Product Manager of Tenable Patch Management for a deep dive into the new dashboard, wizard-driven onboarding, strategy creation, and emergency controls here. Your current product and strategies remain completely untouched and will continue to function as designed. Log in on January 22nd to explore the new dashboard, and experience the magic of simplicity combined with deep control. Happy Patching, Tenable Patch Product Management
January 2026 Tenable Product Newsletter
Greetings! Check out our January newsletter to learn about the latest product updates, research insights, and educational content — all to help you get more value from your Tenable solutions. Tenable One New Tenable One Connector | ORDR Bridge the gap between IT and OT. Connect Tenable One with ORDR to get a single view of your entire attack surface, showing exactly how a simple IT exposure can reach your critical operational technology. By treating IT and OT as a single, connected environment, you can better protect your uptime and ensure smooth and safe operations. Learn more >> Tenable Cloud Security Tenable named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs) We are excited to share that Tenable is named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs). In this report, Gartner Peer Insights provides a rigorous analysis of 1,664 reviews and ratings of 10 vendors in the CNAPP market. In the 18-month eligibility window, we received an average of 4.8 out of 5 stars for Tenable Cloud Security based on 71 reviews as of October 2025. We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most! Learn from your peers as you choose the best solution for your cloud security program. You can read the report here. Exclusions | Strategic risk management: Streamline exception handling with a new centralized framework. Define business scenarios to ignore non-actionable findings or adjust their severity using flexible conditions like tags and attributes. All legacy exceptions now migrate here for a single, auditable source of truth. Reports | Query-to-report automation: Transform any search in Explorer into a scheduled or on-demand report. Leverage a redesigned, full-screen reporting experience featuring live data previews and local timezone support to ensure stakeholders receive actionable data exactly when they need it. IAM | AWS ABAC and granular visibility: Permission evaluations now support AWS attribute-based access control (ABAC) for highly accurate least-privilege recommendations. Additionally, a new dedicated Access Level section in resource profiles replaces generic summaries with a detailed breakdown of permission categories. Projects | Scalable API automation: Manage high-volume environments with new GraphQL API support for Projects. Programmatically create, modify, or delete projects and role assignments to align security governance with rapid DevOps workflows. Data security | Precision classification: Enhance data discovery by using Regex to exclude known or irrelevant values from classification to ensure your data security findings focus on actual sensitive information while filtering out noise. View full cloud release notes Tenable Identity Exposure This month, we are focusing on removing deployment friction for indicators of attack (IoA). To maintain a high-velocity security posture, we have simplified the process of authorizing installation scripts within your existing EDR/AV environments. Frictionless IoA deployment: We’ve added three new parameters to the IoA installation script to ensure your security stack works in harmony. This enhancement accelerates time-to-protection by pre-authorizing deployment scripts and preventing false-positive blocks from security tools. Proactive authorization: Use OutputCertificate or GetSignatureToWhitelist to retrieve the Tenable certificate or script hash for immediate allowlisting. Controlled execution: The TimerInMinutes parameter allows you to delay installation, ensuring your environment has processed allowlist updates before the script runs. View full identity release notes By focusing on these specific parameters, your team can avoid the manual overhead of troubleshooting blocked installations and move directly to monitoring for identity-based threats. Tenable Vulnerability Management Streamline your Microsoft Patch Tuesday remediation Master the monthly operational challenge of Microsoft Patch Tuesday with the updated one-stop-shop dashboard. You can now balance critical deployments against user disruption with a comprehensive view of your organization's remediation status to quickly detect vulnerable devices and prioritize the most difficult issues. This update leverages three key advancements: Enhanced VPR analysis: Utilize the newest algorithm to focus on your most critical vulnerabilities. The enhanced analysis reduces your workload and offers greater explainability for risk scoring. Granular asset tracking: Leverage new software inventory attributes to distinctly analyze risk across operating systems versus applications and packages. Reboot detection: Instantly identify assets with applied patches that are vulnerable due to a pending reboot, so you can close security gaps completely. Download a new copy of this dashboard to access the new widgets and data visualizations. Nessus SSH Session Re-use feature added for credential scans Nessus now supports an opt-in feature to reuse SSH sessions during a scan when running Nessus version 10.9.0 or greater. Added in response to numerous requests from customers like you, this update will reduce the number of new SSH connections established during remote network scans and the associated increase in network traffic. Access more information in Tenable Research Release Highlights here. Tenable Security Center Action required: Preparing for upcoming VPR feed update Starting mid-January 2026, the Tenable Security Center feed will expand to support new Vulnerability Priority Rating (VPR) data. To prevent PHP memory exhaustion and ensure your daily updates continue seamlessly, you must take immediate action. Versions 6.5.1 – 6.7.2: Patch 202601.1 is now available. Applying this patch will automatically modify the PHP configuration to increase the memory limit. Versions prior to 6.5.1: Follow the instructions outlined here to modify the PHP configuration. Note: Consoles with less than 8 GB RAM may require a hardware resource update. In case you missed it: Tenable Security Center 6.7 is now available See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive UX that improves usability, scalability, and efficiency across your workflows. Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on defined conditions, so you can catch vulnerabilities sooner and respond with confidence. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. The release updates hardware specifications. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and view the release notes for details. Tenable Patch Management Get the magic of simplicity and deep control On Jan. 22, your patching experience transforms into a single, unified powerhouse. You no longer have to choose between speed and granular control. You now have full access to our most robust engine designed for autonomous patching. We’ve streamlined your workflow to help you close security gaps faster: Set up in minutes, not hours, with the new 6-step onboarding wizard. Eliminate guesswork using the intuitive "What, When, & How" strategy builder. Act fast with front-and-center emergency controls like Global Pause. Rest assured, your current strategies remain untouched and will continue to function exactly as designed. Explore the new features. Tenable OT Security Now available: Tenable OT Security 4.5 This release delivers improved scalability for enterprise environments, enhanced power grid visibility, and new integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality. Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: Simplify how you measure and report against critical security frameworks with support for IEC 62443-3-3 and NIST-CSF in the Compliance Dashboard. Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles. Tenable Training and Product Education Introducing the Tenable Universal Education SKU Maximize your team’s expertise without the pressure of immediate decision-making. Tenable Universal Education SKUs streamline your procurement by consolidating all training needs into a single, flexible entitlement. You can secure your budget today and choose your specific product or certification path later as your security priorities evolve. This flexibility also applies to your existing Enrollment Codes, which you can now use for any applicable course. When you are ready to train, simply visit Tenable University, select your course from the eligible catalog, and apply your code to start learning. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars here. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. CVE-2025-64155: Exploit code released for critical Fortinet FortiSIEM command injection vulnerability Microsoft’s January 2026 Patch Tuesday addresses 113 CVEs (CVE-2026-20805) Research release highlights SSH Session Reuse: Opt-in to this feature to reduce the number of SSH connections made during remote network scans within Tenable Vulnerability Management and Nessus Miracle Linux Local Security Checks: Scan for Miracle Linux vulnerabilities using the newly released plugins. SNMPv3 for CyberArk and HashiCorp Vault: Choose to query the CyberArk or Hashicorp vaults using the SNMPv3 credentials. Content coverage highlights More than 4,700 new published vulnerability plugins. More than 60 new audits delivered to customers. Read Tenable documentation.February 2026 Tenable Product Newsletter
Greetings! Check out our February newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Exposure 2026 Save 50% on the security conference of the year Don’t miss Exposure 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get: Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training Practical resources and real-world insights from Tenable leaders and industry experts Register before March 31 to save 50% off admission and training with early bird pricing. Tenable One Say hello to the Tenable One Open Connector We know your security stack is disparate, but your visibility shouldn't be. That's why we're thrilled to introduce the Tenable One Open Connector — a powerful new way to bridge the gaps across your attack surface and create a truly unified, context-aware view of risk. Bring your own data: Don't wait for a pre-built connector. Whether it’s pentesting reports or external vulnerability scans, you can now ingest data from across your entire stack on your own terms. Seamless uploads: Use in-platform drag-and-drop functionality to upload CSV, Excel, or ZIP files in seconds — no complex APIs or coding required. Customizable mapping: Customize exactly how you organize data for precise segmentation and more accurate reporting. Ready to unify your security data? Explore the Tenable One Open Connector. AI Exposure Tenable One AI Exposure now gives you visibility and control to close your AI exposure management gap through three core capabilities: Discover AI across your entire environment: Continuously discover shadow AI across your environment, so your security teams have a complete, risk-aware view of where AI exists, its connections, and where exposure begins. Protect AI workloads and agents: Reduce real-world AI risk by protecting the systems that power AI to close the gaps that attackers exploit across infrastructure, agents, and attack paths. Govern AI usage (add-on): Enable secure, compliant AI adoption by eliminating blind spots in how employees interact with GenAI and autonomous agents to ensure your workforce adopts generative tools within a governed framework that prevents data leakage and maintains alignment with organizational policies. For more information, visit our webpage or view the data sheet. Reach out to your customer success manager to get started today! Tenable Cloud Security At Tenable, we are obsessed with your uptime. This