Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour window on March 31.
Supply chain attack on Axios npm package: Scope, impact, and remediations
The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your…
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection
Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against critical vulnerabilities, all designed to slash MTTR without disrupting your DevOps workflows.
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection
Tenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky behaviors before they escalate into a breach.
Security for AI: A guide to managing the risks of vibe coding and AI in software development
Get a template for an AI coding acceptable use policy with security controls and a list of 25 security questions to ask software developers and “citizen developers” about their AI use. Mitigate the security risks of vibe coding and using AI in software development with Tenable One.
Tenable Hexa AI 소개: 위험 노출 관리를 위한 에이전트 AI
Tenable One - 위험 관리 노출 플랫폼의 에이전트 엔진인 Tenable Hexa AI를 소개합니다. Tenable Hexa AI가 어떻게 복잡한 보안 워크플로를 자동화하고 위험 노출 인텔리전스를 조율된 대응으로 전환하여 보안 팀이 사이버 위험을 실질적으로 줄일 수 있도록 지원하는지 알아보십시오.
The hidden cost of AI speed: Unmanaged cyber risk
AI isn’t just moving fast. It’s creating new attack paths. Cyber teams must now manage vulnerabilities – and their ramifications throughout their IT environments – in AI tools deployed without enough governance guardrails. The answer for securing this new attack surface? Unified exposure management.
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
Oracle published an out-of-band security alert for a critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager, following in-the-wild exploitation of a related flaw in the same component in November 2025.
Bolster your defenses and close the code-to-cloud gap with Tenable and OX
Today, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word
An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings.
Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
Iran's retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable's exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn't the headline threat, it's a Microsoft Word N-day…
How to prepare for NERC CIP compliance deadlines in 2026 and beyond
Explore key cybersecurity requirements and implementation deadlines for electric power utilities included in the NERC CIP-003-9 standard for Low-Impact BES (Bulk Electric System) Cyber Systems, and how Tenable can help deliver the comprehensive visibility required to ensure compliance.
