Tenable blog
網路安全快照: SharePoint Attacks Trigger Urgent Patching Calls, While U.S. Gov’t Unveils AI Innovation Plan
身份如何在网络攻击五个阶段中发挥作用
While credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know — and how Tenable can help....
五步加强云安全:How DSPM Helps You Discover, Classify and Secure All Your Data Assets
In this fourth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we turn our attention to securing cloud data, a complex endeavor as data grows exponentially and threats become more sophisticated. Check out five DSPM best practices to sharpen your cloud data security and compli...
How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments
State and local governments must grapple with resource constraints even as they face increased demand for cybersecurity vigilance to protect critical infrastructure and essential services. Here’s how exposure management can help....
We’re Answering Your Exposure Management Questions
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this Exposure Management Academy FAQ, we help CISOs understand exposure management, look at how advanced you might be and outlin...
網路安全快照: Reports Highlight Promise and Peril of Open Source AI and of Emerging Cryptography Methods
Check out a study that outlines the risks and benefits of open-source AI tools. Meanwhile, the NCSC unpacks use cases for new, alternative encryption technologies. Plus, ISACA urges orgs to begin their post-quantum cryptography migration. And get the latest on assessing software products’ security; ...
统一风险暴露管理方法:介绍 Tenable One 连接器和自定义风险仪表盘
有效风险暴露管理计划的关键是提供统一的可见性和上下文信息。Learn how the new Tenable One connectors and unified dashboards give you a comprehensive view of your attack surface, help you streamline decision-making and empower your teams to uncover hidden risks, prioritiz...
CVE-2025-32756:多个 Fortinet 产品存在已在现实中遭利用的零日漏洞
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera....
CVE-2025-4427、CVE-2025-4428:Ivanti Endpoint Manager Mobile (EPMM) 远程代码执行
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
Microsoft 的 2025 年 5 月补丁星期二解决了 71 个 CVE(CVE-2025-32701、CVE-2025-32706、CVE-2025-30400)
Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild....
