GA Announcement – Tenable Patch Management 9.3.969.1 (On-Premise)
Release Date: September 22, 2025 Download: Get 9.3.969.1 (https://www.tenable.com/downloads/tenable-patch-management) Changelog: View Release Notes (https://docs.tenable.com/release-notes/Content/patch-management/2025.htm#-Tenable-Patch-Management-9.3.969.1-(2025-09-22) Docs: Tenable Patch Management Documentation (https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/welcome.htm) Ports & Network Requirements: Review Requirements (https://docs.tenable.com/integrations/Tenable-Patch-Management/Content/inbound-and-outbound-ports.htm) Hi everyone, We are announcing the general availability (GA) of Tenable Patch Management 9.3.969.1. This is a major release that includes improvements to the installation process, quality enhancements, critical security updates, and bug fixes across the platform. Tenable strongly recommends upgrading to version 9.3.969.1 for all users. Summary of Highlights in 9.3.969.1: - Improved installer experience for both client and server - New Client Validation Tool to verify deployments - Java security upgrade addressing CVE-2025-30754 (https://nvd.nist.gov/vuln/detail/CVE-2025-30754) - Automatic firewall rule configuration for Linux and macOS clients - Enhanced automation and workflow stability - All clients automatically targeted when license key is added - Installation walkthroughs available via Storylane (https://app.storylane.io/share/pgn3qcolenas) What's New Installation Enhancements - Simplified setup for client and server - Post-installation checks ensure successful deployments - Server installer validates connectivity to cloud services - Linux and macOS installers automatically create firewall rules - New Adaptiva Client Validation Tool: - Verifies successful connectivity to relay, server, and content sources - Works in both silent and interactive installation modes - Logs output to ClientSetupChecks.log - Included in Windows installer and adaptivactl Security Improvements - Upgraded Java Runtime Environment to version 17.0.16 to resolve CVE-2025-30754 - Other improvements to prevent deadlocks and thread pool issues Server Updates New Features - Clients are automatically targeted once a license key is added - New background task syncs blob versions daily at 2 AM (can be configured) Fixes - Improved error handling for cloud uploads - Increased stability in workflows including signing, launching, and editing - Compatibility fixes for multi-factor authentication and password reset - Fixed issues with Business Unit filters and dashboards - Improved API error messages Client Updates New Features - Enhancements to adaptivactl - Pre- and post-installation validation checks - Required port checks for UDP and TCP - Enforced use of --server-guid parameter Firewall Enhancements - Auto-configuration of firewall rules on Debian and Ubuntu via UFW Fixes - Improved handling of patch pauses during Business Unit changes - Resolved Java environment variable issues - Fixed issues related to handling multiple inactivations Release Demos Storylane Walkthroughs (https://app.storylane.io/share/pgn3qcolenas) Questions? Reach out to your Tenable representative or Tenable Support Portal (https://connect.tenable.com/category/support) Thanks to all the teams involved in making this release a success. - Ahmad Maruf Tenable Ecosystem Product ManagementGA Announcement: Tenable Patch Management 9.3.968.19 (On-Premise) Release
Release Date: July 31, 2025 Download & Instal/Upgrade: Download the latest version (9.3.968.19) here (https://www.tenable.com/downloads/tenable-patch-management) Changelog: See Tenable Patch Management Release Notes (https://docs.tenable.com/release-notes/Content/patch-management/2025.htm#July-31,-2025-) Documentation: Tenable Patch Management Documentation (https://docs.tenable.com/integrations/patch-management/Content/welcome.htm) Hi everyone, Tenable is pleased to announce the release of Tenable Patch Management 9.3.968.19, featuring major feature upgrades, new database server requirements, quality improvements, critical security, and bug fixes across the platform. Tenable strongly recommends upgrading to 9.3.968.19. Key Release Highlights - Cross Platform Installation Enhancements: Cross-platform installers now support runtime parameters, eliminating the need to edit and distribute config files. Use switches similar to the Windows installer. See Tenable Patch Client Installation and Uninstallation (https://docs.tenable.com/integrations/patch-management/Content/client-installation.htm) for guidance. - New Client Auto-Upgrade Feature: A new auto-upgrade process enables clients to seamlessly upgrade to match the server version (9.3+). See Upgrade Tenable Patch Clients Using Automatic Deployments (https://docs.tenable.com/integrations/patch-management/Content/use-auto-deplpys.htm) for steps. - Minimum SQL Server Version Requirement Updated: SQL Server 2017 or higher is now required. Recommended: SQL Server 2019+ with compatibility level 150+. See Database Requirements and Configurations (https://docs.tenable.com/integrations/patch-management/Content/db-req-config.htm) for details. - Resolved SQL Injection Vulnerability: Fixed a SQL injection vulnerability in the login process affecting