Aggregator

You must login to view this content

Cybercriminals are no longer relying on simple email tricks alone. Across the first quarter of 2026, attackers have been sharpening their approach by using CAPTCHA pages and ClickFix techniques to supercharge credential theft operations at an alarming scale. During Q1 2026, Microsoft Threat Intelligence tracked approximately 8.3 billion email-based phishing threats between January and March, […]

The post Attackers Abuse CAPTCHA and ClickFix Tactics to Boost Credential Theft Campaigns appeared first on Cyber Security News.

A newly discovered DDoS botnet is exploiting exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure. Security researchers at Darktrace identified the threat after capturing it on one of their honeypot systems. What makes this malware stand out is its specific targeting of video game servers, combined with a smart infection […]

The post New DDoS Malware Exploits Jenkins to Attack Valve Source Engine Game Servers appeared first on Cyber Security News.

You must login to view this content

Pentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. This guide on Automating Pentest Delivery teaches you how to modernize your workflows and transform traditional reporting into a continuous, collaborative process where findings become actionable the moment they’re discovered. Inside, you’ll learn how automation is … More →

The post Download: Automating Pentest Delivery Guide appeared first on Help Net Security.

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider — automating the hunt for asset owners in seconds.

1. The accountability gap is the real bottleneck. Finding a vulnerability is only a part of the battle — you must also know who is responsible for the asset. Every hour spent playing detective is another hour the system stays exposed.
2. Live identity context beats stale CMDB data. By linking Tenable Hexa AI to identity providers like Okta through MCP, you instantly find out an asset’s current owner — not who owned it the last time someone updated a spreadsheet.
3. Automated ownership discovery slashes MTTR and eliminates the “not my job” problem. When Tenable Hexa AI cross-references exposure data with identity data in a single workflow, tickets route themselves — turning hours of manual Slack triage into an instant hand-off.

In our first use case blog, we showed how Tenable Hexa AI can identify assets impacted by a supply chain attack like the Axios npm compromise. In our second post, we walked through how custom Tenable Hexa AI agents can automate patching at machine speed using Tenable Patch Management.

But there’s a step hiding between “we found the vulnerability” and “we deployed the fix” that quietly consumes more analyst hours than either of those activities: figuring out who actually owns the vulnerable asset. This post explains how to close that gap and accelerate vulnerability remediation using Tenable Hexa AI.

Picture the scenario every security team knows by heart. It’s 4:45 p.m. on a Friday. A critical CVE drops. Your Tenable scan lights up 47 affected hosts across three business units. The IPs are real, the findings are accurate, the severity is clear — and nobody knows who owns half of these impacted assets.

The next two hours look the same as they always do: a flurry of Slack messages to #infra, #platform, #cloud-ops. “Is prod-api-17 yours?” “Who owns the subnet in us-east-1b?” “I think that was Maria’s team before the reorg.” By the time someone confirms ownership on the last host, half the team has logged off for the weekend, and the exploit window is still wide open.

This is the accountability gap: scanners see technical assets, identity providers see people, and configuration management databases (CMDBs) try to bridge the two, but the entries are usually months old — frozen at the moment the asset was provisioned, and most likely not updated when the owner changed teams, left the company, or handed off the service. The result is a security team forced to do detective work instead of remediation.

It’s not a niche problem, either. The Center for Internet Security’s CIS Critical Security Control 01 — the very first control on the list — calls out accurate inventory and ownership as the foundation every other control builds on. You can’t protect what you can’t attribute.

Tenable Hexa AI closes this gap by acting as the connective tissue between your exposure data and your identity source of truth. Tenable Hexa AI uses the Model Context Protocol (MCP) to orchestrate tasks between, for example, the Tenable One Exposure Management Platform on one side, and identity providers – such as Okta and Entra ID – and CMDBs like ServiceNow on the other.

This is the important distinction: Hexa AI isn’t just reading a static tag you populated six months ago. It’s issuing a live query against the identity provider at the moment you need the answer. Who currently owns this service account? Who provisioned this EC2 instance? Who is the on-call stakeholder for this application in PagerDuty? The answer you get from Tenable Hexa AI reflects today’s org chart, not last quarter’s.

By treating identity as a real-time data source rather than a point-in-time field on an asset, you skip the CMDB-rot problem entirely.

Let’s walk through what this looks like end-to-end. The prompt is plain English; the orchestration happens underneath.

The workflow begins in Claude with a prompt like:

“Find the most critical VPR finding on each of the 5 most critical assets. query Okta to identify the most likely owner based on service-owner group membership, app admin assignment, and recent login activity. Route a ticket to that asset owner in the Test Jira project.”
 

