32Critical166Important0Moderate0LowMicrosoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days.Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs that were already addressed …
T
Tenable Nessus
Tenable · Vulnerability Management
The world's most widely deployed vulnerability scanner
Overview
Tenable Nessus is a vulnerability scanner that identifies security weaknesses across your network, servers, endpoints, cloud infrastructure, and web applications. Nessus Essentials is free for up to 16 IPs; Nessus Professional covers unlimited scanning for SMBs.
UK Pricing
Nessus Essentials: Free (16 IPs). Nessus Professional: ~£3,200/yr. Tenable.io for enterprise.
Target Size
Any size — Essentials free tier suitable for smaller environments
Why Use It
Nessus is the benchmark vulnerability scanner. For UK businesses aiming for Cyber Essentials Plus or ISO 27001, regular vulnerability scanning is required — Nessus provides the audit trail and compliance reports needed.
Why Not
OpenVAS (free) and Qualys (cloud-native) are alternatives. If you're already in the Microsoft ecosystem, Defender Vulnerability Management (included in MDE Plan 2) may remove the need for a separate scanner.
Pros & Cons
Pros
- Industry-standard vulnerability detection — most comprehensive plugin library
- Free Essentials tier for small environments
- Covers network devices, servers, cloud, containers, and web apps
- Clear severity ratings with CVSS scores and remediation guidance
- Audit and compliance templates for CIS, DISA, GDPR, and more
Cons
- Scanning can impact network performance if not scheduled carefully
- Professional licence is expensive for SMBs vs. free alternatives
- Results require skilled interpretation to prioritise effectively
- No built-in remediation workflow — integrates with ticketing tools
- Cloud-native environments require Tenable.io (higher cost)
How to Get the Most Out of It
- Run credentialed scans — they find 2–5x more vulnerabilities than unauthenticated scans
- Schedule scans during off-peak hours to minimise network impact
- Integrate with your ticketing system (Jira, ServiceNow) to auto-create remediation tickets
- Use compliance templates to scan against Cyber Essentials and CIS Benchmark controls
- Prioritise remediation by EPSS (exploitability) score, not just CVSS severity
AI: What's New
Claude AI# What's New with Tenable Nessus
• **Faster patch management coverage** – With Microsoft's June 2026 Patch Tuesday dropping 198 CVEs and Oracle releasing 35 critical patches, you'll want Nessus's latest plugin updates to scan for these immediately. The tool is staying current on federal compliance requirements too, which matters if your organization touches government work.
• **AI-focused vulnerability detection** – Tenable's partnership with Anthropic (Project Glasswing) signals Nessus is evolving to catch AI-era attack vectors, particularly supply chain exploits like the new npm "download pumping" technique. Expect new scan templates designed to detect exposed AI infrastructure and unconventional attack surfaces beyond traditional vulnerabilities.
• **Exposure management emphasis over raw scanning** – The messaging has shifted from just finding CVEs to mapping where threats, vulnerabilities, and your actual exposed assets intersect in your environment. As an admin, this means Nessus scans are increasingly integrated into a broader exposure management workflow—focus on prioritizing what's actually exploitable in *your* network, not just cataloging everything.
Latest News
All →On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help.Key takeaways:The new…
By participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models behave, their evolving risks and benefits for cybersecurity, and the kinds of controls organizations will need as AI adoption accelerates.Key tak…
Tenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, where he talked with global leaders about new game-changing AI threats and the groundbreaking benefits of exposure management.Key takeawaysThe pa…
Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates.Key TakeawaysThe May 2026 Critical Security Patch Update (CSPU) contains fixes for 35 unique CVEs in 35 security updates11 issues (31.4% of all patches) were assigned a critical sev…
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.Key takeawaysVolume doesn’t equal trust. Packages with numerous versions and high download counts might seem legitimate, but …
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prior…
Cybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures. Key takeawaysAs frontier AI m…