Your Cloud Detection Strategy in 2026: What to Expect at the Global Cybersecurity Summit

Cloud environments have changed how security teams detect and respond to threats. Signals come from more places, identities are harder to track, and attacks rarely stay within a single system. For many teams, the challenge is no longer visibility. It is having the risk context to understand what...

Exploit for Incorrect Default Permissions in Amazon Amplify_Cli

skycenter Attack Chain Security Analysis Engine for AWS, Azure...

Before the Breach: When digital footprints become a strategic cyber risk

Overview For years, organizations have prioritized strengthening technical defenses, including hardening networks, accelerating patch management, and expanding endpoint detection and response capabilities. Defensive systems have become more adaptive, identity has moved to the center of security...

Exposure Management vs Vulnerability Management: Key Differences

Is your security program truly reducing risk, or is it just getting really good at patching? This question is at the heart of the exposure management vs vulnerability management debate. A traditional approach can tell you that a door has a weak lock, but it can't tell you if that door leads to a...

7 Steps to Improve Cyber Exposure Visibility

Attackers don’t look for the strongest part of your defense; they look for the one you forgot about. An unmanaged server, a misconfigured cloud service, or an employee’s unsecured home device can become their front door. Poor cyber exposure visibility creates these hidden entry points. The best w...

What Security Teams Need to Know as PHP and IoT Exploits Surge

Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...

Hackers Exploit Cloud Misconfigurations to Spread Malware

Veriti Research reveals 40% of networks allow 'any/any' cloud access, exposing critical vulnerabilities. Learn how malware like XWorm…...

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalenc...

Qualys Named a Leader in KuppingerCole CSPM Report

Cloud Security Posture Management CSPM is a crucial requirement in cloud security. CSPM is all about identifying misconfiguration issues and compliance risks in cloud environments. Since cloud misconfigurations are the leading cause of data breaches, you want an excellent CSPM solution on your...

Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

Microsoft shifts to a comprehensive SaaS security solution

Software as a service SaaS apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging to manage1 and have identified cloud...

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses Web...

Cloud Complexity Requires a Unified Approach to Assessing Risk

There has been an unprecedented acceleration in the shift to the cloud as a result of the COVID-19 pandemic. McKinsey experts estimate companies have moved to the cloud “24 times faster ... than they thought” over the past two years. As organizations move quickly to scale, drive innovation, and...

[Infographic] Cloud Misconfigurations: Don't Become a Breach Statistic

!\Infographic\ Cloud Misconfigurations: Don't Become a Breach Statistichttps://blog.rapid7.com/content/images/2022/05/miconfigurations-infographic-clip2.jpg No one wants their company to be named in the latest headline-grabbing data breach. Luckily, there are steps you can take to keep your...

2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends

Every year, Rapid7's team of cloud security experts and researchers put together a report to review data from publicly disclosed breaches that occurred over the prior year. The goal of this report is to unearth patterns and trends in cloud-related breaches and persistent exposures, so organizatio...

Rapid7 Recognized as Top Ranked in Current Offering Category in Forrester Wave™ for Cloud Workload Security

The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. But the speed of those changes, combined with the increased volume and complexity of resources in cloud environments, often forces...

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

Common Cloud Misconfigurations Exploited in Minutes, Report

Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...

100M Android Users Hit By Rampant Cloud Leaks

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. That’s according to Check Point Research, whose researchers found that emails, chat messages, location data, passwords, photos, personal...