The prompt triggers the Tenable Hexa AI agent to query Tenable for unassigned critical findings, filtered by Vulnerability Priority Rating (VPR), so you’re only resolving ownership for the findings that actually matter. For each affected asset, Hexa AI then calls the Okta MCP server to resolve ownership — looking at who holds admin-level access, who recently authenticated against the host, and who belongs to the owning group or application assignment.

This is the step that wrecks your Friday afternoon. Tenable Hexa AI does it in seconds, at scale, across every unassigned finding in the environment.
 

Once the owner is identified, a ticket is opened in your system of record, such as Jira or ServiceNow, pre-filled with the finding detail, the VPR score, the affected host, and the person who can actually fix it.

To make sure this is trusted execution rather than blind automation, Hexa AI relies on Tenable’s Exposure Data Fabric — the unified layer that maps the relationships between vulnerabilities, identities, and assets across your environment. That context is what lets the agent distinguish between “the person who logged in once” and “the person who actually runs this service.” And as always, you can place human-in-the-loop (HITL) checkpoints wherever your change-management policy requires them — for example, requiring analyst sign-off before a ticket routes to a VP, or before ownership is rewritten on a tier-0 asset.
 

The NIST Cybersecurity Framework 2.0 (ID.AM-03) explicitly calls for organizations to prioritize resources based on business value and owner accountability. This workflow is how you meet that requirement operationally, not just on paper.

What does this actually buy you?

• MTTR measured in minutes, not days. The administrative overhead between discovery and assignment collapses. The security team gets a head start against the attacker because the first person to see the ticket is the first person who can act on it.
• A culture shift inside IT and security. Clear, automated ownership eliminates the “it’s not my job” reflex. When the system says you own prod-api-17 and here’s the evidence trail from Okta, there’s nothing to argue about. Trust between the security team and the asset owners goes up, because nobody is getting tickets that belong to someone else.
• Compliance and reporting that write themselves. When your CISO or an auditor asks “who is responsible for our top 20 critical exposures?”, you can show them a live report instead of promising to chase it down. Ownership becomes a queryable attribute, not an archaeological dig.

The speed at which the right information reaches the right person is one of the strongest predictors of organizational stability and recovery performance. Automating ownership is how you raise that signal speed for your security program.

The accountability gap isn’t a people problem — it’s an integration problem. Security teams have always known that asset ownership matters; now they have a clean, real-time way to resolve it at the speed modern threats demand. Tenable Hexa AI, together with MCP-based identity connectors, turns that resolution into a background function of the platform.

When every critical finding arrives pre-attributed to the right person, vulnerability management stops being a ticket-routing exercise and becomes what it was always supposed to be: a remediation function.

Tenable Hexa AI is currently in private preview for select Tenable One customers. Contact your Tenable account team to join the private preview program.

Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of Tenable agentic AI capabilities, including the growing catalog of MCP integrations across identity, ticketing, and patching tools.

Detecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider — automating the hunt for asset owners in seconds.

1. The accountability gap is the real bottleneck. Finding a vulnerability is only a part of the battle — you must also know who is responsible for the asset. Every hour spent playing detective is another hour the system stays exposed.
2. Live identity context beats stale CMDB data. By linking Tenable Hexa AI to identity providers like Okta through MCP, you instantly find out an asset’s current owner — not who owned it the last time someone updated a spreadsheet.
3. Automated ownership discovery slashes MTTR and eliminates the “not my job” problem. When Tenable Hexa AI cross-references exposure data with identity data in a single workflow, tickets route themselves — turning hours of manual Slack triage into an instant hand-off.

In our first use case blog, we showed how Tenable Hexa AI can identify assets impacted by a supply chain attack like the Axios npm compromise. In our second post, we walked through how custom Tenable Hexa AI agents can automate patching at machine speed using Tenable Patch Management.

But there’s a step hiding between “we found the vulnerability” and “we deployed the fix” that quietly consumes more analyst hours than either of those activities: figuring out who actually owns the vulnerable asset. This post explains how to close that gap and accelerate vulnerability remediation using Tenable Hexa AI.

Picture the scenario every security team knows by heart. It’s 4:45 p.m. on a Friday. A critical CVE drops. Your Tenable scan lights up 47 affected hosts across three business units. The IPs are real, the findings are accurate, the severity is clear — and nobody knows who owns half of these impacted assets.

The next two hours look the same as they always do: a flurry of Slack messages to #infra, #platform, #cloud-ops. “Is prod-api-17 yours?” “Who owns the subnet in us-east-1b?” “I think that was Maria’s team before the reorg.” By the time someone confirms ownership on the last host, half the team has logged off for the weekend, and the exploit window is still wide open.

This is the accountability gap: scanners see technical assets, identity providers see people, and configuration management databases (CMDBs) try to bridge the two, but the entries are usually months old — frozen at the moment the asset was provisioned, and most likely not updated when the owner changed teams, left the company, or handed off the service. The result is a security team forced to do detective work instead of remediation.

