| 2024-04-17 |
Oracle Patch Update, April 2024 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2024-04-16 |
WordPress Remote Code Execution via Plugin Upload (CVE-2024-31210) |
Product and Tech ‧ Hitesh Kadu |
|
| 2024-04-10 |
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2024-04-03 |
Key Insights from the NCSC’s Vulnerability Management Guidance |
Product and Tech ‧ Saeed Abbasi |
|
| 2024-03-30 |
XZ Utils SSHd Backdoor |
Vulnerabilities and Threat Research ‧ Diksha Ojha |
|
| 2023-09-04 |
Qualys Top 20 Most Exploited Vulnerabilities |
Vulnerabilities and Threat Research ‧ Ramesh Ramachandran |
|
| 2023-08-29 |
Risk Fact #4: Malware in your Cloud means Exploitation is underway |
Vulnerabilities and Threat Research ‧ Nayeem Islam |
|
| 2023-08-18 |
Risk Fact #3: External-Facing Vulnerabilities Cloud Security Research Risk Fact |
Vulnerabilities and Threat Research ‧ Aubrey Perin |
|
| 2023-08-10 |
Risk Fact #2: Weaponized Vulnerabilities Cloud Security Research Risk Fact |
Vulnerabilities and Threat Research ‧ Parag Bajaria |
|
| 2023-08-09 |
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-08-01 |
Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-07-20 |
Oracle Patch Tuesday, July 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-07-20 |
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2023-07-18 |
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition) |
Vulnerabilities and Threat Research ‧ Ramesh Ramachandran |
|
| 2023-07-12 |
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-06-14 |
Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-06-08 |
Progress MOVEit Transfer Vulnerability Being Actively Exploited |
Vulnerabilities and Threat Research ‧ Kunal Modasiya |
|
| 2023-06-07 |
Behind the Screen: Three Vulnerabilities in RenderDoc |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2023-05-18 |
New Strain of Sotdas Malware Discovered |
Vulnerabilities and Threat Research ‧ Viren Chaudhari |
|
| 2023-05-10 |
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-04-19 |
Oracle Patch Tuesday April 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-04-19 |
Qualys Security Updates: Cloud Agent for Windows and Mac |
Vulnerabilities and Threat Research ‧ Alex Kreilein |
|
| 2023-04-12 |
Microsoft and Adobe Patch Tuesday April 2023 Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-04-04 |
3CXDesktopApp Backdoored in a Suspected Lazarus Campaign |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2023-04-04 |
Risk Fact #5: Infrastructure Misconfigurations Open the Door to Ransomware |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-04-01 |
Risk Fact #4: Misconfigurations Still Prevalent in Web Applications |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-03-31 |
Risk-based Vulnerability Management Combined With A Cyber Risk Management Platform |
Vulnerabilities and Threat Research ‧ Thomas Nuth |
|
| 2023-03-31 |
Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-03-30 |
Risk Fact #2: Automation Is the Difference Between Success and Failure |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-03-28 |
Risk Fact #1: Speed Is the Key to Out-Maneuvering Adversaries |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2023-03-22 |
ACSC Essential 8 Cybersecurity Strategies, Maturity Levels, and Best Practices |
Qualys Insights ‧ Aparna Hinge |
|
| 2023-03-15 |
Staying Ahead of Ransomware Threats |
Product and Tech ‧ Saeed Abbasi |
|
| 2023-03-15 |
The March 2023 Patch Tuesday Security Update Review |
Patch Tuesday ‧ Diksha Ojha |
|
| 2023-02-22 |
What’s Next After Log4Shell? |
Vulnerabilities and Threat Research ‧ Lavish Jhamb |
|
| 2023-02-16 |
Forta GoAnywhere Zero-Day Exploited By Threat Actors |
Vulnerabilities and Threat Research ‧ Bharat Jogi |
|
| 2023-02-15 |
The February 2023 Patch Tuesday Security Update Review |
Patch Tuesday ‧ Ankit Malhotra |
