Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2025/09/19 12:1 p.m.8 views

Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution

We’re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. This major update improves usability, streamlines...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/16 4:21 p.m.7 views

Navigating SEBI’s Cloud Security Requirements: A Guide for Regulated Entities

Overview: Who is impacted: The Securities and Exchange Board of India SEBI is the primary regulatory authority for the securities market in India. It was established to protect investor interests and promote market development, but its guidelines also impact cybersecurity professionals at regulat...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/11 6:40 p.m.4 views

Patch Tuesday Risk Elimination with Agent Sara

Introduction Risk elimination is the goal of any vulnerability management program. It is typically achieved through a combination of patching and scripting solutions. SecOps teams usually prioritize vulnerabilities and forward them to IT teams for remediation. However, the real challenge lies in...

7.5CVSS6.9AI score0.0155EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/10 8:43 p.m.13 views

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/10 3:0 p.m.7 views

Outdated Tech, Rising Risk: How Federal Agencies Can Eliminate Tech Debt and Reduce Cyber Risk

Amid shrinking budgets and workforce pressures, your agency, like many across the federal government, is likely grappling with the growing challenge of technical debt tech debt. Tech debt, the accumulation of outdated or under-maintained technology, can slow progress and put your agency’s mission...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/09 7:14 p.m.11 views

Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review

It's the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft's September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know...

10CVSS9.5AI score0.32908EPSS
Exploits9
Qualys Blog
Qualys Blog
added 2025/09/09 10:28 a.m.8 views

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/09 10:1 a.m.9 views

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/08 9:0 p.m.8 views

Shaping the Future of Cyber Risk Management: QSC Evolves to ROCon

Over the last year, I’ve had the privilege of meeting with thousands of CIOs, CISOs, and security leaders across the globe. What I hear repeatedly is clear: managing cyber risk is more complex than ever, driven by the evolving digital, threat, and regulatory landscape. The number of vulnerabiliti...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/06 7:0 p.m.16 views

Salesloft Drift Supply Chain Incident

We recently became aware of a widespread Salesloft / Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products. The key...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/09/05 11:50 a.m.8 views

CVE-2025-8088 WinRAR Exploit: From Zero-Day to Zero-Risk with TruRisk™ Eliminate

The Risk Behind the WinRAR Vulnerability A newly disclosed path traversal vulnerability CVE-2025-8088 in WinRAR leaves millions of Windows systems exposed to attack. This flaw enables adversaries to craft malicious archives that bypass the user’s chosen extraction path, forcing files into...

8.8CVSS6.6AI score0.85778EPSS
Exploits35
Qualys Blog
Qualys Blog
added 2025/09/04 4:8 p.m.6 views

Operationalizing Threat Exposure with Agentic AI: Meet Agent Nova

The Challenge: From Endless Dashboards to Fast, Precise Answers Security teams today are inundated with dashboards, data feeds, and complex queries. When every second counts, what they really need are clear answers and next steps delivered instantly. That is where Agent Nova, powered by Agentic A...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/27 12:45 p.m.10 views

Qualys Achieves FedRAMP® High ATO: Unlocking the Future of Trusted Cybersecurity for Government and Critical Infrastructure

Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damag...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/26 4:0 p.m.12 views

Chatbots, APIs, and the Hidden Risks Inside Your Application Stack

What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/25 3:0 p.m.13 views

Introducing the Qualys App Picker: Easier, Faster Navigation for All Your Security Applications

Navigating your cybersecurity platform should be easy. That is why we have reimagined the way users access Qualys applications with the brand-new Qualys App Picker , a streamlined, intuitive navigation panel designed to make access faster, easier, and smarter in the Qualys Enterprise TruRisk...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/20 3:0 p.m.7 views

How Agentic AI Helps with Adaptive Cloud Risk Assessment with Agent Vikram

In fast-moving cloud environments like AWS, security teams face an uncomfortable truth: not every EC2 instance is being scanned, existing tools don’t work across a diverse environment that includes long-lived and ephemeral assets, and visibility is never complete. Qualys research found that over...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/14 2:0 p.m.9 views

Unleashing Agentic AI for Superior Threat-Informed Risk Prioritization with Agent Nyra

The cybersecurity landscape evolves relentlessly, with new adversaries and threats emerging daily. For organizations navigating these challenges, reactive responses are no longer enough. It’s about moving from complex, disconnected data streams to proactive, autonomous solutions with actionable...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/14 5:51 a.m.6 views

Remediate WMI Class Corruption Errors with Qualys TruRisk™ Eliminate

When Windows Management Instrumentation WMI classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/12 6:47 p.m.12 views

Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review

It's the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft's August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know. Microsof...

