logo

Tenable Blog

ID: 264bd6da-f213-5f99-b669-213e5e2decf8

STIX ID: identity--264bd6da-f213-5f99-b669-213e5e2decf8

Feed Type: rss

Earliest post: 2024-12-30

Latest post: 2026-05-29

Threat research, vulnerability insights, risk management strategies, and cybersecurity analysis from the Tenable team — focused on helping organisations understand and reduce exposure across their attack surface.

01/01/2020
05/29/2026
Title Date Published Describes IncidentAuthorVisible
Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs2026-05-29TrueResearch Special OperationsTrue
Download pumping: New npm deception technique for supply chain attacks2026-05-28TrueRon PopovTrue
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect2026-05-27TrueTrevor FarthingTrue
Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation2026-05-19TrueScott CavezaTrue
Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)2026-05-15TrueResearch Special OperationsTrue
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation2026-05-14TrueSatnam NarangTrue
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)2026-05-12TrueResearch Special OperationsTrue
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain2026-05-08TrueScott CavezaTrue
Why the approaching flood of vulnerabilities changes everything — and what to do about it2026-05-08TrueRaymond CarneyTrue
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability2026-04-30TrueSatnam NarangTrue
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know2026-04-27TrueLucas Tamagna-DarrTrue
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI2026-04-10TrueJames DaviesTrue
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure2026-04-09TrueResearch Special OperationsTrue
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild2026-04-06TrueScott CavezaTrue
The developer credential economy: Why exposure data is the new front line in the supply chain war2026-04-03TrueResearch Special OperationsTrue
Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC10692026-04-01TrueResearch Special OperationsTrue
Supply chain attack on Axios npm package: Scope, impact, and remediations2026-03-31TrueRon PopovTrue
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection2026-03-31TrueYoel CalderonTrue
The hidden cost of AI speed: Unmanaged cyber risk2026-03-23TrueAri EitanTrue
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability2026-03-20TrueSatnam NarangTrue
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word2026-03-17TrueResearch Special OperationsTrue
Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign2026-03-17TrueRobert HuberTrue
Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury2026-03-11TrueResearch Special OperationsTrue
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities2026-03-10TrueLiv MatanTrue
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations2026-03-03TrueResearch Special OperationsTrue
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild2026-02-25TrueScott CavezaTrue
New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware2026-02-24TrueRon PopovTrue
I pretended to be an AI agent on Moltbook so you don’t have to2026-02-09TrueBen SmithTrue
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)2026-02-04TrueLiv MatanTrue
Frequently Asked Questions About Notepad++ Supply Chain Compromise2026-02-03TrueSatnam NarangTrue
CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited2026-01-30TrueResearch Special OperationsTrue
Tenable Discovers SSRF Vulnerability in Java TLS Handshakes That Creates DoS Risk2026-01-20TrueIreneusz PastusiakTrue
CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild2025-12-29TrueScott CavezaTrue
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited2025-12-17TrueScott CavezaTrue
Cybersecurity Snapshot: OWASP Ranks Top Agentic AI App Risks, as CISA Lists Most Dangerous Software Flaws2025-12-12TrueJuan PerezTrue
Cybersecurity Snapshot: Fending Off BRICKSTORM Malware Data-Theft Attacks and Integrating AI into OT Securely 2025-12-05TrueJuan PerezTrue
CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability2025-12-04TrueSatnam NarangTrue
Agentic AI Security: Keep Your Cyber Hygiene Failures from Becoming a Global Breach2025-12-01TrueRobert HuberTrue
A Practical Defense Against AI-led Attacks2025-12-01TrueBlake KizerTrue
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends2025-04-23TrueScott CavezaTrue
ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer2025-04-22TrueLiv MatanTrue
CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability2025-04-18TrueScott Caveza, Ben SmithTrue
Cybersecurity Snapshot: Ghost Ransomware Group Targets Known Vulns, CISA Warns, While Report Finds Many Cyber Pros Want To Switch Jobs2025-02-21TrueJuan PerezTrue
How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface 2025-02-19TrueRémy MarotTrue
Cybersecurity Snapshot: Cyber Agencies Offer Best Practices for Network Edge Security, While OWASP Ranks Top Risks of Non-Human Identities2025-02-07TrueJuan PerezTrue
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor2025-01-23TrueScott CavezaTrue
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild2025-01-14TrueScott CavezaTrue
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild2025-01-08TrueSatnam NarangTrue
Cybersecurity Snapshot: After Telecom Hacks, CISA Offers Security Tips for Cell Phone Users, While Banks Seek Clearer AI Regulations2025-01-03TrueJuan PerezTrue

1–49 of 49

Built by the dogesec team. Copyright 2026.