Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

New: AI-Powered Patch Reliability Scoring—Predict Patch Impact Before You Deploy

What do advisory USN-7545-1 and Windows updates KB5065426 , KB5063878 , KB5055523 , and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among the most frequently rolled-back patches , in other words, patches that had to be undone after deployment. Rollbacks...

Qualys Recognized as a Leader in the 2025 GigaOM Radar for Patch Management Solutions

With vulnerabilities growing faster than most organizations can keep up with, the need for a smarter, easier way to reduce risk has never been more urgent. That’s why in 2019 Qualys launched Patch Management—the first solution built to reduce risk, not just push software updates. Since then, the...

CVE-2025-8088 WinRAR Exploit: From Zero-Day to Zero-Risk with TruRisk™ Eliminate

The Risk Behind the WinRAR Vulnerability A newly disclosed path traversal vulnerability CVE-2025-8088 in WinRAR leaves millions of Windows systems exposed to attack. This flaw enables adversaries to craft malicious archives that bypass the user’s chosen extraction path, forcing files into...

Remediate WMI Class Corruption Errors with Qualys TruRisk™ Eliminate

When Windows Management Instrumentation WMI classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a...

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market toda...

Qualys Announces TruRisk Eliminate to Augment Patching

About 5 years ago, we launched Qualys Patch Management to empower our customers to not just detect and prioritize vulnerabilities but also effectively remediate them. Since then, we have assisted our customers in addressing hundreds of millions of vulnerabilities, significantly enhancing the...

How Wiz customers are flippin' vulnerabilities this July 4th weekend

Did you know that 40% of all Wiz customers are now in the Zero Critical Club? Here’s how three companies joined their ranks by eliminating critical issues in their cloud environments...

QSC23 – Qualys Announces a Directional Shift to Measure, Communicate, and Eliminate Cyber Risk with New Platform and Solutions

The 2023 Qualys Security Conference QSC started wrapping up on Thursday, November 9th, with two days of new technology announcements, impactful customer use cases, and thought-provoking talks from a host of engaging speakers, including Rachel Wilson, Managing Director at Morgan Stanley and Frank...

CVE-2023-32792

Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of...

GSD-2023-1002214 net: mlx5: eliminate anonymous module_init & module_exit

net: mlx5: eliminate anonymous moduleinit & moduleexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.231 by commit...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ROS-2-2112

2.2112 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

Google Takes Its First Steps Toward Killing the URL

Google wants to get rid of URLs. But first, it needs to show you why...

The Series 5 YubiKey Will Help Kill the Password

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether...

Building a world without passwords

Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that weve been busy at work trying to create a world without them a world without passwords. In this blog, we will provide a brief insight into how we at Microsoft think about solving this...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

SOL11785283 - GnuPG vulnerability CVE-2012-6085

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Oracle: Security Advisory (ELSA-2008-0885)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for kspaceduel FEDORA-2013-10182

Check for the Version of kspaceduel OpenVAS Vulnerability Test Fedora Update for kspaceduel FEDORA-2013-10182 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...