Qualys Blog

The cybersecurity landscape evolves relentlessly, with new adversaries and threats emerging daily. For organizations navigating these challenges, reactive responses are no longer enough. It’s about moving from complex, disconnected data streams to proactive, autonomous solutions with actionable intelligence. This is where Agentic AI stands out. It empowers businesses to stay ahead of adversaries through rapid

When Windows Management Instrumentation (WMI) classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a comprehensive understanding of their environment. By addressing WMI class failures proactively,

It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for August 2025 In this

Older Java installations pose a significant security risk, particularly when developers install them in non-standard locations without any version control. These unmanaged installations often go undetected, silently expanding the organization’s attack surface and leaving critical vulnerabilities unpatched. To reduce this risk, users should be able to identify all Java installations on a host and remove

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit (TRU) with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion (CVE-2024-6387) and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters is what the research means for defenders. The Pwnie Awards, held

Modern compliance and security programs often fail due to technology blind spots rather than weak policies or procedures.  Today’s IT environments, spanning hybrid, cloud-native, containerized, and legacy platforms, introduce complexities that traditional compliance tools can’t fully address. When compliance solutions overlook parts of your infrastructure, it leads to incomplete audits, increased manual work, security risks,

Agentic AI revolutionizes how enterprise organizations leverage artificial intelligence by introducing systems designed to function as autonomous agents capable of planning, decision-making, and executing complex workflows with minimal human oversight. Unlike traditional AI, which often performs isolated, reactive tasks, agentic AI brings contextual awareness, multi-step reasoning, and goal-driven behavior to enterprise processes. With the introduction

Cyber threats are increasing in both volume and sophistication, while the enterprise attack surface continues to expand. This puts immense pressure on security teams, who are already overwhelmed by tool sprawl and a flood of disconnected findings—often lacking the context needed to prioritize based on business impact. To make matters worse, most security tools remain

As enterprises accelerate AI adoption, large language models (LLMs) hosted on public cloud platforms are quickly becoming the norm due to their simplified access and pricing model. Cloud-native services like AWS Bedrock, Azure AI Foundry, and Google Vertex AI offer powerful, pay-as-you-go access to Foundational AI Models and enterprise-grade pre-trained marketplace LLMs with just a

Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious threat in these environments is the Cross-Service Confused Deputy Attack, which can