Nessus now has Windows LAPS Support
Summary: Nessus now has the ability to leverage accounts managed by Microsoft Windows LAPS. How LAPS works: Since LAPS managed accounts have their passwords rotated routinely, users cannot just directly provide the credentials in their Scan Policy. Before this change, users would instead have to make an additional privileged account on each LAPS enabled Host to provide to Nessus. Currently Nessus supports Entra LAPS allowing a scan to pull LAPS Managed Credentials from a customer’s remote Entra instance. Now, Nessus can do the same for Windows LAPS, allowing customers with local LAPS setups to gain the same benefits! Without Windows LAPS support, customers must make dedicated account for Nessus to use to scan targets Change: With this LAPS support change, during the startup phase of a scan, Nessus will reach out to a customer provided Domain Controller hosting an AD forest with LAPS enabled, and pull a list of all Local Admin Accounts for devices managed by LAPS. Nessus will then attempt to use these retrieved LAPS managed accounts as credentials when attempting to access a target host. With Windows LAPS Support, Customers need only provide a single Credential that allows Nessus to retrieve the actual credentials for LAPS Managed Devices How to enable it: To make use of Nessus’ Windows LAPS support, a customer needs only to provide the necessary info to their scan/policy via the Windows LAPS Credential. They’ll need to provide us the IP of the DC, Credentials for an account on that DC with the necessary permissions*, and the DistinguishedName of the OU that contains their LAPS managed devices. *The Account for retrieving Windows LAPS credentials needs the following permissions General Recommend the Account be added to the BUILTIN/Administrators AD Group as it grants all required permissions, including: Access to the $Admin Able to log on to the DC remotely Able to run Powershell WMI and DCOM access to Root/CIMV2 WMI Namespace LAPS Permissions LapsADReadPasswordPermission rights to the LAPS OU Be an Authorized Password Decryptor in the LAPS GPO (without this, Nessus will not be able to retrieve passwords protected by LAPS Encryption). Members of the Domain Administrators group are Authorized Password Decryptors by default. For additional information see: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview Impact: Customers using Rotating Host passwords managed through Microsoft Windows LAPS can now leverage these credentials in their Nessus scans for more secure scanning configurations. Target Release Date: Nessus, T.VM On/About 09 JUN 2025 T.SC TBDWhere Capability Meets Opportunity: Meet the Tenable Research Special Operations Team
The digital battlefield is constantly shifting. It's no longer enough to just react. We need to anticipate. But what if there was a team dedicated to seeing these threats coming, understanding adversary tactics, and sending early warning signals for what might come next? Meet the elite team that’s hunting the next major cyberattack: The Tenable Research Special Operations (RSO) team. This elite team is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. They go beyond generic warnings to provide real-time, actionable insights that can help protect your business. Read the blog to learn more about RSO and how their research insights can enhance your security programResearch Release Highlight - SSH Session Reuse
Summary Nessus scan will support an opt-in feature to reuse SSH sessions during a scan where possible when running Nessus versions 10.9.0 and greater. This update was made in response to numerous customer requests for reducing the number of new SSH connections established during remote network scans and the associated increase in network traffic. Change A new scan configuration template option will be available for customers to actively enable the [Reuse SSH connections] configuration in their scan policies in Advanced Settings under Advanced Performance Options. Customers can return to the classic SSH connection functionality by changing [Reuse SSH connections] to the default “off” setting in their scan policies. Customers must be running a version of Nessus 10.9.0 or greater that supports this feature and have a Plugin Feed that displays the scan configuration policy user interface and NASL plugin set with the SSH session reuse functionality. Impact Customers should see a significant decrease in the total number of SSH sessions established during a Nessus scan as well as a reduction in load on Enterprise authorization, access, and accounting (AAA) tooling such as RADIUS servers and other connection management services. There should be no difference in scan results between scans that leverage SSH Session Reuse and scans that do not. If customers experience any such issues, the feature can easily be toggled off to return SSH connections during scans to the classic connection functionality. Target Release Date January 15, 2026
Improved Resource Management Control
Summary Improved resource management control for plugins leveraging Windows Management Instrumentation (WMI) on Nessus Agent 11.1.0 or higher. Impact Customers with Nessus Agent 11.1.0 and later versions will have the ability to granularly control the CPU resources consumed during scans. This update ensures that plugins respect the resource usage setting selected during scan configuration by launching commands as children of the Nessus Agent, rather than invoking them via WMI. The release of these plugins will continue through January, with a phased approach over three weeks. The first release will be January 13th, the second January 20th, and the final planned plugin update on January 27th. Target Release Date Phase 1 plugin set: January 13, 2025 Phase 2 plugin set: January 20, 2025 Phase 3 plugin set: January 27, 2025Distinct Agent Plugin Databases for RPM-Based Distributions
