Injeção imediata de MCP: Não apenas para o mal
As ferramentas MCP estão envolvidas em diversas novas técnicas de ataque. Veja como elas podem ser manipuladas para o bem, como registrar o uso de ferramentas e filtrar comandos não autorizados.
Apesar do recente reforço de segurança, o recurso de sincronização do Entra ID permanece vulnerável a abusos
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited.
Verizon 2025 DBIR: A colaboração com a Tenable Research destaca as tendências de correção de CVE destaca as tendências de correção de CVE
O Verizon Data Breach Investigations Report de 2025 (DBIR) revela que a exploração de vulnerabilidades estava presente em 20% das violações, um aumento de 34% em relação ao ano anterior. Para dar suporte ao relatório, a Tenable Research contribuiu com dados enriquecidos sobre as vulnerabilidades mais exploradas. In this blog, we analyze 17 edge…
Conformidade com CISA BOD 25-01: O que os órgãos governamentais dos EUA precisam saber
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about…
How To Harden GitLab Permissions with Tenable
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll…
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
Who's Afraid of AI Risk in Cloud Environments?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.
How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface
Mismanaging your DNS infrastructure could put you at risk of destructive cyberattacks – especially as your cloud attack surface expands. Read on to learn about DNS vulnerabilities, the impact of DNS takeover attacks, and best practices for DNS security, including how new Tenable plugins can help…
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
New CISA Hardening Guidance Provides Valuable Insights for Network Security Engineers
Recent guidance from CISA and the FBI highlights best practices to monitor and harden network infrastructure. The guidance, published in response to high-profile attacks on telecom infrastructure, is applicable to a wider audience. This blog unpacks important points and explains how Tenable…
Volt Typhoon: o que os funcionários do governo estadual e local precisam saber
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
Entre em contato com nossa equipe de vendas