versions prior to 9.2.XXX, 9.1.XXX, and prior versions. The issue was resolved by implementing parameterized queries. Therefore, Tenable strongly recommends upgrading to 9.3.968.19. See the related Tenable Security Advisory (https://www.tenable.com/security/tns-2025-15) - Microsoft 365 Patching Support: Native Patching Support for the following versions of Microsoft Office: MS 365, Office 2024 LTS, Office 2024, Office 2021, Office 2019 and 2016 (EOL scheduled for Oct 2025), Visio and Project (starting with version 2021). No more manual packaging! Using the new delta updates, monthly updates now reduced to 30-50MB from 3GB per language, saving up to 95% bandwidth. - Fix for Missing DLL Causing Dell Driver Installation Failures: Resolves an issue where Dell drivers failed to install and Compliance Status showed "Non-Compliant" on Clients running 9.2.XXX due to a missing DLL. This release restores the required DLL, ensuring proper functionality for new installations going forward. Please note: Upgraded clients from version 9.1 or 9.0 do include this DLL and will not experience the issue. Server Updates Improvements: -Dynamic Logging Config: Automatically reloads logging settings when config file is updated. -Optimized Bulk Messaging: Default bulk_messaging_batch size reduced from 100 → 25. -Secure Login Queries: Emails are now securely passed via parameterized queries during login. Bug Fixes: -Flexible ACR Input: Now supports both float and integer in ACR field. -Patch Submission Cleanup: Deletes associated strategy records when patch is removed. -Device Status Filtering: Device table only displays relevant product installations. -Workflow Validation: Better validation for runtime expressions in file system operation nodes. -Deployment Approval Checks: Fixed issue where patches deployed without full approval. -STRING_AGG Overflow: Crash resolved when string length exceeds 8,000 chars. -Business Unit & Metadata Health Fixes: Improved accuracy in patch system health and business unit filters. Client Updates New Features: Client Auto-Upgrade UI Support: - Manage upgrade settings. - View current version info. - Pause or trigger upgrades manually. Microsoft 365 Auto-Update Logic: - Disables auto-updates when WSUS is licensed and wsus.O365 = true. - Enables proper scan classification for M365 products. Improvements: -AngularJS upgraded from 19.1.3 → ^19.2.10 -Auto-Reload Logging Config: Log config changes take effect instantly. -jemalloc for Linux Clients: Improves memory efficiency. -Better Filter UI: More readable operators in advanced filters. Bug Fixes: -SMTP Email Blocking: Fixed server startup failure due to invalid SMTP config. -Patch Rescan Delay: Rescan now triggered promptly when patch removed from block list. -macOS VPN Fix: Resolved connection issue over VPN. -Compliance State: Now updates when new patches are found. -UI Menu Fixes: Corrected header icons in User and Patching dashboards. -Data Provider Editor: Fixed switching errors in the data provider settings. - Advanced Filter UI: Enforced correct behavior for NOT operator child conditions. - Folder Search Fix: Resolved parent folder search override in object tables. Questions? We’re a ping away! Reach us at connect.tenable.com. Thanks to everyone involved in making this release happen! – Ahmad Maruf Product Manager Tenable Patch Management
July Product and Research Update Newsletter
Greetings! Check out our July newsletter to learn about the latest product and research updates, upcoming and on-demand webinars, and educational content — all to help you get more value from your Tenable solutions. Click here for a downloadable PDF of this newsletter Share Your Insights at Black Hat 2025 Attending Black Hat next month? We'd love to hear your thoughts on Tenable products! Join us for a brief, filmed in-booth interview. It's a quick (less than 10 minutes) and impactful way to share your feedback. You'll have the chance to share your opinions on camera, and rest assured, if you prefer, your feedback can remain completely anonymous if you prefer. As a thank you for your time, we'll also give you an exclusive briefing on our latest product updates. Ready to make your voice heard? Email ambassador@tenable.com to schedule your session. We'll find a time that works best for you! Tenable Cloud Security Reminder: Tenable Cloud Security requires you to log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Code security for Azure ARM and Bicep frameworks, and APIs. Tenable now natively supports Azure Resource Manager (ARM) and Bicep, expanding on existing coverage for AWS CloudFormation, Kubernetes YAML, and Terraform across all major cloud environments. Azure users can now scan for misconfigurations directly in their infrastructure as code. Notably, Tenable Cloud Security uniquely supports Bicep, which is rapidly gaining adoption due to its simplicity. Tenable tags resources in Bicep files, auto-generates underlying ARM templates, and highlights misconfigurations directly in the Bicep code, so you can work in the Bicep layer without parsing ARM output. We’ve also introduced ingestion of Tenable IaC findings via API using the “Findings” query in the GraphQL API. This enables programmatic management of finding status. The code API