Cybersecurity Snapshot: Asset Inventories Key for OT Security, CISA Says, as NIST Issues Lightweight Algorithms to Secure IoT Devices CISA强调OT资产清单是安全基础，NIST发布轻量级加密算法保护IoT设备，并开发AI系统安全指南。报告指出经济不确定性导致安全预算增长放缓至五年低点。FBI警告假冒律师事务所进行加密货币诈骗。... 2025-8-15 13:0:0 | 阅读: 10 | 收藏 | Tenable Blog - www.tenable.com security budget tenable asset overlays

How Tenable One Helps Canadian Orgs Set Up Exposure Management Programs and Meet Compliance Demands Tenable One平台为加拿大组织提供统一的网络安全风险管理解决方案，通过本地数据支持和框架合规简化运营并提升安全态势。... 2025-8-14 13:0:0 | 阅读: 9 | 收藏 | Tenable Blog - www.tenable.com tenable canadian security exposure cloud

CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability Fortinet FortiSIEM设备存在严重命令注入漏洞（CVE-2025-25256），CVSSv3评分9.8。该漏洞允许远程攻击者执行任意代码，且难以检测。Fortinet已发布安全公告并提供修复版本。... 2025-8-13 17:46:20 | 阅读: 14 | 收藏 | Tenable Blog - www.tenable.com security tenable scott

How to Remediate Risk to Critical OT/IoT Systems without Disrupting Operations 文章探讨了OT（运营技术）环境安全的重要性及其与IT系统的紧密联系，并指出传统安全工具无法有效应对OT风险。Tenable通过统一的暴露管理平台和深度核心OT安全能力，帮助组织主动识别和缓解风险，同时减少对运营连续性的干扰。... 2025-8-13 13:0:0 | 阅读: 15 | 收藏 | Tenable Blog - www.tenable.com security tenable exposure operational plc

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) 微软在2025年8月修复了107个安全漏洞，其中包括一个零日漏洞。这些漏洞涉及多个产品和服务，如Azure、Windows、Office和SharePoint等。权限提升（EoP）和远程代码执行（RCE）是主要问题。其中Windows Kerberos和NTLM的EoP漏洞风险较高，SharePoint和MSMQ的RCE漏洞也值得关注。... 2025-8-12 17:59:33 | 阅读: 3 | 收藏 | Tenable Blog - www.tenable.com tenable security cloud nessus windows

From Vulnerability to Visibility: What the SharePoint Attacks Reveal About the Need for Proactive Cybersecurity 微软SharePoint漏洞暴露了传统被动网络安全策略的局限性。攻击者利用漏洞建立持久后门，凸显主动风险管理的重要性。通过持续监控和优先处理高风险暴露点，机构可减少威胁影响并加速现代化进程。... 2025-8-12 14:30:0 | 阅读: 10 | 收藏 | Tenable Blog - www.tenable.com exposure security tenable reactive

The Breach You Didn’t See Coming: How Invisible Combinations of Risk Are Exposing Your Organization 网络安全威胁通常由多个低风险因素结合引发,传统孤立的安全工具难以发现这些隐性风险关联。暴露管理通过统一视角识别潜在攻击路径,帮助企业主动防范威胁,减少盲点,提升整体安全性。... 2025-8-12 13:0:0 | 阅读: 9 | 收藏 | Tenable Blog - www.tenable.com security tenable exposure attackers attacker

Tenable Jailbreaks GPT-5, Gets It To Generate Dangerous Info Despite OpenAI’s New Safety Tech Tenable Research在GPT-5发布24小时内成功破解模型，获取了制作爆炸物的详细步骤。尽管OpenAI提升了安全措施，但模型仍存在被滥用风险。这凸显了企业需采用如Tenable AI Exposure等工具来确保AI使用安全。... 2025-8-11 22:10:0 | 阅读: 5 | 收藏 | Tenable Blog - www.tenable.com tenable nessus cloud security gpt

How Tenable’s Security Team Went from Thousands of Alerts to a Handful of Tickets with Exposure Management Tenable安全团队通过采用连续威胁暴露管理（CTEM）平台整合工具和数据，解决了传统漏洞管理中的数据过载、缺乏攻击者视角及手动任务繁重等问题，提升了效率和安全性。... 2025-8-11 13:0:0 | 阅读: 7 | 收藏 | Tenable Blog - www.tenable.com exposure security tenable cabral

Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework CISA分析了SharePoint漏洞相关恶意软件；英国NCSC更新网络安全框架；Google警告云攻击复杂化；CISA发现关键基础设施组织的网络安全漏洞；CISA发布新恶意软件分析平台Thorium。... 2025-8-8 13:0:0 | 阅读: 12 | 收藏 | Tenable Blog - www.tenable.com cloud security tenable thorium

CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability CVE-2025-53786是Microsoft Exchange Server混合部署中的权限提升漏洞，允许本地管理员控制云端环境。该漏洞因Exchange Server与Exchange Online共享服务主体而产生。微软已发布热修复补丁，并建议配置专用应用以缓解风险。CISA发布警报并要求联邦机构迅速应对。... 2025-8-7 20:6:25 | 阅读: 16 | 收藏 | Tenable Blog - www.tenable.com tenable security exchange nessus cloud

We're a Major Player in the 2025 IDC MarketScape for CNAPP. Here's Why That Matters for Your Cloud Security. “With a strong focus on CNAPP through Tenable Cloud Security and exposure management with Tenable On... 2025-8-7 13:0:0 | 阅读: 12 | 收藏 | Tenable Blog - www.tenable.com cloud security tenable exposure cnapp

CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild Trend Micro发布针对两个未修补零日漏洞的临时缓解工具，这些漏洞影响其Apex One Management Console的本地版本。攻击者可利用这些漏洞上传文件并执行命令。目前尚未有补丁，预计八月中旬发布。... 2025-8-6 18:44:38 | 阅读: 17 | 收藏 | Tenable Blog - www.tenable.com security apex tenable injection

Act Now: $100M in FY25 Cyber Grants for SLTTs Available Before August 15 美国政府提供超过1亿美元的网络安全拨款，分为州和部落项目，重点在治理、评估、保护和培训。申请截止8月15日。Tenable提供解决方案支持。... 2025-8-6 18:10:0 | 阅读: 10 | 收藏 | Tenable Blog - www.tenable.com tenable governments resilience slcgp

The AI Security Dilemma: Navigating the High-Stakes World of Cloud AI 人工智能为组织带来机遇的同时也扩大了攻击面。研究显示，AI工作负载比传统工作负载更易受攻击。云服务默认设置和配置问题引入风险。需加强安全管理以确保AI安全可靠。... 2025-8-6 15:0:0 | 阅读: 6 | 收藏 | Tenable Blog - www.tenable.com cloud security tenable workloads adoption

Introducing Tenable AI Exposure: Stop Guessing, Start Securing Your AI Attack Surface Tenable AI Exposure作为Tenable One的一部分，帮助监控AI平台使用情况，识别数据风险和安全威胁，并提供防护措施。... 2025-8-6 12:30:0 | 阅读: 5 | 收藏 | Tenable Blog - www.tenable.com tenable exposure security damien

CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) 文章披露了Cursor代码编辑器的两个漏洞CurXecute和MCPoison，影响其对MCP服务器的处理。这些漏洞可能导致代码执行，并被广泛使用的Fortune 500公司等用户所影响。Cursor已发布更新修复这些问题。... 2025-8-6 02:44:20 | 阅读: 10 | 收藏 | Tenable Blog - www.tenable.com tenable mcp security nessus cloud

Frequently Asked Questions About SonicWall Gen 7 Firewall Ransomware Activity 近期针对 SonicWall Gen 7 防火墙的勒索软件攻击增多，可能与 SSL VPN 的零日漏洞有关。Akira 勒索软件被用于攻击，即使启用多因素认证也难挡攻击。SonicWall 建议禁用 SSL VPN 或采取缓解措施。目前尚未有补丁或 CVE 编号发布。... 2025-8-5 22:6:25 | 阅读: 3 | 收藏 | Tenable Blog - www.tenable.com ransomware firewalls tenable security wolf

The White House AI Action Plan: A Critical Opportunity to Secure the Future 白宫发布AI行动计划，强调在设计阶段嵌入安全措施以应对AI系统漏洞。文章呼吁加强网络安全管理、建立威胁情报共享机制，并推动政府与行业合作提升AI系统的安全性与可靠性。... 2025-8-5 12:59:59 | 阅读: 19 | 收藏 | Tenable Blog - www.tenable.com security tenable exposure robert

In Cybersecurity, We Have to Work Together 文章指出，未来的网络安全依赖于开放、协作的平台整合行业最佳解决方案。传统孤立的安全方法已过时，需结合新策略主动保护复杂环境。Tenable One通过300多个集成提供统一风险管理和攻击路径可视化，帮助组织更高效地应对威胁。... 2025-8-5 10:0:0 | 阅读: 9 | 收藏 | Tenable Blog - www.tenable.com security tenable exposure unified siloed