month’s updates focus on one goal… shortening the distance between discovering a risk and fixing it. The Highlight: Patch faster, firefight less We’ve integrated Remediation Patches (including Tenable Plugin IDs) directly into your vulnerability tables and workload profiles. The outcome: Drastically reduce Mean Time to Remediation (MTTR) by giving DevOps the exact patch name they need without all the manual research required. Where to find it: Check the new "Patch Name" column in your Vulnerabilities table or click into any Patch Profile for deep context. Validated vision: The Forrester Wave™ Q1 2026 Tenable has been named a Strong Performer in the Forrester Wave™: Cloud Native Application Protection Solutions (CNAPP), Q1 2026. Platform power: Forrester validated our vision for reducing tool sprawl, awarding Tenable a "superior" rating for simplifying exposure management. Perfect scores: We earned 5/5 scores in critical categories: CIEM, Container Orchestration Protection, Reporting, Vision, and Community. Technical edge: The report specifically highlighted our excellence in identifying toxic combinations of permissions and our "extra mile" customer support. Impactful updates Strategic risk management: Use our new Exclusions framework to silence non-actionable findings and focus your team on risks that actually move the needle. AWS ABAC support: Achieve True Least Privilege with granular identity visibility and highly accurate permission recommendations. Automation at scale: New GraphQL API support for Projects allows you to bake security governance directly into rapid DevOps workflows. View Full Cloud Release Notes Tenable Vulnerability Management Streamline AI and MCP risk tracking Monitor artificial intelligence exposure with the updated Tracking AI Exposure dashboard and report. This release replaces complex plugin output filters with simplified plugin family filters, allowing you to identify AI-related vulnerabilities across your environment. This also introduces dedicated content for the Model Context Protocol (MCP), ensuring you can secure AI connectivity alongside your LLM deployments. By utilizing these tools, you gain insight into your AI attack surface to better prioritize exposure. See the dashboard and report here. Navigate the transition to post-quantum cryptography Secure against the threat of quantum computing with Post Quantum Ciphers Analysis report and dashboards. As quantum computers advance, the standard RSA and Elliptic Curve Cryptography (ECC) algorithms for web browsing, VPNs, and identity verification will become vulnerable. By leveraging specialized plugins you can inventory your cryptographic landscape. This allows you to: Identify where RSA and ECC are currently deployed to prioritize your transition to quantum-resistant standards. Detect remote services and Web Application Scanning (WAS) environments that lack post-quantum cipher support. Pinpoint specific vulnerable ciphers, certificates, and assets that require immediate attention. This empowers you to manage the shift to post-quantum security, ensuring your data remains protected as computing capabilities evolve. See the dashboard and report to dive in. Maximize scan efficiency while protecting host & network performance Take full control of your sensor fleet with CPU resource and plugin download concurrency controls. This empowers you to balance essential security visibility with the performance needs of your business-critical infrastructure. CPU resource management: Protect host productivity by setting specific CPU utilization limits for Windows and Linux agents within your agent profiles. This ensures your security scans run efficiently without impacting the user experience or system stability. Bandwidth optimization: Avoid network congestion by governing how many agents or scanners download plugin updates at once. These global settings allow you to throttle traffic to accommodate limited internet pipes, ensuring your network remains responsive. These tools offer flexibility to scale your deployment without compromising network or host stability. For further information, see the release notes. Tenable Security Center Introducing Tenable Security Center 6.8 Our latest release introduces several new features and enhancements to streamline your security operations. Focus on real risk: Stop chasing 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical. Start focusing on the 3% of CVEs that truly matter. Enhanced VPR logic and new AI-powered insights explain why an exposure is significant and provide clear mitigation guidance based on regional and industry-specific threat actor behavior. Streamlined infrastructure: We’ve unified IPv4, IPv6, and Agent repositories into a single, flexible Asset Repository type to reduce administrative overhead and give you more freedom in how you bucket and analyze your data. You can now target any data, including agent, network scan, and passive data, into any repository. Asset grouping and customization: The Explore Assets page includes new Group By options for Microsoft ID, Network, System Type, and Asset Criticality Rating (ACR). Other enhancements to the Explore Assets page include the ability to edit ACR scores (available in Tenable Security Center Plus) directly in the Explore interface. You can also export findings and installed software for specific assets to a comma-separated values (CSV) file. Background queries: Start a query and keep working. Tenable Security Center now processes long-running asset searches in the background. Scan optimization: Prevent performance issues with new per-host timeouts that keep your scan schedules on track to prevent a single host from increasing overall scan time. Enhanced security: Use at-rest encryption for External PostgreSQL databases and expanded PAM integration for Delinea and BeyondTrust. Before you upgrade: Tenable Security Center 6.8 supports upgrades from version 6.4.0 and later. Please review the updated hardware specifications in the release notes for optimal performance. Tenable OT Security Now available: Tenable OT Security 4.5 Our latest release delivers improved scalability for enterprise environments, enhanced power grid visibility, and enhanced Tenable One platform integration. Policy violation findings widgets: New widgets for High-Risk Violations and Operational Violations replace the former Events widgets in the Overview Dashboard, making it easier to distinguish between critical exposures from non-critical operational issues. Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality. Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access, failed logins or risky configuration changes, within Tenable Security Center dashboards and reports to give your security operations center (SOC) and IT security teams a unified view of both OT vulnerabilities and OT policy issues. Expanded compliance mapping: Simplify how you track, measure, and report against critical security frameworks with the ability to directly map asset data and policies to NIST CSF as well as IEC 62443-3-3 to improve visibility for electrical substation and power grid environments. Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles. New protocol and device coverage: Tenable identifies several new vulnerabilities in this release for devices from multiple vendors, including ABB, ANDRITZ HYDRO GmbH, Barco, General Electric, Generex, HP, Lexmark, Schneider, and others. See the complete list here. Note: Upgrades from versions prior to 4.4 may take longer than usual due to the migration of policy events. If you have hundreds of thousands of events, upgrades can take about 30 minutes. Access the release notes to learn more. Tenable Identity Exposure Our February rollout focuses on hardening the Active Directory attack surface and ensuring the integrity of your detection engine. To maintain a resilient identity posture, we have introduced visibility into transient objects and streamlined health monitoring for your infrastructure. Hardening dynamic AD environments: This new Indicator of Exposure (IoE) detects Dynamic Objects Misconfiguration and Usage. This enhancement mitigates risk by identifying transient objects that attackers could exploit for unauthorized access or persistence. Detection engine integrity: We have optimized Domain Installation health checks to ensure your security stack operates at peak performance: Conflict resolution: The system now flags redundant "Tenable IoA GPO EVT Subscribe Listener" files within your SYSVOL. System optimization: Identifying these multiple versions ensures you are running the latest configuration, preventing detection lag or GPO conflicts. View Full Identity Release Notes Tenable Ecosystem Tenable Add-on for Splunk v8.0.2 Tenable has released version 8.0.2 of the Tenable Add-on for Splunk. This latest quality update improves data reliability by resolving a specific index_time race condition previously affecting Tenable Security Center. For more information, please read the Tenable Documentation, and visit Splunkbase to download. Tenable WAS Integration for ServiceNow VR v30.2.0 Tenable has fully integrated Tenable Web App Scanning (WAS) with the ServiceNow Vulnerability Response (VR) app (v30.2.0). This update enables security teams to automatically synchronize application metadata and DAST vulnerability findings directly into ServiceNow to unify remediation workflows. Key benefits: CMDB correlation: Automatically map WAS findings to your CMDB applications for enhanced asset context. Scalable ingestion: Uses Tenable Export APIs to retrieve data in chunks, ensuring high performance for large-scale environments. Flexible lookups: A new Lookup Strategy field enables independent configuration of CI Lookup or Product Model settings for each integration. Broad compatibility: Fully compatible with ServiceNow’s Zurich, Yokohama, Washington, and Xanadu releases. For more details, read the ServiceNow User Guide and visit the ServiceNow Store for the appropriate Tenable apps for ServiceNow. Tenable Plugin for Jira On-premises v11.0.0 Tenable has released version 11.0.0 of the Tenable Plug-in for Jira (On-Prem), adding full support for Jira 11.x Data Center environments. This update modernizes the tech stack to streamline vulnerability remediation workflows. Automatically synchronize findings from Tenable Vulnerability Management, Security Center, and Web App Scanning directly into Jira tickets. Please note: This version is not backward compatible with Jira versions earlier than 11.x; users on Jira 9.x or 10.x must upgrade their Jira environment to use this plugin. For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. Tenable Connect The Tenable Connect Resource Center expansion now better supports your Tenable journey! Look for the question mark in the bottom right-hand corner of any Tenable Connect page for quick access to submit feature requests, and find essential onboarding materials and info on upcoming office hours. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APJ). Learn more and register here. Tenable Webinars See all upcoming live and on-demand webinars here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. I pretended to be an AI agent on Moltbook, so you don’t have to LookOut: Discovering RCE and internal access on Looker (Google Cloud & On-prem) From Clawdbot to Moltbot to OpenClaw: Security experts detail critical vulnerabilities and 6 immediate hardening steps for the viral AI agent Tenable discovers SSRF vulnerability in Java TLS handshakes that creates DoS risk Research release highlights Improvements to live kernel patching detection: Tenable has improved the logic used to detect live-patched kernels to include the running kernel to support KernelCare for Alma Linux, CentOS, CentOS Stream, Fedora, Oracle Linux, Red Hat Linux, and Ubuntu Linux. Backported vulnerability detection improvements: Banners that indicate a Linux distribution will be considered backported by default. Content coverage highlights Almost 15,000 new published vulnerability plugins. More than 38 new audits were delivered to customers. Read Tenable documentation.
