117 matches found
Google Fined $379 Million by French Regulator for Cookie Consent Violations
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million €325 million and $175 million €150 million, respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent, the National...
PT-2025-32467 · Unknown · Litmuschaos
Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos Litmus due to improper control of resource identifiers resulting from the manipulation of the projectID argument. This issue can be exploited...
PT-2025-32445 · Vsftpd +1 · Vsftpd +1
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...
Understanding Malware Propagation Dynamics through Scientific Machine Learning
Accurately modeling malware propagation is essential for designing effective cybersecurity defenses, particularly against adaptive threats that evolve in real time. While traditional epidemiological models and recent neural approaches offer useful foundations, they often fail to fully capture the...
CVE-2024-12364
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the...
KCLNet: Physics-Informed Power Flow Prediction Via Constraints Projections
In the modern context of power systems, rapid, scalable, and physically plausible power flow predictions are essential for ensuring the grid's safe and efficient operation. While traditional numerical methods have proven robust, they require extensive computation to maintain physical fidelity und...
AdRo-FL: Informed and Secure Client Selection for Federated Learning in the Presence of Adversarial Aggregator
Whitepaper called AdRo-FL: Informed And Secure Client Selection For Federated Learning In The Presence Of Adversarial Aggregator...
Alignment under Pressure: the Case for Informed Adversaries When Evaluating LLM Defenses
Large language models LLMs are rapidly deployed in real-world applications ranging from chatbots to agentic systems. Alignment is one of the main approaches used to defend against attacks such as prompt injection and jailbreaks. Recent defenses report near-zero Attack Success Rates ASR even again...
Linux Distros Unpatched Vulnerability : CVE-2025-0447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML...
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
The Indian government has published a draft version of the Digital Personal Data Protection DPDP Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau PIB sa...
What’s New in Qualys VMDR: 2024 Edition
Let us quickly recap the features released in Qualys Vulnerability Management, Detection & Response VMDR in 2024 and understand their use cases and benefits. Every quarter, the Qualys Product Management team collaborates with multiple customers worldwide, develops innovative solutions that addres...
Google Abandons Plan to Phase Out Third-Party Cookies in Chrome
Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we would introduce ...
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...
Top MITRE ATT&CK Tactics and Techniques Leveraged in 2023
The Qualys Threat Research Unit has mapped vulnerabilities and misconfigurations to the MITRE ATT&CK framework tactics and techniques to help you get the attacker’s view. They have also analyzed vulnerabilities and misconfigurations across all our customers to find the top tactics and techniques...
Building a Robust Threat Intelligence with Wazuh
Threat intelligence refers to gathering, processing, and analyzing cyber threats, along with proactive defensive measures aimed at strengthening security. It enables organizations to gain a comprehensive insight into historical, present, and anticipated threats, providing context about the...
Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk
Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023. The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow...
Azure vs. AWS Developer Tools Guide
Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...
Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically
We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...
Azure vs. AWS Developer Tools Guide
Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...
Threat-informed defense: The evolution of red teaming in cybersecurity
While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...