Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)
32Critical 166Important 0Moderate 0Low Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days. Microsoft patched 198 CV...
Tenable Blog
20 articles
The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help
On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up ...
Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense
By participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models be...
Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks
Tenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, wh...
Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs
Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates. Key Takeaways The May 2026 Critical S...
Download pumping: New npm deception technique for supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious paylo...
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the i...
EXPOSURE 2026 prepares cybersecurity professionals for the AI era
Cybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for b...
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is wh...
CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)
A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a ...
Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed
As frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestr...
Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation
The 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial a...
Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)
Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clus...
Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets
Tenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates clo...
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
A new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. ...
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
16Critical 102Important 0Moderate 0Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicl...
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could al...
Why the approaching flood of vulnerabilities changes everything — and what to do about it
AI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools ...
The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026.
Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape.
Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.
When AI accelerates the speed and scale of vulnerability discovery, the pressure on security teams shifts to prioritization and identifying the exposures tha...