Qualys Blog

Compliance audit failures remain a critical challenge for organizations, particularly in database security. According to the 2024 Thales Data Threat Report, nearly 43% of companies failed at least one compliance audit in the past year. This is a significant concern because audit failures correlate strongly with security incidents—organizations that failed audits were ten times more

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalence of exploited vulnerabilities, persistent cloud misconfigurations, and exposure to identity leaks, traditional approaches to vulnerability scanning are no longer

The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and server, enabling a pre-authentication denial-of-service attack. The attack against the OpenSSH client (CVE-2025-26465) succeeds

Cybersecurity professionals can now use Qualys CyberSecurity Asset Management (CSAM) with External Attack Surface Management (EASM) to reduce cyber risks from credential harvesting, phishing, and malware downloads and diminish reputational harm. Bad actors have been registering look-alike, sound-alike, misleading, and malicious URLs since just about the beginning of internet domain registration, and they are not

As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let’s explore the highlights and what they mean for users. Microsoft Patch Tuesday for February 2025 Microsoft Patch’s Tuesday, February 2025 edition addressed 67 vulnerabilities, including three critical and 53 important severity vulnerabilities. In this month’s updates, Microsoft

Cloud environments continue to experience widespread adoption because of their flexibility and dynamic nature. They empower developers to quickly deploy or modify business applications and many other core business functions. However, this very dynamism and complexity also make them difficult to secure. In the ephemeral world of cloud computing, where workloads are spun up and

The launch of Enterprise TruRisk Management (ETM), the world’s first Risk Operations Center (ROC) in the cloud, in October 2024 has met with an overwhelmingly positive reception from customers. They see the potential of a unified approach to managing cyber risk. We recognize that setting up and managing the Risk Operations Center requires more than just technology;

“If you can’t measure it, you can’t manage it.” – This adage rings truer than ever in the world of cybersecurity. Today, the modern attack surface has exploded, fueled by APIs that now drive 83% of all web traffic, powering critical integrations, microservices, and digital experiences. Security teams are left in the dark as developers

A comprehensive security analysis of DeepSeek’s flagship reasoning model reveals significant concerns for enterprise adoption. Introduction DeepSeek-R1, a groundbreaking Large Language Model recently released by a Chinese startup, DeepSeek, has captured the AI industry’s attention. The model demonstrates competitive performance while being more resource efficient. Its training approach and accessibility offer an alternative to traditional

The adoption of Large Language Models (LLMs) and Generative AI is revolutionizing enterprise operations, delivering unmatched innovation, efficiency, and competitive advantage. However, this rapid integration brings significant AI security challenges that organizations must address. Insights from Qualys show that over 1,255 organizations have deployed AI/ML software across 2.8 million assets, with 6.2%—approximately 175,000 assets—classified as