Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review
Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, deli...
Qualys Blog
20 articles
Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing
The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger point: defen...
From Operating Model to Product: How We Built the ROC for Detection-Speed Remediation
In the first article in this series, we made the case for a prevention-led operating model. This article is about what happened next: the decision to build s...
Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike
Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch prop...
The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. M...
Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads
Key Takeaways Software inventory used to stop at the server. Modern application delivery erased that boundary.
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_acce...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_acce...
Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation
The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing ana...
Achieve Federal-Grade M365 Security: Governing with Qualys SSPM and SCuBA
Qualys SaaS Security Posture Management (SSPM) introduces native support for the Secure Cloud Business Applications (SCuBA) compliance framework, bringing CI...
Stop Chasing Threats: Top 3 Insights from the SANS Attack Surface Management Survey
Executive Summary The 2025 SANS ASM Survey highlights a clear shift in cybersecurity operations. Organizations are moving beyond fragmented, alert-driven sec...
FedRAMP High Authorized: Qualys TotalCloud CNAPP – From Compliance to Defense
Qualys TotalCloud™ has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for hig...
Microsoft Patch Tuesday, May 2026 Security Update Review
May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patch...
Bringing AI Code Security into Qualys ETM
A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic’s Claude Code Security and OpenAI...
Dirty Frag: Using the Page Caches as an Attack Surface
Dirty Frag is a Linux local privilege escalation (LPE) chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an...
Before the Breach, There Was a Test Environment
Key Takeaways The Problem with Calling QA “Non-Production” Most security conversations begin at the wrong end of the problem. We start with the breach, the a...
Qualys TotalAI Achieves FedRAMP Moderate (FedRAMP Certified Class C) Authorization
Key Takeaways Why Federal AI Security Requires More Than Standard Scanning AI systems require a security paradigm distinct from traditional IT. Safeguarding ...
Converge Connect: Unlock Lower Premiums with Proven Qualys Security
Key Takeaways The Mythos moment is forcing cyber insurers to confront a question they have been deferring: what does it mean to underwrite cyber risk in real...
Handling the Vulnerability Surge in the Post-Mythos Era
How to Operationalize Hyper-Prioritization and Autonomous Remediation with Qualys Executive Summary The Mythos era, defined by a surge of AI-driven vulnerabi...
Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today
Key Takeaways RedSun is a zero-day local privilege escalation (LPE) vulnerability in Microsoft Defender. It allows a low-privileged user to gain full SYSTEM-...