Tenable 部落格
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
Tenable Named a Challenger in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Security is no longer a siloed effort. Find out how Tenable integrates mature industrial security capabilities into an enterprise-ready approach for unified exposure management.
Strengthening California’s Cyber Defenses: Apply Now for FFY 2024 SLCGP Grants
Cal OES offers up to $250,000 to help California’s state, local, and tribal agencies strengthen their digital infrastructure against evolving cyber threats. Organizations must submit their applications by March 13, 2026.
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations
Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors.
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks.
New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware
Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple powerful open-source malware variants.
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s "dynamic objects" feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze.
The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation
AI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Report 2026” reveals how overprivileged identities and unmonitored supply chain dependencies leave orgs exposed. We offer 10 tactics to shut down your most critical attack paths.
Gartner® 在 2025 年報告中將 Tenable 評選為 AI 驅動曝險評估領域同業追趕的指標企業
Gartner 在《AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment》(AI 供應商競賽:Tenable 為 AI 驅動曝險評估領域同業追趕的指標企業) 中寫道:「Tenable 憑藉其資產與攻擊破綻涵蓋範圍、AI 應用,以及 在弱點評估領域的卓越聲譽,成為 AI 驅動曝險評估的領航者。」
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.