Blog da Tenable
Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
Oracle published an out-of-band security alert for a critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager, following in-the-wild exploitation of a related flaw in the same component in November 2025.
Bolster your defenses and close the code-to-cloud gap with Tenable and OX
Today, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word
An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings.
How to prepare for NERC CIP compliance deadlines in 2026 and beyond
Explore key cybersecurity requirements and implementation deadlines for electric power utilities included in the NERC CIP-003-9 standard for Low-Impact BES (Bulk Electric System) Cyber Systems, and how Tenable can help deliver the comprehensive visibility required to ensure compliance.
Don't confuse asset inventory with exposure management
Asset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can't connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don't have exposure management. You have inventory.
Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat…
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities
Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets. Google has since remediated all identified issues.
President Trump's Cyber Strategy for America: What It Means for the U.S. and Why It Matters Globally
President Trump's Cyber Strategy for America signals a shift toward risk-based security and cooperation across emerging technologies. While centered on U.S. interests, the strategy provides a blueprint to collectively strengthen global cyber resilience.
