Qualys

F5 has confirmed a long-term breach by a nation-state attacker involving theft of BIG-IP source code and unpatched vulnerability details. CISA has labeled this an imminent threat, and organizations must act now to identify exposed assets, harden management planes, and accelerate remediation. Our latest blog outlines the steps security teams should take and how Qualys CyberSecurity Asset Management and VMDR help detect and prioritize F5-related risks with speed and clarity. Read the full guidance: https://bit.ly/4oy4nRG #ThreatProtection #VulnerabilityManagement

The Qualys TruRisk™ Platform delivers both speed and stability by embedding resilience at every layer. A single flawed update can ripple across thousands of endpoints, halting operations and costing enterprises millions. With Manifest Version Control in the Qualys TruRisk Platform, organizations gain the resilience to deploy fast without risking fragility – using buffers, canaries, and rollback safeguards to protect uptime while staying ahead of threats. Read how Qualys builds resilience into the update lifecycle: https://bit.ly/3JiVD2F #CyberResilience #TruRisk

F5 disclosed a breach that led to the theft of BIG-IP source code and details of unpatched vulnerabilities, following a year-long cyber espionage campaign attributed to a Chinese state-linked threat group. The attackers used custom malware to infiltrate F5 systems, and CISA has issued an emergency directive urging organizations to secure exposed BIG-IP interfaces and apply critical updates. Learn more about the breach and affected versions in this blog: bit.ly/4qpvvEg #ThreatProtection #VulnerabilityManagement

Four days. Countless insights. One shared mission – redefining how the world manages cyber risk. #ROCon25 brought together global security leaders, partners, and innovators to advance the next era of risk management. From deep-dive sessions on Agentic AI, identity risk, compliance, cloud security, patch management and threat intelligence, every conversation underscored a single truth: cybersecurity is no longer about reacting, it's about operating with intelligence and precision. Thank you to every speaker, partner, customer and attendee who made #ROCon25 an unforgettable experience. The conversations sparked here will continue to shape how organizations everywhere measure, manage, and eliminate risk. This is just the beginning – together, we're powering the next frontier of Risk Operations for the AI era. #RiskManagement #ROC

Veeam addressed critical vulnerabilities in its Backup and Replication application. Successful exploitation could allow an authenticated domain user to take full control of the backup environment, leading to data theft, loss of backup integrity, and potential compromise of production systems. Learn more about the vulnerabilities, affected versions and mitigation details in this blog: https://bit.ly/4qkjHTG #ThreatProtection #VulnerabilityManagement

We were proud to host talented students from the Lila Poonawalla Foundation - India, for an inspiring visit at the Qualys Pune office. The day focused on sparking curiosity and building confidence – from leadership-led sessions on soft skills, decision-making, and cybersecurity, to an immersive tour showcasing our collaborative work environment. The visit concluded on a high note, as our CHRO, Rima Bruno, awarded scholarships to each student in recognition of their hard work and potential. We hope this experience inspires them to pursue their ambitions fearlessly. At Qualys, we’re committed to creating opportunities for learners to engage with real-world ideas and decision-making. #LifeAtQualys

GenAI is transforming how businesses operate – driving insights, automation, and innovation. But it’s also creating new risks: compromised data, untrusted inputs, rogue tools, and malicious memory that can undermine AI systems from within. At #ROCon25, Asma Z. unpacks the many risks of Generative and Agentic AI – from compromised data and evaluation tools to untrusted inputs, uncontrolled tool access, and even malicious memory. She shows how to manage AI risk holistically through Risk Operations with Qualys TotalAI, built on four key pillars: complete visibility into your AI stack, vulnerability assessment, model risk evaluation, and continuous reporting and compliance. #TotalAI #RiskManagement #ROC

Most organizations are flooded with metrics yet lack context on how their response times compare to peers. At #ROCon25, April Lenhard introduces Qualys TruLens, a unified threat intelligence hub that brings together data from vulnerabilities, adversaries, insights, and research. TruLens benchmarks median time to remediate (MTTR) across industries, correlating asset, configuration, and threat data to connect global risk signals to your actual exposure – enabling faster, context-driven decisions and measurable risk reduction. Learn more in this blog: https://bit.ly/47a6iod #ThreatIntelligence #RiskManagement #AgenticAI

AI is transforming how we build and deploy applications – and with it, the attack surface is expanding faster than ever. Traditional testing tools can’t always keep up, leaving gaps that attackers exploit. In this session at #ROCon25, Asma Z. from Qualys, and Joe Moore of Siemens PLM Software, show how to close those gaps with unified visibility and control across your entire application landscape. They’re diving into how AI and LLM adoption is reshaping risk profiles, how to assess applications and APIs holistically, and how to streamline remediation to match the speed of modern release cycles. See how Qualys TotalAppSec turns visibility into action – from discovery to remediation – to secure your applications at scale. #ApplicationSecurity #RiskManagement

Himanshu Kathpal of Qualys and Corey Amsler from GE Vernova present this session on why firewalls can’t stop what identity compromise starts. At #ROCon25, discover why identity is now the most exploited risk surface—and how to build a Risk Operations Center (ROC) resilient against privilege abuse across Active Directory, Entra ID, and more. Corey outlines the identity challenge GE Vernova faced: 75,000 employees meant 75,000 assets, each requiring continuous compliance and control. To address this, the team adopted a holistic approach to identity security, emphasizing unified visibility as the key to managing the most exploited risk surface. Qualys ETM Identity advances this vision by quantifying per-identity exposure through an Identity TruRisk Score—a single number between 1 and 1000 that rolls into the organization’s overall TruRisk®, providing a unified, data-driven measure of identity risk. Read more in the blog: https://bit.ly/47tMkGn #IdentitySecurity #RiskManagement