Blog da Tenable
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent
Moltbot, the viral AI agent, is riddled with critical vulnerabilities, exposed control interfaces, and malicious extensions that put users' sensitive data at risk. Understand the immediate security practices you can implement to mitigate this enormous agentic AI security risk.
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes.
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers.
CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks
Introdução ao Tenable One AI Exposure: Um novo padrão para proteger o uso de IA em escala
Descubra e monitore continuamente todo o uso de IA na sua organização, incluindo shadow AI, agentes, plug-ins de navegador etc. com o Tenable One AI Exposure. Mapeie workflows complexos de IA para descobrir exposições de alto impacto e monitorar a conformidade com as políticas de segurança e uso aceitável de IA.
Oracle January 2026 Critical Patch Update Addresses 158 CVEs
Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates.
Tenable Discovers SSRF Vulnerability in Java TLS Handshakes That Creates DoS Risk
Tenable Research has discovered a server-side request forgery (SSRF) vulnerability in Java’s handling of client certificates during a TLS handshake. In certain configurations, this can be abused to cause a denial-of-service (DoS) condition.Key takeawaysTenable Research identified a vulnerability in…
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.