November 2025 Tenable Product Newsletter
Greetings! Check out our November newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What’s new in Tenable One: October 2025 release This month’s release delivers greater visibility, faster analysis, and more flexibility across APA and Inventory to help you manage risk with ease. APA enhanced public APIs: We’ve improved our public APIs with a higher chunk limit and standardized naming conventions for smoother integrations and a more consistent experience. Inventory export: Easily export asset and finding information to CSV or JSON, so it’s simpler to share insights and collaborate across teams. APA new filters: Analyze paths and techniques more efficiently with new filtering options, including MITRE ID and “Archived by User,” for faster, more focused investigations. Create tickets in inventory findings: Drive action across all your assets in Tenable One by creating a direct link between security findings and workflows to improve collaboration and accelerate response times. See all platform enhancements. Tenable is named a Leader in the first-ever Gartner® Magic Quadrant™ for Exposure Assessment Platforms We believe Tenable’s recognition as a Leader, positioned highest in Ability to Execute and furthest in Completeness of Vision among all vendors evaluated, is validation of the path we've forged together with our customers. Together, we’re redefining exposure management. This exciting report comes on the heels of both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™: Unified Vulnerability Management, Q3 2025. Tenable is the only vendor recognized as a Leader across all three of these trusted industry reports. Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager or request a demo. Accelerate your cloud security maturity! Now launched: Tenable Cloud Vulnerability Management! This new offering, part of Tenable One, delivers foundational risk prevention and container security for hybrid environments, granting vulnerability management stakeholders key capabilities to: Achieve an agentless inventory of all cloud virtual machines, images and containers Unify vulnerability risk visibility across on-premises and multi-cloud environments Receive clear remediation steps for closing risk while laying the foundation for a holistic exposure management program tomorrow Tenable Cloud Vulnerability Management extends the power of Tenable's leading vulnerability management expertise directly into the cloud for consistent security controls across your entire attack surface. New, actionable use cases to accelerate your cloud security program: Enforce least privilege across cloud identities Mitigate the blast radius of vulnerabilities New Tenable research/accolades: New AI discovery: 7 novel AI vulnerabilities in ChatGPT New insights brief from our State of the Cloud and AI Security research Named CTEM Leader in Latio’s 2025 Cloud Security Market Report Console New finding insights widgets: See risk and response at a glance. Get sharper visibility into your cloud risk posture with new widgets for findings, trending, mean time to resolve (MTTR), and resolved findings. Quickly spot patterns, track progress, and measure response efficiency, all from your dashboard. These new measurement tools equip you to better assess and quantify your cloud security program’s progress and response efficiency. Smarter, custom dashboards for deeper, side-by-side insights: Go beyond static views. Apply granular filters to dashboard widgets, further customization of your dashboards to address your specific needs. Add the same widget multiple times with different filters to instantly reveal insights such as severity trends, without navigating away. Bulk resource labeling: Organize at scale in seconds. Save time and maintain a clean cloud inventory. Apply one or more custom labels to multiple resources at once, like tagging all Production EC2 instances in a single action, for faster organization, enriched context, and more efficient reporting. These features contribute to an ever-more tailored solution, giving you the flexibility to secure your dynamic cloud environment while meeting your operational needs. Data Snowflake data scanning: Find sensitive data fast, now in Snowflake. Tenable Cloud Security now supports inventory and data protection for Snowflake, scanning the platform to detect and classify sensitive data, and give visibility into where critical data lives and if it’s at risk. Reduce your exposure across this popular cloud data platform. Learn more in the Snowflake FAQ in the Documentation. Workload Smarter Linux vulnerability detection: No more noise. Tenable now improves Linux vulnerability detection by ignoring unused kernel versions left after upgrades. Expect fewer unnecessary findings and a clearer picture of the real risks affecting your Linux workloads. Identity IAM access visibility: Spot high-risk resources fast. The IAM Access Level column in Inventory now covers both Azure and AWS. See the highest (maximum) access level any principal has to a resource across your multicloud environment, quickly identify publicly or externally exposed resources, and reduce the risk of over-permissioned accounts. Upcoming changes New network scanning: We’re excited to inform all Tenable Cloud Security users that, starting in December, a powerful new network scanner capability will be available, activated by default. This feature improves your cloud visibility by actively verifying which resources are truly reachable from the internet. It also helps prioritize verified risks more effectively and reduce false positives, so your teams can focus on what truly matters. No further configuration needed. Find results under Inventory > Network Endpoints. To opt out, please go to Settings > Cloud Security > Network > Scanner. Tenable Vulnerability Management Get control over vulnerability exceptions with query-based recast You need to trust your vulnerability data, and that means your exceptions must be spot-on. We've enhanced Tenable Vulnerability Management with Query-Based Recast to give you the precision and automation necessary to confidently manage your risk posture. Here’s how you gain control and speed: Gain precision: Create highly granular vulnerability exceptions using 14 new criteria like Asset Tags, CVEs, networks and multiple plugins. You define the rule exactly, so your exceptions are exactly right. Simplify management: The modernized Rules Management experience now helps you avoid administrative headaches. You see Related Rules upfront, which means you eliminate confusing, conflicting policy outcomes before they take effect. Automate your workflow: Use the new Recast API to fully automate the creation and deployment of your Recast rules. You can integrate exception management directly into your existing security and ticketing workflows. Streamline your operations and get to a more accurate view of your risk faster. Read the Release Notes and review the Documentation. Accelerate your plugin deployment Significantly speed up plugin testing and deployment using the new Accelerated Plugin Updates toggle in agent profiles. When enabled, your agents check in more frequently, about every 33 minutes, to rapidly detect changes to the "Select Plugin set from the last 30 days" scheduling setting. This allows you to quickly push the latest plugins to production systems to minimize deployment latency. For more information, see documentation. Centralized management with scanner profiles Streamline scanner management using new Scanner Profiles, mirroring the functionality of Agent Profiles. Access this feature on the Sensors page under the Scanners menu. Profiles enable you to centrally control: Disabling scanner software version updates Pinning the scanner software version Configuring declarative plugin scheduling options This control simplifies maintenance and ensures consistency across your deployment. Note that Nessus scanners version 10.10.0 and above support this feature. For details, see the Release Note and User Guide. Nessus Tenable Nessus 10.10 now available We released Tenable Nessus 10.10, which includes a new global scan timeout setting so you can define a maximum duration for a host scan for greater control over scan windows. See the release notes for more details on new features and performance enhancements. Additionally, Terrascan has been removed from all standalone Nessus products. iIt is no longer supported. Refer to the Tenable Nessus Terrascan End-of-Service FAQ for more information. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (Preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered Agent Scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential Verification Scan Policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and Reporting Enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now to take advantage of these improvements and keep your environment running at peak performance. Read the release notes or upgrade now. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade Note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. See the Release Notes and advisories (TNS-2025-20 and TNS-2025-18) for full details and download the patches here. Tenable Patch Management Tenable Patch Management now available in the cloud! We’re excited to announce that Tenable Patch Management is now available in the cloud. It’s easily accessible through your Tenable Workspace. This version includes all the great features you’ve grown to love in the on-premises version of Tenable Patch Management. Please note: if you’re currently on an on-premises version of Tenable Patch Management and would like to migrate to the cloud version, please contact your account team. See a list of third-party applications covered here and note that we are always adding more. For more information, please read the Tenable documentation and release notes. Tenable OT Security Fortify your CPS security posture with Tenable OT Security 4.4 The latest version of Tenable OT Security is now available, designed to give you a more integrated, efficient, and comprehensive view of your operational environment. New features and enhancements in this release include: Unified enterprise reporting for your exposure management program: Sync OT asset tags directly to Tenable One and Tenable Security Center to enrich your enterprise-wide security workflows with critical OT context. Reduced alert fatigue: A new Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures first. Deep visibility for specialized environments: Gain granular asset details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. We’ve also added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the full release notes to learn more about what’s new and how to upgrade. Tenable Identity Exposure Tenable Identity Exposure (SaaS) v3.106 available now With this release, we’re strengthening our ability to surface the identity hygiene issues most likely to enable privilege abuse. The enhanced Password Weaknesses Indicator of Exposure now delivers deeper analysis and clearer guidance, so your teams can move faster from discovery to risk reduction. For full details, please review the release notes: https://docs.tenable.com/release-notes/Content/identity-exposure/saas/2025.htm Tenable Identity Exposure (On-Prem) v3.77.14 now shipping To support customers running complex or regulated environments, this update focuses