Aggregator

Nagomi Security has announced the next evolution of its platform with Agentic Exposure Ops, expanding Nagomi from exposure visibility to agent-driven exposure elimination. Most exposure management programs generate findings faster than teams can validate what’s real, route fixes to the right owners, and re-check outcomes as environments change. Agentic Exposure Ops closes that execution loop so high-impact conditions get eliminated and stay closed over time. That loop breaks in enterprises for a simple reason: the … More →

The post Nagomi Security expands into agent-driven exposure elimination with Agentic Exposure Ops appeared first on Help Net Security.

Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack surfaces expand and adversaries increasingly leverage AI, the modern CISO is tasked with orchestrating resilience at scale. Amid this shift, CISO Whisperer has released its list of “Cybersecurity […]

The post CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026 appeared first on Cyber Security News.

You must login to view this content

Today, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is designed to eliminate visibility gaps and accelerate remediation.

1. Bridge the cloud-to-code gap: Connect cloud exposures directly to the code and developers responsible to eliminate fragmented visibility.
2. Unified asset graph visibility: Leverage an automated code-to-cloud asset graph to correlate cloud risks with their originating service, build pipeline, and specific line of code.
3. Reachability and exploitability validation: Focus teams on real, exploitable risk by validating which vulnerabilities are actually exposed through production code paths.

The integration between Tenable Cloud Security and OX creates a unified defense system by synchronizing Tenable’s cloud risk detection and vulnerability intelligence capabilities with OX’s deep application context and exploitability analysis. By mapping Tenable’s findings – including vulnerabilities, misconfigurations, and excessive permissions – to the originating source code, the joint solution automatically correlates runtime risks and the specific developers responsible for fixing them — closing the gap between code and cloud.

Here is how the joint solution transforms your security workflow from the first line of code to runtime:

1. Catch issues early by shifting left: Tenable integrates security into infrastructure-as-code (IaC) and CI/CD pipelines, while OX identifies vulnerabilities in code and ties them to exploitability in production with its static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA) capabilities. This ensures security is maintained from the first line of code, which is critical as our recent “Cloud and AI Security Risk Report 2026” found that 86% of organizations are hosting third-party code packages with critical-severity vulnerabilities.
2. Full lifecycle visibility with traceability from code to cloud: This consolidated approach provides true DevSecOps by embedding security across the entire lifecycle. OX correlates Tenable's findings to their originating service and build pipeline using a unified code-to-cloud asset graph, eliminating the blind spots that often hide in the transition from development to production.
3. Smarter prioritization: Tenable Cloud Security provides the foundational risk layer by correlating misconfigurations, vulnerabilities, and excessive permissions through its industry-leading vulnerability intelligence. OX adds application-level context and reachability analysis to validate which risks are actually exposed through production code paths. Together, they neutralize the “exposure paths” that lead to sensitive data, allowing teams to remediate based on the highest business impact rather than generic severity.
4. Accelerated remediation by routing to the right team: Identify the relevant owner for every finding directly within developer workflows. The integration pinpoints the exact line of code and the developer responsible for the fix, ensuring every alert is pre-assigned to the correct team with repository location, commit history, and risk-based priority. This integration aligns cloud security, AppSec, and engineering around shared priorities, reducing mean-time-to-remediation (MTTR) without unnecessary tool switching or handoffs.
5. Strategic exposure management: Maintain ongoing insight into app-level vulnerabilities and entitlements. This complements Tenable’s broader exposure management strategy, helping you manage the 82% of cloud workloads that currently run with known, exploited, and critical CVEs.
    

Pairing Tenable Cloud Security and OX provides code-to-cloud security across the software lifecycle 

OX protects applications throughout their lifecycle, providing deep context to application exposures. It helps teams focus on critical AppSec issues that are exploitable, reachable, and truly impactful. 

With OX, AppSec and DevOps teams can:

• Stay in control with continuous visibility and remediation: Pinpoint app-level vulnerabilities, misconfigurations, and excessive permissions. By identifying the specific line of code and developer ownership, OX enables proactive fixes for unprotected apps.
• Prioritize with real context: Enrich runtime attack data with application context and reachability analysis to understand the root cause and target what’s truly exploitable across code, containers, and cloud configurations.
• Automate policy enforcement: Automatically fine-tune runtime protection policies based on known attack patterns and discovered weaknesses.

Part of the Tenable One exposure management platform, Tenable Cloud Security is a powerful cloud native application protection (CNAPP) solution that consolidates tools and quickly closes security gaps. It provides unified cloud security for multi-cloud and hybrid environments, pairing with the Tenable One platform to provide a single view of risk across the entire attack surface.

With Tenable Cloud Security, CISOs, DevOps and security teams can:

• See it all: Agentlessly discover every cloud asset, configuration, and identity—from IaC templates through runtime—and prioritize risks by real business impact.
• Shrink the attack surface: Continuously detect vulnerabilities, misconfigurations, and toxic privilege combinations while staying aligned with frameworks like those from the Center for Internet Security (CIS), the U.S. National Institute of Standards and Technology (NIST), and the Payment Card Industry Data Security Standard (PCI DSS).
• Right-size permissions and control access: Use cloud identity entitlement management (CIEM) to fine-tune permissions, eliminate standing privileges, and enforce just-in-time (JIT) access.
• Safeguard sensitive data and AI assets: Automatically find and classify sensitive data, such as personally identifiable information (PII) and AI assets, including models, training datasets and inference endpoints, using built‑in data security posture management (DSPM) and artificial intelligence security posture management (AI‑SPM).

Leading organizations are already combining Tenable Cloud Security and OX to unify cloud and application security, harden their environments, and reduce risk end-to-end. By connecting cloud risk to the exact code and developer responsible, this partnership eliminates ownership confusion and stops critical threats before they reach production.
 

• Book a demo with Tenable
• Read about Tenable Cloud Security
• Book a demo with OX
• Read about Ox AppSec

Cobalt has released new AI capabilities for continuous pentesting. Delivered through the Cobalt Offensive Security Platform, these next-generation components integrate AI with human pentesters and more than a decade of proprietary pentesting intelligence to accelerate the speed, scale, and depth of offensive security programs. Attackers are increasingly using AI to automate reconnaissance, vulnerability discovery, and exploitation. At the same time, development practices are accelerating release velocity and expanding the attack surface across APIs, microservices, cloud … More →

The post Cobalt adds continuous pentesting AI capabilities to scale offensive security and real-world risk appeared first on Help Net Security.

Ubiquiti has disclosed two critical-to-high severity vulnerabilities in its widely deployed UniFi Network Application, including a maximum-severity flaw that could allow unauthenticated attackers to seize full control of underlying systems. Organizations running affected versions are urged to patch immediately. CVE-2026-22557: Path Traversal Enables Full System Compromise The more severe of the two flaws, tracked as […]

The post Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems appeared first on Cyber Security News.