Threats Tagged 'ios'

The Miasma campaign is a critical supply chain attack involving a self-propagating npm worm that compromised over 89 npm packages, including 32 Red Hat packages. It leveraged stolen developer credentials that were traded in underground markets for seven weeks before being weaponized. The campaign bypassed high-integrity supply chain protections by producing malicious packages with valid SLSA Build Level 3 provenance attestations. It escalated to target AI coding assistants in developers' local environments, expanding the attack surface beyond package registries. The attack exemplifies a new threat model called the Developer Credential Economy, where stolen developer credentials are commoditized and weaponized in multi-layered campaigns. The campaign highlights the insufficiency of traditional endpoint detection tools against ephemeral CI/CD environment compromises and stresses the need for treating developer credentials as critical infrastructure.

Discover how continuous control validation in Tenable One can improve your CTEM program by filtering out alert noise and factoring in your active cyber defenses. Focus your team on accessible and exploitable attack paths. Key takeaways: With vulnerability exploitation ranking as the top initial access vector and frontier AI accelerating vulnerability discovery, organizations must shift from managing theoretical cyber risks to validating actual, accessible exposure. Tenable One maps active security controls including EDR, MFA, and firewalls directly onto potential attack paths, allowing teams to automatically deprioritize weaknesses that existing defenses already neutralize. Ingesting penetration testing results via the Tenable One Open Connector allows organizations to layer real-world attack simulations over real-time exposure insights to identify toxic risk combinations that threaten critical assets. Your security tools probably indicate you have thousands, perhaps tens or hundreds of thousands, of vulnerabilities across your environment. Maybe your tools prioritize these vulnerabilities based on CVSS scores or other criteria, but how do you know which vulnerabilities combine with other preventable security risks, like misconfigured cloud buckets and identity weaknesses, to create attack paths threat actors could realistically traverse? How do you validate which vulnerabilities an existing security control mitigates? You need this context to distinguish the real risks from the theoretical ones to ensure your team focuses on remediating what matters most. The work of validating, prioritizing, and remediating vulnerabilities alongside other security weaknesses to understand the true exposure they create has become much more urgent, as frontier AI models accelerate vulnerability discovery. In this environment, the traditional patch-based defense model will get crushed. Moreover, defenders cannot afford inaccurate decision-making and wasted remediation work that addresses low-priority vulnerabilities. They desperately need the context and validation that a continuous threat exposure management (CTEM) program provides. This is why security leaders are evolving their vulnerability management programs to exposure management programs. Exposure management allows you to continually assess your attack surface, prioritize risks , and orchestrate automated remediation of security weaknesses at machine speed. Exposure management also helps validate which exposures attackers can actually reach by understanding the accessibility and exploitability of an attack path. It uses validation to shift your organization from managing theoretical risks to executing on actual exposure. What is exposure validation in CTEM? Validation is one of the five steps in the CTEM lifecycle. It is the process of providing consistent, continuous, and automated evidence of an attack’s feasibility. It stress-tests your defenses against real-world attack conditions, using your own environment’s controls and configurations to confirm whether an exposure is genuinely reachable and exploitable. Validation moves security from a reactive “patch everything” mindset to a preemptive, evidence-based exposure strategy . It continuously confirms which weaknesses your existing defenses have already blocked and surfaces the ones that demand immediate attention. Expanded CTEM validation capabilities in Tenable One Validation isn’t new to Tenable: we’ve been using validation techniques in Tenable solutions for more than 25 years. Tenable developed nearly 3,000 direct check plugins to actively probe a vulnerability and prove its exploitability in situations where software version detection isn’t sufficient for our high-accuracy standards. These plugins actually mimic attack techniques and monitor the target’s response to confirm the presence of the vulnerability. What is new in Tenable One is the addition of continuous control validation in the platform. By factoring in your active security controls, Tenable One helps eliminate the noise of theoretically exposed assets that are functionally blocked from exploitation. Security teams can visually map their active prevention and detection controls directly onto potential attack paths, automatically prioritizing weaknesses that existing controls already neutralize. Analysts can also filter top attack paths based on the presence of security controls and whether you can prevent attack chains for faster triage and investigation. Common control validation examples include: Endpoint