has full UI parity and is consistent with all Tenable API endpoints. Workload protection now supports Oracle Cloud Infrastructure + streamlined reporting. Expanding our coverage of Oracle Cloud Infrastructure (OCI), Tenable Cloud Security now offers workload protection for OCI environments. You can scan virtual machines, including those using OCI-native and customer-managed key (CMK) encrypted volumes, alongside container images and account-level resources. Additionally, across all supported cloud environments, we have streamlined reporting: you can now generate reports directly from the Vulnerabilities page, simplifying your workflow. Enhanced IAM security across permissions and access. Tenable Cloud Security’s Microsoft Entra ID integration, recently enhanced with third-party support and MFA monitoring, can now monitor and filter all app API and delegated permissions. IAM admins get a clearer, tenant-wide view of app-level permissions, making it easier to remove unnecessary access. Are you still using the now-retired Microsoft Entra Permissions Management? Tenable is a strong replacement, with advanced CIEM, JIT access, and CNAPP capabilities spanning Entra ID, Azure and more. We’ve also improved IAM visibility for AWS and GCP with exportable Permissions Query results and enhanced tracking of custom policy changes. In GCP, access-level evaluation is now deeper with added behavior analysis and resource details. Introducing custom dashboards that you can easily build in minutes. You’ve got the power! You can now customize how dashboards look and how you present security data to help users focus on what matters most. Personalize dashboards by adjusting metrics, findings and visualizations. Choose whether to make them public or private. Save time by duplicating built-in or custom dashboards. Plus, all dashboards are now centrally located in the menu for easier access. “Projects” capability now supports integrations and automations by scope. Tenable is making it easier to manage accounts and access control across multiple accounts and providers. The Projects capability, which logically groups resources in your cloud environment, now lets you configure integrations and automations at the project level. This enables more granular control and flexibility to let specific accounts or resources follow tailored workflows aligned with your organizational structure and security policies. Tenable Identity Exposure New Entra ID IoEs to strengthen identity hygiene. Tenable has added new indicators of exposure (IoEs) to help you identify and remediate hidden risks in Entra ID environments: Managed devices not required for MFA registration: Flags tenants that allow multi-factor authentication (MFA) registration from devices your organization doesn’t manage. Without requiring managed devices, attackers with stolen credentials could set up their own MFA methods without your knowledge. Admin consent workflow not configured: Detects tenants missing an active admin consent workflow. This absence can cause errors for non-admin users trying to access applications that need consent, leading to user friction or unmonitored workarounds. Password expiration enforced: Identifies domains where password expiration policies, intended to enhance security, might actually weaken it. When you force users to change passwords frequently, they often resort to simpler or repeated passwords, which makes them more vulnerable to breaches. For more information, review the release notes. Tenable Enclave Security Tenable Enclave Security 1.5 release. We’re excited to announce the release of Tenable Enclave Security 1.5. This release includes exciting new features: Deployment assessment scanning: Quickly assess new and updated deployments before they go live, improving visibility and risk reduction during rapid delivery cycles. Expanded software composition analysis (SCA): Broaden insight into your software supply chain with deeper enumeration of third-party libraries and components, including Go, Java, PHP and unpatched vulnerabilities in container images. SecurityCenter 6.6: Now powered by PostgreSQL, the latest version enhances performance, scalability and long-term support for mission-critical environments. Policy management: New and improved experience for managing policies for CI/CD pipelines or Kubernetes clusters. For more information, review the release notes. Tenable Vulnerability Management (TVM) Tenable PCI agent scan template now available. As a result of the PCI DSS 4.x specification release, credentialed scanning is now a requirement for PCI internal scanning. In response, Tenable created the Tenable PCI Agent, which you can use to scan your network via the PCI Internal Nessus Agent scan template in Tenable Vulnerability Management. PCI DSS 4.x enables you to use a customized approach objective. Using PCI DSS 4.x, the PCI Internal Nessus Agent provides the most comprehensive view of local vulnerabilities on your systems. Please visit the Scan Settings site for more details on configuring the PCI Agent and scans. Tenable Patch Management Tenable Patch Management 9.2.967.22 (on-premises). This release features minor quality improvements and bug fixes across the platform. Server updates: Bug fixes: We fixed an