![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="40" height="40"><rect fill-opacity="0"/></svg>)
LOADING
ERROR LOADING CONTENT
Cyber Exposure News Feed
Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury
By Research Special Operations on March 11 2026
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
By Research Special Operations on March 10 2026
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations
By Research Special Operations on March 3 2026
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
By Scott Caveza on February 25 2026
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
By Research Special Operations on February 10 2026
Frequently Asked Questions About Notepad++ Supply Chain Compromise
By Satnam Narang on February 3 2026
CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
By Research Special Operations on January 30 2026
Oracle January 2026 Critical Patch Update Addresses 158 CVEs
By Research Special Operations on January 20 2026
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
By Scott Caveza on January 14 2026
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
By Research Special Operations on January 13 2026
Loading
Loading
Vulnerability Management Overview (Explore)
AI Aware Dashboard (Explore)
Risk Summary Dashboard
Vulnerability Management Overview (Explore)
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
The Vulnerability Age: Managing SLAs (Explore) widget provides a view of vulnerabilities based on severity and age. The columns display counts of vulnerabilities that have been published within the specified time period and are present in the organization. The rows display the severity level of the vulnerability. Organizations can use this information to determine their compliance with organizational policy and Service Level Agreements (SLAs). For example, if an organization has a SLA that states Critical/High vulnerabilities must be patched within 45 days, any data displayed in the first three columns and two rows indicates non-compliance with the SLA. Vulnerability age is determined from the time the vulnerability was published. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).
The SLA Progress: Vulnerability Age (Explore) widget helps organizations manage Service Level Agreements (SLAs) by providing a vulnerability view that is organized by Vulnerability Priority Rating (VPR) Score and Vulnerability Age. Users can customize both the date and how the severity is calculated by selecting SLA from the Tenable.io Settings > General > Service-Level Agreement (SLA) page. The vulnerabilities that do not meet SLAs are calculated using a date filter for within the last X days. The vulnerabilities that meet SLAs use a date filter for older than X days. When default SLA settings are used, the Critical row uses VPR greater than 9.0. The High row uses VPR between 7.0-8.9, the Medium row uses VPR between 4.0-6.9, and the Low row uses VPR between 0-3.9. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).
The Vulnerability Priority Rating Using VPR (Explore) widget displays vulnerabilities grouped by Vulnerability Priority Rating (VPR). VPR is the output of Tenable's predictive prioritization process and is continually updated to accommodate the evolving threat landscape. Following the initial scan of an asset on the network, Tenable computes an initial VPR using a machine-learning algorithm that analyzes more than 150 different aspects of each vulnerability to determine the level of risk. Vulnerabilities are listed on the left have the highest VPR, while those on the right have the lowest. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).
The Severity Statistics by Source (Explore) widget provides a count of vulnerabilities collected through multiple sources: Nessus scan, Nessus Agent, and Frictionless Assessment. Nessus Agents are low-footprint programs installed locally on hosts to supplement traditional network-based scanning. Nessus Agents collect vulnerability, compliance, and system data, which is reported to management for mitigation guidance. Frictionless Assessment assesses the hosts for vulnerabilities in the cloud, rather than running plugins locally on the hosts. The numbers displayed in this widget use severity to identify precedence of vulnerabilities to be mitigated. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM, AWS Frictionless Assessment, Azure Frictionless Assessment).
The Scan Health (Explore) widget provides a summary of scan health in relation to authentication success and failures. System and network devices must be routinely scanned to ensure they are operating in compliance with organizational and regulatory requirements for vulnerability and configuration management. Evidence of scanning activities is often required by regulatory frameworks and Service Level Agreements (SLAs). Credentialed scanning, which requires authentication to the device, provides the most accurate scanning results. The five columns display asset counts related to: Authentication Success - Scans authenticate successfully with full administrator/root privileges. Scan results will be the most comprehensive. Success but Insufficient Access - Scans authenticate successfully, but do not have privileged access. Scan results will be limited to what a local non-privileged user could see. Success but Intermittent Failure - Scan credentials intermittently fail, which could be caused by session rate limits, session concurrency limits, or other issues preventing consistent authentication success. Authentication Failure (Credentials) - The credentials provided were incorrect. No Credentials Provided - No credentials were provided. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).
This widget provides a Stacked column chart when vulnerabilities are identified by the Security Response Team (SRT) as Emerging Threats. These vulnerabilities are being actively monitored by Tenable. The SRT team will change the status of the vulnerability into 1 of 3 areas, Vulnerabilities Being Monitored, Vulnerabilities of Interest, and Vulnerabilities of Concern. This component tracks all vulnerabilities that were labeled as an emerging threat using the Common Vulnerability and Exposure (CVE) identifier and the year the CVE vulnerability was published. The Stacked Column chart will display a CVE ID if it has been detected and found to not be mitigated.
The Critical and High Exploitable Vulnerabilities (Explore) widget focuses on the most severe current threats, critical and high exploitable vulnerabilities to help prioritize remediation. Each bar represents vulnerabilities grouped by an exploitability characteristic. Exploited by Malware: Vulnerabilities that can be exploited by malicious software, such as viruses, worms, spyware, adware, and ransomware. Remotely Exploitable (Low Complexity): Vulnerabilities that can easily be exploited remotely and require little skill or information gathering to exploit. Locally Exploitable (Low Complexity): Vulnerabilities that can easily be exploited with local access and require little skill or information gathering to exploit. Exploited by Framework (Metasploit): Vulnerabilities for which exploit code has been imported into various exploit frameworks when the vulnerability is made public. Common exploit frameworks, such as Metasploit, are easy to obtain and are used by security researchers and malicious attackers. Remotely Exploitable (High Complexity): Vulnerabilities that can be exploited remotely, but require a high degree of skill and information gathering to exploit. Note that these groupings are not mutually exclusive, a single vulnerability can be included in multiple exploitability categories. Tenable recommends prioritizing remediation starting with vulnerabilities in the left-most column, 'Exploited by Malware.' The requirement for this widget is: Tenable.io Vulnerability Management (Nessus).
The Future Threats: Not Yet Exploitable Vulnerabilities (Explore) widget provides a view of vulnerabilities based on exploit code maturity and vulnerability publication date. The columns display counts of vulnerabilities that have been published within the specified time period and are present in the organization. The rows display the exploit code maturity, where Proof of Concept is more serious than Unproven Exploit. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).