Seguridad en la nube más robusta en cinco minutos: Cómo proteger sus cargas de trabajo en la nube
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the applications...
Verizon 2025 DBIR: La colaboración de Tenable Research destaca las tendencias de corrección de CVE
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-...
Cumplimiento de CISA BOD 25-01 Compliance: Lo que los organismos gubernamentalesde los EE. UU. necesitan saber
Los organismos gubernamentales de los Estados Unidos están obligados a colocar sus servicios en la nube Microsoft 365 en conformidad con una reciente Directiva Operativa Vinculante. Tenable puede ayudar de esta manera....
ConfusedComposer: Una vulnerabilidad de escalación de privilegios que afecta a GCP Composer
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate pri...
Turn to Exposure Management to Prioritize Risks Based on Business Impact
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have ...
CVE-2025-32433: Vulnerabilidad de ejecución de código remoto no autenticado de Erlang/OTP SSH
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices....
Instantánea de ciberseguridad: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on a...
Preguntas frecuentes acerca del programa de vencimiento y renovación de MITRE CVE
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation....
Actualización de parche crítica de abril de 2025 de Oracle aborda 171 CVE
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security...
El financiamiento del programa MITRE CVE es ampliado por un año
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be ca...
You Have Exposure Management Questions. We’ve Got Answers
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we feature the first Exposure Management Academy FAQ. We’ll run these FAQs from time to time to share some of the mos...
Geopolitics Just Cranked Up Your Threat Model, Again. Here’s What Cyber Pros Need to Know
If it feels like your entire cybersecurity program is once again operating on a geopolitical fault line, you're not imagining things....
