1089 matches found
Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution
We’re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. This major update improves usability, streamlines...
Navigating SEBI’s Cloud Security Requirements: A Guide for Regulated Entities
Overview: Who is impacted: The Securities and Exchange Board of India SEBI is the primary regulatory authority for the securities market in India. It was established to protect investor interests and promote market development, but its guidelines also impact cybersecurity professionals at regulat...
Patch Tuesday Risk Elimination with Agent Sara
Introduction Risk elimination is the goal of any vulnerability management program. It is typically achieved through a combination of patching and scripting solutions. SecOps teams usually prioritize vulnerabilities and forward them to IT teams for remediation. However, the real challenge lies in...
When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack
On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...
Outdated Tech, Rising Risk: How Federal Agencies Can Eliminate Tech Debt and Reduce Cyber Risk
Amid shrinking budgets and workforce pressures, your agency, like many across the federal government, is likely grappling with the growing challenge of technical debt tech debt. Tech debt, the accumulation of outdated or under-maintained technology, can slow progress and put your agency’s mission...
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review
It's the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft's September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know...
Built-in Runtime Security for Containers
Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...
Built-in Runtime Security for Containers
Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...
Shaping the Future of Cyber Risk Management: QSC Evolves to ROCon
Over the last year, I’ve had the privilege of meeting with thousands of CIOs, CISOs, and security leaders across the globe. What I hear repeatedly is clear: managing cyber risk is more complex than ever, driven by the evolving digital, threat, and regulatory landscape. The number of vulnerabiliti...
Salesloft Drift Supply Chain Incident
We recently became aware of a widespread Salesloft / Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products. The key...
CVE-2025-8088 WinRAR Exploit: From Zero-Day to Zero-Risk with TruRisk™ Eliminate
The Risk Behind the WinRAR Vulnerability A newly disclosed path traversal vulnerability CVE-2025-8088 in WinRAR leaves millions of Windows systems exposed to attack. This flaw enables adversaries to craft malicious archives that bypass the user’s chosen extraction path, forcing files into...
Operationalizing Threat Exposure with Agentic AI: Meet Agent Nova
The Challenge: From Endless Dashboards to Fast, Precise Answers Security teams today are inundated with dashboards, data feeds, and complex queries. When every second counts, what they really need are clear answers and next steps delivered instantly. That is where Agent Nova, powered by Agentic A...
Qualys Achieves FedRAMP® High ATO: Unlocking the Future of Trusted Cybersecurity for Government and Critical Infrastructure
Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damag...
Chatbots, APIs, and the Hidden Risks Inside Your Application Stack
What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...
Introducing the Qualys App Picker: Easier, Faster Navigation for All Your Security Applications
Navigating your cybersecurity platform should be easy. That is why we have reimagined the way users access Qualys applications with the brand-new Qualys App Picker , a streamlined, intuitive navigation panel designed to make access faster, easier, and smarter in the Qualys Enterprise TruRisk...
How Agentic AI Helps with Adaptive Cloud Risk Assessment with Agent Vikram
In fast-moving cloud environments like AWS, security teams face an uncomfortable truth: not every EC2 instance is being scanned, existing tools don’t work across a diverse environment that includes long-lived and ephemeral assets, and visibility is never complete. Qualys research found that over...
Unleashing Agentic AI for Superior Threat-Informed Risk Prioritization with Agent Nyra
The cybersecurity landscape evolves relentlessly, with new adversaries and threats emerging daily. For organizations navigating these challenges, reactive responses are no longer enough. It’s about moving from complex, disconnected data streams to proactive, autonomous solutions with actionable...
Remediate WMI Class Corruption Errors with Qualys TruRisk™ Eliminate
When Windows Management Instrumentation WMI classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a...
Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review
It's the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft's August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know. Microsof...
Eliminate Risk from Older and Unmanaged Java Installations
Older Java installations pose a significant security risk, particularly when developers install them in non-standard locations without any version control. These unmanaged installations often go undetected, silently expanding the organization’s attack surface and leaving critical vulnerabilities...
Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025
We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...
Compliance Without Coverage is a Risk: How to Close the Gaps with Qualys Policy Audit
Modern compliance and security programs often fail due to technology blind spots rather than weak policies or procedures. Today's IT environments, spanning hybrid, cloud-native, containerized, and legacy platforms, introduce complexities that traditional compliance tools can't fully address. When...
Unpacking Qualys Agentic AI: Technical Insights into Its Architecture and Capabilities
Agentic AI revolutionizes how enterprise organizations leverage artificial intelligence by introducing systems designed to function as autonomous agents capable of planning, decision-making, and executing complex workflows with minimal human oversight. Unlike traditional AI, which often performs...
From Exposure Whack-a-Mole to Autonomous Cyber Risk Management: Meet Agentic AI on the Qualys Platform
Cyber threats are increasing in both volume and sophistication, while the enterprise attack surface continues to expand. This puts immense pressure on security teams, who are already overwhelmed by tool sprawl and a flood of disconnected findings—often lacking the context needed to prioritize bas...
Securing Cloud AI and LLMs with TotalAI for Visibility, Risk Context and Control
As enterprises accelerate AI adoption, large language models LLMs hosted on public cloud platforms are quickly becoming the norm due to their simplified access and pricing model. Cloud-native services like AWS Bedrock, Azure AI Foundry, and Google Vertex AI offer powerful, pay-as-you-go access to...
Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks
Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious...
ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities
On July 19, 2025, Microsoft issued an emergency out-of-band security update to address two zero-day vulnerabilities in Microsoft SharePoint Server: CVE-2025-53770 and CVE-2025-53771. These vulnerabilities are under active exploitation in the wild and demand immediate attention to protect your...
Smarter ITSM Automation with ServiceNow Integration
Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
In June, the FBI publicly warned that Scattered Spider is actively targeting the aviation and transportation sectors, including well-known airlines and their third-party IT vendors. In this post, we will provide a brief overview of Scattered Spider, insights gathered by our research team into the...
Oracle Critical Patch Update, July 2025 Security Update Review
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...
The State of Cyber Risk 2025: Business Context Needed
The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is...
Achieving Zero-Disruption Patch Management with Qualys’ Latest Capabilities
Keeping systems patched is essential, but doing it efficiently and confidently is what sets great IT operations apart. With the latest capabilities in Qualys Patch Management, you can achieve just that. The most recent advancements in Qualys Patch Management – Intelligent Job Chaining and...
Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond
In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review
With cybersecurity threats continuing to evolve, Microsoft's July 2025 Patch Tuesday highlights the need for consistent patching — this month's release includes key fixes for actively exploited vulnerabilities. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for July 20...
Qualys Named as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform, 2025
We’re proud to share that Qualys has been recognized as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment doc US53549925, June 2025. We believe this recognition reinforces our commitment to delivering game-changing innovation that...
Qualys Named an Overall Leader in CNAPP by KuppingerCole
We’re proud to share that Qualys has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Cloud-Native Application Protection Platforms CNAPP—achieving leadership positions in both product and market presence. This recognition validates our commitment to delivering truste...
How to Quantify Risk and Communicate Effectively: Step 4 to TruRisk™
“The art of communication is the language of leadership.” — James Humes, former Presidential speechwriter and author. Cybersecurity teams face adversaries who thrive in chaos. Attackers move fast, automate, and strike where defenses are weakest. In a borderless digital world, disruption is...
From Patching to Eliminating Risk: What’s new in TruRisk™ Eliminate and Patch Management
As IT and security priorities converge under rising pressure, patch management is no longer just a hygiene activity but a strategic tool to eliminate the risk from exposed vulnerabilities. Since the last major release cycle, we’ve been expanding the Qualys Patch Management solution into a broader...
Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us
Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how Qilin operates, why it’s gaining traction across cybercriminal networks, and what steps security...
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks
The Qualys Threat Research Unit TRU has discovered two linked local privilege escalation LPE flaws. The first CVE-2025-6018 resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate ...
Building Resilient Software Supply Chains: Inside the Enhanced Qualys Software Composition Analysis
In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components OSS now comprising up to 80% of modern codebase, the software supply chain has emerged as one of t...
Qualys VMDR Wins at 2025 SC Awards Europe for Best Vulnerability Management Solution
We’re excited to share that Qualys VMDR Vulnerability Management, Detection, and Response has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe , recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwid...
Qualys TotalCloud Wins “Best Cloud Security Product” at 2025 SC Awards Europe
We’re proud to announce that Qualys TotalCloud has been named “Best Cloud Security Product” at the 2025 SC Awards Europe —a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing...
Microsoft and Adobe Patch Tuesday, June 2025 Security Update Review
Microsoft's June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for June 2025 In this month's Patch Tuesday, June 2025 edition,...
Qualys Recognized as The Leader in Attack Surface Management by KuppingerCole
In today’s ever-evolving security landscape, organizations face an unprecedented expansion of digital assets—and with that expansion comes a growing attack surface. We're proud to announce that Qualys has been named The Leader in the2025 KuppingerCole Leadership Compass for Attack Surface...
Ensure PCI 4.0 Readiness with File Integrity Monitoring for Containers
Compliance isn’t optional. But it’s never been more complex. The rise of containers has revolutionized modern infrastructure—enabling faster innovation and greater scalability. But with this transformation comes a new wave of compliance challenges. PCI DSS 4.0 introduces stricter requirements for...
Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598
The Qualys Threat Research Unit TRU has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. The first CVE-2025-5054 affects Ubuntu's core-dump handler, Apport , and the second CVE-2025-4598 targets...
Eliminate Risk with Precision: Introducing Vulnerability Detection Sources in VMDR
In the race against cyber threats, finding vulnerabilities is no longer enough. True security comes from understanding them—where they exist, how they were discovered, and what risks they pose. One of the most overlooked aspects in vulnerability management is knowing the source of detection...
Building Confidence in Cyber Essentials Compliance with Qualys Policy Audit
In an era where cyberattacks are becoming more frequent, sophisticated, and damaging, organizations in the UK and around the world are under increasing pressure to adopt effective cybersecurity measures. Threats such as phishing, ransomware, data breaches, and supply chain compromises now target...
Simplifying DORA Compliance with the Qualys Enterprise TruRisk™ Platform
Strengthening Resilience for the Financial Sector The Digital Operational Resilience Act DORA is a landmark EU regulation that establishes a unified framework for managing technology risk in the financial sector. It’s designed to ensure that banks, insurers, investment firms, and other financial...