It’s not a niche problem, either. The Center for Internet Security’s CIS Critical Security Control 01 — the very first control on the list — calls out accurate inventory and ownership as the foundation every other control builds on. You can’t protect what you can’t attribute.

Tenable Hexa AI closes this gap by acting as the connective tissue between your exposure data and your identity source of truth. Tenable Hexa AI uses the Model Context Protocol (MCP) to orchestrate tasks between, for example, the Tenable One Exposure Management Platform on one side, and identity providers – such as Okta and Entra ID – and CMDBs like ServiceNow on the other.

This is the important distinction: Hexa AI isn’t just reading a static tag you populated six months ago. It’s issuing a live query against the identity provider at the moment you need the answer. Who currently owns this service account? Who provisioned this EC2 instance? Who is the on-call stakeholder for this application in PagerDuty? The answer you get from Tenable Hexa AI reflects today’s org chart, not last quarter’s.

By treating identity as a real-time data source rather than a point-in-time field on an asset, you skip the CMDB-rot problem entirely.

Let’s walk through what this looks like end-to-end. The prompt is plain English; the orchestration happens underneath.

The workflow begins in Claude with a prompt like:

“Find the most critical VPR finding on each of the 5 most critical assets. query Okta to identify the most likely owner based on service-owner group membership, app admin assignment, and recent login activity. Route a ticket to that asset owner in the Test Jira project.”
 

The prompt triggers the Tenable Hexa AI agent to query Tenable for unassigned critical findings, filtered by Vulnerability Priority Rating (VPR), so you’re only resolving ownership for the findings that actually matter. For each affected asset, Hexa AI then calls the Okta MCP server to resolve ownership — looking at who holds admin-level access, who recently authenticated against the host, and who belongs to the owning group or application assignment.

This is the step that wrecks your Friday afternoon. Tenable Hexa AI does it in seconds, at scale, across every unassigned finding in the environment.
 

Once the owner is identified, a ticket is opened in your system of record, such as Jira or ServiceNow, pre-filled with the finding detail, the VPR score, the affected host, and the person who can actually fix it.

To make sure this is trusted execution rather than blind automation, Hexa AI relies on Tenable’s Exposure Data Fabric — the unified layer that maps the relationships between vulnerabilities, identities, and assets across your environment. That context is what lets the agent distinguish between “the person who logged in once” and “the person who actually runs this service.” And as always, you can place human-in-the-loop (HITL) checkpoints wherever your change-management policy requires them — for example, requiring analyst sign-off before a ticket routes to a VP, or before ownership is rewritten on a tier-0 asset.
 

The NIST Cybersecurity Framework 2.0 (ID.AM-03) explicitly calls for organizations to prioritize resources based on business value and owner accountability. This workflow is how you meet that requirement operationally, not just on paper.

What does this actually buy you?

• MTTR measured in minutes, not days. The administrative overhead between discovery and assignment collapses. The security team gets a head start against the attacker because the first person to see the ticket is the first person who can act on it.
• A culture shift inside IT and security. Clear, automated ownership eliminates the “it’s not my job” reflex. When the system says you own prod-api-17 and here’s the evidence trail from Okta, there’s nothing to argue about. Trust between the security team and the asset owners goes up, because nobody is getting tickets that belong to someone else.
• Compliance and reporting that write themselves. When your CISO or an auditor asks “who is responsible for our top 20 critical exposures?”, you can show them a live report instead of promising to chase it down. Ownership becomes a queryable attribute, not an archaeological dig.

The speed at which the right information reaches the right person is one of the strongest predictors of organizational stability and recovery performance. Automating ownership is how you raise that signal speed for your security program.

The accountability gap isn’t a people problem — it’s an integration problem. Security teams have always known that asset ownership matters; now they have a clean, real-time way to resolve it at the speed modern threats demand. Tenable Hexa AI, together with MCP-based identity connectors, turns that resolution into a background function of the platform.

When every critical finding arrives pre-attributed to the right person, vulnerability management stops being a ticket-routing exercise and becomes what it was always supposed to be: a remediation function.

Tenable Hexa AI is currently in private preview for select Tenable One customers. Contact your Tenable account team to join the private preview program.

Want to learn more? Download the Tenable Hexa AI data sheet to get the full technical breakdown of Tenable agentic AI capabilities, including the growing catalog of MCP integrations across identity, ticketing, and patching tools.

The post Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI appeared first on Security Boulevard.

The post Meet Suraj Patil: Associate PM, Bowls Left, Bats Right appeared first on AI Security Automation.

The post Meet Suraj Patil: Associate PM, Bowls Left, Bats Right appeared first on Security Boulevard.

The post Autonomous SOC: The Evolution of Self-Driving Security Operations appeared first on AI Security Automation.

The post Autonomous SOC: The Evolution of Self-Driving Security Operations appeared first on Security Boulevard.