What Is CAASM? Cyber Asset Attack Surface Management Explained

Your security team runs scans from five different tools. Each one gives you a different number of assets, a different count of vulnerabilities, and a different view of your risk. Meanwhile, your CMDB is outdated, shadow IT keeps expanding, and nobody can confidently answer a basic question: "What...

Langflow Detection

A Langflow Python library is installed on the remote host. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid303796; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/03/26"; scriptnameenglish:"Langflow Detection";...

From Shadow Models to Audit-Ready AI Security: A Practical Path with Qualys TotalAI

Key Takeaways AI security demands a paradigm shift, treating models, endpoints, and integrations as dynamic attack surfaces requiring continuous governance. Inventory-driven visibility is foundational to managing AI sprawl, uncovering hidden assets, and aligning security with innovation velocity...

7 Steps to Improve Cyber Exposure Visibility

Attackers don’t look for the strongest part of your defense; they look for the one you forgot about. An unmanaged server, a misconfigured cloud service, or an employee’s unsecured home device can become their front door. Poor cyber exposure visibility creates these hidden entry points. The best w...

What Is Attack Surface Mapping And Why It’s Critical To your Security Program

You might think an attack surface mapper is just another name for a vulnerability scanner, but they serve two very different purposes. A scanner tests the assets you already know about for specific weaknesses. An attack surface mapper answers a more fundamental question: What assets do I even hav...

Cloud Attack Surface Management Mapping 101

Before an attacker launches an assault, they do their homework. Their first step is to meticulously map your digital footprint, searching for the path of least resistance—an exposed database, an unpatched server, or a forgotten subdomain. The reality is that your attack surface is already being...

CISA and UK NCSC Release Joint Guidance for Securing OT Systems

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology OT Architecture. Building...

CISA: Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

This guidance outlines a process for OT owners and operators to create an asset inventory and OT taxonomy. This process includes defining scope and objectives for the inventory, identifying assets, collecting attributes, creating a taxonomy, managing data, and implementing asset life cycle...

Between Buzz and Reality: The CTEM Conversation We All Need

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it mean...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability of the GLPI system’s request, incident, and asset inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows attackers who operate remotely to carry out attacks using cross-site scripting XSS...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious actor to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management systems lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

Microsoft RD-Agent Detection

A Microsoft RD-Agent Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208138; scriptversion"1.6";...

AIM Detection

An AIM Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'xcompat.inc'; if description scriptid208127; scriptversion"1.5";...

Introducing the Rapid7 Command Platform

Integrated Security Operations for the Next-Generation Attack Surface As cybercrime and attack surfaces have sprawled, Rapid7 has been able to grow with our customers because we are relentlessly focused on relevance. The way we see it, relevance doesn’t mean aligning to market definitions of...

#StopRansomware: ALPHV Blackcat

Actions to take today to mitigate against the threat of ransomware: 1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software. 2. Prioritize remediation of known exploited vulnerabilities. 3. Enable and enforce multifactor authentication with stro...

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to gain access to the administrator account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow a malicious actor to gain control of the administrator’s account remotely...

Ensuring Compliance with DORA: How Qualys Solutions Can Help

Introduction The Digital Operational Resilience Act DORA is a new regulation implemented by the European Union to ensure the stability and security of the financial sector. Coming into effect in 2022, DORA mandates enhanced cybersecurity and operational resilience standards for financial...