Qualys Blog

“The art of communication is the language of leadership.” — James Humes, former Presidential speechwriter and author.  Cybersecurity teams face adversaries who thrive in chaos. Attackers move fast, automate, and strike where defenses are weakest. In a borderless digital world, disruption is constant, driven by innovation, complexity, and the pressure to move faster, often at

As IT and security priorities converge under rising pressure, patch management is no longer just a hygiene activity but a strategic tool to eliminate the risk from exposed vulnerabilities. Since the last major release cycle, we’ve been expanding the Qualys Patch Management solution into a broader capability. These enhancements span the architecture, automation, and risk-based

Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how Qilin operates, why it’s gaining traction across cybercriminal networks, and what steps security teams can take to get ahead

The Qualys Threat Research Unit (TRU) has discovered two linked local privilege escalation (LPE) flaws. The first (CVE-2025-6018) resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate to the “allow_active” user and invoke polkit actions normally reserved for a physically present

In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components (OSS) now comprising up to 80% of modern codebase, the software supply chain has emerged as one of the most significant and most vulnerable frontiers in cybersecurity. Unfortunately, adversaries have

We’re excited to share that Qualys VMDR (Vulnerability Management, Detection, and Response) has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe, recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwide. As the attack surface continues to grow and threats become more sophisticated,

We’re proud to announce that Qualys TotalCloud™ has been named “Best Cloud Security Product” at the 2025 SC Awards Europe—a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing cloud-native applications and infrastructure isn’t just about visibility—it’s about turning risk into

Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for June 2025 In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and

In today’s ever-evolving security landscape, organizations face an unprecedented expansion of digital assets—and with that expansion comes a growing attack surface. We’re proud to announce that Qualys has been named The Leader in the 2025 KuppingerCole Leadership Compass for Attack Surface Management (ASM), a testament to our commitment to providing comprehensive and proactive cybersecurity solutions.

Compliance isn’t optional. But it’s never been more complex. The rise of containers has revolutionized modern infrastructure—enabling faster innovation and greater scalability. But with this transformation comes a new wave of compliance challenges. PCI DSS 4.0 introduces stricter requirements for both vulnerability management and file integrity monitoring (FIM) in dynamic environments like Kubernetes and containerized