on resilience and operational integrity. Improvements to RabbitMQ recovery and identity telemetry processing help ensure consistent, dependable analysis, so teams always have the visibility they need to act with confidence. Full release notes are available here. Tenable Ecosystem Tenable App for Microsoft Sentinel v3.1.1 This update for the Tenable App for Microsoft Sentinel v3.1.1 includes: Azure Gov Cloud support with a dedicated link on the Data Connector UI for Azure Gov Cloud. Update to the Azure Sentinel Tenable Vulnerability Management Connector’s Function Extension Bundle to the latest version. Improved performance and general bug fixes. For more details, check out the Tenable documentation and visit the Azure Marketplace to download. Note: this application is also available via Microsoft Azure Gov Cloud marketplace. Tenable Web Application Scanning Scan management just got smarter Two features, Scan by Tag and Add New Application, are now available. These fundamentally change how you manage and scan your web application portfolio, shifting your focus from individual scans to application-centric security. Scan by Tag: Now use your established tagging structure to define scan targets. You no longer need to manually enter or maintain extensive lists of web applications for every scan. By leveraging tags, you ensure consistency, making it easier to manage RBAC and efficiently filter and organize your scan data. Tags are configured in the "Settings" page. Add New Application: You have the power to define your applications manually or via the API before scanning them. This lets you define targets with greater precision, using criteria like port, protocol, or path in addition to the FQDN. By defining your application targets upfront, you ensure scan results consolidation into the correct, cumulative application data, for more accurate and meaningful findings. For more details, please refer to the Documentation and the Release Notes. Tenable Enclave Security Tenable Enclave Security: Now available as a hosted FedRAMP High and IL5 offering Tenable Enclave Security is now available as a hosted and managed solution for high security environments, delivered in partnership with Tenable partner, UberEther. This new offering brings the power of Tenable Security Center and container security to the cloud with full FedRAMP High and DoD IL5 compliance. For more information review the UberEther FedRAMP Marketplace listing, or read our latest blog to learn why container security is critical in restricted environments. Tenable Connect New in Tenable Connect: Innovators Roundtable We're excited to announce the launch of a new Tenable Connect group designed to foster a stronger community and enhance knowledge sharing: Innovators Roundtable. This group is dedicated to maximizing the value and success of our platform through active collaboration and the sharing of knowledge. A central hub for our most forward-thinking users to exchange cutting-edge resources, share best practices, and collectively push the boundaries of platform utilization. Join the conversation! Join the group today to learn and grow with your peers. Tenable Training and Product Education No-cost course: Introduction to Tenable Web Application Scanning Learn how to secure your web applications with Tenable’s new free, interactive on-demand course. You’ll explore how Tenable Web App Scanning differs from traditional vulnerability management, discover its key capabilities and sensors, and see demos of scan setup and results analysis in Tenable Vulnerability Management and the Tenable One Exposure Management Platform. Available now on Tenable University for everyone! Tenable Webinars Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Live customer workshops: November 25 & 26, 2025 (EMEA): Hands-on workshops on Tenable One Connectors. December 3, 2025: From fundamentals to focus (EMEA): Strengthening identity and access management in the Cloud. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Beyond the endpoint: Exposure management that’s proactive (EMEA). Why endpoint-first vulnerability management isn’t enough. (EMEA session) Nov. 4, 2025: Nessus customer update. Web application scanning with Nessus Expert. Nov. 4, 2025: Tenable OT Security customer update. What’s new in Tenable OT Security 4.4 and a sneak peek of Tenable OT Security 4.5. Nov. 5, 2025: Tenable Vulnerability Management customer update. Best practices for role-based access control (RBAC). Nov. 5, 2025: Tenable Web App Scanning Management customer update. Using WAS to identify and assess AI in your web applications. Nov. 6, 2025: Tenable One customer update. Third-party data in Tenable One. Nov. 6, 2025: Tenable Security Center customer update. How to automate reporting and remediation with alerts. Live Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure, and Tenable OT Security. Time zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa), and Asia Pacific (APJ). Learn more and register here. Tenable Research Research blog posts Why Early Visibility Matters: Risk Lurks in the Vulnerability Disclosure Gaps F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Frequently Asked Questions About The August 2025 F5 Security Incident CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities Oracle October 2025 Critical Patch Update Addresses 170 CVEs< Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 Content coverage highlights Almost 6,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach! More than 90 new audits delivered to customers! Documentation Read Tenable documentation.October 2025 Tenable Product Newsletter
Greetings! Check out our October newsletter to learn about the latest product and research updates, upcoming, and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's New in Tenable One: September 2025 Release This month's release delivers deeper visibility, faster analysis, and more flexibility in managing your organization's risk exposure. Dashboard data drill-down: Dive deeper into your dashboards. Investigate the data behind widgets, KPIs, and trends to validate insights and easily explore details. New dashboard widgets: The widget library now includes seven additional built-in widgets for more ways to visualize and analyze your exposure data. Global Search on Findings page: Build and run complex queries directly from the findings page to pinpoint the exact data you need without switching pages. Dedupe: Information order configuration: Control which sources take priority in property deduplication, so your asset inventory always reflects the most trusted data. See all platform enhancements >> Tenable Cloud Security Reminder: Tenable Cloud Security requires that you log in to view documentation and release notes. To try/see the product, contact your account manager or request a demo. New use cases and research insights Three new demonstrations of common Tenable Cloud Security uses to ease your path to cloudsec maturity: Ecosystem view of risk, Complete cloud lifecycle visibility and Cloud misconfiguration identification and remediation. Recently published Tenable research items: Gemini Trifecta: Read about the three (now-remediated!) vulnerabilities Tenable cloud research discovered within Google’s Gemini AI assistant suite. Security advisory: “Shai Hulud”: Find packages potentially compromised by this NPM supply chain attack flagged in your Tenable Console as “advisory vulnerabilities.” Take action: 1) Update/roll back affected packages. 2) Rotate secrets that may have been exposed. A new Insight Brief that explores key observations on complexity gleaned from our recent “State of the cloud & AI security” report. Platform: Usability and reporting/display enhancements Streamlined console navigation: Enjoy the new console navigation menu, fully redesigned for a more intuitive and efficient user experience. This major update helps you find the insights/tools you need faster. Column selection for inventory reports: Customize your inventory reports by selecting specific columns for inclusion. Create more focused, efficient reports with just the information you need. TV mode: View any dashboard in this full-screen, distraction-free mode. Use for continuous, real-time, operational display and broad visibility of security status. CWP - Workload protection Enhanced Vulnerability Priority Rating (VPR): Benefit from Tenable's enhanced VPR, now twice as efficient. Enable teams to focus on just the 1.6% of vulnerabilities posing real risk, with prioritization inclusive of industry/geo context. See the white paper. Improved coverage and accuracy in vulnerability detection: The addition of scoped NPM packages enhances visibility into Node.js workloads. No more flagging in unused kernel versions improves Linux workload vulnerability detection accuracy. Added granularity to Kubernetes workload vulnerability management: Directly map vulnerability findings in container images to specific Kubernetes workloads (e.g., EKS). This enhancement clarifies risk attribution and streamlines remediation by application or team. IAM - Identity and access management Configure trusted vendors: Tenable now lets you mark external vendors as trusted. This helps reduce finding severity and close toxic combinations, and focus monitoring on meaningful external access to make risk management more efficient. Learn more. Automatically remediate unused SSO permissions: Quickly identify and remove inactive SSO groups or users with a single click to streamline your risk mitigation process. This strengthens least-privilege enforcement and reduces identity risk. JIT - Just-In-Time Access Expanded Slack actions: We’ve enhanced Slack support with key actions available in the JIT Portal, including self-revoking active sessions and submitting recurring access requests. These updates make JIT workflows in Slack faster and more productive to drive adoption of this high-value feature. Read about JIT access here. Tenable Vulnerability Management Accelerate plugin testing with quicker agent updates Speed up your plugin testing workflows and deploy the most recent plugins faster using the new Accelerated Plugin Updates feature. This provides an additional toggle within your agent profiles. When enabled, the agent will check in more frequently than the default to look for any changes made to the plugin scheduling section “Select Plugin set from last 30 days.” This increased check-in frequency helps you shorten the time it takes to get tested plugins onto assets. Note that this feature only supports updates to the “Select Plugin set from last 30 days” setting, and does not impact any other plugin update configurations. Find more details in the documentation. Granular control with Agent scan by tag Achieve highly granular control over your vulnerability management by leveraging the new Agent Scan By Tag feature. This empowers you to target your agent scans using both the existing agent group criteria and the asset tags you have defined. This streamlines your scanning workflows by allowing you to zero in on specific asset environments, ownership groups, or criticality levels. Please note, this functionality is currently only supported for scheduled agent scans. To begin configuring your new, targeted scans, read the documentation or release notes. Tenable Nessus Nessus 10.10 Early Access for Nessus 10.10 includes the following features: Global timeout setting to define the maximum duration for a host scan. Support for the upcoming software and plugin updates via scanner profiles for Tenable Vulnerability Management-linked scanners. Support for the upcoming Tenable Vulnerability Management plugin download concurrency feature. Support for the upcoming CPU resource limit setting for Tenable Agents, which will be configurable via agent profiles in Tenable Nessus Manager. To opt in to Early Access, contact your Tenable representative or configure the Nessus Update Plan in the user interface. See release notes. Ended support for Terrascan in Nessus Tenable has ended support for the Terrascan feature, effective Sept. 30, 2025. Terrascan is no longer available for download or supported, and Tenable has removed all related Terrascan functionality from Tenable Nessus. Tenable recommends using Tenable Cloud Security for infrastructure as code (IaC) scanning going forward. For more information, see the Tenable Nessus Terrascan End-of-Service FAQ. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (Preview): Get a modern view of your assets with structured data, advanced filtering, and improved navigation that helps you identify risks faster. Triggered Agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and Reporting Enhancements: Experience faster scan ingest, improved reporting speed, and smoother backend performance that keeps up with your team. Before you upgrade: Version 6.7 supports upgrades from SC 6.3.0 and higher. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now to take advantage of these improvements and keep your environment running at peak performance. Read the release notes or upgrade now. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade Note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. See the release notes and advisories (TNS-2025-20 and TNS-2025-18) for full details and download the patches here. Tenable Patch Management Tenable Patch Management v9.3.969.2 (on-prem) We’re excited to announce Tenable Patch Management (On-Prem) 9.3.969.2. This release includes major feature upgrades, new database server requirements, quality improvements, critical security, and bug fixes across the platform. Key updates include: Cross-platform installation enhancements A new auto-upgrade process enables clients to seamlessly upgrade to match the server version (9.3+). Microsoft 365 Patching Support: Native support for Microsoft 365, Office 2024 LTS, 2024, 2021, Visio, and Project with delta Updates, to reduce monthly updates to 30-50MB from 3GB per language, saving up to 95% bandwidth. New Client Validation Tool to verify deployments For a list of covered third-party applications, please visit here and note that we are always adding more. For more information, please read the Tenable documentation and release notes and visit the downloads portal to download the latest version. Tenable OT Security Fortify your CPS security posture with Tenable OT Security 4.4 The latest version of Tenable OT Security is now available, designed to give you a more integrated, efficient, and comprehensive view of your operational environment. Key highlights in this release include: Unified enterprise reporting for your exposure management program: Sync OT asset tags directly to Tenable One and Tenable Security Center to enrich your enterprise-wide security workflows with critical OT context. Reduced alert fatigue: A new Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures first. Deep visibility for specialized environments: Gain granular asset details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. We’ve also added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the full release notes to learn more about what’s new and how to upgrade. Tenable Identity Exposure Unified Exposure Center Get the full picture, faster. The Exposure Overview and Exposure Instances pages are now combined into a single Exposure Center for a simpler, more unified experience. With new quick filters, you can instantly focus on what matters most and cut through noise with ease. Streamlined IoA deployment Deploy indicators of attack (IoAs) more securely and efficiently. The updated process now uses a signed PowerShell launcher script stored in SYSVOL to reduce complexity and improve security. Plus, Group Policy (GPO) automatically deploys the Tenable certificate, so setup is smoother than ever. See Tenable Identity Exposure documentation. Tenable Ecosystem Tenable for ServiceNow update We’re excited to announce version 6.2.0 of the Tenable apps for ServiceNow, which now support Zurich. The Tenable apps now support Washington, Yokohama, and Zurich. We are sunsetting the Tenable.ot for VR application. Please utilize the ServiceNow built application Vulnerability Response Integration with Tenable. View full details here. For more details, read the ServiceNow User Guide and visit the ServiceNow Store for the appropriate Tenable apps for ServiceNow. Tenable Add-on for Splunk v8.0.1 We’ve updated the Tenable Add-on for Splunk v8.0.1 with general bug fixes, along with improved compliance data collection by preserving original fields. For more information, please read the Tenable documentation, and visit Splunkbase to download. Tenable Connect We're excited to announce a new case creation and management experience. This release will streamline how you open and track cases while leveraging Generative AI to improve search and help you find answers faster. Tenable Research Join Tenable’s Research Special Operations (RSO) team on Tenable Connect and engage with us in the Threat Roundtable group for further discussion on the latest cyber threats. Research security operations CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234) How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 WordPress - WP Social Ninja exposed API Key WordPress - Feed Them Social exposed API Key BentoML CVE-2025-54381 (SSRF) Bypass Microsoft Learn MCP Server Server-Side Request Forgery Research release highlights Improved Printer Fingerprinting New Plugin Family: UnionTech Local Security Checks Machine Learning SinFP Model Updates for OS Fingerprinting Python Package Enumeration - Detection Updates Content coverage highlights Almost 6,000 new vulnerability plugins published, including new AI Aware detections and Shai-Hulud worm. More than 48 new audits delivered to customers! Tenable Training and Product Education Refreshed courses and better learning experience Explore the updated Introduction to Tenable Cloud Security and Introduction to Tenable Identity Exposure courses. They now feature a modernized interface and smoother navigation for an improved learning experience. Access these two no-cost courses, and many more on-demand options, anytime at Tenable University. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars Live Oct 22, 2025: Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Oct 22, 2025: Beyond the endpoint: Exposure management that’s proactive (EMEA). Why endpoint-first vulnerability management isn’t enough. (EMEA session) Nov. 4, 2025: Nessus customer update. Web application scanning with Nessus Expert. Nov. 4, 2025: Tenable OT Security customer update. What’s new in Tenable OT Security 4.4 and a sneak peek of Tenable OT Security 4.5. Nov. 5, 2025: Tenable Vulnerability Management customer update. Best practices for role-based access control (RBAC). Nov. 5, 2025: Tenable Web App Scanning Management customer update. Using WAS to identify and assess AI in your web applications. Nov. 6, 2025: Tenable One customer update. Third-party data in Tenable One. Nov. 6, 2025: Tenable Security Center customer update. How to automate reporting and remediation with alerts. On-demand Beyond the endpoint: Exposure management that’s proactive. Why endpoint-first vulnerability management isn’t enough. October Nessus customer update. Troubleshooting common Nessus issues. October Tenable Vulnerability Management customer update. Operationalizing AI Aware to discover Shadow AI in your environment. October Tenable One customer update. Identity security in an exposure management program. October Tenable Security Center customer update. In-depth guide to user roles and permissions. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable documentation Read Tenable documentation.March 2026 Tenable Product Newsletter
Check out our March newsletter to learn about the latest product and research updates, upcoming and on-demand webinars, and educational content — all to help you get more value from your Tenable solutions. EXPOSURE 2026 Save 50% on the security conference of the year Don’t miss EXPOSURE 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get: Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training Practical resources and real-world insights from Tenable leaders and industry experts Register before March 31 to save 50% off admission and training with early-bird pricing. Tenable customer update webinar 11 a.m. EST/3 p.m. BST, April 9, 2026 Join our upcoming webinar for an informative, fast-paced overview of recent product updates and best practices. Hosted by a team of Tenable product experts, this session will explore how to better secure your expanding attack surface and consolidate critical security data. Register now. Tenable One Coming soon: Data portability for Tenable Attack Path Analysis (APA) We’re introducing Full Export for Tenable APA, allowing you to move beyond single-page views and transform high-level visualizations into actionable offline intelligence. Key capabilities: Comprehensive data: Export full datasets for Top Attack Paths and Top Attack Techniques into CSV or JSON formats. Risk context: Exports include critical metrics like Source NES (Node Exposure Score) and Target ACR (Asset Criticality Rating). High capacity: Easily trigger exports for up to 100K+ results via a new global UI button. API parity: Programmatically pull path data into your SIEM, SOAR, or custom tools using the Tenable Public API. Tenable Cloud Security This month’s updates focus on operational scale, synchronizing security standards, and automating remediation across complex multi-cloud environments. Highlight: Synchronized policy management With linked queries, you can now connect saved explorer searches directly to custom policies and reports. Eliminate manual version control: When you update a source query, every linked policy and report automatically syncs, so your security standards are identical across your entire organization. Operational control: Pause automated workflows for maintenance without losing your configurations using the new enable/disable toggle for automation rules. High-impact capabilities Actionable CI/CD pipelines: Maintain developer velocity by excluding unresolvable vulnerabilities from container image scans. This prevents noise from breaking builds when no patch is currently available. Confirmed reachability: Bridge the gap between theoretical risk and actual exposure with Network Endpoints now displayed in your Inventory to surface the actual, validated entry points for your resources. Dynamic IaC protection: Tenable now scans Terraform dynamic configurations to give you visibility into scaled infrastructure and complex definitions before deployment. Expanded compliance: Immediate support for CIS AWS 6.0.0 and the NIS2 Directive keeps your cloud accounts aligned with the latest global regulatory benchmarks. Strategic update: Domain transition Note: Critical for