19 articles
The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_acce...
The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_acce...
The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing ana...
Qualys SaaS Security Posture Management (SSPM) introduces native support for the Secure Cloud Business Applications (SCuBA) compliance framework, bringing CI...
Executive Summary The 2025 SANS ASM Survey highlights a clear shift in cybersecurity operations. Organizations are moving beyond fragmented, alert-driven sec...
Qualys TotalCloud™ has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for hig...
May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patch...
A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic’s Claude Code Security and OpenAI...
Dirty Frag is a Linux local privilege escalation (LPE) chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an...
Key Takeaways The Problem with Calling QA “Non-Production” Most security conversations begin at the wrong end of the problem. We start with the breach, the a...
Key Takeaways Why Federal AI Security Requires More Than Standard Scanning AI systems require a security paradigm distinct from traditional IT. Safeguarding ...
Key Takeaways The Mythos moment is forcing cyber insurers to confront a question they have been deferring: what does it mean to underwrite cyber risk in real...
How to Operationalize Hyper-Prioritization and Autonomous Remediation with Qualys Executive Summary The Mythos era, defined by a surge of AI-driven vulnerabi...
Key Takeaways RedSun is a zero-day local privilege escalation (LPE) vulnerability in Microsoft Defender. It allows a low-privileged user to gain full SYSTEM-...
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities.
Executive Summary In the last 12 months, enterprises deployed millions of patches, yet many organizations remain exposed due to delayed remediation and unpat...
Key Takeaways As organizations accelerate cloud adoption, security teams are under increasing pressure to gain unified visibility, prioritize risk effectivel...
April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely pat...
Executive Summary An unauthorized OpenClaw AI agent was detected disguised as a routine package on a Windows Server host. The situation escalated into a prio...