Twenty-eight percent of organizations experienced a cloud- or SaaS-related data breach in the past year—meaning more than 1 in 4 enterprises were impacted. Even more alarming, 36%| Qualys
Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damage, or disruption of essential services. Against this backdrop, the federal […]| Qualys Security Blog
What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform, revealing a set of compounding risks. […]| Qualys Security Blog
Navigating your cybersecurity platform should be easy. That is why we have reimagined the way users access Qualys applications with the brand-new Qualys App Picker, a streamlined, intuitive navigation panel designed to make access faster, easier, and smarter in the Qualys Enterprise TruRisk™ Platform! Simplifying Multi-App Security Management Whether you’re managing vulnerabilities through VMDR, ensuring […]| Qualys Security Blog
Explore Agentic AI in cybersecurity: From threat monitoring and intel prioritization to adaptive cloud risk assessment with Agent Vikram. Qualys technologies like FlexScan and Agentic AI automate remediation, reduce blind spots, and boost efficiency in 2025 cloud environments.| Qualys
The cybersecurity landscape evolves relentlessly, with new adversaries and threats emerging daily. For organizations navigating these challenges, reactive responses are no longer enough. It’s about moving from complex, disconnected data streams to proactive, autonomous solutions with actionable intelligence. This is where Agentic AI stands out. It empowers businesses to stay ahead of adversaries through rapid […]| Qualys Security Blog
When Windows Management Instrumentation (WMI) classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a comprehensive understanding of their environment. By addressing WMI class failures proactively, […]| Qualys Security Blog
It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for August 2025 In this […]| Qualys Security Blog
Older Java installations pose a significant security risk, particularly when developers install them in non-standard locations without any version control. These unmanaged installations often go undetected, silently expanding the organization’s attack surface and leaving critical vulnerabilities unpatched. To reduce this risk, users should be able to identify all Java installations on a host and remove […]| Qualys Security Blog
We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit (TRU) with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion (CVE-2024-6387) and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters is what the research means for defenders. The Pwnie Awards, held […]| Qualys Security Blog
Traditional security tools miss key systems. Learn how unified, automated compliance coverage for 500+ technologies helps eliminate audit gaps and reduce risk| Qualys
Cyber threats are increasing in both volume and sophistication, while the enterprise attack surface continues to expand. This puts immense pressure on security teams, who are already overwhelmed by…| Qualys
Qualys reviews the 2024 midyear threat landscape, focusing on weaponized vulnerabilities, CVE trends, and key strategies to strengthen cybersecurity defenses.| Qualys
Gain visibility into your cloud AI services and LLMs. Discover, assess, and secure AI workloads with Qualys TotalAI—now with support for Azure AI platforms.| Qualys
Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native…| Qualys
In June, the FBI publicly warned that Scattered Spider is actively targeting the aviation and transportation sectors, including well-known airlines and their third-party IT vendors. In this post…| Qualys
Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how…| Qualys
Shift from traditional vulnerability management to risk-based prioritization with TruRisk in VMDR. Drive targeted actions & reduce business-critical risks.| Qualys
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to…| Qualys
In the race against cyber threats, finding vulnerabilities is no longer enough. True security comes from understanding them—where they exist, how they were discovered, and what risks they pose.| Qualys
Cybersecurity programs rely on various methods to measure the risk associated with vulnerabilities for prioritization, such as CVSS, EPSS, CISA KEV, or even internally developed systems that combine…| Qualys
Shift to a priority-driven cybersecurity strategy! Learn how risk-based vulnerability management helps focus on what truly matters, reducing cyber risk efficiently. #TruRisk #Cybersecurity| Qualys
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this…| Qualys Security Blog