continued service. The Console URL has officially transitioned to app.tenable.com. Please update your bookmarks and firewall allow lists to include *.app.tenable.com immediately to prevent service interruption. View Full March Release Notes Tenable Vulnerability Management Introducing VM-Native OT Discovery Safely identify and profile connected PLCs, HMIs, and IoT devices using the vulnerability management toolset you already own. No specialized hardware or complex deployments required. Turn your existing IT security tools into a safe OT discovery engine today and get visibility into your IT/OT security gap. Watch the guided demo to see this new capability in action. For more information, explore the user guide documentation for Scan Templates and Discovery Settings. Clean up your scan data: New OS and app inventory dashboard Our new Operating System and Application Inventory with Data Troubleshooting dashboard gives you an instant, high-level view of your asset counts across every OS and application. By using built-in troubleshooting queries, you can identify and fix scan fidelity issues and prioritize risk based on the most accurate data possible. View the dashboard details. Nessus Maximize your vulnerability assessment strategy with our recently introduced interactive Tenable Nessus demos. Skip the manuals and get immediate, hands-on experience securing your attack surface. Explore the Nessus Professional Onboarding demo to launch your first comprehensive scans in minutes. Dive into the Nessus Expert Onboarding demo to master advanced assessment features and eliminate security blind spots, whether on-prem or in the cloud. Tenable Security Center Uncover the OT blind spots across your network If you’re not already a Tenable OT Security user, your IT environment is likely full of shadow OT, like HVAC controllers and IoT devices, that standard scans can’t see. We recently added native OT discovery capabilities directly inside Tenable Security Center, so you can safely map these assets using the tools you already own. Get deep identity data for PLCs and HMIs without risking a disruption or deploying new network sensors. See it in action in this guided demo, and find out how to configure your first scan here. Reminder: Upgrade to Tenable Security Center 6.8 Focus on the vulnerabilities that truly matter with AI-powered VPR insights and clear mitigation guidance. This release streamlines your operations with unified asset repositories for IPv4, IPv6, and Agents, and improves efficiency with new background query processing and scan optimization tools. Explore the release notes for more information before you upgrade. Tenable Patch Management Improved patching precision and reliability Update (v10.0.971.26) includes critical fixes around strategy corruption and inaccurate compliance reporting. By upgrading, you keep your workflows intact, your data precise, and your environment benefits from the modernized performance and security of Java 25. View the release notes or access TPM documentation. Tenable OT Security Update required: Tenable OT Security 4.5 Service Pack (version 4.5.61) We advise all customers currently running version 4.5 apply this upgrade immediately to ensure optimal system stability and performance when processing high volumes of network conversations. This update also addresses specific communication gaps with Rockwell Stratix devices and Nessus scans. Review the release notes for the full list of fixes and improvements. Introducing Tenable OT Security 4.6 (Early Access) Our upcoming release introduces a variety of new features, performance enhancements, and streamlined workflows for large-scale industrial environments. Massive subnet scaling: Now supports up to 5,000 subnets per ICP, significantly increasing visibility for massive enterprise deployments. Centralized network management: A new Monitored Networks page includes bulk-add capabilities and the ability to stage inactive networks before monitoring. Precision scanning: New Nessus workflows let you define specific credential usage per scan for safe discovery of sensitive assets. Streamlined platform navigation: Updated workflow for SSO/SAML users helps you pivot back to the Tenable One platform instantly with the return button. Remote agent updates and query restrictions: Update OT agents directly from the ICP. and remove local site visits or manual CLI intervention. New infrastructure for OT agents also enables you to restrict specific protocol queries. Enhanced diagnostics: Exported asset logs now include deeper metadata to speed up Support and Engineering troubleshooting. IoT connector overhaul: Major stability and performance fixes for Milestone, AvigilonES, and Exacq Edge integrations for IoT asset discovery. This update focuses heavily on large-scale infrastructure, refined scan controls, and better integration with the Tenable One ecosystem. Check out the release notes and user guide for details. Tenable Web App Scanning Stop chasing dead keys: New secrets validation for WAS Don’t waste time manually verifying every leaked credential. Our new Secrets Validation automatically tests detected tokens, like GitHub or AI service API keys, to see if they are live and exploitable. By distinguishing between a harmless string and a critical vulnerability, you can prioritize your remediation efforts based on real-world risk, rather than noise. View the documentation or read the full breakdown on Tenable Connect. Tenable Training and Product Education Evolve from reactive patching to proactive risk oversight The Exposure Management Business Theory course, now available at no cost in Tenable University, guides you in self-paced modules toward building a sustainable exposure management program through the five pillars of the exposure lifecycle: scoping, discovery, prioritization, validation, and mobilization. Get strategic insight to align Tenable’s capabilities with your business goals, drive meaningful change, and make informed decisions. Get hands-on expertise with current industrial security capabilities The newly-updated Tenable OT Security Specialist instructor-led training course, now aligned with Tenable OT Security version 4.4, ensures you can effectively protect your critical infrastructure using the latest product features and workflows. You will learn to: Maximize visibility: Learn to leverage these enhancements to see and secure every asset in your OT environment. Reduce risk: Practice real-world scenarios to identify vulnerabilities and threats faster. Get expert guidance: Interact directly with instructors to master complex configurations and best practices. Visit tenable.com/education to learn more about our Tenable University education offerings, see global instructor-led training (ILT) schedules, and buy virtual ILT or on-demand courses. Tenable webinars Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. The cloud and AI velocity trap: Why governance is falling behind innovation Dynamic objects in Active Directory: The stealthy threat New malicious npm package "ambar-src" targets developers with open-source malware Research release highlights Improvement: Handling component installs for vulnerability assessment: Adds the ability to remove findings for component-based vulnerabilities from scan results New Dell OS10 compliance plugin and audit files: Customers can now measure compliance against Dell OS10 devices with new plugin ID Dell OS10 Compliance Checks (275781) on Tenable Vulnerability Management and Nessus. Content coverage highlights More than 2,700 new published vulnerability plugins. Nearly 50 new audits delivered to customers. Read Tenable documentation.
May 2025 Product Update Newsletter
A truncated version of our May product update newsletter follows. To read the full document, which includes updates for Tenable One, Tenable Cloud Security, Tenable Identity Exposure, Tenable OT Security, Tenable Vulnerability Management, Tenable Security Center, Nessus, Patch Management, and more, click here. Tenable One New! Unified Navigation for a Seamless User Experience We are excited to bring you the latest update of Tenable One! This release focuses on maximizing your Exposure Management program by unifying vision, insight, and action across the attack surface. These enhancements include: Streamlined navigation across Tenable One: Easily access key areas like Exposure View, Exposure Signals, Inventory, and Attack Paths from a single location, allowing you to retrieve information faster and more efficiently. New Overview page: Quickly gain high-level insights into the health of critical coverage areas, including exposure scores, assets, attack path matrix, and weakness breakdowns. Enhanced user experience: Enjoy a more intuitive and seamless experience for specific capabilities within Tenable One. New Installed Software page: Easily view software vendors and versions throughout your environment. Pinpoint specific pieces of software, versions, devices, and file paths to enhance discovery and streamline remediation efforts. These changes are now live and ready within your container! To quickly get up to speed, please check out this interactive demo. New! All your security data. All in one place. We’ve introduced powerful new capabilities to elevate your exposure management program. These deliver unified risk visibility, deeper context, and comprehensive reporting across your entire risk landscape. What’s new: Tenable One Connectors: Integrate data from across your security stack into Tenable One to gain complete visibility and context across your attack surface—all within a single platform. Enhancing your Tenable One experience with third-party data gives you: A single, unified inventory of your assets and risk data. Richer context within Exposure Signals to support cross-domain prioritization. Consolidated exposure cards that present a complete view of risk across your environment. Sign up for Connectors See guided demo Explore available connectors Unified Dashboards Easily analyze, track, and share key risk insights across your environment, enabling smarter, more efficient security operations. Unified dashboards include: Pre-built dashboards – Get immediate, actionable insights with best-practice dashboards for common security use cases. Custom dashboards – Use over 40+ widgets to create dashboards tailored to any audience or need. Custom widgets – Develop bespoke widgets that highlight the metrics and data points that matter most to you. Share and collaborate - Make dashboards private or team-accessible, and export them in multiple formats for seamless collaboration. See guided demo Tenable Identity Exposure You Don’t Need More Data — You Need Insights Now available: Identity Insights has launched in the SaaS version of Tenable Identity Exposure — delivering centralized visibility into risks across your identity fabric (Active Directory and Entra ID). This powerful new visualization acts as a command center for security teams to quickly prioritize and address the most critical identity threats. What’s included: Top Risk & Exposure Signals widgets: These widgets surface the most severe indicators of exposure (IOEs) and aggregated risk scenarios using prebuilt insights and custom queries via ExposureAI. Historical risk trends: Track recurring risks over time, identify resurfaced threats, and demonstrate security improvements. Identity demographics: Visualize risk across privileged, service