MITRE CVE Program Funding Extended For One Year
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding...
View ArticleOracle April 2025 Critical Patch Update Addresses 171 CVEs
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025,...
View ArticleFrequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing...
View ArticleCybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While...
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable...
View ArticleCVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution...
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover...
View ArticleTurn to Exposure Management to Prioritize Risks Based on Business Impact
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert...
View ArticleConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity...
View ArticleCISA BOD 25-01 Compliance: What U.S. Government Agencies Need to Know
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.OverviewMalicious threat...
View ArticleVerizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE...
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research...
View ArticleStronger Cloud Security in Five: How To Protect Your Cloud Workloads
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by...
View Article