Qualys vs Hive Pro: How They Compare on Key Features

Finding vulnerabilities is only half the battle. How do you know which ones pose a real, immediate threat to your organization? A high CVSS score doesn't always translate to high risk in your specific environment. This is where Breach and Attack Simulation BAS comes in, actively testing your...

Quantigence: A Multi-Agent AI Framework for Quantum Security Research

Cryptographically Relevant Quantum Computers CRQCs pose a structural threat to the global digital economy. Algorithms like Shor's factoring and Grover's search threaten to dismantle the public-key infrastructure PKI securing sovereign communications and financial transactions. While the timeline...

EUVD-2016-6683

Malware in sbrugna...

PT-2025-39339

CVE-2025-00123 UNDER DEVELOPMENT - USE AT YOUR OWN RISK!!! Enhanced Incident Summary Report Executive Summary On September 18, 2025, a medium-severity incident Risk Score https://t.co/mYu56R5gA4...

PT-2025-39340

CVE-2025-00456 UNDER DEVELOPMENT - USE AT YOUR OWN RISK!!! Enhanced Incident Summary Report Executive Summary On September 18, 2025, a medium-severity incident Risk Score https://t.co/DGZmVvA9zF...

Security Bulletin: Vulnerability in Open Neural Network Exchange (ONNX) affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Open Neural Network Exchange ONNX has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-5187 DESCRIPTION: Open...

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

Updates to Layered Context Enable Teams to Quickly Understand Which Risk Signals Are Most Pressing

Layered Context introduced a consolidated view of all security risks insightCloudSec collects from the various layers of a cloud environment. This enabled our customers to go from visibility into individual security risks on a resource, to understanding all of the risks that impacted that resourc...

Introducing Active Risk

Cyber risk is increasing both in volume and velocity. Given the landscape of threats, weaknesses, vulnerabilities, and misconfigurations, organizations, teams and vulnerability analysts alike need of better prioritization mechanisms. That's why we developed a new risk scoring methodology: Active...

CVE-2023-34362 – MOVEit Transfer – An attack chain that retrieves sensitive information

MOVEit Transfer is a popular secure file transfer solution developed by Progress, a subsidiary of Ipswitch. At the moment, there are more than 2,500 MOVEit Transfer servers that are accessible from the internet, according to Shodan. On May 31, 2023, Progress released a security advisory affecting...

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources. First, we are providing a ClamAV signature that detects this threat -- the rule can be found on our GitHub here and can be leveraged anywhere ClamAV...

Patch Where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...

A Deep Dive into VMDR 2.0 with Qualys TruRisk™

The old way of ranking vulnerabilities doesn’t work anymore. Instead, enterprise security teams need to rate the true risks to their business. In this blog, we examine each of the risk scores delivered by Qualys TruRisk, the criteria used to compute them, and how they can be used to prioritize...

Aflac Reduces Critical Vulnerabilities by 55% with Qualys VMDR 2.0 with TruRisk

The following is a guest blog by Aflac, a Qualys VMDR customer, on their recent experience completing a Proof of Concept project for the newly release VMDR 2.0 with Qualys TruRisk. About Aflac Aflac Inc. NYSE: AFL is an insurance leader and the largest provider of supplemental insurance in the...

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

Threat Advisory: Spring4Shell

UPDATE, APRIL 4, 2022: The Kenna Risk Score for CVE-2022-22965 is currently at maximum 100. This is an exceptionally rare score, of which only 415 out of 184,000 CVEs or 0.22 percent have achieved, reflecting the severity and potential effects of this vulnerability. To get a risk score this high...

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

The pandemic and remote work shattered your perimeter. Your attack surface has changed — and will keep changing. It’s our mission to help customers strengthen security defenses and stay ahead of evil. As the modern perimeter expands, new and old vulnerabilities emerge as open doors for attackers;...

New Google Scorecards Tool Scans Open-Source Software for More Security Risks

Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source...

Forcepoint and Microsoft: Risk-based access control for the remote workforce

This blog post is part of the Microsoft Intelligence Security Association MISA guest blog series. Learn more about MISA here. Adopting cloud-based services as part of an organization’s digital transformation strategy is no longer optional, its a necessity. Last year, only 18 percent of the...

CVE-2020-24722

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...