issue where the Business Units by Waves column in cycle tables was empty if no deployment waves existed for the cycle owner. Modified the patch server framework component to depend on the feed server, preventing a race condition during registration. Fixed a bug where patching cycles could lose business unit information after a server restart. Improved the update process for supported platforms within existing workflows and activities during server upgrades. Client updates: Bug fixes: Change to WUAHttpServer to include a content-length header on a full GET request for a file. This resolves the Windows Server 2016 patch download issue. Tenable OT Security Tenable OT Security 4.3: Scalable visibility and control for your modern enterprise. The Tenable OT Security 4.3 release delivers powerful new features to enhance visibility and control across your operational technology (OT) environments and entire attack surface. Key updates in this release include: Scalable OT agents: Extend asset discovery to hard-to-reach areas and embedded systems, closing critical visibility gaps with lightweight, easy-to-deploy agents that leverage your existing IT infrastructure. Enhanced Tenable One data integration: Accelerate investigations and improve risk remediation with new Policy Violation Findings and richer Exposure Signals for more comprehensive Attack Path Analysis. Streamlined asset management: Benefit from a responsive Vulnerability Findings side-panel for quick investigations, custom asset tags and groups for better organization, and batch data and ruleset updates in Enterprise Manager to ensure consistent administration across distributed sites or locations. Additional user interface enhancements in v4.3: You can now search the asset serial number in the inventory Updated Sensor page navigation System Log pagination To learn more about what’s new in the latest version of Tenable OT Security, watch the latest customer update and review the release notes. Tenable Nessus Nessus 10.9 is now generally available! Nessus 10.9 introduces several key features to empower your security teams: Offline web application scanning in Nessus Expert: If your organization has strict network segmentation or air-gapped environments, Nessus 10.9 now enables comprehensive web application scanning functionality. This ensures your critical web applications, even in isolated networks, receive the same thorough security assessment as those in connected environments to maintain a consistent security baseline across your entire infrastructure. Triggered agent scans in Nessus Manager: Automatically initiate vulnerability scans via Nessus Manager in response to specific events. This means you get immediate insights into your security posture as soon as the system discovers new assets or critical system changes occur. This functionality will be enabled directly through Tenable Security Center in July. Agent version declaration for offline environments in Nessus Manager: Simplify the management of your Nessus Agents in air-gapped or offline deployments. With Nessus 10.9, you can now declare agent versions for Nessus Manager agent profiles, streamlining updates and ensuring your agents are running the desired software versions, even without direct internet connectivity. Agent safe mode status reporting in Nessus Manager: Get better visibility into our Nessus Agents’ health and operational status. Nessus 10.9 provides reporting on "Agent Safe Mode" status with insights into agents that may experience issues or operate in a limited capacity. This allows for quicker identification and resolution of agent-related problems for uninterrupted scanning coverage. Nessus 10.9 is available now. We encourage all Nessus users to upgrade to take advantage of these new features and continue to strengthen your vulnerability assessment capabilities. For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect. End of Support for Nessus and Agents on Windows 32-bit operating systems. Tenable announces End of Support for Nessus and Agents on Windows 32-bit Operating Systems. Please see the bulletin for more details. Click here to continue reading the rest of the newsletter as a downloadable PDF.June 2025 Product & Research Update Newsletter
The June 2025 Tenable Product & Research Newsletter is live. This month's edition covers updates on: Tenable Cloud Security, Tenable Identity Exposure, Tenable Patch Management, Tenable Security Center, and Tenable VM, along with updates about the Tenable Ecosystem, Tenable Connect, Training, Professional Services, Research, and more. Community Update Introducing Tenable Connect, your new customer community! Check out your new hub to connect, learn and grow with Tenable. Here’s what you’ll find: Ability to open and manage support cases Easy access to the improved account management portal Dedicated pages for product resources and training Discussion boards and opportunities to engage with your peers and Tenable Log into Tenable Connect before July 1 for a chance to win a limited edition Tenable Connect t-shirt! Tenable Identity Exposure Tenable’s Research-Driven Identity Defense Expands Tenable continues to deepen its coverage of real-world identity risks with a series of new indicators of exposure (IoEs) across both Active Directory (AD) and Entra ID. BadSuccessor—a rare, but forest-level critical, zero-day privilege escalation vulnerability in AD, was recently disclosed. Introduced with delegated Managed Service Accounts (dMSAs) in Windows Server 2025, its exposure depends on the presence of a 2025 domain controller, but the impact can be severe. An attacker with the right permissions could use a dMSA to inherit domain admin-level access and compromise the entire forest. Tenable has responded quickly with a dedicated IoE: BadSuccessor – Dangerous dMSA Permissions, now available in Tenable Identity Exposure (SaaS) v3.95. This detection flags risky dMSA inheritance paths that could enable exploitation, helping organizations stay ahead even in the absence of a Microsoft patch. Review Tenable’s technical advisory and FAQ for detailed context. More IoEs targeting real-world risk Other new IoEs target misconfigurations and gaps attackers routinely exploit, spanning Tier 0 risks in AD and hygiene issues in Entra ID. Each IoE is designed to be practical, observable and relevant, shaped by real attack behaviors, not just theoretical risks. Check out this product documentation for more information. Active Directory Tenable IoE “Sensitive Exchange Group Members” Who really sits in the most privileged Exchange groups: a Tier‑0 foothold. Tenable IoE “Exchange Permissions” Risky ACLs where Exchange rights bleed into domain control. Entra ID Tenable IoE “Users Allowed to Join Devices” Tenant setting that lets any user enroll a rogue workstation. Tenable IoE “Managed Devices Not Required for Auth” Conditional‑access gap allowing unmanaged logins. Tenable IoE “Auth‑Methods Migration Incomplete” Legacy authentication policy is still exposed. Tenable IoE “Dangerous Application Permissions” Third‑party app scopes that can exfiltrate data. Tenable IoE “Risky Users Without Enforcement” Risk‑based access policy missing for high‑risk accounts. Tenable Cloud Security Reminder: Tenable Cloud Security requires you to log in to view documentation. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo. Enhanced CVE detection and customizable severity metrics Tenable Cloud Security now enhances CVE detection by integrating Tenable's vulnerability logic, leveraging the Tenable vulnerability data lake (TVDL) and Nessus. This improves accuracy and coverage in detecting new CVEs regardless of National Vulnerability Database (NVD) delays. The integration aligns CVE detection between Tenable Cloud Security and Tenable Vulnerability Management, reducing inconsistencies and boosting reliability within Tenable One. Users can select which CVE severity metric to display first: CVSS (static) or VPR (dynamic, factoring exploit likelihood). The metric chosen as primary impacts finding creation: severity changes can cause related findings to open or close. Just-in-time by resource groups and recurring access Thanks to your feedback, Just-in-Time (JIT) access is now even more powerful and flexible. Azure users can request access at the resource group level, not just by subscription, giving you greater granularity and control across your cloud environments. And for all JIT users, building on existing immediate/scheduled access request support, we’ve added recurring access scheduling — to better support business workflows, such as a contractor needing project access for a specified repeat duration or the need for access to a routine audit that lasts a full quarter. Easily set daily, weekly or monthly schedules with end dates — all through an intuitive UI. Consider using recurring access to replace standing permissions that some JIT users may still have, for more granular time-bound least privilege. Powerful Tenable cloud vulnerability insights within ServiceNow Tenable now integrates with ServiceNow’s new Vulnerability Response platform, enabling you to seamlessly import prioritized, actionable vulnerability data directly into ServiceNow. This streamlined integration, which also supports government environments, helps teams focus on what matters most by aligning Tenable findings with your existing remediation workflows, making it easier to act fast on critical risks. Already using ServiceNow ticketing? You can now sync Tenable findings with ServiceNow incidents, mapping severity and status to priority and state (such as open findings to new incidents). Note: Syncing incident states requires additional permissions and configuration within ServiceNow. Selectively scan data resources by exclusion tags You can now add exclusion tags to fine-tune scans of both managed databases and object storage in Tenable Cloud Security. Exclusion tags enable you to scope out resources starting from the next scanning cycle by specifying tags as configured at the resource level, for tailoring scans to your environment. This new capability helps you decrease costs by reducing unnecessary resource usage. Object storage comes to OCI As part of our growing capabilities around Oracle Cloud, Tenable Cloud Security now offers data analysis of object storage buckets in OCI. Out of the box, the feature is on a par with all other object storage that Tenable Cloud Security supports and is part of routine CSPM onboarding. In other updates, new dynamic