1089 matches found
CERT-In’s AI Vulnerability Blueprint: Why Indian CISOs Need Machine-Speed Risk Operations in the Post-Mythos Era
A Qualys India perspective on CERT-In 's blueprint, the post-Mythos threat landscape India faces, and why the operating model needs to change. Key Takeaways Mythos-class AI changes the vulnerability equation from CVE matching to autonomous exploit discovery, turning known, unpatched weaknesses in...
3 Paths to Upgrade Windows 11 before 24H2 End of Servicing (EOL)
Key Takeaways Windows 11 24H2 reaches the end of servicing on October 13, 2026, making timely enterprise upgrades critical. Enterprises often face version drift, with multiple Windows 11 builds across endpoints requiring different upgrade paths. Upgrade approaches vary based on system state and m...
CNAPP’s New Normal: Hyper-Prioritization and Autonomous Remediation at Cloud Scale
AI-powered detection has crossed a threshold. Security teams can now surface vulnerabilities, misconfigurations, and active attack paths at a speed and scale that was unimaginable a few years ago. The problem is no longer finding or knowing risk; it’s closing it fast enough to matter. Cloud...
Oracle Critical Patch Update, June 2026 Security Update Review
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 245 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...
What Changed in OWASP Top 10 2025 and Recommendations for Each Category
Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...
How Federal Agencies Can Activate a Risk Operations Center (ROC) to Meet CISA BOD 26-04
Executive Summary Recognizing the ability of Frontier AI models to discover and exploit vulnerabilities at unprecedented speed and scale, CISA 's Binding Operational Directive BOD 26-04 marks a significant shift in federal vulnerability management. The directive introduces aggressive mandates,...
Turning Millions of Risks Into One Actionable List
Every security leader walks into Monday morning with the same question. The findings are there. The dashboards are running. But out of the thousands of critical vulnerabilities on that list, which ones can an attacker actually use against this organization today? Not in theory. Not in a lab. In...
Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review
Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch...
Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing
The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger point: defenders now have an opportunity to change the economics of cyber risk. For me, the question is not whether AI will influence cybersecurity. It...
From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation
In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build something that did not exist, and what it took to make it real. Turning an operating model into a product sounds straightforward until you ar...
Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike
Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch propagation by up to 92%, reducing WAN bandwidth by 99%+, and helping close critical vulnerabilities before attackers can move. Available now in...
The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
Key Takeaways HazyBeacon CL-STA-1020 targets Southeast Asian government networks by abusing AWS Lambda Function URLs configured with AuthType: NONE as stealth command-and-control relays. Attackers use stolen IAM credentials to deploy Lambda functions that proxy malware communications through...
Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads
Key Takeaways Unsupported software increasingly exists inside container images and Kubernetes workloads, not just traditional infrastructure. Lifecycle risk extends beyond CVEs because unsupported software eventually stops receiving patches and vendor maintenance. Outdated base images and runtime...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...
Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation
The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing analysis of more than one billion anonymized vulnerability remediation records across four consecutive DBIR reporting cycles of CISA Known...
Achieve Federal-Grade M365 Security: Governing with Qualys SSPM and SCuBA
Qualys SaaS Security Posture Management SSPM introduces native support for the Secure Cloud Business Applications SCuBA compliance framework, bringing CISA's toughest M365 security benchmarks directly into your continuous posture monitoring workflow. Key Takeaways CISA’s Secure Cloud Business...
FedRAMP High Authorized: Qualys TotalCloud CNAPP – From Compliance to Defense
Qualys TotalCloud has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for high-impact federal and regulated environments. Key Takeaways Qualys TotalCloud CNAPP is a FedRAMP High Authorized that enables continuous,...
Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review
May 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2026 This...
Bringing AI Code Security into Qualys ETM
A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic's Claude Code Security and OpenAI's Codex Security are the leading examples, and more will follow. These tools reason about source code at a depth that traditional SAST cann...
Dirty Frag: Using the Page Caches as an Attack Surface
Dirty Frag is a Linux local privilege escalation LPE chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an unprivileged local user to escalate to root on many major Linux distributions. xfrm-ESP Page-Cache Write CVE-2026-43284 RxRPC Page-Cache Writ...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
Qualys TotalAI Achieves FedRAMP Moderate (FedRAMP Certified Class C) Authorization
Key Takeaways Federal AI adoption is accelerating faster than governance and approved security tooling. Risk now spans models, infrastructure, and the software supply chain. AI threats often mimic normal usage, which makes it difficult to detect with static methods. Meeting mandated federal...
Converge Connect: Unlock Lower Premiums with Proven Qualys Security
Key Takeaways Qualys, in collaboration with Converge, has launched an offering that ties your security posture to your cyber insurance costs. The Qualys Converge Connect Insurance Report CCIR supplements manual insurance questionnaires with objective, platform-generated, real-time security data...
Handling the Vulnerability Surge in the Post-Mythos Era
How to Operationalize Hyper-Prioritization and Autonomous Remediation with Qualys Executive Summary The Mythos era, defined by a surge of AI-driven vulnerabilities from frontier models like Anthropic 's Claude Mythos, requires security teams to fundamentally move from manual to an autonomous...
Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today
Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...
Oracle Critical Patch Update, April 2026 Security Update Review
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...
Enterprise Remediation Benchmark: How Does Your Organization Compare?
