Qualys

Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based IT, security

Notepad++ has released a security advisory addressing multiple critical vulnerabilities, including two arbitrary code ex...
06/02/2026

Notepad++ has released a security advisory addressing multiple critical vulnerabilities, including two arbitrary code ex*****on flaws. The most severe flaw, CVE-2026-48778, allows attackers to silently run malicious code on a victim's machine via unvalidated config.xml files. Organizations using this popular text editor must upgrade to version v8.9.6.1 immediately to eliminate the exposure.

Read the full technical breakdown and find your corresponding Qualys QID here: https://bit.ly/4dYYlWm

06/02/2026

91% of engineering teams hit a wall at the exact same stage of scaling microservices. It’s not your scanners. It's handling the noise.

How do you know your AppSec program is hitting its breaking point?

Here are three indicators:
• Shadow assets explode out of nowhere
• Endless firefighting of sudden zero-day incidents
• Backlogs expand without clear prioritization

Traditional AppSec wasn't built for API-driven scale. Stop managing noise. Start managing risk.

Watch the full "Modern AppSec Is Broken" webinar for the fix:
https://bit.ly/4fljFrE

CISA has added the active Drupal Core SQL injection vulnerability (CVE-2026-9082) to its Known Exploited Vulnerabilities...
06/02/2026

CISA has added the active Drupal Core SQL injection vulnerability (CVE-2026-9082) to its Known Exploited Vulnerabilities catalog.

This flaw allows anonymous attackers using PostgreSQL databases to achieve remote code ex*****on and elevate privileges.

Read the full technical breakdown to see the affected versions, remediation steps, and corresponding Qualys QIDs.
https://bit.ly/4vm2J95

05/26/2026

The disclosure-to-exploit window has collapsed from days to mere minutes.

With unreleased frontier AI models like Mythos autonomously finding and exploiting decades-old flaws and complex business logic vulnerabilities, security teams are facing a massive scale challenge. AI is automating the attacks- meaning your patching and remediation workflows must run at machine speed to keep up.

Watch the webinar to learn how to prepare your AppSec program for autonomous threats: https://bit.ly/43s4N3n

Most security breaches don’t start where they are found- they begin in your "temporary" test environments. While live ap...
05/26/2026

Most security breaches don’t start where they are found- they begin in your "temporary" test environments. While live apps get all the safety checks, open test servers and loose login access quietly give attackers an easy way in.

It’s time to stop ignoring your test setups and start locking them down early.

Read the full blog to learn how to catch hidden cloud risks before they cause real trouble: https://bit.ly/3RnHkO8

05/21/2026

Behind every security milestone and industry-leading innovation at Qualys is a powerhouse team- and the families who support them every single day.

Last Sunday, we opened our doors for Qualys Family Day!
Our office was filled with smiles, shared moments, and incredible company as our team brought their loved ones in for a day of interactive games, fun team activities, and dedicated wellness sessions.

It was the perfect reminder that while we work hard to secure the digital world, our culture is anchored in building a strong, supportive community right here at home. A huge thank you to all the families who joined us and made the day so memorable!

Want to bring your talent to a global team that prioritizes people and culture?
Explore our open roles and build your career with us.
Join the team: https://www.qualys.com/careers

05/20/2026

Attackers are now exploiting vulnerabilities in a matter of days - sometimes before patches are even available. If your organization still relies on manual, fragmented processes that take weeks to execute, traditional ticketing workflows are leaving you exposed.

The post-Mythos era demands a shift from human-speed workflows to machine-speed risk reduction. Learn how to close the gap between detection and remediation safely.

Here's why you should attend the Cyber Risk Series on June 10th:

> Automate with Confidence: Learn how to address the critical question of "trust" using exploit validation, phased deployment, rollback safeguards, and patchless mitigation.
> Isolate Real Risk: Discover how to operationalize hyper-prioritization to lock down truly exploitable vulnerabilities instead of chasing endless alerts.
> Get a Practical Blueprint: Move past simple, fast patching and learn how to reduce validated risk continuously, safely, and at scale.

Don’t let a fragmented remediation strategy slow down your security response.

Register now to secure your spot: https://bit.ly/4ujAJDa

Microsoft has patched an on-premises Exchange Server spoofing flaw (CVE-2026-42897) currently being exploited in the wil...
05/19/2026

Microsoft has patched an on-premises Exchange Server spoofing flaw (CVE-2026-42897) currently being exploited in the wild via malicious OWA emails.

Qualys customers can immediately scan for this active threat using QID 50146 to protect vulnerable endpoints.

Read our full threat breakdown and mitigation steps here: https://bit.ly/3R98Q1Q

Qualys Enterprise TruRisk Management (ETM) operationalizes findings from Anthropic and OpenAI within a unified risk engi...
05/19/2026

Qualys Enterprise TruRisk Management (ETM) operationalizes findings from Anthropic and OpenAI within a unified risk engine. While AI tools surface deep logic flaws, those findings don't mean much until it is attributed to an asset type with identity and ownership.

Instead of forcing code flaws into templates meant for servers, Qualys treats software code as a distinct category. This prevents vulnerabilities from getting lost or mislabeled.

Security teams can now manage AI risks alongside regular vulnerabilities in one dashboard. Analysts don’t have to learn a new workflow, and CISOs get an immediate, unified view of corporate risk.

Read the full blog here: https://bit.ly/4uhWJ11

05/19/2026

Federal compliance isn’t just a checkbox - a single blind spot can completely stall your Authority to Operate (ATO) and freeze critical public sector contracts. If you are handling sensitive federal data or partnering with government agencies, complying with the newest NIST 800-53 and FedRAMP mandates is a non-negotiable for success.

Join Qualys security leaders, Alex Kreilein and Abhinav Mishra, to learn how to move from chaotic, alert-driven compliance to automated, audit-ready cloud security.

Why you need to attend:
> Fast-Track Your ATO: Use pre-validated controls to radically shorten your authorization timeline.
> Stop Tool Fatigue: Consolidate your security stack to reduce audit scope and unify cloud visibility.
> Master High-Impact Controls: Confidently navigate complex NIST requirements without draining engineering resources.

Stop letting compliance blind spots jeopardize your deployment. Register now: https://bit.ly/4dsyGql

Address

Foster City, CA

Telephone

(800) 745-4355

Website

Alerts

Be the first to know and let us send you an email when Qualys posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share