Fake Tenable / Qualys vulnerability management platform subscription payment failed, licenses suspended, vulnerability scanning disabled, or Nessus and asset management access no longer active phishing

Phishing emails impersonating Tenable or Qualys claiming the vulnerability management platform subscription payment has failed, licenses are suspended, vulnerability scanning is disabled, or Nessus and asset management access is no longer active — directing victims to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting the vulnerability management layer that is the foundation of every security compliance program: Tenable and Qualys are the two dominant vulnerability management platforms used by enterprises to continuously discover, assess, and prioritize security vulnerabilities across all assets — a suspension email claiming scanning is disabled creates immediate compliance program risk because organizations running PCI DSS, SOC 2, ISO 27001, HIPAA, or FedRAMP programs have quarterly or continuous scanning requirements that cannot be met with a suspended Tenable/Qualys account. Key facts: (1) Tenable serves 44,000+ customers ($10,000-$500,000+/year) including 60% of the Fortune 500 as the vulnerability management platform that invented the continuous assessment model — Tenable's product line includes Tenable.io (cloud-based), Tenable.sc (on-premises, formerly SecurityCenter), Nessus Professional (individual use), Nessus Essentials (free), and Tenable OT Security (operational technology); Nessus is the world's most widely deployed vulnerability scanner, and 'Nessus licenses are no longer active' is immediately recognizable to every security administrator who has managed a Tenable deployment; (2) The 'vulnerability scanning and asset management disabled' hook creates a specific compliance urgency: PCI DSS Requirement 11.3 mandates quarterly internal and external vulnerability scans; a Tenable or Qualys suspension that disrupts the quarterly scan cycle creates a formal PCI compliance gap that must be remediated before the next QSA audit; for organizations in their QSA audit window, a scanning suspension is an immediate audit finding; (3) Qualys serves 10,000+ customers ($20,000-$1,000,000+/year) including Fortune Global 500 companies as the cloud-native vulnerability management platform — Qualys VMDR (Vulnerability Management, Detection and Response) combines asset discovery, vulnerability assessment, prioritization, and remediation tracking in a single SaaS platform; Qualys TotalCloud provides cloud security posture management alongside vulnerability scanning; a Qualys subscription suspension takes offline both vulnerability scanning AND cloud security monitoring simultaneously, creating a compound compliance gap; (4) The Tenable.io / Tenable.sc subscription suspension hook targets security operations teams at a uniquely high-urgency moment: Tenable vulnerability scans run on defined schedules (daily credentialed scans for PCI, weekly scans for general systems, monthly scans for servers in restricted segments); a suspension email arriving on the Monday of a scheduled weekly scan creates immediate operational disruption because the scan engine cannot authenticate and the weekly report cannot be generated for the security team's Tuesday review meeting; (5) Tenable and Qualys credentials expose the complete vulnerability and asset intelligence architecture: every discovered asset in the organization with its operating system, open ports, and installed software (the complete IT asset inventory), every known vulnerability ranked by CVSS score and exploitability including the zero-days and critical CVEs currently unpatched, all credentialed scan configurations including the service account credentials used to authenticate against servers and databases, custom compliance policies defining the exact security baselines against which every system is measured, and the API credentials used to integrate Tenable/Qualys with ticketing systems (ServiceNow, Jira), SIEM platforms, and patch management tools. Warning signs: sender not tenable.com or qualys.com; genuine Tenable billing at tenable.com/account; Qualys billing at qualys.com/portal.