|
| 2023-02-08 |
Ransomware Targets Outdated VMware ESXi Hypervisors: Protect Your Systems Now! |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2023-02-04 |
CVE-2023-25136: Pre-Auth Double Free Vulnerability in OpenSSH Server 9.1 |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2023-01-18 |
The January 2023 Oracle Critical Patch Update |
Patch Tuesday ‧ Saeed Abbasi |
|
| 2023-01-16 |
Detection of Vulnerabilities in JavaScript Libraries |
Vulnerabilities and Threat Research ‧ Mayank Deshmukh |
|
| 2023-01-11 |
The January 2023 Patch Tuesday Security Update Review |
Patch Tuesday ‧ Saeed Abbasi |
|
| 2023-01-11 |
Driving CISA Compliance with Qualys |
Vulnerabilities and Threat Research ‧ Thomas Nuth |
|
| 2023-01-03 |
Implement Risk-Based Vulnerability Management with Qualys TruRisk™: Part 3 |
Product and Tech ‧ Swapnil Ahirrao |
|
| 2023-01-03 |
BitRAT Now Sharing Sensitive Bank Data as a Lure |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2022-12-30 |
Qualys Threat Research Unit: Threat Thursdays, December 2022 |
Threat Thursday ‧ Mayuresh Dani |
|
| 2022-12-16 |
Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 2 |
Product and Tech ‧ Swapnil Ahirrao |
|
| 2022-12-14 |
The December 2022 Patch Tuesday Security Update Review |
Patch Tuesday ‧ Saeed Abbasi |
|
| 2022-12-14 |
The December 2022 Patch Tuesday Security Update Review |
Patch Tuesday ‧ Saeed Abbasi |
|
| 2022-12-13 |
Dissecting the Empire C2 Framework |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2022-12-13 |
Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 1 |
Product and Tech ‧ Swapnil Ahirrao |
|
| 2022-12-02 |
Out-of-Band Detections Using Qualys Periscope |
Product and Tech ‧ Ed Arnold |
|
| 2022-12-01 |
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2022-11-22 |
Ease Your Cybersecurity Maturity Model Certification Journey With Qualys |
Vulnerabilities and Threat Research ‧ Aparna Hinge |
|
| 2022-11-17 |
In-Depth Look Into Data-Driven Science Behind Qualys TruRisk |
Qualys Insights ‧ Amir Mukeri |
|
| 2022-11-11 |
QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield |
QSC ‧ David Strom |
|
| 2022-11-09 |
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years). |
Patch Tuesday ‧ Debra M. Fezza Reed |
|
| 2022-11-09 |
Get Your Patch Tuesday Vulnerabilities Patched on Tuesday |
Vulnerabilities and Threat Research ‧ Eran Livne |
|
| 2022-11-04 |
OpenSSL Vulnerability Recap |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2022-10-31 |
Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know |
Vulnerabilities and Threat Research ‧ Bharat Jogi |
|
| 2022-10-29 |
Chrome Zero Day – Just Before the Weekend (again) |
Vulnerabilities and Threat Research ‧ Eran Livne |
|
| 2022-10-28 |
Qualys Research Team: Threat Thursdays, October 2022 |
Threat Thursday ‧ Mayuresh Dani |
|
| 2022-10-28 |
Text4Shell: Detect, Prioritize and Remediate The Risk Across On-premise, Cloud, Container Environment Using Qualys Platform |
Vulnerabilities and Threat Research ‧ Bharat Jogi |
|
| 2022-10-26 |
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) |
Vulnerabilities and Threat Research ‧ Bharat Jogi |
|
| 2022-10-26 |
CVE-2022-42889: Detect Text4Shell via Qualys Container Security |
Vulnerabilities and Threat Research ‧ Kong Yew Chan |
|
| 2022-10-15 |
JSON Web Token (JWT) Weaknesses |
Vulnerabilities and Threat Research ‧ Ed Arnold |
|
| 2022-10-13 |
Creating Awareness of External JavaScript Libraries in Web Applications |
Vulnerabilities and Threat Research ‧ Ed Arnold |
|
| 2022-10-13 |
Award-winning Qualys Vulnerability and Compliance Solution now available on IBM zSystems & LinuxONE |
Vulnerabilities and Threat Research ‧ Himanshu Kathpal |
|
| 2022-10-12 |
JSON Web Token (JWT) Weaknesses |
Vulnerabilities and Threat Research ‧ Ed Arnold |
|
| 2022-10-12 |
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical. |
