March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for March 2025 Microsoft Patch’s Tuesday, March 2025 edition addressed 67 vulnerabilities, including six critical and 51 important severity vulnerabilities ..read more

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” — Sun Tzu Security and IT teams are drowning in alerts, scrambling to patch everything they can, yet breaches still happen. Not all vulnerabilities pose the same risk. While reducing totals may seem like progress, without clear priorities, security ..read more

Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate vulnerabilities at scale using Qualys’ threat-informed, runtime-aware security intelligence alongside ServiceNow’s enterprise-grade workflow automation. This partnership ensures vulnerabilities in ephemeral, hard-to-track ..read more

Artificial Intelligence (AI) technologies are reshaping industries at an unprecedented pace. But while these technologies present incredible opportunities for innovation, they also pose unique risks. AI systems are no longer just futuristic concepts; they are actively influencing business decisions, customer interactions, and even regulatory landscapes. As AI capabilities grow, so does the need for robust ..read more

As the modern attack surface continues to grow in complexity, the need for simplified asset discovery and risk assessment has never been more acute. In 2021, Qualys introduced CyberSecurity Asset Management (CSAM), a visionary ASM offering designed to bolster the customer’s coverage of the attack surface within a risk-based vulnerability management program. As ASM use ..read more

The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership. We’ve analyzed these newly ..read more

We’re excited to announce that Qualys TotalCloud Kubernetes and Container Security (KCS) has achieved the Red Hat Vulnerability Scanning Certification, reinforcing our commitment to unbiased, 6-sigma accurate vulnerability detection. By meeting Red Hat’s rigorous security standards, Qualys TotalCloud KCS extends its industry-leading accuracy across Red Hat OpenShift, Quay.io, RHEL, and CoreOS—critical components in modern cloud-native ..read more

What if your vulnerability management tool did more than just scan and instead helped you take control of cyber risks across your business? CISA defines “vulnerability management” as the process by which organizations identify, analyze, and manage vulnerabilities in a critical service’s operating environment. Note the emphasis on criticality and on the outcome: managing risk ..read more

Compliance audit failures remain a critical challenge for organizations, particularly in database security. According to the 2024 Thales Data Threat Report, nearly 43% of companies failed at least one compliance audit in the past year. This is a significant concern because audit failures correlate strongly with security incidents—organizations that failed audits were ten times more ..read more

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalence of exploited vulnerabilities, persistent cloud misconfigurations, and exposure to identity leaks, traditional approaches to vulnerability scanning are no longer ..read more