How to Meet a 3-Day Remediation SLA & Comply with CISA BOD 26-04
Key Takeaways CISA BOD 26–04 mandates remediation of the publicly exposed, highest-risk, known-exploited vulnerabilities within 3 days. The directive applies...
20 articles
Key Takeaways CISA BOD 26–04 mandates remediation of the publicly exposed, highest-risk, known-exploited vulnerabilities within 3 days. The directive applies...
Qualys is proud to have joined Athena, the industry coalition Chainguard launched to coordinate the defense of open source software. It’s a cause we strongly...
Key Takeaways FortiBleed refers to June 2026 public reporting of large-scale credential exposure and abuse targeting internet-reachable FortiGate management ...
Summary Frontier AI models in the post-Mythos era are changing the speed and scale of exposure risk. Security teams are entering an era where AI can help dis...
Key Takeaways Qualys is a launch partner in Cisco Cloud Control Studio, Cisco’s new unified platform for agentic IT operations. Joint customers can access Qu...
Key Takeaways Most AppSec programs treat API-layer coverage as a DAST extension, but BOLA, BFLA, and SSRF require authenticated multi-role testing that tradi...
A Qualys India perspective on CERT-In’s blueprint, the post-Mythos threat landscape India faces, and why the operating model needs to change. Key Takeaways M...
Key Takeaways Windows 11 24H2 reaches the end of servicing on October 13, 2026, making timely enterprise upgrades critical. Enterprises often face version dr...
AI-powered detection has crossed a threshold. Security teams can now surface vulnerabilities, misconfigurations, and active attack paths at a speed and scale...
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 245 security vulnerabilities.
Key Takeaways The OWASP Foundation has released the eighth edition of its Top 10 Web Application Security Risks. This is the first major update since 2021, a...
Executive Summary Recognizing the ability of Frontier AI models to discover and exploit vulnerabilities at unprecedented speed and scale, CISA’s Binding Oper...
Every security leader walks into Monday morning with the same question. The findings are there.
Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, deli...
The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger point: defen...
In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build s...
Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch prop...
Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. M...
Key Takeaways Software inventory used to stop at the server. Modern application delivery erased that boundary.
The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_acce...