Articles, Case Studies, Network, News, Reports, Risk Management, Security Strategy, Threat Defense, Threat Research, , , , , , , , ,
Cyber Security Network

Qualys Blog

Qualys Security Blog Expert network security guidance and news

  • Your VMDR Year in Review: Making Security Progress Visible and Actionable
    by Pablo Quiroga on January 15, 2026 at 5:58 pm

    Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed before it could be exploited.

  • Why Serverless Risk Demands Identity-Aware Security at Cloud Scale 
    by Siddhant Patil on January 15, 2026 at 4:32 pm

    Key Takeaways  The Current Picture  Serverless adoption is accelerating as organizations prioritize speed, scalability, and operational efficiency. According to the Data Bridge Market Research’s Global Serverless Security Market Report, the serverless security market reached USD 12.08 billion in 2024 and is projected to exceed USD 62.42 billion by 2032, underscoring the central role serverless has come

  • Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
    by Diksha Ojha on January 13, 2026 at 9:34 pm

    Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for January 2026 This month’s release addresses 115 vulnerabilities, including eight critical and 106 important-severity vulnerabilities.  In this month’s updates, Microsoft has addressed three zero-day vulnerabilities. One of them was exploited, and two are publicly disclosed.  Microsoft addressed one vulnerability in Microsoft Edge (Chromium-based) that was patched earlier this month.  Microsoft Patch

  • Agent Grant: From Identity Signals to Measurable Risk Reduction
    by Indrani Das on January 7, 2026 at 7:27 am

    Executive Summary Identity is now the #1 attack surface. Agent Grant in Qualys ETM Identity uses agentic AI to measure and reduce identity risk across AD, Entra, Okta & other cloud IdPs/IDaaS. It operationalizes identity risk by turning messy Active Directory & identity-risk signals into validated, prioritized, and closed-loop actions with proof of risk removed.

  • Cloud Agent in 2025: A Year of Scale, Security, and Smarter Visibility
    by Spencer Brown on January 6, 2026 at 4:59 pm

    As we move into 2026, 2025 stands out as a defining year for the Qualys Cloud Agent. In 2025, Cloud Agent delivered deeper visibility into running systems and applications, stronger security controls, expanded support across operating systems and architectures, and meaningful platform modernization. Adoption increased by 18% year over year, driven by organizations standardizing on a single, lightweight agent

  • Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance
    by Asma Zubair on December 19, 2025 at 9:01 pm

    Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software (PCI 6.3.2) and managing payment page scripts to prevent skimming attacks (PCI 6.4.3). Organizations must also adopt risk-based vulnerability prioritization (PCI 11.3.1.1), perform authenticated internal vulnerability scans (PCI 11.3.1.2), implement mechanisms

  • ShadyPanda: The Silent Browser Takeover Threat and How Qualys TruRisk Eliminate Helps You Stop It
    by Lavish Jhamb on December 17, 2025 at 6:00 pm

    Executive Summary ShadyPanda has exploited trusted browser extensions to compromise millions of users, illustrating how legitimate software can unexpectedly become harmful. Qualys TruRisk Eliminate empowers organizations to identify risky behaviors, prioritize real threats, and eliminate malicious components before attackers exploit them. How Browser Extensions Have Become a New Blind Spot Browser extensions are part of everyday

  • Navigating Change: Evolving Your Exposure Management Strategy in a Post-Kenna World with Qualys
    by Kaustubh Jagtap on December 17, 2025 at 12:15 am

    Key Takeaways Cisco recently announced the end-of-sale for its Vulnerability Management solution (formerly Kenna Security). For security teams that have relied on Kenna as the vulnerability aggregation engine powering their risk-based prioritization, this moment is less about replacing a tool and more about rethinking how vulnerability programs should work in 2026. The truth is, Cisco

  • Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting
    by Asma Zubair on December 11, 2025 at 5:00 pm

    Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instructions, handle data, and adapt within distributed environments. Security teams need a framework that

  • React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components
    by Kaustubh Jagtap on December 11, 2025 at 7:41 am

    On December 3, 2025, a critical remote code execution (RCE) vulnerability, dubbed “React2Shell,” was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-55182, could lead to full server takeover and is rated CVSS 10.0. It is under active exploitation, has been added to the CISA KEV, and organizations should take immediate steps

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.