scan scoping by tag is also supported for OCI. Tenable Vulnerability Management (TVM) Tenable Data Stream (TDS) now supports the streaming of TVM Host Audit Findings data as well as WAS assets, tags and findings data. TDS already supports TVM host assets, tags and vulnerabilities data streaming to AWS S3 buckets and is used by some of the largest TVM customers. Learn more about TDS here. Besides the new payloads, there are a few more improvements: Additional new fields in TVM findings payload like Resurfaced Data and Time Taken to Fix Grouping of the files written in the AWS S3 buckets is now based on timestamp, resulting in fewer files written, which in turn improves consumption and reduces latency. (Previously, this was based on both scan ID and timestamp, which resulted in writing a large number of small files.) Tenable Patch Management Tenable Patch Management now supports Red Hat Enterprise Linux (RHEL) We’re excited to announce that Tenable Patch Management (On-Prem) 9.2.967.20 now supports RHEL 8 and RHEL 9. This release also includes performance improvements, bug fixes, and an important security update to Java 17 JRE. Please note that Patch Notification Bots using WhatsApp require review and modification as they can no longer be combined with other providers. Please visit here for a list of third-party applications covered. Note: We are always adding more. For more information, please read the Tenable Documentation and Release Notes and visit the Downloads Portal for the latest version. Tenable OT Security Upgrade to Tenable OT Security 4.2 to unlock new layers of visibility across your OT/IT environment. Key enhancements in this release include: Advanced SNMP-based asset discovery: Gain deeper OT network topology insight. Our new SNMP Crawler discovers and maps all connected devices and switches, including previously hidden ones, down to the specific switch port. Intelligent hardware lifecycle management: Proactively manage obsolescence with EOL tracking for OT/IoT assets from vendors such as Schneider Electric and Siemens, complementing existing software EOL capabilities. Flexible Windows-based deployment (beta): Install OT Security sensors directly on Windows devices — ideal for segmented subnets or where deploying dedicated physical hardware appliances isn’t feasible. Enhanced IoT & VMS risk insights: With improved IoT connectors and expanded VMS support through enhanced credentialed authentication, extract richer data from IoT devices and VMS (including asset names, models and stream details). Navigation enhancements: A redesigned main menu and intuitive side panel simplify access to critical OT data, speeding workflows and improving usability. Additional improvements: Fewer operational reboots New vulnerability detections Expanded virtualization support for Microsoft Hyper-V and KVM-based platforms Upgraded embedded Tenable applications (Nessus, Nessus Network Monitor) Expanded Device Fingerprint Engine coverage for devices from various vendors To learn more about what’s new in Tenable OT Security, watch the latest customer update or review the release notes. Tenable Security Center Patch 202505.1 is now live This patch addresses high-severity CVEs in SQLite. It applies to SC versions 6.5.1 and 6.4.x and requires manual application. Release notes for 6.5.1 and 6.4x Download: https://www.tenable.com/downloads/security-center Security advisory: https://www.tenable.com/security/tns-2025-09 Tenable Ecosystem Tenable Plugin for Jira on-premises v10.4.1 now supports Tenable Web App Scanning We’re excited to launch Tenable Plugin for Jira v10.4.1. This release includes: Support for Tenable Web App Scanning (TWAS) Security update Cleaner logs regarding API responses And bug fixes For more information, please read the Tenable Documentation and visit Atlassian Marketplace to download the newest versions. Tenable App for Splunk v6.1.0 The Tenable App for Splunk v6.1.0 is now available. This release includes: Added support for Tenable Web App Scanning (TWAS) and Tenable OT Security (TOT) New “Assets Dashboard” for visualizing asset details across TVM, TSC, TOT, TWAS, and TASM For more information, please read the Tenable Documentation and visit Splunkbase to download. Tenable Nessus Early Access Release of Nessus 10.9.0 We’re excited to announce the early access of Nessus 10.9.0. For standalone Nessus Expert users, this includes web application scanning functionality for Nessus instances in air-gapped/offline environments. For more information, please see our release documentation. Tenable Training and Product Education Tenable University is excited to announce the refreshed Introduction to Tenable One course. This course covers key features of the Exposure Management platform, including the workspace, Exposure Signals, Attack Path Analysis, Inventory and more, giving you a strong foundation to understand and act on your exposure data. Tenable Professional Services Tenable Professional Services offers two levels of Tenable One Deployment Service, both of which provide a structured, end-to-end approach for implementing and optimizing the Exposure Management platform. With this guidance, your team can gain the visibility, confidence and capabilities needed to actively manage