Summary Tenable will now provide separate agent plugin databases for RPM-based Linux distributions. Impact Historically, the majority of plugins for RPM-based Linux distributions have all been distributed via a single artifact. Starting with Nessus Agent 11.1.0, Tenable will now publish separate artifacts based on the following plugin families: Alma Linux Local Security Checks CentOS Local Security Checks Miracle Linux Local Security Checks Oracle Linux Local Security Checks Red Hat Enterprise Linux Local Security Checks Rocky Linux Local Security Checks As a result, customers will see a reduction in the overall size of the agent database (15-31% reduction at rest, 7-14% downloaded), directly leading to smaller updates and reduced resource consumption during the update process. This improvement will be available to all customers using Agent 11.1.0 or later versions. Target Release Date January 13, 2026
December 2025 Tenable Product Newsletter
Greetings! Check out our December newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's new in Tenable One: November 2025 release This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk. Release highlights: New Tenable One Connector: Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface to reveal how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Edit widgets: Edit and update widgets on dashboards you own. Customize all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. RBAC new roles: Unlock more precise access control with a new custom exposure management role for more granular access to the different modules in Tenable One, including tag enforcement, along with a dedicated read-only role for improved oversight. See all platform enhancements >> Tenable Is a Leader in the First-Ever Gartner®️ Magic Quadrant™️ for Exposure Assessment Platforms We’re proud to share that Tenable has been named a Leader in the first-ever 2025 Gartner Magic Quadrant for Exposure Assessment Platforms, ranking highest for both Ability to Execute and Completeness of Vision. Tenable was also positioned as a Leader in both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™️: Unified Vulnerability Management, Q3 2025. This recognition wouldn’t be possible without you — our customers. Your insights, feedback, and collaboration have been instrumental in shaping Tenable One, helping organizations around the world reduce exposure risk across their entire attack surface. Get the report > Tenable Cloud Security Console | Unified cross-cloud view: Explorer is the new unified page. Get a complete cross-cloud view of all resources and findings. Query across objects, export results, and use Graph view to visualize risk paths. Network | Validate real-world exposure: Network Scanner now validates actual external exposure to identify truly reachable cloud resources and exposed endpoints. Use real-world data to cut false positives and sharpen prioritization. IAM | Full entitlement insight: Inventory now displays all roles and identity-based policies across AWS, Azure, GCP, Entra ID, and Google Workspace, including unused ones. Proactively reduce entitlement risk by creating custom least-privilege policies for any supported role. Vulnerability management | Public AMI scanning: Expanded AWS coverage now supports scanning public AMIs (cloud-managed AMIs), including vendor and AWS-published images in your posture assessments for a comprehensive security view. View all updates>> Tenable Vulnerability Management Mobilize your VM data Unify teams and streamline remediation workflows with the initial release of mobilization services, beginning with ticketing integrations in Tenable Vulnerability Management. Automatically or manually create bi-directional tickets in Jira Cloud via Exposure Response Initiatives. This capability accelerates response times by synchronizing your security findings with tickets in Jira Cloud. See mobilization in action: Watch this walkthrough to see how to set up and use the new ticketing integration. Review the documentation and Quick Reference Guide for detailed steps. Note: ServiceNow ITSM ticketing mobilization is coming soon. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and read the release notes to take advantage of these improvements and keep your environment running at peak performance. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. Refer to the release notes and advisories (TNS-2025-20 and TNS-2025-18) for more information and download patches here. Tenable OT Security Introducing Tenable OT Security 4.5 (Early Access) The upcoming release of Tenable OT Security 4.5 – now available in Early Access – focuses on scalability for enterprise environments, enhanced power grid visibility, and improved integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting at scale with the ability to create rule-based groups and tags using multiple filters, including asset type, risk score, and criticality. Enhanced grid visibility (IEC 61850): Added support for IEC 61850 to improve passive detection of intelligent electronic devices (IEDs) with safer, deeper visibility for substation and power generation environments. RBAC for enterprise manager: New role-based access controls (RBAC) enable administrators to assign users to specific ICPs using user groups, so users only view the zones they are authorized to see while inheriting ICP-level roles. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: The Compliance Dashboard now includes direct mapping for IEC 62443-3-3 and NIST-CSF to simplify how you measure and report against these critical security frameworks. In case you missed it: What’s new in Tenable OT Security 4.4 Unified exposure management: Sync your OT asset tags directly to Tenable One and Tenable Security Center to enrich enterprise IT security workflows with OT context. Deep visibility for specialized environments: Gain granular details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. Reduced alert fatigue: A redesigned Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures. Expanded protocols: Added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the release notes to see what’s new and how to upgrade. Tenable Identity Exposure Attack path optimization: Complex attack path queries now time out after three minutes and automatically revert to the shortest, most viable path. Get critical findings faster when dealing with large-scale domain environments. (v3.109) Syslog direct linking: Syslog alerts now contain a new time-based URL. Use this link to jump instantly to the exact incident details within Tenable Identity Exposure to accelerate your investigation and response workflow. (v3.108) Kerberos IoE clarity: The Dangerous Kerberos Delegation Indicator of Exposure (IoE) now features dedicated paragraphs for each vulnerability reason to simplify understanding and make remediation steps clearer and more concise. (v3.108) View all updates>> Tenable Web App Scanning Optimized scanning for production environments Eliminate conflicts with peak traffic hours using enhanced scan windows. You can now define granular scan (green) or pause (red) windows for individual scans, independent of global settings. Whether spanning multiple days or scheduling multiple windows per day, your assessments automatically progress during approved hours without manual restarts. For more details, review the documentation for pause and resume scans and basic scan settings. Tenable Enclave Security Tenable Enclave Security and Container Security 1.7 now generally available This release brings Security Center 6.7 into the Enclave Security platform and introduces exposure response for container security. See our announcement above for more information on the benefits of Security Center 6.7. With exposure response in container security, customers can better track and prioritize remediation efforts by: Creating initiatives to identify critical exposures, assign ownership and apply SLAs Managing initiatives through customizable dashboards Using advanced query capabilities to drill into specific findings, assets or vulnerability combinations. For more information review the Tenable Enclave Security 1.7 release notes. Tenable Cloud Security FedRAMP Tenable Cloud Security now available through GSA OneGov Federal agencies can now purchase Tenable Cloud Security FedRAMP through the GSA OneGov program at a 65% discount through March 2027. This partnership makes it easier and more cost effective for federal agencies to identify and reduce cloud risk by gaining visibility into misconfigurations, vulnerabilities and excessive permission across cloud environments, supporting federal cloud first policies and zero trust initiatives. Interested agencies should request more information on our Tenable and GSA webpage or email publicsector-gsa@tenable.com. For more information: Attend our webinar on January 15, 2026: Cloud security for federal agencies: Threats, best practices and the GSA OneGov advantage Read our blog: Tenable partners with GSA OneGov to help federal government boost its cloud security Tenable Training and Product Education Enhance your attack surface management skills Benefit from a superior learning experience with the updated Introduction to Tenable Attack Surface Management course. We've introduced a modernized interface and smoother navigation for immediate improvement. Access this no-cost course, along with many other on-demand options, anytime at Tenable University. Start learning today to gain essential skills and better manage your organization's external attack surface. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. Agentic AI security: Keep your cyber hygiene failures from becoming a global breach A practical defense against AI-led attacks CVE-2025-55182: Frequently asked questions about React2Shell: React server components remote code execution vulnerability FAQ About Sha1-Hulud 2.0: The "second coming" of the npm supply-chain campaign CVE-2025-64446: Fortinet FortiWeb zero-day path traversal vulnerability exploited in the wild Microsoft Patch Tuesday 2025 Year in Review Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025 Research release highlights Introducing new plugins to assess security posture for the transition toward Post-Quantum Cryptography (PQC)! Tenable Research PQC support helps customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. For more information, see the Release Highlight. Content coverage highlights More than 5,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach. More than 50 new audits delivered to customers. Read Tenable documentation.
