Tenable

The 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leading initial access vector for breaches, accounting for 31% of data breaches during the study period. Security teams’ patching efforts are falling further behind, with the median time-to-patch growing by 11 days in the past year. As AI-powered tools increase the speed and volume of vulnerability discovery and vulnerability exploitation, exposure management helps organizations keep up by continually assessing their attack surfaces, prioritizing risks, and orchestrating automated remediation of security weaknesses. What is the Verizon DBIR report Verizon’s annual Data Breach Investigations Report (DBIR) has helped organizations understand evolving cyber threats since its first release in 2008. For the 2026 edition,

Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2026-20182 is a critical (CVSSv3 10.0) authentication bypass in Cisco Catalyst SD-WAN Controller and Manager disclosed on May 14 with confirmed active exploitation. A sophisticated threat actor designated UAT-8616 has exploited Cisco SD-WAN vulnerabilities since at least 2023, and 10 additional threat clusters began exploitation of multiple vulnerabilities in SD-WAN after public proof-of-concept code became available. Patches are available for all supported Cisco Catalyst SD-WAN releases and CISA has mandated remediation by May 17 under Emergency Directive 26-03. Background Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding the ongoing exp

Tenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates cloud growth, zombie cloud assets multiply in your environment. You need agentic AI to prevent a cloud zombie apocalypse. Cloud assets no longer in production may seem harmless, but they expand your attack surface and can elevate your organization’s cyber risk. Every zombie asset is a line item. When cloud security reduces costs, it stops being a hard conversation and becomes a welcome budget meeting. Tenable Hexa AI acts as an agentic "zombie hunter" that finds and eliminates forgotten cloud assets, shrinking the attack surface and reducing costs and boosting cloud infrastructure security. Picture the scene from “Monty Python and the Holy Grail”: a plague-ravaged village, a cart rolling through the mud, and a lone collector bellowing, "Bring out your dead!" Bodies piling up. Costs mounting. Nobody quite sure how it got this bad. Your

A new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux kernel, following the disclosure of both Dirty Frag and Copy Fail. A public proof-of-concept is available and the exploit has been confirmed working on Ubuntu systems, though no in-the-wild exploitation has been reported. A kernel patch was released on May 13; the existing Dirty Frag patches do not address this flaw, though the module blacklist mitigation protects against both. Background Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Fragnesia, a new Linux kernel local privilege escalation vulnerability. FAQ When was Fragnesia first disclosed? On May 13, William Bowling of V12 Security publicly disclosed Fragnesia alongside a proof-o

Find out how data center operators can protect critical building-management systems and cyber-physical infrastructure from AI-powered threats, as well as comply with evolving regulations. Key takeaways Data centers have evolved from simple storage hubs into critical national infrastructure and the "brains" of the modern enterprise, directly impacting global economic stability and national security.   Protection of critical infrastructure requires strict virtual and physical micro-segmentation to prevent AI-powered threats from moving laterally between legacy building systems and the broader data center network.   Data center security teams must navigate a high-stakes conflict between maintaining "five nines" availability and the urgent need to patch vulnerabilities, while pivoting focus toward securing the data pipelines and identities that autonomous agents depend on. Data centers have undergone a radical transformation. They are no longer just passive warehouses used for st

Material Event filed 2026-05-13

16 Critical 102 Important 0 Moderate 0 Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with 16 rated critical and 102 rated as important. Our counts omitted CVE-2025-54518, an AMD CPU OP Cache Corruption vulnerability issued by AMD. This month’s update includes patches for: .NET ASP.NET Core Azure AI Foundry M365 published agents Azure Cloud Shell Azure Connected Machine Agent Azure DevOps Azure Entra ID Azure Logic Apps Azure Machine Learning Azure Managed Instance for Apache Cassandra Azure Monitor Agent Azure Notification Service Azure SDK Copilot Chat (Microsoft Edge) Data Deduplication Dynamics Business Central GitHub Copilot and Visual Studio M365 Copilot M365 Copilot for Desktop Microsoft Data Formulator Microsoft Dynamics 365 (on-premises) Microsoft Dynamics 365 Customer Insights Microsoft Edg

Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patches being made available. Key takeaways: CVE-2026-43284 and CVE-2026-43500 are a pair of chained vulnerabilities that together create a high severity local privilege escalation vulnerability in the Linux kernel.   A public exploit is available which extends the bug class attributed to Copy Fail, another high profile kernel privilege escalation vulnerability.   Patched kernel versions expected to be released shortly.   Background Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2026-43284 and CVE-2026-43500, an exploit chain leading to Linux kernel local privilege escalation in an attack known as "Dirty Frag" FAQ What is

AI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools are accelerating CVE volume, resulting in an expected deluge of 59,000 disclosed vulnerabilities this year.   NIST has dramatically scaled back enrichment of CVEs in the National Vulnerability Database (NVD), which will leave most new vulnerabilities without the critical metadata and severity scores required for traditional automated prioritization and patching.   Tenable customers aren’t impacted by these developments because our exposure intelligence infrastructure hasn’t depended upon NVD enrichment for years. Three things happened in April 2026 that, taken together, represent the most significant shift in the vulnerability management landscape in over a decade. If you’re still relying on hybrid methods — spreadsheets alongside scanners, manual triage stacked on top of automated feeds, hope as a strategy — these develo

Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats. Key takeaways Organizations must expand their visibility to map a growing attack surface that now includes AI-enabled applications and the interconnected business logic they expose, which attacks, like natural language prompt injection, can leverage. Standard security tools cannot assess the AI-extended attack surface or counteract the sophisticated reasoning of autonomous agentic threats, requiring investment in specialized security products and detection capabilities. Effective AI governance requires setting clear thresholds for autonomous agent actions to ensure organizational policy governs critical operations. You’ve heard and read a lot about how AI is upending cybersecurity . But have you actually seen an

When AI accelerates the speed and scale of vulnerability discovery, the pressure on security teams shifts to prioritization and identifying the exposures that are the most critical to fix first.  Key takeaways There’s a growing narrative that AI will overwhelm cybersecurity. That attackers will simply outpace defenders. That’s too simplistic.   AI changes both sides of the equation. It accelerates vulnerability discovery in some domains, especially where data is rich and accessible, and expands what defenders can see across their environments.   Even when organizations can see more, they still struggle to decide which exposures matter most and act on those decisions fast enough. When AI is capable of finding more exposures, across more of your environment, the pressure shifts to what you choose to fix first.   The pace of AI-driven vulnerability discovery doesn't just call for faster patching. It’s calls for a completely different operating model