Qualys Blog

The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is rising. As digital transformation accelerates and AI-powered threats emerge, the question is no

Keeping systems patched is essential, but doing it efficiently and confidently is what sets great IT operations apart. With the latest capabilities in Qualys Patch Management, you can achieve just that. The most recent advancements in Qualys Patch Management – Intelligent Job Chaining and Pre-condition Checks – empower IT teams to patch with greater efficiency

In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities (CAs), after July 31, 2025. This move is part of Chrome’s ongoing efforts to improve TLS certificate trust, hold Certificate Authorities (CAs)

With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for July 2025 In this month’s Patch Tuesday, the July 2025 edition, Microsoft addressed

We’re proud to share that Qualys has been recognized as a Major Player in the IDC MarketScape:  Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment (doc #US53549925, June 2025). We believe this recognition reinforces our commitment to delivering game-changing innovation that delivers comprehensive protection, risk management, and cost efficiency across diverse multi and hybrid cloud

We’re proud to share that Qualys has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Cloud-Native Application Protection Platforms (CNAPP)—achieving leadership positions in both product and market presence. This recognition validates our commitment to delivering trusted and cutting-edge risk-driven cloud security that helps global enterprises protect what matters across hybrid environments,

“The art of communication is the language of leadership.” — James Humes, former Presidential speechwriter and author.  Cybersecurity teams face adversaries who thrive in chaos. Attackers move fast, automate, and strike where defenses are weakest. In a borderless digital world, disruption is constant, driven by innovation, complexity, and the pressure to move faster, often at

As IT and security priorities converge under rising pressure, patch management is no longer just a hygiene activity but a strategic tool to eliminate the risk from exposed vulnerabilities. Since the last major release cycle, we’ve been expanding the Qualys Patch Management solution into a broader capability. These enhancements span the architecture, automation, and risk-based

Qilin has quietly become one of the most active and impactful ransomware operations in the world today. If it’s not already on your threat radar, now is the time to take notice. This blog unpacks how Qilin operates, why it’s gaining traction across cybercriminal networks, and what steps security teams can take to get ahead

The Qualys Threat Research Unit (TRU) has discovered two linked local privilege escalation (LPE) flaws. The first (CVE-2025-6018) resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate to the “allow_active” user and invoke polkit actions normally reserved for a physically present