OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services
Tenable Research discovered a Remote Code Execution (RCE) vulnerability (now remediated) in Oracle Cloud Infrastructure (OCI) Code Editor. We demonstrated how an attacker could silently 1-click hijack a victim’s Cloud Shell environment and potentially pivot across OCI services. The vulnerability als...
How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector
Tenable Research recently discovered a critical vulnerability impacting Anthropic's MCP Inspector tool, a core element of the MCP ecosystem. In this blog, we provide details on how we discovered the vulnerability in this widely used open-source tool — and what users can do about it.....
AI Security: Web Flaws Resurface in Rush to Use MCP Servers
In the rush to implement AI tools and services, developers are rapidly embracing the Model Context Protocol (MCP). In the process, classic vulnerabilities are resurfacing and new ones are being introduced. In this blog, we outline key areas of concern and how Tenable Web App Scanning can help....
GerriScary: Hacking the Supply Chain of Popular Google Products (ChromiumOS, Chromium, Bazel, Dart & More)
Tenable Cloud Research discovered a supply chain compromise vulnerability in Google's Gerrit code-collaboration platform which we dubbed GerriScary. GerriScary allowed unauthorized code submission to at least 18 Google projects including ChromiumOS (CVE-2025-1568), Chromium, Dart and Bazel, which ar...
Abuso de extensões do lado do cliente (CSE): uma porta dos fundos para o seu ambiente de AD
Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors. Rather than cover well-documented common abuses of built-in CSEs, this article demonstrates how to create c...
Where Capability Meets Opportunity: Introducing the Tenable Research Special Operations Team
Meet the elite squad that’s hunting the next major cyberattack. With more than 150 years of combined research experience and expert analysis, the Tenable Research Special Operations team arms organizations with the critical and actionable intelligence necessary to proactively defend the modern attac...
Detecte ferramentas de monitoramento e gerenciamento remoto usadas por invasores
Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments....
Frequently Asked Questions about Vibe Coding
Vibe coding has attracted much attention in recent weeks with the release of many AI-driven tools. This blog answers some of the Frequently Asked Questions (FAQ) around vibe coding....
Injeção imediata de MCP: Não apenas para o mal
MCP tools are implicated in several new attack techniques. Here's a look at how they can be manipulated for good, such as logging tool usage and filtering unauthorized commands....
Apesar do recente reforço de segurança, o recurso de sincronização do Entra ID permanece vulnerável a abusos
Os recursos de sincronização da Microsoft para gerenciar identidades em ambientes híbridos não estão isentos de riscos. Nesta postagem, a Tenable Research explora como potenciais pontos fracos nessas opções de sincronização podem ser exploradas....
Verizon 2025 DBIR: A colaboração com a Tenable Research destaca as tendências de correção de CVE destaca as tendências de correção de CVE
O Verizon Data Breach Investigations Report de 2025 (DBIR) revela que a exploração de vulnerabilidades estava presente em 20% das violações, um aumento de 34% em relação ao ano anterior. Para dar suporte ao relatório, a Tenable Research contribuiu com dados enriquecidos sobre as vulnerabilidades mais exploradas. Nesta postagem, analisamos 17 CVEs...
Conformidade com CISA BOD 25-01: O que os órgãos governamentais dos EUA precisam saber
Os órgãos governamentais dos EUA são obrigados a colocar seus serviços de nuvem do Microsoft 365 em conformidade com uma recente Binding Operational Directive. Veja como a Tenable pode ajudar....