exposure and reduce cyber risk. Tenable Webinars Customer Update Webinars Tune in for product updates, demos, how-to advice and live Q&A to help you get more value from your investment in Tenable solutions. LIVE July 2025 Tenable WAS, July 8, 2025, 11 am ET: Join us for a deep dive into recently released WAS features and capabilities. Tenable Nessus, July 8, 2025, 1 pm ET: Testing for specific CVEs with Nessus. Tenable OT Security, July 9, 2025, 11 am ET: Learn how Tenable OT Security 4.3 unlocks unprecedented visibility and control across your OT/IT environment. Tenable Vulnerability Management, July 9, 2025, 1 pm ET: Credentialed scans versus uncredentialed scans and how to use managed credentials. Tenable One, July 10, 2025, 11 am ET: Learn how Tenable One can now ingest important security context from non-Tenable security tools to help better identify, prioritize and reduce cyber risk. Tenable Security Center, July 10, 2025, 1 pm ET: OS breakdown: reporting exposures by operating system. ON-DEMAND June 2025 Tenable Identity Exposure: Join us to explore new features and capabilities in the latest release of Tenable Identity Exposure. Tenable Nessus: Discovery scan templates and when to use them. Tenable Cloud Security: Just-in-time (JIT) access dramatically reduces exposure from compromised identities. Join us to learn how this capability is enabled with Tenable Cloud Security. Tenable Vulnerability Management: Develop exposure response strategies with Tenable Vulnerability Management. Tenable One: Learn how Exposure Signals and Installed Software leverage data from your security stack to enrich Tenable One findings and strengthen the impact of your exposure management efforts. Tenable Security Center: Learn when and how to use triggered Agent scanning in Security Center. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas and Europe (including the Middle East and Africa, and Asia Pacific). Learn more and register here. Other Webinars of Interest June 25, 2025: Research Insights from the 2025 Verizon DBIR: What You Need to Know to Secure Smarter June 24, 2025: From Fundamentals to Focus: Enhancing Cloud Security with Tenable - Customer Workshop Series June 17, 2025: Beyond Cyber Chaos: How Public Sector Orgs Secure Smarter with Exposure Management On-demand: Security Without Silos: How to Gain Real Risk Insights with Unified Exposure Management For More Webinars Please visit tenable.com/webinars for the most up-to-date schedule. Tenable Research Research Security Operations Announcement Where Capability Meets Opportunity: Meet the Tenable Research Special Operations Team Rapid Response Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution CVE-2025-31324: Vulnerability in SAP NetWeaver Exploited in the Wild Tenable Research Advisories HPE Insight Remote Support Multiple Vulnerabilities Siemens User Management Component V2.15 Multiple Vulnerabilities Feature Release Highlights New Plugin Family: Tencent Linux Local Security Checks Azure Cloud Infrastructure Scanning for Government Windows LAPS Support in Nessus-based scanners Over 400 New Vulnerability Detections in June!May 2025 Product Update Newsletter
A truncated version of our May product update newsletter follows. To read the full document, which includes updates for Tenable One, Tenable Cloud Security, Tenable Identity Exposure, Tenable OT Security, Tenable Vulnerability Management, Tenable Security Center, Nessus, Patch Management, and more, click here. Tenable One New! Unified Navigation for a Seamless User Experience We are excited to bring you the latest update of Tenable One! This release focuses on maximizing your Exposure Management program by unifying vision, insight, and action across the attack surface. These enhancements include: Streamlined navigation across Tenable One: Easily access key areas like Exposure View, Exposure Signals, Inventory, and Attack Paths from a single location, allowing you to retrieve information faster and more efficiently. New Overview page: Quickly gain high-level insights into the health of critical coverage areas, including exposure scores, assets, attack path matrix, and weakness breakdowns. Enhanced user experience: Enjoy a more intuitive and seamless experience for specific capabilities within Tenable One. New Installed Software page: Easily view software vendors and versions throughout your environment. Pinpoint specific pieces of software, versions, devices, and file paths to enhance discovery and streamline remediation efforts. These changes are now live and ready within your container! To quickly get up to speed, please check out this interactive demo. New! All your security data. All in one place. We’ve introduced powerful new capabilities to elevate your exposure management program. These deliver unified risk visibility, deeper context, and comprehensive reporting across your entire risk landscape. What’s new: Tenable One Connectors: Integrate data from across your security stack into Tenable One to gain complete visibility and context across your attack surface—all within a single platform. Enhancing your Tenable One experience with third-party data gives you: A single, unified inventory of your assets and risk data. Richer context within Exposure Signals to