Tenable blog
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.
Tenable Is a Gartner® Peer Insights™ Customers’ Choice for Cloud-Native Application Protection Platforms
This recognition — based entirely on feedback from the people who use our products every day — to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide.
Cybersecurity Snapshot: Predictions for 2026: AI Attack Acceleration, Automated Remediation, Custom-Made AI Security Tools, Machine Identity Threats, and More
In this special edition, Tenable leaders forecast key 2026 trends, including: AI will make attacks more plentiful and less costly; machine identities will become the top cloud risk; preemptive cloud and exposure management will dethrone runtime detection; and automated remediation gets the go-ahead.
CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.
Cybersecurity Snapshot: 2025 Rewind: Essential Cyber Insights, Strategies and Tactics
In this special year-end edition, we revisit critical advice from our cybersecurity experts on AI, exposure management, cloud, vulnerability management, OT, and critical infrastructure.
The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure
Prioritizing what to fix first and why that really matters
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more!
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.