El Martes de parches de Microsoft de abril de 2025 aborda 121 CVE (CVE-2025-29824)
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
Cómo implementar acceso justo a tiempo: mejores prácticas y lecciones aprendidas
With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable…
Cinco pasos para trasladarse hacia la gestión de exposición
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we explore the five steps to take on your journey to exposure management.
Instantánea de ciberseguridad: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods
Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security practices. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their…
Cómo endurecer los permisos de GitLab con Tenable
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll…
ImageRunner: una vulnerabilidad de escalación de privilegios que afecta a GCP Cloud Run
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
Los líderes de ciberseguridad comparten tres desafíos que la gestión de exposición les ayuda a resolver
Todos los lunes, la Exposure Management Academy de Tenable ofrece la orientación práctica y del mundo real que necesita para pasar de la gestión de vulnerabilidades a la gestión de exposición. In this blog, we share three challenges cybersecurity leaders say exposure management helps them solve.
Instantánea de ciberseguridad: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
Check out NIST’s comprehensive taxonomy of cyberattacks against AI systems, along with mitigation recommendations. Plus, organizations have another cryptographic algorithm for protecting data against future quantum attacks. And get the latest on the IngressNightmare vulnerabilities, and on cyber…
¿Quién teme a los riesgos de IA en los entornos en la nube?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.
What it Takes to Start the Exposure Management Journey
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to make the shift from vulnerability management to exposure management. In this blog, Tenable Senior Staff Information Security Engineer Arnie Cabral, who is leading the company's internal…
Instantánea de ciberseguridad: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption
Check out key findings and insights from the “Tenable Cloud AI Risk Report 2025.” Plus, get fresh guidance on how to transition to quantum-resistant cryptography. In addition, find out how AI is radically transforming cyber crime. And get the latest on open source software security; cyber scams;…