or dormant accounts to better prioritize protection efforts. Fast-action remediation: Use the "If You Only Have 5 Minutes" widget to jump into the most urgent findings. Exportable reports: Generate professional-grade reports with one click to support audits and stakeholder communications. With Insights, security teams move from fragmented data to an actionable overview — saving time, reducing risk, and improving security posture. Check out the Tenable Identity Exposure user guide for more information. Tenable Cloud Security Reminder: You must be logged in to view Tenable Cloud Security documentation. If you need a login or wish to try Tenable Cloud Security, contact your account manager or request a demo. Just-in-Time (JIT) access is now available for all Tenable Cloud Security users. Tenable customers can use their existing (or future) Tenable Cloud Security license to enable and use JIT – with no separate procurement needed! JIT is automatically included with all existing licenses: Enterprise, Standard and CIEM. JIT eliminates standing permissions and reduces cloud risk with on-demand, time-bound access to cloud accounts and identity provider (IdP) groups. See the demo and explore use cases to understand how JIT works and streamlines approvals including by integrating with collaboration platforms like Slack and Microsoft Teams. Unified search and in-product documentation—directly in the Console. Tenable Cloud Security now offers context-aware guidance in the Console, making it easier to find what you need. Queries in the search bar return results across all resources, policies, pages, documentation, and vulnerabilities. In-product documentation is now also accessible directly in the Console through unified search and contextual help links, providing context-aware guidance where you need it. See the documentation for more details. Define projects by resource tags and Azure resource groups. Building on the Projects feature announced in the March 2025 newsletter, Tenable Cloud Security now enables you to scope projects using resource tags (across all Tenable-supported cloud providers) and Azure resource group name patterns. This enhancement provides greater flexibility and granularity in organizing projects based on how your cloud environments are structured: by team, business function, or application boundary. The evolving Projects capability supports stronger cloud security maturity by reducing fragmented visibility and siloed inventories, with dedicated views of resources and security findings, and project-specific dashboards for each team. See the documentation for more details. Enhanced CVSS scoring support with CVSS v4 priority. When multiple CVSS versions are available for a vulnerability, CVSS v4 is prioritized to ensure the severity assessment is the most current and precise. It offers improved accuracy, flexibility, and contextual awareness, enabling better prioritization and automation than CVSS v3. Enhanced 3rd-party support for Microsoft Entra ID apps. Tenable now offers greater IAM visibility for Azure users through enhanced Microsoft Entra ID third-party application mapping, with support for more than 350 applications. From the third-party widget in the IAM Dashboard, you can select a vendor per cloud component and navigate directly to the Identity Intelligence page, filtered by that vendor. You can also now view vendor details for each application in the Microsoft Entra ID Application Inventory page, making it easier to manage third-party applications across your environment. >> To read the rest of the May newsletter, click here.Windows Patch Management Remediation Guidance
SUMMARY Tenable Research is making changes to Windows-based patch management integrations that affect vulnerability remediation. This announcement only applies to customers who are using the WSUS and SCCM patch management credentials. Vulnerabilities identified by WSUS and SCCM integrations will now be identified as “local checks”, which will cause them to now affect vulnerability remediation, also known as vulnerability mitigation. CHANGE Prior to this change, vulnerabilities identified by these scans could not be remediated except by a Host credentialed scan - in other words, a Windows (SMB) credential. After this change, vulnerabilities identified by these Windows patch management scans may be remediated with a subsequent Windows patch management scan. Windows patch management credentials will identify only a subset of the vulnerabilities that a Host credentialed scan will. Therefore, a scenario could arise in which a patch management scan incorrectly remediates vulnerabilities previously identified by a Host credentialed scan. To prevent incorrectly remediating vulnerabilities, Tenable advises customers using a combination of patch management and Host credentials to combine them in a single scan, rather than running them in separate scans. IMPACT Customers who are not using patch management credentials are not affected by this change. Customers using patch management credentials but not Host credentials do not need to take any action, but will now see vulnerabilities identified by Windows and SCCM integrations being remediated. The guidance to combine credentials in a single scan applies to customers who are using Windows-based patch management credentials in combination with Windows Host (SMB) credentials. TARGET RELEASE DATE February 23, 2026June 2025 Product & Research Update Newsletter
The June 2025 Tenable Product & Research Newsletter is live. This month's edition covers updates on: Tenable Cloud Security, Tenable Identity Exposure, Tenable Patch Management, Tenable Security Center, and Tenable VM, along with updates about the Tenable Ecosystem, Tenable Connect, Training, Professional Services, Research, and more. Community Update Introducing Tenable Connect, your new customer community! Check out your new hub to connect, learn and grow with Tenable. Here’s what you’ll find: Ability to open and manage support cases Easy access to the improved account management portal Dedicated pages for product resources and training Discussion boards and opportunities to engage with your peers and Tenable Log into Tenable Connect before July 1 for a chance to win a limited edition Tenable Connect t-shirt! Tenable Identity Exposure Tenable’s Research-Driven Identity Defense Expands Tenable continues to deepen its coverage of real-world identity risks with a series of new indicators of exposure (IoEs) across both Active Directory (AD) and Entra ID. BadSuccessor—a rare, but forest-level critical, zero-day privilege escalation vulnerability in AD, was recently disclosed. Introduced with delegated Managed Service Accounts (dMSAs) in Windows Server 2025, its exposure depends on the presence of a 2025 domain controller, but the impact can be severe. An attacker with the right permissions could use a dMSA to inherit domain admin-level access and compromise the entire forest. Tenable has responded quickly with a dedicated IoE: BadSuccessor – Dangerous dMSA Permissions, now available in Tenable Identity Exposure (SaaS) v3.95. This detection flags risky dMSA inheritance paths that could enable exploitation, helping organizations stay ahead even in the absence of a Microsoft patch. Review Tenable’s technical advisory and FAQ for detailed context. More IoEs targeting real-world risk Other new IoEs target misconfigurations and gaps attackers routinely exploit, spanning Tier 0 risks in AD and hygiene issues in Entra ID. Each IoE is designed to be practical, observable and relevant, shaped by real attack behaviors, not just theoretical risks. Check out this product documentation for more information. Active Directory Tenable IoE “Sensitive Exchange Group Members” Who really sits in the most privileged Exchange groups: a Tier‑0 foothold. Tenable IoE “Exchange Permissions” Risky ACLs where Exchange rights bleed into domain control. Entra ID Tenable IoE “Users Allowed to Join Devices” Tenant setting that lets any user enroll a rogue workstation. Tenable IoE “Managed Devices Not Required for Auth” Conditional‑access gap allowing unmanaged logins. Tenable IoE “Auth‑Methods Migration Incomplete” Legacy authentication policy is still exposed. Tenable IoE “Dangerous Application Permissions” Third‑party app scopes that can exfiltrate data. Tenable IoE “Risky Users Without Enforcement” Risk‑based access policy missing for high‑risk accounts. Tenable Cloud Security Reminder: Tenable Cloud Security requires you to log in to view documentation. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Enhanced CVE detection and customizable severity metrics Tenable Cloud Security now enhances CVE detection by integrating Tenable's vulnerability logic, leveraging the Tenable vulnerability data lake (TVDL) and Nessus. This improves accuracy and coverage in detecting new CVEs regardless of National Vulnerability Database (NVD) delays. The integration aligns CVE detection between Tenable Cloud Security and Tenable Vulnerability Management, reducing inconsistencies and boosting reliability within Tenable One. Users can select which CVE severity metric to display first: CVSS (static) or VPR (dynamic, factoring exploit likelihood). The metric chosen as primary impacts finding creation: severity changes can cause related findings to open or close. Just-in-time by resource groups and recurring access Thanks to your feedback, Just-in-Time (JIT) access is now even more powerful and flexible. Azure users can request access at the resource group level, not just by subscription, giving you greater granularity and control across your cloud environments. And for all JIT users, building on existing immediate/scheduled access request support, we’ve added recurring access scheduling — to better support business workflows, such as a contractor needing project access for a specified repeat duration or the need for access to a routine audit that lasts a full quarter. Easily set daily, weekly or monthly schedules with end dates — all through an intuitive UI. Consider using recurring access to replace standing permissions that some JIT users may still have, for more granular time-bound least privilege. Powerful Tenable cloud vulnerability insights within ServiceNow Tenable now integrates with ServiceNow’s new Vulnerability Response platform, enabling you to seamlessly import prioritized, actionable vulnerability data directly into ServiceNow. This streamlined integration, which also supports government environments, helps teams focus on what matters most by aligning Tenable findings with your existing remediation workflows, making it easier to act fast on critical risks. Already using ServiceNow ticketing? You can now sync Tenable findings with ServiceNow incidents, mapping severity and status to priority and state (such as open findings to new incidents). Note: Syncing incident states requires additional permissions and configuration within ServiceNow. Selectively scan data resources by exclusion tags You can now add exclusion tags to fine-tune scans of both managed databases and object storage in Tenable Cloud Security. Exclusion tags enable you to scope out resources starting from the next scanning cycle by specifying tags as configured at the resource level, for tailoring scans to your environment. This new capability helps you decrease costs by reducing unnecessary resource usage. Object storage comes to OCI As part of our