New and enhanced OS vulnerability detections
Mondoo now supports the latest Linux distributions with support for Fedora 42, Raspbian 13, Ubuntu 25.04, RHEL Extended Update Support (EUS), and Enhanced Extended Update Support (E4S). Detection of vulnerabilities on Windows systems has been improved with support for Microsoft Exchange SU updates and improved .NET Framework detection, ensuring Mondoo always recognizes the latest features, packages, and updates installed on your systems.
Expanded vulnerability detection for third-party applications
Third-party application vulnerability scanning is vital because any security vulnerabilities in these applications can be an entry point for bad actors. That’s why we’re excited to share that we’ve greatly expanded coverage for common third-party applications found on both servers and employee workstations. In addition to covering common applications such as Firefox, Chrome, Edge, Nginx, and Exchange Server, Mondoo now also detects vulnerabilities in the following applications:
- Bitwarden
- Cisco Webex
- Docker Desktop
- FortiClient
- GitHub Desktop App
- LibreOffice
- TeamViewer
- VMware Tools
- Notepad++
- Firefox ESR releases on macOS
- 7zip
- Ollama
- JetBrains IDEs
- Oracle JDK on Windows
- Adobe products with Adobe advisories such as Acrobat Reader, Photoshop, InDesign, and Illustrator

Model Context Protocol (MCP) security
MCP is powerful in that it allows AI agents to autonomously interact with external tools and data. However if not properly secured, it can introduce significant risks like prompt injection, data breaches, and the execution of unauthorized commands by malicious actors.
That is why we’ve now added new experimental MCP security capabilities using cnquery’s AI provider and our new Mondoo Model Context Protocol (MCP) security policy. Stay tuned for more updates while we build out this functionality.

Support for BSI SYS 1.5 and DORA compliance frameworks
In September we added support for two important frameworks in Germany and the EU:
BSI SYS 1.5 Virtualisierung
BSI SYS.1.5 Virtualisierung refers to a specific requirement within the BSI IT-Grundschutz (German Federal Office for Information Security baseline protection) standard that deals with the security requirements and implementation of virtualized systems. It is mandatory for German Federal government agencies and Operators of Critical Infrastructures (KRITIS). For private companies and other organizations, adopting IT-Grundschutz is voluntary but strongly recommended. Mondoo now includes out-of-the-box policies that check for compliance with BSI SYS 1.5.
Digital Operational Resilience Act (DORA)
DORA is a comprehensive European Union (EU) regulation that mandates all financial entities operating in the EU to enhance their digital operational resilience and cybersecurity. It introduces a harmonized approach to risk management, incident reporting, testing, and oversight of third-party technology providers across the EU's financial sector, with the goal of preventing and recovering from significant digital disruptions. Mondoo now

Track findings, no matter what type
A Mondoo finding is now a finding no matter what type of finding it is. This eliminates the need for dedicated vulnerabilities, advisories, and checks tabs on assets as we simply show the findings for the asset. New filtering by type allows users to dive into specific types of findings still if they need to.

Quick access to CVE remediations
When a CVE doesn’t include remediation data, but the vendor advisory does, we now directly show the remediation information on the CVE finding page. In the past we included a link to the advisory from the CVE page, but that required some awkward extra clicks and was overall funky at best. Now the necessary remediation is directly available in the Mondoo remediation section.

Find and fix the security risks that pose the biggest threat to your business.
Ready to leave your attackers in the dust?
Mondoo v12
This month we’re excited to announce that we’ve implemented the next major release of Mondoo: version 12.0. This version includes some major scanning improvements, providing even deeper visibility into your environment, as well as cnspec usability improvements.
Cloud resource discovery by default
Gain deeper visibility and control over your cloud environments with enhanced resource discovery by default. Command line scans now automatically enumerate individual cloud resources, matching the comprehensive asset discovery previously exclusive to platform integrations. Instead of seeing a single asset for your cloud account, you now get detailed insights into each resource, making it easier to pinpoint issues, create precise exceptions, and accelerate remediation with clearer query results.
For those running in GCP, we’ve also added five new platforms to make scan results easier to view and remediate:
- gcp-sql-mysql
- gcp-sql-postgresql
- gcp-sql-sqlserver
- gcp-dns-zone
- gcp-kms-keyring
Simplified command line output
Focus on what matters with simpler command line output by default. cnspec now skips data queries and compliance framework results by default so you can focus on vulnerabilities and misconfigurations. Output now also uses the same 0-100 scoring threshold displayed in the console, so results match no matter where you view your scans.
Improved Terraform resource querying
This update streamlines how you query Terraform resources, making it easier to access the data you need. Instead of complex filtering, you can now directly reference resources by type or name, reducing query complexity and improving readability.
For example with this simple HCL file:
resource "aws_instance" "example-1" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
resource "aws_instance" "example-2" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
You can now find the right resources with simpler one line queries:
# return all the "aws_instance" resources:
terraform.resources("aws_instance")
# return a specific resource by name:
terraform.resources("aws_instance", "example-1")
# return resources via a regular expression:
terraform.resources(/aws_/)
# return resources by type and name with a combination of strings and regular expressions:
terraform.resources("aws_instance", /example-[0-9]+/)
We’ve also removed a number of MQL resource fields that had previously been deprecated. All out-of-the-box policies have been updated for full v12 compatibility. Learn more about all changes in our Mondoo 12.0 is out! release notes.
New and updated policies and benchmarks
Security guidance is changing at a blistering pace and at Mondoo we’re continuously updating policies to match the latest CIS recommendations. The updated policies include new checks to match the latest attack vectors and updated remediations to match vendor UI and CLI experiences.
Updated policies:
- CIS VMware ESXi 8.0 Benchmark updated from 1.1 to 1.2
- CIS AIX 7 Benchmark updated from 1.0 to 1.1
- CIS Google Cloud Platform Foundation Benchmark updated from 3.0 to 4.0
- CIS Apple macOS 14.0 Sonoma Benchmark updated from 2.0 to 2.1
New policies:
- CIS Microsoft Azure Compute Services Benchmark 1.0
- CIS Microsoft Azure Database Services Benchmark 1.0
- CIS Cisco IOS XE 17.x Benchmark 2.2.1
- CIS Cisco IOS XR 7.x Benchmark 3.0
- CIS Microsoft Intune Windows 10 Benchmark 4.0
- CIS Microsoft Intune Windows 11 Benchmark 4.0
- VMware vSphere Security Configuration Guide 8 Benchmark
Scale secure deployments with Workload Identity Federation (WIF)
Workload Identity Federation (WIF) allows applications and services (workloads) to securely authenticate to cloud platforms and other services using short-lived tokens instead of managing long-lived credentials like API keys or passwords. This month we added WIF support for GitHub, Google Cloud and Microsoft Entra ID allowing you to easily deploy Mondoo to thousands of assets without the pain of credentials management. Implementing WIF also lowers the risk of leaked secrets since it uses temporary tokens.

Stay on top of exceptions
This month we added further features to our exceptions, including improved filtering, email notifications, and more extensive user roles:
- Filtering to better find exceptions: New filtering capabilities on the exceptions page allow you to quickly find the exceptions that need your attention with filtering on exception type, status, and expiration date.
- Email notifications: Receive an email notification when an exception you created is going to expire in the next 72 hours or when an exception is created that requires your review.
- Fine grained control of user roles: Want exact control over what users can do in orgs and spaces? Now you have it with additional fine grained roles that can be layered on top of the viewer role. Allow users to manage tickets or exceptions without giving them the ability to delete assets or upload policies. You’re choice.

That’s a wrap for September. We’re already working on some great things for October, so be sure to check back next month!