Aggregator

Cybersecurity incidents increasingly exploit human vulnerabilities, including those of privileged users, as demonstrated in recent compromises involving trojanized versions of the PuTTY SSH client distributed through malvertising on Microsoft’s Bing search engine. LevelBlue’s Managed Detection and Response (MDR) Security Operations Center (SOC) recently investigated multiple cases where attackers masqueraded malicious PuTTY executables as legitimate downloads, […]

The post Weaponized PuTTY Delivered via Malicious Bing Ads Targets Kerberos and Active Directory Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This recognition is about more than just our technology leadership — it reflects the real-world outcomes that the Tenable One Exposure Management Platform delivers.

1. Tenable is a Leader in the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment (doc #US52994525, August 2025).
    
2. The IDC MarketScape vendor assessment provides an overview of the competitive fitness of technology and service suppliers in a given market.
    
3. Tenable is named a Leader for its ability to leverage a large repository of exposure data and its investments in AI-driven analytics, including generative AI for remediation guidance, attack path generation, and ownership detection.

The results are in, and it’s no surprise. Tenable has been named a Leader in the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment (doc #US52994525, August 2025).

For us, this isn't just another report. It's a testament to the reasons tens of thousands of organizations across sectors choose us: Tenable is not just in the exposure management game, we're defining it. This recognition from a respected analyst firm validates our shared vision: to empower security leaders to move beyond the old, reactive cycle of firefighting and get ahead of attacks.

Being named a Leader in exposure management is about more than just technology — it's about the outcomes the Tenable One exposure management platform delivers. Michelle Abraham, senior research director, Security and Trust at IDC, states that “Proactive exposure management is the future as traditional vulnerability detection transforms into holistic risk management and remediation.”

For our customers, this means a fundamental shift from reactive to proactive security. It also means a move from the limited view available with siloed security tools to a more holistic view of risk.

The IDC MarketScape vendor assessment model provides an overview of the competitive fitness of technology and service suppliers in a given market. According to the MarketScape, “Exposure management solutions offer a different approach to managing device vulnerabilities, emphasizing the fusion of multiple exposure sources by bringing together CVEs, unknown assets, misconfigurations, and other types of exposure.”

According to the MarketScape, “Tenable One is particularly well-suited for enterprises aiming to consolidate siloed risk data integrating both Tenable-native and third-party data sources for a holistic, actionable risk posture.”

“Tenable One is particularly well-suited for enterprises aiming to consolidate siloed risk data integrating both Tenable-native and third-party data sources for a holistic, actionable risk posture.”
  — IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment

According to the IDC MarketScape, “There is also the problem of security silos. Since attack surfaces are expanding with AI being the latest surface, some organizations are using multiple security posture management tools, one for each attack surface. Security teams need to investigate solutions that unify exposures because each exposure does not exist in a vacuum. Exposures may be chained together for initial access or lateral movement; attack path analysis presents a visual communication of these issues.”

Instead of chasing endless alerts, Tenable customers gain a unified view of the entire attack surface — from IT assets, cloud resources, identity systems, operational technology (OT) devices and AI platforms. The recent launch of Tenable AI Exposure, built into Tenable One, helps you see, secure and manage how your teams use AI platforms like ChatGPT Enterprise and Microsoft Copilot.

Other key elements of exposure management include:

The MarketScape recommends that “those who are still prioritizing remediation work based on CVSS score or other single metrics, move to a solution with prioritization algorithms that account for the specifics in your organization.”

Tenable’s Vulnerability Priority Rating (VPR) leverages artificial intelligence, machine learning and real-world exploit data to predict which vulnerabilities attackers are most likely to weaponize, reducing wasted effort on low-risk issues. Combined with Tenable’s Asset Criticality Rating (ACR), which can be model-generated or user-defined, Tenable helps you pinpoint the most critical exposures that impact your unique environment. In addition, attack path analysis helps you understand how attackers see your organization so you know where to shore up your defenses.

The MarketScape “underscores the need for vendors to address security silos, expand third-party integrations, and innovate in areas like AI-driven analytics and attack path visualization.”

The result? You can anticipate attacker actions and shut down attack paths before they can be exploited. Our platform’s AI-driven analytics cut through the noise to show you exactly where you're exposed and what to fix first. This is the core of exposure management: seeing everything, predicting what matters and acting decisively.

We believe your security stack is unique, and your exposure management platform should make it stronger, not more complicated. The IDC MarketScape notes, “The [Tenable One] platform can ingest exposure data from a wide range of source types. This extensibility supports large-scale, complex environments and allows customers to tailor the platform to their unique technology stacks without heavy reliance on additional point solutions.”

The MarketScape advises technology buyers to “aggregate exposure into a solution that can unify them, so they are examined holistically and not in silos. Individual exposures may not be important issues when analyzed on their own; however, chaining them amplifies the priority of their remediation.”

This is critical. Our open platform and robust ecosystem, with over 300 integrations, mean that Tenable One doesn't just add another layer — it unifies your existing security tools. By ingesting data from across your technology stack, we provide the context you need to make better, faster decisions. This approach ensures you get more value from your current investments while building a single, holistic view of your risk.

The IDC MarketScape also notes, “Tenable leverages a large repository of exposure data and invests heavily in AI-driven analytics, including generative AI for remediation guidance, attack path generation, and ownership detection. These capabilities enhance risk prioritization and accelerate response.”

