Tenable blog

Featured

September 30, 2025

The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration

Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe privacy risks. They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud Assist; and exfiltration of the user’s saved information and location data via the Gemini Browsing Tool.

Liv Matan

June 8, 2022

AWS, Azure and GCP: The Ultimate IAM Comparison

AWS vs. Azure vs. GCP — how do these cloud providers compare when it comes to IAM? Read on to find out.

Team Tenable

June 8, 2022

So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape

Among the thousands of vulnerabilities disclosed so far in 2022, we highlight five and explain why they matter.

Giuliana Carullo

June 6, 2022

Bringing External Attack Surface Management to the Masses with Bit Discovery

External Attack Surface Management (EASM) is an essential foundation of cybersecurity best practices. Soon, you’ll be able to take advantage of automated attack surface discovery in Tenable products.

Nathan Dyer

June 3, 2022

CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the Wild

A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available.

Satnam Narang

June 1, 2022

How Can We Strengthen the Cybersecurity of Critical Infrastructure? Here Are My Suggestions for CISOs, Regulators, Vendors – and All Citizens

A year after the ransomware attack against the Colonial Pipeline, what can we do to further harden the IT and OT systems of power plants, fuel pipelines, water treatment plants and similar facilities?

Marty Edwards

May 31, 2022

CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild

Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April.

Claire Tills

May 26, 2022

Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies

Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites.

Satnam Narang

May 25, 2022

Security Improvements for Our Ecommerce Customers

We were recently informed by Kulkan Security of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date,…

Kerry Miller

May 25, 2022

6 Tips for Successfully Securing Your AWS Environment

Top six actions and practices you can take to protect your AWS environment today.

Team Tenable

Tenable One Exposure Management Platform

Platform categories

Platform capabilities

Cloud Exposure

Vulnerability Exposure

AI Exposure

OT/IoT Exposure

Identity Exposure

Business needs

Industries

Compliance

Public Sector

The Tenable difference

Compare Tenable to:

Resources

Research

Tenable Assure partners

Other partner opportunities

Support

Services

Tenable Trust

About us

Media

Connect

Join us

Tenable blog

The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration

AWS, Azure and GCP: The Ultimate IAM Comparison

So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape

Bringing External Attack Surface Management to the Masses with Bit Discovery

CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the Wild

How Can We Strengthen the Cybersecurity of Critical Infrastructure? Here Are My Suggestions for CISOs, Regulators, Vendors – and All Citizens

CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild

Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies

Security Improvements for Our Ecommerce Customers

6 Tips for Successfully Securing Your AWS Environment

A Look Inside the Ransomware Ecosystem

Tenable blog

Cybersecurity news you can use

Thank you for subscribing!

A Look Inside the Ransomware Ecosystem

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank You

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Try Tenable Web App Scanning

Buy Tenable Web App Scanning

Thank you

Request a demo of Tenable Security Center

Request a demo of Tenable OT Security

Request a demo

Request a demo of Tenable Cloud Security

See Tenable One in action

Get started with Tenable AI Exposure

See Tenable Attack Surface Management in action

Get a demo of Tenable Enclave Security

Thank You

Try Tenable Nessus Professional free

Buy Tenable Nessus Professional

Try Tenable Nessus Expert free

Buy Tenable Nessus Expert

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Get a demo of Tenable Patch Management

Contact a sales representative

See
Tenable One
in action