Executive Summary In the last 12 months, enterprises deployed millions of patches, yet many organizations remain exposed due to delayed remediation and unpatched third-party software. Key benchmarks from global enterprise environments: Over 8 million Google Chrome patches were deployed. Visual C+...
Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace
Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...
Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
April 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for April 2026...
Anatomy of an Autonomous AI Agent Risk: How Qualys ETM Connects the Dots on OpenClaw
Executive Summary An unauthorized OpenClaw AI agent was detected disguised as a routine package on a Windows Server host. The situation escalated into a priority incident when Qualys ETM analyzed and correlated four distinct signals. While none of these signals alone warranted urgent action, the...
Deep Scan: Expanding Vulnerability Detection Beyond Traditional Boundaries
Security teams estimate that a significant percentage of enterprise software is installed outside standard system directories or package-managed locations, creating persistent visibility gaps for traditional vulnerability-scanning methods. As environments become more decentralized, with...
The Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window
Having spent years at Qualys working on vulnerability risk and remediation management, I have watched the disclosure and remediation cycles from every angle. I have seen vulnerability researchers find a critical flaw in OpenSSH and the industry scramble to respond. I have seen organizations...
Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...
12 Best Practices for Securing AWS Cloud in 2026
Key Takeaways Securing AWS cloud in 2026 depends on continuous, risk-based governance rather than isolated tools or one-time checks. Most cloud security incidents stem from customer-side issues such as identity misuse, misconfigurations, and exposed workloads. Effective security for AWS cloud...
Signals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption
Key Takeaways Identity and permissions now determine what is reachable, making them the primary drivers of cloud risk. Runtime exposure, not individual findings, determines how low-risk issues combine into real impact. SaaS and OAuth integrations extend the control plane and amplify blast radius...
Why Every Enterprise Needs a Risk Operations Center (ROC)
Enterprise security has long optimized for speed of response over prevention of risk. At Qualys, we recognized early that this left half the problem unsolved, and we have spent years building the operational frameworks to close that gap. The Risk Operations Center is the result. Here is a scenari...
Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)
Unpatched vulnerabilities remain one of the largest drivers of cyber risk, accounting for nearly 60% of cyber compromises. Modern security programs are therefore measured not only by how quickly they discover risk, but also by how efficiently they remediate it. As organizations scale vulnerabilit...
The Rise of Managed Risk Operations: How the New Qualys mROC Portal Helps Partners Scale the Risk Operations Center
Key Takeaways The mROC Portal acts as a portfolio-wide command center, giving partners unified visibility into high-risk customer environments, active threats, and critical exposures to drive prioritized, portfolio-wide risk management. Partners can filter risk, drill into any customer, and take...
Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI
Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...
Threat Research Report: The Broken Physics of Remediation
The race most security programs are built around — patch faster than the attacker can exploit — was designed for a threat landscape that no longer exists. The data shows defenders are falling behind in the vast majority of cases. Across the most critical, actively weaponized vulnerabilities of th...
Bringing Continuous Assessment to Harbor: Scan on Push, Stay Secure Over Time
Key Takeaways Harbor environments often run separate scanners, such as Trivy at build time and Qualys at runtime, leading to repeated full-image rescans across hundreds of thousands of images and increasing compute usage, scan time, and operational costs. Integrating QScanner with Harbor eliminat...
MCP Servers Are the New Shadow IT for AI
Key Takeaways MCP servers are becoming the default wiring between AI agents and enterprise applications — but most organizations have zero visibility into where they are, what they expose, or how they can be abused. Qualys TotalAI now provides layered discovery of MCP servers across network, host...
5 Steps to Turn Compliance Checks into Audit Outcomes
Key Takeaways Audit readiness remains reactive in many organizations, even though security and compliance teams generate continuous findings, evidence, and control data across multiple systems. The real challenge is the gap between compliance activity and audit outcomes, where large volumes of da...
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
The Qualys Threat Research Unit has identified a Local Privilege Escalation LPE vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw CVE-2026-3888 allows an unprivileged local attacker to escalate privileges to full root access through the interaction...
Countering Current Geopolitical Cyber Threats With Qualys
Summary In response to the latest public sector threat intelligence on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response VMDR to help organizations immediately assess their exposure. These updates extend...
The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence
Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
Executive Summary Qualys TRU has discovered confused deputy vulnerabilities in AppArmor named "CrackArmor" that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2017, and affected over 12.6 million systems globally...
Microsoft and Adobe Patch Tuesday, March 2026 Security Update Review
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses multiple vulnerabilities spanning Windows components and other Microsoft products. Here's a quick...
From Shadow Models to Audit-Ready AI Security: A Practical Path with Qualys TotalAI
Key Takeaways AI security demands a paradigm shift, treating models, endpoints, and integrations as dynamic attack surfaces requiring continuous governance. Inventory-driven visibility is foundational to managing AI sprawl, uncovering hidden assets, and aligning security with innovation velocity...
Cyber Essentials Plus in 2026: Strengthened Controls, UK Cyber Reality & How Qualys Supports Compliance
Key Takeaways CE+ 2026 Updates: Effective April 2026, Cyber Essentials Plus requires stronger technical proof of control effectiveness, mandatory MFA, and tighter patching windows. Cloud and Identity in Scope: Audits now explicitly include cloud services and identity configurations, demanding...