The IDC MarketScape recognition confirms what our customers already know: a proactive, unified approach is the only way to manage the complexity of the modern attack surface. We've been pioneering exposure management since 2017 and remain dedicated to empowering you to protect what matters most.

Here’s a breakdown of what we believe makes our platform a powerhouse:

• Holistic risk posture: unifying your defenses
  Tenable One is designed to break down the data silos that prevent a true understanding of risk. By integrating both Tenable-native and third-party data sources, the platform provides a single, consolidated view of your entire attack surface. This allows security teams to move from a reactive to a proactive stance, addressing exposures before they become business-impacting events.
• Comprehensive source types: extensibility for complex environments
  Modern enterprises are complex, with a diverse mix of technologies. Tenable One ingests data from a vast array of sources and normalizes it with holistic risk scoring across different types of assets and exposures. This helps inform decision-making and removes complexity, allowing customers to tailor the platform to their specific needs without relying on a patchwork of point solutions, ensuring complete and contextual visibility.
• AI-driven analytics: intelligent prioritization and response
  Tenable leverages its extensive exposure data to enhance its AI capabilities. Generative AI capabilities, such as pinpointed remediation guidance, attack path analysis to identify choke points and faster response with asset ownership detection empower teams to prioritize critical risks and expedite remediation efforts.

Tenable’s placement as a Leader in the IDC MarketScape Worldwide Exposure Management 2025 Vendor Assessment is the latest recognition of our market-leading product strategy and execution. Tenable Cloud Security was named a Major Player in the “IDC MarketScape: Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment (doc #US53549925, June 2025.” We’re the only vendor named a Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for Vulnerability Assessment. And we’re a Leader in The Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025. Visit Tenable Awards & Recognitions to see all of our accomplishments.

If you need to unify visibility across IT, cloud, OT/IoT, identity, and AI environments for a holistic, actionable risk posture, Tenable is a strong choice.

The IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.

According to the MarketScape, “Exposure management solutions offer a different approach to managing device vulnerabilities, emphasizing the fusion of multiple exposure sources by bringing together CVEs, unknown assets, misconfigurations, and other types of exposure. Exposure management often encompasses standalone cybersecurity asset management and attack surface management tools, integrating data from diverse sources for a comprehensive risk analysis. With holistic exposure management solutions, organizations can aggregate, deduplicate, and analyze data from a variety of sources to provide a more accurate assessment of an organization's risk posture.

“For this analysis, exposure management must incorporate device vulnerability management scan results. Device vulnerability management involves network-based or host-based scanners/agents that scan servers, workstations, other devices, and applications to uncover security vulnerabilities in the form of known security holes (vulnerabilities) or configuration settings that can be exploited. They can have credentialed access (using usernames and passwords) into devices or provide an uncredentialed look at a device. The scan data may come from internal or third-party scanners.”

• Access an excerpt of the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment.

CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via misconfigured carriage return handling in configuration files.  This flaw has already seen active exploitation, underscoring the critical need for immediate mitigation. Key Takeaways1. CVE-2025-48384 lets attackers abuse CR handling in Git configs to write arbitrary files.2. […]

The post CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks appeared first on Cyber Security News.

AccuKnox, a leader in Zero Trust Kubernetes and cloud-native security solutions, has been issued a patent [US Patent# 12,242,629 – full PDF copy available] by the U.S. Patent and Trademark Office for the breakthrough technology in Runtime Security of Kernel-Level Events.  This innovation delivers real-time detection, prevention, and remediation of anomalous kernel activity. The patented […]

The post AccuKnox Awarded Patent for Runtime Security of Kernel Events appeared first on Cyber Security News.

Android’s open ecosystem has been both its greatest strength and a persistent security challenge. While sideloading offers developers and users unparalleled freedom, it has also become a vector for malicious actors to distribute malware masquerading as legitimate applications. Over the past year, Android Developers Blog analysts noted that malware delivered via internet-sideloaded sources outpaced Play […]

The post Google to Add New Layer of Developer Verification to Distribute Apps on Play Store appeared first on Cyber Security News.

In today’s digital landscape, hybrid cloud security and IoT/OT cybersecurity are mission-critical. Gartner predicts that 90% of organizations will adopt a hybrid cloud approach by 2027, and industry reports show that roughly one in three data breaches now involves an IoT device. This convergence of cloud and connected devices dramatically expands the attack surface. At

The post Cloud and IoT Security Platform appeared first on Seceon Inc.

The post Cloud and IoT Security Platform appeared first on Security Boulevard.

Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security updates that fix the flaws. The vulnerabilities The three fixed vulnerabilities are: CVE-2025-7775: A memory overflow vulnerability leading to pre-auth remote code execution (RCE) and/or denial of service (DoS) CVE-2025-7776: A memory overflow … More →

The post NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) appeared first on Help Net Security.

I was scrolling through my security feeds this morning when I came across news that MITRE has finally updated their Most Important Hardware Weaknesses List. While this should have been cause for celebration, I found myself feeling more frustrated than relieved. The update was driven by improved data collection methods, including AI assistance, and input..

The post The Foundation Is Cracking: Why Hardware Security Can’t Be an Afterthought Anymore appeared first on Security Boulevard.

You must login to view this content