Tenable blog
Tackling Shadow AI in Cloud Workloads
縮短修復時間仍然是一大挑戰:Tenable Vulnerability Watch 如何提供協助
Timely vulnerability remediation is an ongoing challenge for organizations as they struggle to prioritize the exposures that represent the greatest risk to their operations. Existing scoring systems are invaluable but can lack context. Here’s how Tenable’s Vulnerability Watch classification system c...
CVE-2025-31324:SAP NetWeaver 中受到猖獗利用的零時差弱點
SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible....
網路安全概要: Verizon DBIR Finds Attackers Feast on Vulnerability Exploits for Initial Access, While MITRE ATT&CK Adds Mobile, Cloud, ESXi Threat Intel
Check out highlights from this year’s Verizon DBIR, including a surge in zero-day exploits targeting edge devices and VPNs. Plus, find out what’s new in the latest version of MITRE ATT&CK. Also, see what Tenable webinar attendees said about AI security. And get the latest on ransomware preparedness ...
儘管近期強化了安全性,Entra ID 的同步功能依然遭到濫用
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited....
5 分鐘內加強雲端安全:如何保護您的雲端工作負載
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the applications...
Verizon 2025 DBIR (Verizon 2025 年資料外洩調查報告):Tenable Research 的合作讓 CVE 修復趨勢受到矚目
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-...
CISA BOD 25-01 合規性: 美國政府機構必須知道的事
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help....
ConfusedComposer:影響 GCP Composer 的特權提升弱點
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate pri...
Turn to Exposure Management to Prioritize Risks Based on Business Impact
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have ...
