CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

Building your cryptographic inventory: A customer strategy for cryptographic posture management

Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...

Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...

Patch, track, repeat: The 2025 CVE retrospective

Welcome to this week's edition of the Threat Source newsletter. It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 a stunning 132 vulnerabilities per day, the analysi...

Top 10 Cloud Compliance Tools for Enterprise Security and Audit Readiness in 2026

Key Takeaways Cloud compliance has shifted from periodic audits to a continuous operating requirement as hybrid and multi-cloud environments change faster than traditional controls can keep pace. Modern cloud compliance solutions provide continuous, automated compliance monitoring across AWS,...

A new era of agents, a new era of posture

The rise of AI Agents marks one of the most exciting shifts in technology today. Unlike traditional applications or cloud resources, these agents are not passive components- they reason, make decisions, invoke tools, and interact with other agents and systems on behalf of users. This autonomy...

Navigating SEBI’s Cloud Security Requirements: A Guide for Regulated Entities

Overview: Who is impacted: The Securities and Exchange Board of India SEBI is the primary regulatory authority for the securities market in India. It was established to protect investor interests and promote market development, but its guidelines also impact cybersecurity professionals at regulat...

Smarter ITSM Automation with ServiceNow Integration

Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...

CAASM in Action: What It Really Looks Like When It Works

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! You’ve heard the promises. The...

Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management

Security leaders today face a harsh reality: traditional vulnerability management isn’t enough. Threat actors are evolving, attack surfaces are expanding, and organizations need a more proactive approach to stay ahead of risk. Latest research from Gartner, How to Grow Vulnerability Management Int...

The Landmines CAASM Exposes That Your CMDB Pretends Don’t Exist

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Let’s be honest: a lot of the...

Unlock the Boardroom with Cyber Risk: How the Qualys Enterprise TruRisk™ Platform Empowers CISOs

The Changing Landscape for CISOs " If you can't measure it, you can't manage it." - Peter Drucker This timeless adage by Drucker resonates deeply in today's digital era, where managing cyber risks has become a business-critical priority. According to a recent survey from Splunk, Today, nearly 50%...

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...

The Importance of Asset Context in Attack Surface Management.

This is the last of the four blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management ASM Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery covering the foundational elements of Attack...

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response DR practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing...

HHS OIG Report Underscores Challenges of Securing the Cloud

On July 22, 2024, HHS Health and Human Services OIG published a report identifying a need for the Department of Health and Human Services, Office of the Secretary HHS OS to improve key security controls to better protect cloud information systems. The report, while focused on HHS OS, underscores...

Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets

On Wednesday, October 4, 2023, the curl project maintainers announced pre-notification for curl version 8.4.0 to be released on October 11. This version will fix two new vulnerabilities with one high and one low-severity CVE. The prenotification stated that the high-severity issue is arguably the...

Part II: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

In Part I of this three-part blog series, we discussed building a cyber risk metrics program from the ground up. We also discovered how to implement effective strategies for holistically articulating your cyber risk posture across your organization. In our second installment, we’ll delve deeper...

Cyber Asset Attack Surface Management 101

Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi a Rapid7 integration partner. It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management...

CISA BOD 23-01: Meeting and Exceeding CISA Requirements with Qualys

The latest Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency CISA BOD 23-01 requires agencies to implement an essential cybersecurity practice within the next 6 months. While this new mandate impacts agencies directly, it also impacts their supply chain...