detection and response (EDR) tools that block Local Security Authority Subsystem Service (LSASS) memory dump tools used to harvest credentials. Multi-factor authentication (MFA) methods that prevent unauthorized access via password guessing , password spraying , or credential stuffing . Firewall and data loss prevention (DLP) tools that prevent data exfiltration by detecting data staging and enforcing egress rules. See how continuous control validation works in Tenable One. Proactively manage risk prioritization with continuous security control validation. Eliminate noise from theoretical risks that are functionally blocked by existing defenses by integrating compensating security controls into the exposure prioritization process. Access a unified dashboard where assets, vulnerabilities, and exposure risks are consolidated. Filter attack paths to identify which are protected by compensating controls. View types of compensating controls deployed in the environment. Examine attack paths that could be protected with endpoint protection tools. Review security controls associated with specific attack paths, including SIEM and EDR controls. Inspect individual nodes within attack paths to determine which security controls are protecting them. Identify assets monitored by SIEM tools such as Splunk. Verify endpoint protection coverage on assets, including Microsoft Defender installations. Filter attack techniques to focus on specific threats like LSASS Memory techniques, which extract credentials from compromised systems and can be mitigated by endpoint protection tools. Identify attack paths and assets lacking appropriate EDR coverage. Prioritize remediation by examining high-priority attack paths where compensating controls are absent. Collaborate with security control owners to confirm coverage and address gaps in protection for critical assets. Integrate penetration testing data into Tenable One Beyond direct check plugins and continuous control validation, security teams can also integrate penetration testing results into Tenable One that simulate real-world attacks against your cyber defenses. This is another way to validate which exposures are truly exploitable and contextualizes them against your broader attack surface. The Tenable One Open Connector makes it easy to ingest the latest pentest results and layer them with real-time exposure insights to turn your findings into active, continuous defenses. Integrating pentest data into an exposure management program adds critical context to help you understand toxic risk combinations and enrich your understanding of high-severity weaknesses that threaten your most critical business assets. Context is essential in exposure management In the AI era, your security team can’t waste precious time on the wrong issues. With exposure management, context is essential to pinpoint the most critical risks to your organization. Security control validation, coupled with asset criticality, threat activity, entitlement privileges, and attack pathways, give your security team the advantage it needs to stay ahead of threat actors. Learn more about Tenable One , the exposure management platform for the modern attack surface.

Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42 .

At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]

On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help. Key takeaways: The new AI Security Executive Order will require national security and civilian federal agencies to prioritize cyber defenses to account for new frontier AI model capabilities. Tenable is well positioned to help federal agencies gain visibility across their environments, including AI assets, and to prioritize the vulnerabilities and other exposures that pose the highest risk; Tenable AI-enabled exposure management capabilities can help support vulnerability remediation and automate multi-step remediation workflows. The vulnerability and patching clearinghouse which will be developed under the Executive Order will require strong engagement from private sector partners, including Tenable, to drive actionable insights on AI-associated vulnerabilities and mitigation prioritization. On June 2, 2026, the President signed an Executive Order (EO) titled “ Promoting Advanced Artificial Intelligence Innovation and Security .” The direction is clear and the calls to action are fast-moving. Within 30 days: Federal agencies must begin hardening their information systems with AI-enabled cyber defenses. CISA must issue new directives or guidance for civilian agencies. The Department of the Treasury (Treasury), with the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), must stand up a new AI cybersecurity clearinghouse focused on finding and fixing software vulnerabilities. Within 60 days, Treasury, with the Department of War (DoW), NSA and CISA, in consultation with the White House and other agencies, must establish a classified benchmarking process to assess the capabilities of frontier AI models through voluntary collaboration with AI developers. While the Executive Order applies to U.S. federal agencies, the need to prepare for changes in the threat landscape brought about by the advanced cyber capabilities of frontier AI models applies to any organization that needs to manage cyber risk. Here’s a breakdown of what the AI EO requires, the deadlines that matter, and where Tenable fits. What the AI Executive Order requires The EO’s operative provisions sit in Section 2 (“Upgrading American systems for