October 2025 Release Notes
Copy link

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: October 6th, 2025

What’s New
Copy link

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Risk
Copy link

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Simplify compliance with risk-aware visibility
Copy link

Cloud Security (InsightCloudSec) now offers a modernized Risk-Aware Compliance experience that makes it easier to identify and remediate misconfigurations in the cloud. This new interface provides a consistent, user-friendly view across compliance features, helping you quickly assess compliance posture and adopt new capabilities more effectively.

With this capability in Findings > Misconfigurations, you can:

  • Benefit from significantly improved performance for faster risk analysis and compliance assessments.
  • Easily detect misconfigured assets in relation to the compliance standards that matter most to your organization.
  • Visualize exemption status to optimize workflows and reduce manual overhead.
  • Leverage enhanced tag visibility to manage and organize cloud infrastructure more effectively.

Accelerate risk reduction with Remediation Hub
Copy link

Starting in August 2025, all Vulnerability Management (InsightVM) customers gained access to Remediation Hub, a centralized workspace that delivers a prioritized list of high-impact remediation actions. Powered by our threat-aware Active Risk Score, Remediation Hub helps security teams focus on the changes that drive the greatest risk reduction.

With this capability in Response & Remediation > Remediation Hub, you can:

  • Resolve large volumes of vulnerabilities at once by focusing on remediation solutions that address them in bulk.
  • Rely on intelligent logic to identify the most effective fix and reduce duplicated effort.
  • Direct remediation teams to the actions with the greatest security impact.

Smarter filters and deeper insights in Remediation Hub
Copy link

Security teams often need to cut through noise, meet SLAs, and streamline patching across complex environments. With enhanced filtering and richer context in Remediation Hub, you can focus on the vulnerabilities that matter most, align remediation efforts with business priorities, and plan patches with greater confidence.

With this update in Response & Remediation > Remediation Hub, you can:

  • Filter by CVSS score to see only remediations that address vulnerabilities meeting or exceeding your selected severity threshold.
  • Filter by Active Risk score to quickly identify and prioritize vulnerabilities that present the most risk to your environment.

Top of page

Threat
Copy link

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Enhance threat coverage with migrated detection rules
Copy link

The SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 4 legacy rules as part of our ongoing effort to unify and strengthen your detection experience.

With these updates available in Detection Rules > Detection Rule Library, you can:

  • Stay ahead of emerging threats – detect high-risk activities such as watched or admin-led password resets with new rules.
  • Streamline rule management – view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
  • Improve response efficiency – gain faster insight into potential threats with consistent rule access.

Migrated Legacy Rules:

  • Account Visits Suspicious Link.
  • Ingress from Community Threat.
  • Network Access for Threat.
  • Suspicious Process Hash Discovered.

Top of page

Improvements and Fixes
Copy link

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider
Copy link

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)
Copy link

Release availability for self-hosted users

Self-hosted users will be able to download 25.10.7 version on October 14th from the following locations:

  • Terraform deployments: Public S3 bucket . Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery 

Version 25.10.7
Copy link

Software release date: October 7, 2025 | Release notes published: October 6, 2025

Improved

  • Misconfigurations page is now in Phase 2 (Modern UI is default, revert option is available).
  • Added support for AWS GovCloud in ServiceEventBusHarvester and ServiceEventRuleHarvester.
  • Enhanced secret detection with new regex pattern for identifying AWS API Keys within Environment Variables when searching for Secrets in Plaintext.
  • Added support for the new AWS resource CodeDeploy Application with CodeDeployApplicationHarvester.
    • New permissions required:
      • codedeploy:ListApplications
      • codedeploy:GetApplication
  • Enhanced WebAppHarvest harvester to properly handle AuthorizationFailed errors by setting http20_enabled value to null instead of defaulting to True.
  • Updated User Management interface text from “Lock/Unlock” to “Suspend/Activate” for improved clarity.
  • Updated Recommended Remediation steps for insights:
    • Instance Containing Sensitive Information In User Data (AWS)
    • Instance Containing Sensitive Information In User Data Outside of Autoscaling Group (AWS)
  • Revised AWS onboarding script with enhanced features and additional configuration options.

Fixed

  • Fixed Tag Explorer UI scoping issues that were affecting resource filtering.
  • Hidden Actions and Reconfigure buttons on BotFactory page (Modern UI) for users with Read Only permissions.
  • Resolved Layered Context click handler issues on Applications that were causing broken view states.
  • Restored Badges Dropdown functionality in the Clouds tab within Resource Scope panel.
  • Fixed Tag Explorer interaction issues with the Scopes panel that were preventing proper filtering operations.

BotFactory UI

Starting in October 2025, we will begin a gradual removal of the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for the beginning of November.

Attention: There will be no release during the week of October 13. The next release will be on October 21, 2025.

Upcoming changes for 25.10.21

The following extensions will be removed from QF “Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed”:

  • LinuxAgent.AzureSecurityCenter
  • WindowsAgent.AzureSecurityCenter

The following extensions will be added:

  • MDE.Linux
  • MDE.Windows

Impact: As a result, the “Instance Without Vulnerability Assessment Extension” insight will no longer check for the deprecated extensions and will include the new MDE extensions. These changes may potentially affect the results of existing bots that rely on this Insight or Query Filter.

Reason for this change: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making these extensions obsolete.

Top of page

SIEM (InsightIDR)
Copy link

No updates released at this time.

Top of page

InsightVM
Copy link

Vulnerability Management (InsightVM)
Copy link

Version 8.23.0
Copy link

Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025

Improved:

  • Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
  • A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
  • Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
  • Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.

Fixed:

  • Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.

Top of page

Nexpose
Copy link

Version 8.23.0
Copy link

Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025

Improved:

  • Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
  • A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
  • Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
  • Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.

Fixed:

  • Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.

Top of page

Digital Risk Protection (Threat Command)
Copy link

No updates released at this time.

Top of page