Qualys

Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based IT, security

A critical server-side request forgery (SSRF) vulnerability (CVE-2026-20230) has been identified in Cisco Unified Commun...
06/08/2026

A critical server-side request forgery (SSRF) vulnerability (CVE-2026-20230) has been identified in Cisco Unified Communications Manager (CUCM).

If the WebDialer service is enabled, remote attackers can exploit improper input validation to write files to the underlying OS and elevate privileges to root. Protect your collaboration infrastructure by identifying exposed assets and applying the necessary patches immediately.

Read the blog - https://bit.ly/4omdLJi

06/03/2026

Introducing Qualys EOL/EOS Software Detection for Containers. Critical software components are increasingly buried inside container images and Kubernetes workloads, creating invisible technical debt that traditional asset inventory tools miss.

With our new deployment-aware capabilities, you can continuously catalog container software, detect unsupported packages, and map lifecycle risks directly to active production workloads.

Take a proactive approach to modern cloud governance and secure your application stacks before vendor support runs out.

Read our technical breakdown to eliminate container software blind spots:
https://blog.qualys.com/product-tech/2026/05/28/eol-eos-software-detection-containers-kubernetes

CISA has added a critical Palo Alto Networks PAN-OS GlobalProtect vulnerability (CVE-2026-0257) to its Known Exploited V...
06/03/2026

CISA has added a critical Palo Alto Networks PAN-OS GlobalProtect vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities catalog following active wild exploitation. The flaw allows remote, unauthenticated attackers to forge authentication override cookies and bypass security validation to establish unauthorized VPN connections.

Read the full technical breakdown: https://bit.ly/4dSDRQB

Notepad++ has released a security advisory addressing multiple critical vulnerabilities, including two arbitrary code ex...
06/02/2026

Notepad++ has released a security advisory addressing multiple critical vulnerabilities, including two arbitrary code ex*****on flaws. The most severe flaw, CVE-2026-48778, allows attackers to silently run malicious code on a victim's machine via unvalidated config.xml files. Organizations using this popular text editor must upgrade to version v8.9.6.1 immediately to eliminate the exposure.

Read the full technical breakdown and find your corresponding Qualys QID here: https://bit.ly/4dYYlWm

06/02/2026

91% of engineering teams hit a wall at the exact same stage of scaling microservices. It’s not your scanners. It's handling the noise.

How do you know your AppSec program is hitting its breaking point?

Here are three indicators:
• Shadow assets explode out of nowhere
• Endless firefighting of sudden zero-day incidents
• Backlogs expand without clear prioritization

Traditional AppSec wasn't built for API-driven scale. Stop managing noise. Start managing risk.

Watch the full "Modern AppSec Is Broken" webinar for the fix:
https://bit.ly/4fljFrE

CISA has added the active Drupal Core SQL injection vulnerability (CVE-2026-9082) to its Known Exploited Vulnerabilities...
06/02/2026

CISA has added the active Drupal Core SQL injection vulnerability (CVE-2026-9082) to its Known Exploited Vulnerabilities catalog.

This flaw allows anonymous attackers using PostgreSQL databases to achieve remote code ex*****on and elevate privileges.

Read the full technical breakdown to see the affected versions, remediation steps, and corresponding Qualys QIDs.
https://bit.ly/4vm2J95

05/26/2026

The disclosure-to-exploit window has collapsed from days to mere minutes.

With unreleased frontier AI models like Mythos autonomously finding and exploiting decades-old flaws and complex business logic vulnerabilities, security teams are facing a massive scale challenge. AI is automating the attacks- meaning your patching and remediation workflows must run at machine speed to keep up.

Watch the webinar to learn how to prepare your AppSec program for autonomous threats: https://bit.ly/43s4N3n

Most security breaches don’t start where they are found- they begin in your "temporary" test environments. While live ap...
05/26/2026

Most security breaches don’t start where they are found- they begin in your "temporary" test environments. While live apps get all the safety checks, open test servers and loose login access quietly give attackers an easy way in.

It’s time to stop ignoring your test setups and start locking them down early.

Read the full blog to learn how to catch hidden cloud risks before they cause real trouble: https://bit.ly/3RnHkO8

05/21/2026

Behind every security milestone and industry-leading innovation at Qualys is a powerhouse team- and the families who support them every single day.

Last Sunday, we opened our doors for Qualys Family Day!
Our office was filled with smiles, shared moments, and incredible company as our team brought their loved ones in for a day of interactive games, fun team activities, and dedicated wellness sessions.

It was the perfect reminder that while we work hard to secure the digital world, our culture is anchored in building a strong, supportive community right here at home. A huge thank you to all the families who joined us and made the day so memorable!

Want to bring your talent to a global team that prioritizes people and culture?
Explore our open roles and build your career with us.
Join the team: https://www.qualys.com/careers

05/20/2026

Attackers are now exploiting vulnerabilities in a matter of days - sometimes before patches are even available. If your organization still relies on manual, fragmented processes that take weeks to execute, traditional ticketing workflows are leaving you exposed.

The post-Mythos era demands a shift from human-speed workflows to machine-speed risk reduction. Learn how to close the gap between detection and remediation safely.

Here's why you should attend the Cyber Risk Series on June 10th:

> Automate with Confidence: Learn how to address the critical question of "trust" using exploit validation, phased deployment, rollback safeguards, and patchless mitigation.
> Isolate Real Risk: Discover how to operationalize hyper-prioritization to lock down truly exploitable vulnerabilities instead of chasing endless alerts.
> Get a Practical Blueprint: Move past simple, fast patching and learn how to reduce validated risk continuously, safely, and at scale.

Don’t let a fragmented remediation strategy slow down your security response.

Register now to secure your spot: https://bit.ly/4ujAJDa

Address

Foster City, CA

Telephone

(800) 745-4355

Website

Alerts

Be the first to know and let us send you an email when Qualys posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share