advanced AI”) and Section 3 (“Secure frontier model deployment”). The cybersecurity core is in Section 2. Within 30 days: National security and defense systems. The Committee on National Security Systems must prioritize the cyber defense of National Security Systems (NSS) and the Secretary of War must do the same for DoW information systems (Section 2(a) and 2(b)). Civilian federal systems and critical infrastructure. CISA, in consultation with the Office of Management and Budget (OMB), the Assistant to the President for National Security Affairs, and the National Cyber Director, must release Binding Operational Directives (BODs) “and other guidance as appropriate” to: Expedite and prioritize the cyber defense of civilian federal information systems. Establish or expand federal programs and services that enhance AI-enabled defensive tools. Facilitate access to cybersecurity tools and services, including where appropriate, covered frontier models, for agencies, state and local authorities, and critical infrastructure operators such as rural hospitals, community banks, and local utilities. Worth noting, while the EO directs CISA to release BODs or other guidance for federal civilian agencies, the specific implementation directives are not yet known (Section 2(c)). The AI cybersecurity clearinghouse. The Secretary of the Treasury, with the National Cyber Director, NSA, and CISA, must form an AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and critical infrastructure operators. The EO tasks the clearinghouse with three concrete functions, per Section 2(d): Coordinate and deconflict scanning for software vulnerabilities Discover and validate those vulnerabilities Coordinate and prioritize the remediation and distribution of vulnerability patches. Grant funding for AI vulnerability detection. OMB, with the National Cyber Director and CISA, must determine whether existing federal grant programs have funding that can be directed toward applicants developing advanced AI vulnerability detection (Section 2(e)). Within 60 days: Cybersecurity workforce. The Office of Personnel Management must expand hiring and placement pathways for cybersecurity specialists through the United States Tech Force (Section 2(f)). Secure frontier model deployment. Treasury, NSA, and CISA, in consultation with NIST and others, must develop a classified benchmarking process to assess the advanced cyber capabilities of AI models. They must also set the threshold for designating a “covered frontier model,” and design a voluntary framework through which developers can give the government up to 30 days of pre-release access to those models. The Executive Order is explicit that it does not create any mandatory licensing, preclearance, or permitting requirement for AI models (Section 3). No fixed deadline: Criminal enforcement. The EO directs the Attorney General to prioritize enforcement against those who use AI to illegally access or damage computer systems (Section 4). For federal cybersecurity leaders, this is less a future-state policy document than a near-term planning trigger. Watch for CISA’s issuance of BODs and other guidance, and for readouts on the clearinghouse, during June and July. How Tenable can help The EO’s center of gravity — finding software vulnerabilities, validating them, prioritizing them, and driving remediation — is the work Tenable's platform is built to do. While the AI Executive Order focuses on vulnerability discovery, validation, prioritization, and remediation, the benefit of the Tenable One Exposure Management Platform is that it addresses vulnerabilities alongside other security weaknesses, including misconfigurations of AI systems and overpermissioned AI agents, to serve as the system of action for mitigating cyber exposure and reducing cyber risk across organizations’ expanding attack surfaces. Below, learn how specific Tenable capabilities map to the EO’s requirements. Continuous vulnerability detection across the attack surface Sections 2(a) through 2(d) turn on the ability to find vulnerabilities across a wide range of systems continuously. Tenable One Vulnerability Management and Tenable Security Center provide network-based and agent-based assessment across IT assets, with credentialed scanning for greater depth. Tenable One Cloud Exposure extends that visibility to cloud workloads and configurations, and Tenable One Attack Surface Management maps internet-facing assets that agencies may not know they have. For agencies operating classified or air-gapped environments — relevant to the National Security Systems named in Section 2(a) — Tenable Enclave Security is built to run vulnerability and configuration assessment inside those boundaries. Risk-based prioritization, not “patch everything” Section 2(d) doesn’t only call for discovering vulnerabilities — it calls for prioritizing them for remediation. That distinction matters because no agency can patch everything at once. Tenable’s Vulnerability Priority Rating (VPR) uses machine learning, trained on the company’s corpus of more than 1.7 trillion security findings accumulated over more than 25 years of continuous scanning, to forecast which vulnerabilities are most likely to be exploited, so defenders can focus on the smaller set that represents real, immediate risk. By leveraging AI-generated features and expert intelligence from Tenable's Research Special Operations team, VPR helps organizations pinpoint the critical 1.6% of vulnerabilities that represent actual business risk . Tenable also ingests CISA’s Known Exploited Vulnerabilities (KEV) catalog — the continuously updated, authoritative list of Common Vulnerabilities and Exposures (CVEs) under active exploitation — directly into prioritization, aligning remediation guidance to the same source CISA uses to track risk across the federal enterprise. AI-enabled defensive tooling Section 2(c) directs CISA to establish or expand programs that enhance AI-enabled defensive tools. As frontier AI models accelerate the rate at which vulnerabilities can be discovered and exploited , the traditional window for manual remediation is rapidly closing. The June 2026 AI Executive Order recognizes this shift, directing federal agencies to counter machine-speed threats with AI-enabled cyber defenses within 30 days. Tenable Hexa AI , the agentic engine of the Tenable One Exposure Management Platform , is designed to help counter machine-speed threats, supercharge productivity, and accelerate risk reduction by automating multi-step remediation workflows. Security teams can leverage pre-built agents directly in the user interface or build custom agents via the Model Context Protocol (MCP), turning exposure intelligence into decisive action at machine speed. At the same time, as agencies build custom models or adopt third-party tools like ChatGPT and Copilot, they fundamentally expand their attack surface. It is now critical to protect enterprise AI, shadow AI, training data, and underlying infrastructure from emerging threats like adversarial attacks, data poisoning, and model theft. Tenable secures this expanding attack surface with Tenable One AI Exposure , which is designed to help agencies see, manage, and control the risks introduced by generative AI. Tenable One AI Exposure allows agencies to discover and inventory AI tools and libraries, and apply AI usage policies across the environment — a growing requirement as agencies adopt AI and need to account for it as part of

This threat discussion focuses on the risk posed by forgotten or 'zombie' cloud infrastructure assets that remain in an environment but are no longer in production. These zombie assets increase the attack surface and cyber risk for organizations while also contributing to unnecessary cloud costs. The described solution, Tenable Hexa AI, uses agentic AI to identify and eliminate these forgotten cloud assets, thereby reducing risk and cost. There is no indication of an active exploit or vulnerability in this data, rather it highlights a security risk related to cloud asset management.

As frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate vulnerability remediation and super-charge exposure management with Tenable Hexa AI. Key takeaways AI models like Claude Mythos have reduced the time from vulnerability discovery to weaponization from weeks to minutes, making manual defense untenable. Tenable Hexa AI serves as an agentic engine that orchestrates complex, multi-step remediation workflows across modern attack surfaces to accelerate the speed of preemptive security and propel your exposure management program. Using the Model Context Protocol (MCP) included in Tenable Hexa AI, your team can build and deploy custom agents that anchor your preferred LLMs in the Tenable Exposure Data Fabric, ensuring every automated action is governed, auditable, and accurate. Why you need to implement agentic AI in cybersecurity (and specifically, in vulnerability management) For most of my career in cybersecurity, we’ve operated on a fundamental, if unspoken, assumption: We had a grace period. Whenever a new vulnerability was discovered, we knew we had time, often weeks or months, before adversaries would begin exploiting it. The time between vulnerability discovery and exploitation gave us breathing room. It gave us time to patch, triage, and remediate. But not any more. The gap between discovery and exploitation has been shrinking for years, and the vulnerability discovery capabilities demonstrated by frontier AI models like Claude Mythos are narrowing it even more. We have entered the era of AI speed. When an LLM can unearth a 27-year-old vulnerability in a hardened OS in minutes, and then weaponize it in seconds, old defensive cycles can’t keep up, and that’s untenable. This is why I’m so excited to announce the general availability of Tenable Hexa AI , the agentic engine of the Tenable One Exposure Management Platform , at EXPOSURE 2026 : because it’s designed to help your organization address the escalating, AI-driven pace of vulnerability discovery. The agentic AI imperative in cybersecurity: Scale your preemptive defense to match machine speed with agentic innovation from Tenable Tenable Hexa AI is built to be a force multiplier and a flexible engine for innovation. Featuring a suite of built-in agents ready to automate assessment configuration, asset tagging, dashboard creation, ticket creation, and more, Tenable Hexa AI is designed to help your organization overcome the operational challenges deepened by adversarial AI use. When the window between discovery and exploitation hits near-zero, security teams locked in manual vulnerability management operating models are forced into a state of perpetual emergency. Manually stitching together context and telemetry from cloud, identity, OT, and vulnerability silos in an arduous effort to prioritize remediation for downstream IT and DevOps teams is a losing battle. And when you can’t provide clear, risk-based remediation priorities to IT and DevOps teams, you end