support cross-domain prioritization. Consolidated exposure cards that present a complete view of risk across your environment. Sign up for Connectors See guided demo Explore available connectors Unified Dashboards Easily analyze, track, and share key risk insights across your environment, enabling smarter, more efficient security operations. Unified dashboards include: Pre-built dashboards – Get immediate, actionable insights with best-practice dashboards for common security use cases. Custom dashboards – Use over 40+ widgets to create dashboards tailored to any audience or need. Custom widgets – Develop bespoke widgets that highlight the metrics and data points that matter most to you. Share and collaborate - Make dashboards private or team-accessible, and export them in multiple formats for seamless collaboration. See guided demo Tenable Identity Exposure You Don’t Need More Data — You Need Insights Now available: Identity Insights has launched in the SaaS version of Tenable Identity Exposure — delivering centralized visibility into risks across your identity fabric (Active Directory and Entra ID). This powerful new visualization acts as a command center for security teams to quickly prioritize and address the most critical identity threats. What’s included: Top Risk & Exposure Signals widgets: These widgets surface the most severe indicators of exposure (IOEs) and aggregated risk scenarios using prebuilt insights and custom queries via ExposureAI. Historical risk trends: Track recurring risks over time, identify resurfaced threats, and demonstrate security improvements. Identity demographics: Visualize risk across privileged, service or dormant accounts to better prioritize protection efforts. Fast-action remediation: Use the "If You Only Have 5 Minutes" widget to jump into the most urgent findings. Exportable reports: Generate professional-grade reports with one click to support audits and stakeholder communications. With Insights, security teams move from fragmented data to an actionable overview — saving time, reducing risk, and improving security posture. Check out the Tenable Identity Exposure user guide for more information. Tenable Cloud Security Reminder: You must be logged in to view Tenable Cloud Security documentation. If you need a login or wish to try Tenable Cloud Security, contact your account manager or request a demo. Just-in-Time (JIT) access is now available for all Tenable Cloud Security users. Tenable customers can use their existing (or future) Tenable Cloud Security license to enable and use JIT – with no separate procurement needed! JIT is automatically included with all existing licenses: Enterprise, Standard and CIEM. JIT eliminates standing permissions and reduces cloud risk with on-demand, time-bound access to cloud accounts and identity provider (IdP) groups. See the demo and explore use cases to understand how JIT works and streamlines approvals including by integrating with collaboration platforms like Slack and Microsoft Teams. Unified search and in-product documentation—directly in the Console. Tenable Cloud Security now offers context-aware guidance in the Console, making it easier to find what you need. Queries in the search bar return results across all resources, policies, pages, documentation, and vulnerabilities. In-product documentation is now also accessible directly in the Console through unified search and contextual help links, providing context-aware guidance where you need it. See the documentation for more details. Define projects by resource tags and Azure resource groups. Building on the Projects feature announced in the March 2025 newsletter, Tenable Cloud Security now enables you to scope projects using resource tags (across all Tenable-supported cloud providers) and Azure resource group name patterns. This enhancement provides greater flexibility and granularity in organizing projects based on how your cloud environments are structured: by team, business function, or application boundary. The evolving Projects capability supports stronger cloud security maturity by reducing fragmented visibility and siloed inventories, with dedicated views of resources and security findings, and project-specific dashboards for each team. See the documentation for more details. Enhanced CVSS scoring support with CVSS v4 priority. When multiple CVSS versions are available for a vulnerability, CVSS v4 is prioritized to ensure the severity assessment is the most current and precise. It offers improved accuracy, flexibility, and contextual awareness, enabling better prioritization and automation than CVSS v3. Enhanced 3rd-party support for Microsoft Entra ID apps. Tenable now offers greater IAM visibility for Azure users through enhanced Microsoft Entra ID third-party application mapping, with support for more than 350 applications. From the third-party widget in the IAM Dashboard, you can select a vendor per cloud component and navigate directly to the Identity Intelligence page, filtered by that vendor. You can also now view vendor details for each application in the Microsoft Entra ID Application Inventory page, making it easier to manage third-party applications across your environment. >> To read the rest of the May newsletter, click here.
