Tenable 部落格
Code-to-Cloud Visibility: Why Fragmented Security Can’t Scale
網路安全概要: AI Security Tools Embraced by Cyber Teams, Survey Finds, as Vulnerability Research Gets a Boost from UK Cyber Agency
Check out why AI security tools are turning into “must have” assets for cyber teams. Plus, get the details on the NCSC’s efforts to supercharge its bug hunting capabilities. Meanwhile, Tenable webinar attendees shared their experience securing machine identities. And get the latest on the crypto…
OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services
Tenable Research discovered a Remote Code Execution (RCE) vulnerability (now remediated) in Oracle Cloud Infrastructure (OCI) Code Editor. We demonstrated how an attacker could silently 1-click hijack a victim’s Cloud Shell environment and potentially pivot across OCI services. The vulnerability…
Oracle July 2025 Critical Patch Update Addresses 165 CVEs
Oracle addresses 165 CVEs in its third quarterly update of 2025 with 309 patches, including nine critical updates.
Understanding and Managing Cyber Risk: An Exposure Management FAQ for Business Leaders
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we answer some questions we’ve gotten recently the best way to determine, understand and communicate your risks.
網路安全概要: AI Security Field Gets Boost from New CSA Framework and from SANS - OWASP Partnership
Check out a new Cloud Security Alliance framework for securing AI systems. Plus, SANS Institute and OWASP are joining forces to deliver AI security controls. Meanwhile, Accenture finds orgs unprepared to counter AI-powered cyber attacks. And get the latest on the Iran cyber threat, SMB cyber…
Tenable Research 如何發現 Anthropic MCP Inspector 上的重大遠端程式碼執行弱點
Tenable Research recently discovered a critical vulnerability impacting Anthropic's MCP Inspector tool, a core element of the MCP ecosystem. In this blog, we provide details on how we discovered the vulnerability in this widely used open-source tool — and what users can do about it..
AI 安全:倉促使用 MCP 伺服器讓網路缺陷重新浮上檯面
In the rush to implement AI tools and services, developers are rapidly embracing the Model Context Protocol (MCP). In the process, classic vulnerabilities are resurfacing and new ones are being introduced. In this blog, we outline key areas of concern and how Tenable Web App Scanning can help.
Microsoft 2025 年 7 月公告的 Patch Tuesday 解決了 128 個 CVE (CVE-2025-49719)
Microsoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed.
瞭解您完整的攻擊破綻:有效曝險管理的關鍵
每週一,Tenable 曝險管理學院都會分享實用且貼近真實世界的指引,協助您從弱點管理成功轉向曝險管理。 In this post, Tenable security engineer Aaron Roy shares how he led the integration of attack surface management with exposure…