9.8CVSS10AI score0.36074EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2025/08/12 4:0 p.m.8 views

Eliminate Risk from Older and Unmanaged Java Installations

Older Java installations pose a significant security risk, particularly when developers install them in non-standard locations without any version control. These unmanaged installations often go undetected, silently expanding the organization’s attack surface and leaving critical vulnerabilities...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/12 12:45 p.m.7 views

Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...

8.1CVSS8.6AI score0.99506EPSS
Exploits73
Qualys Blog
Qualys Blog
added 2025/08/11 4:0 p.m.7 views

Compliance Without Coverage is a Risk: How to Close the Gaps with Qualys Policy Audit

Modern compliance and security programs often fail due to technology blind spots rather than weak policies or procedures. Today's IT environments, spanning hybrid, cloud-native, containerized, and legacy platforms, introduce complexities that traditional compliance tools can't fully address. When...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/04 12:46 p.m.7 views

Unpacking Qualys Agentic AI: Technical Insights into Its Architecture and Capabilities

Agentic AI revolutionizes how enterprise organizations leverage artificial intelligence by introducing systems designed to function as autonomous agents capable of planning, decision-making, and executing complex workflows with minimal human oversight. Unlike traditional AI, which often performs...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/08/04 12:45 p.m.5 views

From Exposure Whack-a-Mole to Autonomous Cyber Risk Management: Meet Agentic AI on the Qualys Platform

Cyber threats are increasing in both volume and sophistication, while the enterprise attack surface continues to expand. This puts immense pressure on security teams, who are already overwhelmed by tool sprawl and a flood of disconnected findings—often lacking the context needed to prioritize bas...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/28 5:29 p.m.9 views

Securing Cloud AI and LLMs with TotalAI for Visibility, Risk Context and Control

As enterprises accelerate AI adoption, large language models LLMs hosted on public cloud platforms are quickly becoming the norm due to their simplified access and pricing model. Cloud-native services like AWS Bedrock, Azure AI Foundry, and Google Vertex AI offer powerful, pay-as-you-go access to...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/24 6:36 p.m.10 views

Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks

Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/21 10:3 p.m.42 views

ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities

On July 19, 2025, Microsoft issued an emergency out-of-band security update to address two zero-day vulnerabilities in Microsoft SharePoint Server: CVE-2025-53770 and CVE-2025-53771. These vulnerabilities are under active exploitation in the wild and demand immediate attention to protect your...

9.8CVSS10AI score0.99982EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2025/07/21 3:0 p.m.18 views

Smarter ITSM Automation with ServiceNow Integration

Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/21 3:0 p.m.11 views

Understanding the Impact of Scattered Spider on the Airline & Transportation Industry

In June, the FBI publicly warned that Scattered Spider is actively targeting the aviation and transportation sectors, including well-known airlines and their third-party IT vendors. In this post, we will provide a brief overview of Scattered Spider, insights gathered by our research team into the...

10CVSS9.8AI score0.99999EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2025/07/16 2:55 p.m.268 views

Oracle Critical Patch Update, July 2025 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

10CVSS8.2AI score0.23932EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2025/07/14 3:0 p.m.6 views

The State of Cyber Risk 2025: Business Context Needed

The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/10 4:0 p.m.7 views

Achieving Zero-Disruption Patch Management with Qualys’ Latest Capabilities

Keeping systems patched is essential, but doing it efficiently and confidently is what sets great IT operations apart. With the latest capabilities in Qualys Patch Management, you can achieve just that. The most recent advancements in Qualys Patch Management – Intelligent Job Chaining and...

6.8AI score0.00663EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2025/07/10 7:28 a.m.8 views

Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond

In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/08 6:41 p.m.25 views

Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review

With cybersecurity threats continuing to evolve, Microsoft's July 2025 Patch Tuesday highlights the need for consistent patching — this month's release includes key fixes for actively exploited vulnerabilities. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for July 20...

