Blogs Tenable

April 6, 2026

CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild

Exploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices.

Scott Caveza

April 3, 2026

The developer credential economy: Why exposure data is the new front line in the supply chain war

Recent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to a preemptive exposure management strategy. Learn why endpoint detection and response tools don’t have you covered when highly privileged developer credentials get exposed.

Research Special Operations

April 1, 2026

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour window on March 31.

Research Special Operations

March 20, 2026

CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability

Oracle published an out-of-band security alert for a critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager, following in-the-wild exploitation of a related flaw in the same component in November 2025.

Satnam Narang

March 17, 2026

FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings.

Research Special Operations

March 17, 2026

Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign

Iran's retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable's exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn't the headline threat, it's a Microsoft Word N-day…

Robert Huber

March 11, 2026

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat…

Research Special Operations

March 10, 2026

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.

Research Special Operations

March 3, 2026

Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors.

Research Special Operations

February 25, 2026

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild

Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks.

Scott Caveza

February 10, 2026

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.

Research Special Operations

February 3, 2026

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes.

Satnam Narang

Tenable One - La plateforme de gestion de l'exposition

Catégories de la plateforme

Capacités de la plateforme

Cyber‑exposition du cloud

Exposition aux vulnérabilités

Cyber-exposition liée à l'IA

Cyber‑exposition de l'OT/IoT

Cyber‑exposition des identités

Besoins des entreprise

Secteurs

Conformité

Secteur public

La différence Tenable

Comparer Tenable à :

Ressources

Tenable Research

Partenaires Tenable Assure

Autres opportunités partenaires

Assistance

Services

Tenable Trust

Notre société

Médias

Connexion

Nous rejoindre

Blogs Tenable

CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild

The developer credential economy: Why exposure data is the new front line in the supply chain war

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability

FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Choisissez une licence pluriannuelle et faites des économies

Choisissez une licence pluriannuelle et faites des économies

Blogs Tenable

Des actualités utiles sur la cybersécurité

Merci de votre inscription !

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Essayez Tenable Web App Scanning

Acheter Tenable Web App Scanning

Merci

Tenable Security Center

Merci

Tenable OT Security

Merci

Tenable Identity Exposure

Merci

Tenable Cloud Security

Merci

Tenable One

Merci

Tenable AI Exposure

Merci

Tenable Attack Surface Management

Merci

Tenable Enclave Security

Merci

Essayez Tenable Nessus Professional gratuitement

Acheter Tenable Nessus Professional

Essayez Tenable Nessus Professional gratuitement

Acheter Nessus Pro

Choisissez une licence pluriannuelle et faites des économies

Caractéristiques du service d'assistance avancée

Assistance téléphonique

Assistance via chat

Portail d'assistance Tenable Community

Délais de réponse initiaux

Interlocuteurs désignés

Essayer Tenable Nessus Expert gratuitement

Acheter Tenable Nessus Expert

Essayer Tenable Nessus Expert gratuitement

Achetez Nessus Expert

Choisissez une licence pluriannuelle et faites des économies

Caractéristiques du service d'assistance avancée

Assistance téléphonique

Assistance via chat

Portail d'assistance Tenable Community

Délais de réponse initiaux

Interlocuteurs désignés

Découvrez comment Tenable répond aux exigences du plan de cyber‑sécurité SLCGP

Tenable Patch Management

Merci