Qualys

The physics of remediation are breaking. For years, security teams assumed they could outrun attackers—reduce MTTR, patch faster, stay ahead. That model no longer holds. In our latest Qualys Threat Research Unit report, The Broken Physics of Remediation, we analyzed 1B+ CISA KEV records across 10,000 organizations. The findings are clear: ✅ Critical vulnerability volume is up 6.5x, while exposure windows continue to grow ✅ Organizational attack surfaces have expanded faster than teams can absorb ✅ Time-to-Exploit is now negative—vulnerabilities are weaponized before patches exist The problem is not speed; it is the operational model itself. Any architecture that depends on human-speed response carries structural risk. The shift to autonomous defense through a Risk Operations Center is no longer optional. Read the report: qualys.com/forms/whitepap… #RiskOperationsCenter #CyberSecurity

A new Linux kernel vulnerability named ‘Fragnesia’ (CVE-2026-46300) has been identified, allowing unprivileged local attackers to gain root privileges across all major distributions. Qualys customers can detect vulnerable assets using QID 387375 to mitigate this "DirtyFrag" family variant. Users are urged to apply the latest kernel patches or follow recommended module removal steps to secure their systems. Read the full technical analysis here: bit.ly/4dKQQ6v #Linux #Fragnesia #CyberSecurity

A critical memory corruption vulnerability, tracked as CVE-2026-42945, has been identified in NGINX Plus and NGINX Open Source. This 18-year-old flaw could allow an unauthenticated attacker to trigger a heap buffer overflow, leading to denial-of-service or remote code execution. Qualys customers can immediately detect vulnerable assets using QID 734246 to secure their environments. Ensure your systems are patched by upgrading to the latest NGINX versions today. Read the full technical breakdown here: bit.ly/4wx56Hk #NGINX #CyberSecurity #VulnerabilityManagement

Qualys is proud to sponsor the 3rd Annual Toronto Cybersecurity Summit on Tuesday, May 19, 2026! The Summit gathers industry professionals & business executives from the region, leading cyber experts, and cutting-edge solution providers for a day of valuable learning, and an impressive technology showcase. You can earn continuing education credits and enjoy a catered breakfast, lunch & cocktail reception. Register today with our promo code to receive FREE admission. invt.io/1lxbxz77v89 #Qualys #cybersecurity #CRAevents #OfficialCyberSecuritySummit

The world’s second-largest sport is thriving in the U.S. with Major League Cricket! For the second year, Qualys is the major partner of the @SFOUnicorns! 🦄 We invite security leaders to our exclusive suite experiences in Dallas, Oakland, and Los Angeles. Join us for a match, connect with Qualys executives, and network with your peers—all in a premium, relaxed setting. There will also be opportunities throughout the season to meet players and cricket legends. Suite tickets are limited. Reserve your spot: qualys.com/2026/unicorns #Cybersecurity #MLC #SanFranciscoUnicorns #Qualys

Qualys TotalCloud™ has achieved FedRAMP High Authorization, enabling agencies to inherit 421+ validated NIST 800-53 High controls and reduce audit costs by up to 40%. By unifying visibility and autonomous remediation, the platform helps organizations meet mandatory CISA directives (BOD 22-01 and 23-01) at machine speed. Explore the carousel to see how we bridge the gap from compliance to defense. Read the full blog here: bit.ly/3R8Rylp #FedRAMP #Qualys #CloudSecurity

Too much data can be just as detrimental as too little – and the same goes for business as well as sports. Qualys President & CEO Sumedh Thakar discusses with commenter and former Cricketer @MichaelVaughan on the similarities between cybersecurity and cricket at ROCon EMEA 2026. We’re excited for yet another exciting season for both Qualys and the @SFOUnicorns! 🦄 #SFUnicorns #Cricket #CyberSecurity

This Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the need for timely patching in an increasingly threat-heavy landscape. This month’s release addresses 137 vulnerabilities, including 30 critical vulnerabilities. Included are fixes for several high-severity issues that could potentially enable remote code execution, privilege escalation, or denial-of-service attacks. See a breakdown of everything you need to know in our post: blog.qualys.com/vulnerabilitie… #PatchTuesday #Cybersecurity

A critical vulnerability in Ollama (CVE-2026-7482) is putting local LLM deployments at risk of remote memory leaks. With a CVSS score of 9.9, unauthenticated attackers can exploit the GGUF loader to exfiltrate sensitive data like API keys and system prompts. Upgrade to version 0.17.1 immediately and use Qualys to detect vulnerable assets in your environment. Read the full threat analysis: bit.ly/48TOpfi #Ollama #CyberSecurity #LLM #Qualys