Cisco Meraki API Host Guidance
Summary Tenable is announcing changes to our documentation for the Cisco Meraki API integration. Customers using a “unique” host in the “Cisco Meraki Host” field of the credential should use “api.meraki.com”, or a region-specific instead if applicable. Please refer to the documentation for full guidance. Tenable and Cisco Meraki Integration Guide Impact Customers using the Cisco Meraki API integration are encouraged to check their configurations and update them accordingly. This change in guidance addresses cases where some customers were experiencing HTTP 308 redirects, resulting in integration failures. This is also closely related to cases where customers were experiencing HTTP 403 errors, which has been addressed by changes in the Cisco Meraki API Web Application Firewall (WAF). Release Date Dec 15th, 2025
Tenable Post-Quantum Cryptography Inventory Support
Summary The advent of quantum computing presents a significant threat to current cryptographic algorithms. Organizations worldwide are beginning the critical transition to post-quantum cryptography (PQC) resistant algorithms to ensure long-term data security. Government mandates, such as the U.S. National Security Memorandum 10 (NSM-10), outlines deadlines for PQC migration and specific actions agencies must take to migrate vulnerable systems. Our PQC support is designed to help customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. Cipher Inventory and Reporting Post-Quantum Cipher Plugins Two remote-based scan informational reporting plugins for TLS and SSH protocols inform customers of their transition posture according to NIST Post-Quantum Encryption Standards. Services Using Post Quantum Cryptography: Reports on services equipped with at least one post-quantum cipher. It will specify which post-quantum ciphers were discovered, reporting by port and protocol. Services Not Using Post Quantum Cryptography: Reports on services that support no post-quantum ciphers. These plugins will be enabled by default and included in existing scans. Cryptographic Inventory Plugin Reporting To enable a JSON-based inventory of each target by service and cipher, enable through either a preference on your Advanced Network Scan or by running the Cryptographic Inventory scan template. These preferences will initially be supported in Nessus and Tenable Vulnerability Management. They are planned to be added to Tenable Security Center at a later date. Warning: Enabling this preference through the Advanced Network Scan is expected to increase the overall size of the plugin output per target and resulting Nessus database size. If you do not need to produce this inventory at all or on your regular scan cadence, it’s recommended to instead run the Cryptographic Inventory scan template to decrease the potential impact to your normal scan results. Options to Enable Inventory Reporting Advanced Scan Preference Post Quantum Cryptography Scan Template Cryptographic Inventory Plugin Details The plugin enabled with the preference or scan template is an information plugin called Target Cipher Inventory. Within the output of this plugin, you will find a JSON structure containing the TLS and SSH inventories for the scanned target. You can export this inventory based on plugin output using the Tenable API if needed. For TLS, the structure contains: Attribute Definition Encaps Protocol encapsulation employed such as TLSv1, TLSv2, TLSv3 Port Port used for TLS communication Curve Group Encryption method Ciphersuite Algorithm used to secure the TLS connection For SSH, the structure contains: Attribute Definition Proto Protocol of SSH Port Port used for SSH communication Name Algorithm used to secure the protocol Type Use of the named algorithm such as “message auth” Release Date Tenable Vulnerability Management and Tenable Nessus: December 8, 2025 Tenable Security Center: - December 8, 2025 for the informational plugins - Cryptographic Inventory scan template release to be determinedPlugin 135860 (wmi_not_available) No Longer Fires if No Viable WMI Credentials were found
Summary: After reports of wmi_not_available.nbin firing during Remote Scans (despite only being applicable to Local Scans), changes have been made to prevent this firing and reduce noise in Scan Results. Specifically, early exit conditions have been added to key WMI libraries that are triggered if no working WMI Credentials (Windows Credentials that can successfully connect to WMI) are found. Change: Plugin 24269 (wmi_available.nbin) has two new exit conditions: If the Scan policy is configured to Start the Server Service, plugin 144455 (wmi_start_server_svc.nbin) will actually be run before wmi_available. It will attempt a WMI connection with each Windows Credential provided in the Scan. In the case that none of the Provided Credentials could successfully connect to WMI, wmi_start_server_svc.nbin will leave an artifact for wmi_available.nbin to exit early. It’s not necessarily that WMI is not available on the Host, just that the scan couldn’t get in with what was provided. After the WMI Connection attempt, wmi_available.nbin will now check for a scan artifact that WMI Connection was attempted but no Credentials were found. Plugin 135860 (wmi_not_available.nbin) checks a new scan artifact. If WMI wasn’t available for any reason outside of “No Viable Credentials found/worked”, the plugin continues as normal. If the new scan artifact is not present, the plugin will not run. Impact: If no Windows Credentials provided in the Scan Policy work, or if none were provided at all, Plugin 135860 (wmi_not_available.nbin) will NOT fire during a scan. Target Release Date: October 8, 2025New Plugin Family: UnionTech Local Security Checks
Summary Tenable will now provide vulnerability check plugins for UnionTech Unity Operating System (UOS). Impact Customers with UnionTech Unity Operating System (ServerA and ServerE) systems in their environments will be able to scan them for vulnerabilities. These plugins will have the family “UnionTech Local Security Checks”. These plugins will not have agent support at this time, but this support is expected in a future release. Target Release Date September 30, 2025
