Verizon 2025 DBIR: A colaboração com a Tenable Research destaca as tendências de correção de CVE destaca as tendências de correção de CVE
O Verizon Data Breach Investigations Report de 2025 (DBIR) revela que a exploração de vulnerabilidades estava presente em 20% das violações, um aumento de 34% em relação ao ano anterior. Para dar suporte ao relatório, a Tenable Research contribuiu com dados enriquecidos sobre as vulnerabilidades mais exploradas. In this blog, we analyze 17 edge…
Conformidade com CISA BOD 25-01: O que os órgãos governamentais dos EUA precisam saber
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.
ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate…
Turn to Exposure Management to Prioritize Risks Based on Business Impact
Todas as segundas-feiras, a Tenable Exposure Management Academy fornece a orientação prática e real de que você precisa para mudar do gerenciamento de vulnerabilidades para o gerenciamento de exposição. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have…
CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on…
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378…
MITRE CVE Program Funding Extended For One Year
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be…
You Have Exposure Management Questions. We’ve Got Answers
Todas as segundas-feiras, a Tenable Exposure Management Academy fornece a orientação prática e real de que você precisa para mudar do gerenciamento de vulnerabilidades para o gerenciamento de exposição. In this post, we feature the first Exposure Management Academy FAQ. We’ll run these FAQs from time to time to share some of the…
Geopolitics Just Cranked Up Your Threat Model, Again. Here’s What Cyber Pros Need to Know
If it feels like your entire cybersecurity program is once again operating on a geopolitical fault line, you're not imagining things.
Cybersecurity Snapshot: Beware of Mobile Spyware Attacks, Cyber Agencies Warn, While Corporate Boards Get Cyber Governance Guidance
Check out why a global geopolitical spyware campaign could ensnare mobile users outside of its target groups. Plus, the U.K.’s cyber agency offers cyber governance resources to boards of directors. Also, find out what webinar attendees told Tenable about using port scanning and service discovery to…