A critical vulnerability in Ollama (CVE-2026-7482) is putting local LLM deployments at risk of remote memory leaks. With a CVSS score of 9.9, unauthenticated attackers can exploit the GGUF loader to exfiltrate sensitive data like API keys and system prompts. Upgrade to version 0.17.1 immediately and use Qualys to detect vulnerable assets in your environment. Read the full threat analysis: bit.ly/48TOpfi #Ollama #CyberSecurity #LLM #Qualys

We’re pleased to announce that Qualys is working with @OpenAI for their Trusted Access for Cyber (TAC) program. TAC is an identity and trust-based framework that places cyber capabilities in the right hands. Our Chief Technology Officer Dilip Bachwani sums up our relationship here: "The enhanced cyber capabilities and reasoning of OpenAI’s latest frontier models are a force multiplier for our research teams. Qualys’ partnership with OpenAI enables us to apply cutting-edge AI to the most challenging areas of security research, helping us build a more proactive and resilient defense for the industry." As part of the program, we're excited to support our customers in exploit validation with TruConfirm, and autonomous remediation, patching, and mitigations with TruRisk Eliminate." #OpenAI #GPT #TrustedAccessforCyber #Qualys

Don't miss out on ROCon Public Sector 2026, coming in less than a week! We'll be bringing together national security experts and cybersecurity professionals for a full day event of speaking sessions at Tysons Corner, VA on May 14. Our sessions will cover managing real-world risk, modernizing legacy systems, advancing Zero Trust, and more. Don’t miss this opportunity to get a better look at how federal organizations strengthen cyber resilience. Register now and hear from Qualys experts like @jonathantrull events.govexec.com/qualys-rocon-p… #CyberSecurity #PublicSector #CyberResilience #ROCon2026

A critical vm2 sandbox escape vulnerability (CVE-2026-26956) could allow attackers to break out of the Node.js sandbox and execute arbitrary code on the host system. With public PoC code available, organizations using vm2 should act quickly to assess exposure and patch impacted environments. Upgrade guidance, affected versions, and detection details are now available in our latest blog. Read more and stay ahead of emerging threats: bit.ly/4cYrTnT #CyberSecurity #NodeJS #VulnerabilityManagement

AI isn’t coming—it’s already here. At ROCon EMEA, Dilip Bachwani breaks down the reality that cybersecurity teams are facing today – that AI adoption is accelerating faster than governance, visibility, and control. Dilip covers the pervasive presence of AI in cybersecurity and how to combat AI-powered attackers. Watch his whole session, “AI Risk: Don’t Fall Behind” here. youtube.com/watch?v=-5hIje… #AI #Cybersecurity

A critical PAN-OS vulnerability (CVE-2026-0300) is being actively exploited, putting exposed User-ID Authentication Portals at risk of remote code execution. Organizations using affected PAN-OS versions should take immediate action and prioritize mitigation. Learn the impact, affected versions, and patch timelines in our latest blog. Read now: bit.ly/4eyKok8 #CyberSecurity #VulnerabilityManagement #ThreatIntel

Qualys and Converge launch cyber insurance report tied to security controls... Read more: cyberriskleaders.com/qualys-and-con… @qualys #CyberInsurance #CyberSecurity #RiskManagement #VulnerabilityManagement #InsurTech #DataDrivenSecurity #CyberResilience #Compliance #TruRisk

Qualys is proud to be a Supporting sponsor at AiSecCon hosted by @siberXorg! Join us in person to discover how our single, unified platform empowers teams to prioritize, remediate, and eliminate risks effectively. Stop by the Qualys booth to connect with our team and learn how to de-risk your business today! siberx.org/event/siberxco… #Cybersecurity #RiskManagement #siberXcon2026

Cyber insurance has a measurement problem. Most underwriters still rely on self-reported static questionnaires that are time-consuming, inconsistent, and disconnected from their security programs. We’ve partnered with @Converge_Ins to bring you #ConvergeConnect, a strategic offering that connects Qualys Enterprise TruRisk Management (#ETM) directly with the cyber insurance underwriting process for potentially lower premiums. Learn about how this tool can help your organization with its insurance applications or renewals. blog.qualys.com/product-tech/2… #Converge #Insurance #Cybersecurity

Qualys announced Q2 earnings today and its performance reflects strong adoption of our AI-native Risk Operation Center (ROC), continued innovation and early momentum with QFlex. These results position us to deliver durable, profitable growth while reducing complexity and accelerating response to modern threats.