Patch Tuesday ‧ Debra M. Fezza Reed |
|
| 2022-10-10 |
In-Depth Look Into Data-Driven Science Behind Qualys TruRisk |
Vulnerabilities and Threat Research ‧ Amir Mukeri |
|
| 2022-10-08 |
NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors |
Vulnerabilities and Threat Research ‧ Saeed Abbasi |
|
| 2022-10-04 |
Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform |
Vulnerabilities and Threat Research ‧ Travis Smith |
|
| 2022-10-03 |
WhatsApp Fixed Critical Vulnerabilities that Could Let an Attacker Hack Devices Remotely – Automatically Discover and Remediate Using VMDR Mobile |
Vulnerabilities and Threat Research ‧ Swapnil Ahirrao |
|
| 2022-09-29 |
Qualys Threat Research Thursday |
Vulnerabilities and Threat Research ‧ Mayuresh Dani |
|
| 2022-09-29 |
Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation |
Vulnerabilities and Threat Research ‧ Lavish Jhamb |
|
| 2022-09-28 |
Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation |
Vulnerabilities and Threat Research ‧ Aparna Hinge |
|
| 2022-09-14 |
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-09-02 |
Introducing Qualys Threat Research Thursdays |
Vulnerabilities and Threat Research ‧ Mayuresh Dani |
|
| 2022-08-23 |
Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls |
Vulnerabilities and Threat Research ‧ Aparna Hinge |
|
| 2022-08-17 |
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138) |
Vulnerabilities and Threat Research ‧ Mayank Deshmukh |
|
| 2022-08-17 |
AsyncRAT C2 Framework: Overview, Technical Analysis & Detection |
Vulnerabilities and Threat Research ‧ Pawan Kumar N |
|
| 2022-08-10 |
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-08-01 |
Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor |
Vulnerabilities and Threat Research ‧ Harshal Tupsamudre |
|
| 2022-07-30 |
New Qualys Research Report: Evolution of Quasar RAT |
Vulnerabilities and Threat Research ‧ Viren Chaudhari |
|
| 2022-07-13 |
July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-06-30 |
Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134) |
Vulnerabilities and Threat Research ‧ Mayank Deshmukh |
|
| 2022-06-21 |
Defending Against Scheduled Task Attacks in Windows Environments |
Vulnerabilities and Threat Research ‧ Harshal Tupsamudre |
|
| 2022-06-16 |
New Qualys Research Report: Inside a Redline InfoStealer Campaign |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2022-06-15 |
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-05-13 |
May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-05-09 |
Ursnif Malware Banks on News Events for Phishing Attacks |
Vulnerabilities and Threat Research ‧ Amit Gadhave |
|
| 2022-05-06 |
CISA Alert: Top 15 Routinely Exploited Vulnerabilities |
Vulnerabilities and Threat Research ‧ Swapnil Ahirrao |
|
| 2022-05-06 |
Ransomware Insights from the FBI’s 2021 Internet Crime Report |
Vulnerabilities and Threat Research ‧ Swapnil Ahirrao |
|
| 2022-05-04 |
Ransomware Insights from the FBI’s 2021 Internet Crime Report |
Vulnerabilities and Threat Research ‧ Swapnil Ahirrao |
|
| 2022-04-21 |
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2) |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2022-04-13 |
April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical. |
Vulnerabilities and Threat Research ‧ Debra M. Fezza Reed |
|
| 2022-04-01 |
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability |
Vulnerabilities and Threat Research ‧ Bharat Jogi |
|
| 2022-03-22 |
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1) |
Vulnerabilities and Threat Research ‧ Akshat Pradhan |
|
| 2022-03-18 |
Infographic: Log4Shell Vulnerability Impact by the Numbers |
Vulnerabilities and Threat Research ‧ Qualys Research Team |
|
| 2022-03-18 |
Qualys Study Reveals How Enterprises Responded to Log4Shell |
Vulnerabilities and Threat Research ‧ Mehul Revankar |
|