9.8CVSS9.7AI score0.99907EPSS
Exploits19
Qualys Blog
Qualys Blog
added 2025/07/07 1:0 p.m.6 views

Qualys Named as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform, 2025

We’re proud to share that Qualys has been recognized as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment doc US53549925, June 2025. We believe this recognition reinforces our commitment to delivering game-changing innovation that...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/07/01 3:57 p.m.7 views

Qualys Named an Overall Leader in CNAPP by KuppingerCole

We’re proud to share that Qualys has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Cloud-Native Application Protection Platforms CNAPP—achieving leadership positions in both product and market presence. This recognition validates our commitment to delivering truste...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/25 3:0 p.m.4 views

How to Quantify Risk and Communicate Effectively: Step 4 to TruRisk™

“The art of communication is the language of leadership.” — James Humes, former Presidential speechwriter and author. Cybersecurity teams face adversaries who thrive in chaos. Attackers move fast, automate, and strike where defenses are weakest. In a borderless digital world, disruption is...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/19 3:0 p.m.23 views

From Patching to Eliminating Risk: What’s new in TruRisk™ Eliminate and Patch Management

As IT and security priorities converge under rising pressure, patch management is no longer just a hygiene activity but a strategic tool to eliminate the risk from exposed vulnerabilities. Since the last major release cycle, we’ve been expanding the Qualys Patch Management solution into a broader...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/18 3:0 p.m.9 views

Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us

Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how Qilin operates, why it’s gaining traction across cybercriminal networks, and what steps security...

7.5CVSS8.2AI score0.7761EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2025/06/17 8:25 p.m.37 views

Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks

The Qualys Threat Research Unit TRU has discovered two linked local privilege escalation LPE flaws. The first CVE-2025-6018 resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate ...

7CVSS7.8AI score0.00957EPSS
Exploits19
Qualys Blog
Qualys Blog
added 2025/06/16 1:54 p.m.13 views

Building Resilient Software Supply Chains: Inside the Enhanced Qualys Software Composition Analysis

In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components OSS now comprising up to 80% of modern codebase, the software supply chain has emerged as one of t...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/16 1:0 p.m.10 views

Qualys VMDR Wins at 2025 SC Awards Europe for Best Vulnerability Management Solution

We’re excited to share that Qualys VMDR Vulnerability Management, Detection, and Response has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe , recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwid...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/16 1:0 p.m.12 views

Qualys TotalCloud Wins “Best Cloud Security Product” at 2025 SC Awards Europe

We’re proud to announce that Qualys TotalCloud has been named “Best Cloud Security Product” at the 2025 SC Awards Europe —a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/10 7:3 p.m.26 views

Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review

Microsoft's June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for June 2025 In this month's Patch Tuesday, June 2025 edition,...

9.8CVSS10AI score0.81558EPSS
Exploits18
Qualys Blog
Qualys Blog
added 2025/06/05 6:1 p.m.12 views

Qualys Recognized as The Leader in Attack Surface Management by KuppingerCole

In today’s ever-evolving security landscape, organizations face an unprecedented expansion of digital assets—and with that expansion comes a growing attack surface. We're proud to announce that Qualys has been named The Leader in the2025 KuppingerCole Leadership Compass for Attack Surface...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/06/05 2:0 p.m.6 views

Ensure PCI 4.0 Readiness with File Integrity Monitoring for Containers

Compliance isn’t optional. But it’s never been more complex. The rise of containers has revolutionized modern infrastructure—enabling faster innovation and greater scalability. But with this transformation comes a new wave of compliance challenges. PCI DSS 4.0 introduces stricter requirements for...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/29 5:16 p.m.61 views

Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598

The Qualys Threat Research Unit TRU has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. The first CVE-2025-5054 affects Ubuntu's core-dump handler, Apport , and the second CVE-2025-4598 targets...

4.7CVSS5.3AI score0.00641EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2025/05/27 3:0 p.m.16 views

Eliminate Risk with Precision: Introducing Vulnerability Detection Sources in VMDR

In the race against cyber threats, finding vulnerabilities is no longer enough. True security comes from understanding them—where they exist, how they were discovered, and what risks they pose. One of the most overlooked aspects in vulnerability management is knowing the source of detection...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/22 4:13 p.m.12 views

Building Confidence in Cyber Essentials Compliance with Qualys Policy Audit

In an era where cyberattacks are becoming more frequent, sophisticated, and damaging, organizations in the UK and around the world are under increasing pressure to adopt effective cybersecurity measures. Threats such as phishing, ransomware, data breaches, and supply chain compromises now target...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/21 4:14 p.m.7 views

Simplifying DORA Compliance with the Qualys Enterprise TruRisk™ Platform

Strengthening Resilience for the Financial Sector The Digital Operational Resilience Act DORA is a landmark EU regulation that establishes a unified framework for managing technology risk in the financial sector. It’s designed to ensure that banks, insurers, investment firms, and other financial...

7.6AI score
Exploits0
Total number of security vulnerabilities1089