up bombarding them with seemingly urgent tickets that may not in fact be critical to your organization. Constant shifts in remediation priorities and endless debates over what needs fixing and why is not sustainable. It creates friction and causes you to lose the cybersecurity race. In a world where attackers move at machine speed, only comprehensive exposure intelligence combined with the agentic AI orchestration capabilities provided by the Tenable One Exposure Management Platform can give you clarity and control. Tenable Hexa AI doesn’t just tell you where you are vulnerable; it mobilizes your preemptive defense. Capabilities of Tenable Hexa AI With this GA release, Tenable delivers foundational capabilities to help your organization accelerate the pace of vulnerability discovery and remediation, including: Your choice of agents - Use our pre-built, out-of-the-box agents to start reducing risk immediately, or use the Model Context Protocol (MCP) server built into Tenable Hexa AI to create custom agents tailored to your organization’s environment. Advanced multi-step reasoning - Tenable Hexa AI executes complex, end-to-end workflows spanning your attack surface (e.g., IT, cloud, identity, OT, etc.) in a single request, eliminating the need for practitioners to toggle between views to get exposure context. It understands that a CVE in your web app is a critical threat specifically because it is linked to a privileged service account with a path to your sensitive data. Automated remediation workflows - Tenable Hexa AI orchestrates remediation workflows, automatically creating and routing tickets, generating custom policies, and producing audit-ready reports, so security teams can act fast on every critical exposure. End-to-end exposure path insights - Practitioners can query their environment by identity attributes, such as service accounts, privileged users, and Active Directory groups, to surface exposure paths that traditional asset inventories miss. Tenable Hexa AI also provides guided assistance for complex Active Directory sensor configurations. Build your own AI agents for cybersecurity with Tenable Hexa AI In addition to out-of-the-box agentic capabilities for use cases like automated assessment configuration, asset tagging, and ticket creation, customers can also build custom agents via Tenable Hexa AI's built-in MCP that are informed by your organization’s unique security policies and internal business logic. Tenable Hexa AI serves as the orchestration layer connecting your favorite AI tools to your infrastructure and other security tools, all with the data and context from the Tenable Exposure Data Fabric. By anchoring the models your organization uses in the authoritative context of your own environment, Tenable Hexa AI moves you beyond generic AI answers to governed and auditable automation. Whether you are automating complex remediation or generating board-ready dashboards, Tenable Hexa AI ensures the output is both verifiable and auditable. The Tenable Exposure Data Fabric is key because an agent is only as effective as the data it has access to. Tenable Hexa AI is powered by the Tenable Exposure Data Fabric, a repository of 20 years of vulnerability research and the industry’s largest collection of contextualized exposure data. In other words, we’ve built an agentic engine for cybersecurity that uses the world’s best exposure data to drive machine-speed actions. This is the only way to ensure your AI is validating the real state of your environment, rather than just guessing. Real-world agentic AI use cases for Tenable Hexa AI While there are virtually infinite ways to apply agentic orchestration to your unique cybersecurity challenges, here are four high-impact areas where manual workflows traditionally break down and make it impossible for you to keep pace with AI-powered vulnerability discovery: Supply chain response - Neutralize third-party threats by using Tenable Hexa AI to correlate software components with affected internal assets. Automated patching - Use custom Hexa agents to beat the Mythos clock by orchestrating patches the moment a vulnerability is validated. Remediation assignment - Use Tenable Hexa AI to automatically match CVEs to asset owners in seconds and trigger immediate response workflows. These use cases demonstrate how Tenable Hexa AI can bridge the gap between exposure intelligence and action. Make the untenable Tenable The collapse of the exploit window is a wake-up call. It gives us the opportunity to change how we work. By shifting from manual triage to agentic orchestration, organizations are seeing a shift in productivity and how they prioritize and action exposure reduction. While early design partners have already reclaimed days per month on foundational tasks like asset tagging, the value is not found solely in the hours saved, but rather, in the precision of the response. By automating the correlation between cloud, identity, AI, OT, and vulnerability data, Tenable One provides the clear, contextualized instructions that IT and DevOps teams need to act with confidence. This eliminates the administrative friction and back-and-forth negotiation that often results in critical vulnerabilities going unaddressed. Reclaiming those days means your best people are no longer buried in spreadsheets; they are focused on high-impact strategy, architecture hardening, and preemptive defense. Tenable Hexa AI is available today as part of the Tenable One Foundation and Tenable One Advanced packages .