growing capabilities around Oracle Cloud, Tenable Cloud Security now offers data analysis of object storage buckets in OCI. Out of the box, the feature is on a par with all other object storage that Tenable Cloud Security supports and is part of routine CSPM onboarding. In other updates, new dynamic scan scoping by tag is also supported for OCI. Tenable Vulnerability Management (TVM) Tenable Data Stream (TDS) now supports the streaming of TVM Host Audit Findings data as well as WAS assets, tags and findings data. TDS already supports TVM host assets, tags and vulnerabilities data streaming to AWS S3 buckets and is used by some of the largest TVM customers. Learn more about TDS here. Besides the new payloads, there are a few more improvements: Additional new fields in TVM findings payload like Resurfaced Data and Time Taken to Fix Grouping of the files written in the AWS S3 buckets is now based on timestamp, resulting in fewer files written, which in turn improves consumption and reduces latency. (Previously, this was based on both scan ID and timestamp, which resulted in writing a large number of small files.) Tenable Patch Management Tenable Patch Management now supports Red Hat Enterprise Linux (RHEL) We’re excited to announce that Tenable Patch Management (On-Prem) 9.2.967.20 now supports RHEL 8 and RHEL 9. This release also includes performance improvements, bug fixes, and an important security update to Java 17 JRE. Please note that Patch Notification Bots using WhatsApp require review and modification as they can no longer be combined with other providers. Please visit here for a list of third-party applications covered. Note: We are always adding more. For more information, please read the Tenable Documentation and Release Notes and visit the Downloads Portal for the latest version. Tenable OT Security Upgrade to Tenable OT Security 4.2 to unlock new layers of visibility across your OT/IT environment. Key enhancements in this release include: Advanced SNMP-based asset discovery: Gain deeper OT network topology insight. Our new SNMP Crawler discovers and maps all connected devices and switches, including previously hidden ones, down to the specific switch port. Intelligent hardware lifecycle management: Proactively manage obsolescence with EOL tracking for OT/IoT assets from vendors such as Schneider Electric and Siemens, complementing existing software EOL capabilities. Flexible Windows-based deployment (beta): Install OT Security sensors directly on Windows devices — ideal for segmented subnets or where deploying dedicated physical hardware appliances isn’t feasible. Enhanced IoT & VMS risk insights: With improved IoT connectors and expanded VMS support through enhanced credentialed authentication, extract richer data from IoT devices and VMS (including asset names, models and stream details). Navigation enhancements: A redesigned main menu and intuitive side panel simplify access to critical OT data, speeding workflows and improving usability. Additional improvements: Fewer operational reboots New vulnerability detections Expanded virtualization support for Microsoft Hyper-V and KVM-based platforms Upgraded embedded Tenable applications (Nessus, Nessus Network Monitor) Expanded Device Fingerprint Engine coverage for devices from various vendors To learn more about what’s new in Tenable OT Security, watch the latest customer update or review the release notes. Tenable Security Center Patch 202505.1 is now live This patch addresses high-severity CVEs in SQLite. It applies to SC versions 6.5.1 and 6.4.x and requires manual application. Release notes for 6.5.1 and 6.4x Download: https://www.tenable.com/downloads/security-center Security advisory: https://www.tenable.com/security/tns-2025-09 Tenable Ecosystem Tenable Plugin for Jira on-premises v10.4.1 now supports Tenable Web App Scanning We’re excited to launch Tenable Plugin for Jira v10.4.1. This release includes: Support for Tenable Web App Scanning (TWAS) Security update Cleaner logs regarding API responses And bug fixes For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. Tenable App for Splunk v6.1.0 The Tenable App for Splunk v6.1.0 is now available. This release includes: Added support for Tenable Web App Scanning (TWAS) and Tenable OT Security (TOT) New “Assets Dashboard” for visualizing asset details across TVM, TSC, TOT, TWAS, and TASM For more information, please read the Tenable Documentation and visit Splunkbase to download. Tenable Nessus Early Access Release of Nessus 10.9.0 We’re excited to announce the early access of Nessus 10.9.0. For standalone Nessus Expert users, this includes web application scanning functionality for Nessus instances in air-gapped/offline environments. For more information, please see our release documentation. Tenable Training and Product Education Tenable University is excited to announce the refreshed Introduction to Tenable One course. This course covers key features of the Exposure Management platform, including the workspace, Exposure Signals, Attack Path Analysis, Inventory and more, giving you a strong foundation to understand and act on your exposure data. Tenable Professional Services Tenable Professional Services offers two levels of Tenable One Deployment Service, both of which provide a structured, end-to-end approach for implementing and optimizing the Exposure Management platform. With this guidance, your team can gain the visibility, confidence and capabilities needed to actively manage exposure and reduce cyber risk. Tenable Webinars Customer Update Webinars Tune in for product updates, demos, how-to advice and live Q&A to help you get more value from your investment in Tenable solutions. LIVE July 2025 Tenable WAS, July 8, 2025, 11 am ET: Join us for a deep dive into recently released WAS features and capabilities. Tenable Nessus, July 8, 2025, 1 pm ET: Testing for specific CVEs with Nessus. Tenable OT Security, July 9, 2025, 11 am ET: Learn how Tenable OT Security 4.3 unlocks unprecedented visibility and control across your OT/IT environment. Tenable Vulnerability Management, July 9, 2025, 1 pm ET: Credentialed scans versus uncredentialed scans and how to use managed credentials. Tenable One, July 10, 2025, 11 am ET: Learn how Tenable One can now ingest important security context from non-Tenable security tools to help better identify, prioritize and reduce cyber risk. Tenable Security Center, July 10, 2025, 1 pm ET: OS breakdown: reporting exposures by operating system. ON-DEMAND June 2025 Tenable Identity Exposure: Join us to explore new features and capabilities in the latest release of Tenable Identity Exposure. Tenable Nessus: Discovery scan templates and when to use them. Tenable Cloud Security: Just-in-time (JIT) access dramatically reduces exposure from compromised identities. Join us to learn how this capability is enabled with Tenable Cloud Security. Tenable Vulnerability Management: Develop exposure response strategies with Tenable Vulnerability Management. Tenable One: Learn how Exposure Signals and Installed Software leverage data from your security stack to enrich Tenable One findings and strengthen the impact of your exposure management efforts. Tenable Security Center: Learn when and how to use triggered Agent scanning in Security Center. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas and Europe (including the Middle East and Africa, and Asia Pacific). Learn more and register here. Other Webinars of Interest June 25, 2025: Research Insights from the 2025 Verizon DBIR: What You Need to Know to Secure Smarter June 24, 2025: From Fundamentals to Focus: Enhancing Cloud Security with Tenable - Customer Workshop Series June 17, 2025: Beyond Cyber Chaos: How Public Sector Orgs Secure Smarter with Exposure Management On-demand: Security Without Silos: How to Gain Real Risk Insights with Unified Exposure Management For More Webinars Please visit tenable.com/webinars for the most up-to-date schedule. Tenable Research Research Security Operations Announcement Where Capability Meets Opportunity: Meet the Tenable Research Special Operations Team Rapid Response Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution CVE-2025-31324: Vulnerability in SAP NetWeaver Exploited in the Wild Tenable Research Advisories HPE Insight Remote Support Multiple Vulnerabilities Siemens User Management Component V2.15 Multiple Vulnerabilities Feature Release Highlights New Plugin Family: Tencent Linux Local Security Checks Azure Cloud Infrastructure Scanning for Government Windows LAPS Support in Nessus-based scanners Over 400 New Vulnerability Detections in June!Tenable Patch Management TPM SaaS is Now Live [GA Announcement]
Release Date: November 17, 2025 We are thrilled to announce that Tenable Patch Management TPM is now available as a fully managed SaaS solution. For too long, IT and Security teams have been stuck in a paradox. Security demands speed to reduce risk, while IT demands stability to ensure uptime. This friction creates a dangerous gap between vulnerability discovery and remediation. Today, we are closing that gap. With the launch of TPM SaaS, you can now replace reactive, manual patching with autonomous, cloud-native remediation. By moving to the cloud, we are empowering your teams to shift their focus from maintaining patch servers to managing business risk. Why Move to the Cloud? Legacy on-premise tools like BigFix, Tanium, and SCCM were built for a different era. TPM SaaS offers a modern approach that is scalable, secure, and effortless to maintain. Zero Infrastructure Overhead Eliminate the need for on-prem hardware, database management, and manual maintenance. Our platform updates automatically, ensuring you always have the latest features without the downtime. Prioritize Risk, Not Volume Stop drowning in patch Tuesdays. TPM leverages Tenable’s Vulnerability Priority Rating VPR and Asset Criticality Rating ACR to automatically identify and remediate the vulnerabilities that pose the greatest risk to your specific environment. Global Scalability Whether you are a local business or a global enterprise, TPM SaaS scales instantly. We have launched with global data centers in the US, UK, Germany, Japan, Australia, and Singapore, ensuring low-latency performance and data sovereignty wherever you operate. Unmatched Coverage Secure your entire estate with industry-leading support for Windows, Linux, and macOS, covering over 20,000 third-party applications and 250,000 unique patches. Key Capabilities at a Glance Autonomous Set and Forget Policies: Define your risk tolerance and let the engine handle the rest. 100 Percent Granular Control: Maintain full authority with tiered deployments, rollbacks, and flexible approval workflows. Resilient Architecture: Built-in redundancy, failover, and our signature Peer-to-Peer (P2P) content distribution to protect your network bandwidth. Centralized Management: Manage admin accounts and identity providers OIDC SAML directly through the Tenable Workspace. Ready to Get Started? Stop managing servers. Start managing risk. Deliver fully autonomous, closed-loop remediation that finally bridges the gap between IT and Security. Start Now at https://www.tenable.com/products/patch-management Read the Release Notes at https://docs.tenable.com/release-notes/Content/patch-management/2025.htm Dive Deeper at https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/welcome.htm – Tenable Patch Product Management
