Blog de Tenable
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware
Tenable Research investigated a malicious npm package with around 50,000 downloads in the public registry. We observed various detection-evasion techniques and saw it deploy multiple powerful open-source malware variants.
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s "dynamic objects" feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze.
La trampa de la velocidad de la nube y la IA: Por qué el gobierno va a la zaga de la innovación
La adopción de la IA está superando al gobierno cibernético tradicional. El Informe 2026 de Tenable: El riesgo de la seguridad de IA y nube, revela cómo las identidades con privilegios excesivos y las dependencias de la cadena de suministro sin monitorear dejan a las organizaciones expuestas. Aquí le presentamos 10 tácticas para cerrar sus rutas de ataque más críticas.
Gartner® nombra a Tenable como la Company to Beat (compañía a vencer) para evaluación de exposición impulsada por IA en un informe de 2025
"La cobertura de activos y superficies de ataque de Tenable, su aplicación de IA y su reputación en la evaluación de vulnerabilidades la convierten en la empresa líder en evaluación de vulnerabilidades impulsada por IA", escribió Gartner en "AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment (Carrera de proveedores de IA: Tenable es la empresa a vencer para evaluación de exposición impulsada por IA)".
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.
What Anthropic’s Latest Model Reveals About the Future of Cybersecurity
AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk. We need exposure prioritization, contextual risk analysis, and AI-driven remediation to transform findings into security outcomes.
I pretended to be an AI agent on Moltbook so you don’t have to
I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bot-to-bot conversations, I found spam, scams, and serious security risks.
2025 SLG cyber trends: 5 lessons to build a 2026 cyber roadmap
From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibility. Discover five actionable lessons SLG leaders can use to close the cyber exposure gap and move from reactive threat detection and response to proactive exposure management.
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions.
