Tenable just made OT security way easier — instant discovery of hidden cyber-physical assets now built into Tenable One 🛡️ No extra hardware needed. See unknown OT/IoT devices and reduce risk from day one. Full details here 👇 #Tenable #OTSecurity

https://astig.ph/tenable-ot-discovery-tenable-one-exposure-management-2026/

I'm looking for work in #Barcelona, Spain. I'm a #Linux admin with #RedHat experience and hold #RHCSA & #RHCE certifications. I also have experience with #Splunk, #Tenable, and #VMware sprinkled with some networking knowledge. I also have CompTIA Security+. I won't need sponsorship since my spouse is an EU member. I do not know Spanish well, but learning.

#FediHire #GetFediHired #openforwork

Patch Tuesday, April 2026 Edition

https://krebsonsecurity.com/2026/04/patch-tuesday-april-2026-edition/

#PatchTuesdayApril2026 #SharePointServer #LatestWarnings #TheComingStorm #CVE-2026-32201 #CVE-2026-33120 #CVE-2026-33825 #CVE-2026-34621 #RyanBraunstein #GoogleChrome #SatnamNarang #TimetoPatch #adobereader #MikeWalters #WillDormann #BlueHammer #Action1 #Automox #Tenable

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

Microsoft Patch Tuesday, March 2026 Edition

https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

#MicrosoftPatchTuesdayMarch2026 #MicrosoftOffice #TheComingStorm #CVE-2026-21262 #CVE-2026-24289 #CVE-2026-24291 #CVE-2026-24294 #CVE-2026-25187 #CVE-2026-26110 #CVE-2026-26113 #CVE-2026-26127 #mozillafirefox #SecurityTools #SatnamNarang #TimetoPatch #AdamBarnett #BenMcCarthy #Immersive #Tenable #adobe #XBOW

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

----------------

🎯 AI
===================

Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

Technical details:
• SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
• Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
• Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

Analysis:

The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

Detection guidance:
• Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
• Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

Limitations:
• No public CVE identifiers are reported in the source material.
• Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

References and tags:

SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

🔗 Source: https://www.tenable.com/blog/undercover-on-moltbook