@qualysofficial.bsky.social
The official Blue Sky channel for Qualys the leading provider of #cloud #security and #compliance solutions. www.qualys.com
A critical Fortinet FortiWeb auth bypass (CVE-2025-64446) is being actively exploited, giving attackers full control of vulnerable devices. CISA has added it to the KEV with a Nov 21 deadline. Learn about the exploit, affected versions, & mitigation steps: https://bit.ly/4o0shEt
15.11.2025 02:27 β π 0 π 0 π¬ 0 π 0
Oracle has issued its third Critical Patch Update of the year, addressing 374 vulnerabilities across its portfolio. Oracle Communications received the most fixes, followed by Communications Applications and Financial Services. Read the full analysis: https://bit.ly/4noXkd5
23.10.2025 15:19 β π 0 π 0 π¬ 0 π 0
F5 has disclosed a long-term breach by a nation-state attacker involving stolen BIG-IP source code & unpatched vulnerabilities. With CISA warning of an imminent threat, organizations must quickly identify exposed assets & speed up remediation. Read more: https://bit.ly/4oy4nRG
21.10.2025 00:27 β π 0 π 1 π¬ 0 π 0
Oracle addressed a high-severity vulnerability in its E-Business Suite. Exploitation could let an unauthenticated remote attacker compromise Oracle Configurator Runtime UI. Read the blog for affected versions and mitigation guidance: https://bit.ly/3W5B4cU
#ThreatProtection
Expert-led cybersecurity training at #ROCon25. Hereβs a glimpse as our instructor walks through the 5 Steps to TruRisk Reduction dashboard β demonstrating how to identify what truly needs your focus across complex vulnerability data.
#RiskManagement
This monthβs @MsftSecIntel Patch Tuesday fixes 193 vulnerabilities, including 9 Critical & 6 zero-days, with 4 actively exploited & 2 publicly disclosed. Get the details in this blog: https://bit.ly/48vQNcH.
Join the @Qualys TRU webinar this Thursday: https://bit.ly/474T78a
Broadcom addressed a critical CVE in VMwareβs guest service discovery features. Exploitation could allow an unprivileged user to escalate privileges to root on the same VM. Researchers confirmed that it has been exploited in the wild. Learn more: https://bit.ly/4mKu9Rq
02.10.2025 15:28 β π 0 π 0 π¬ 0 π 0
Researchers discovered a malicious modification in the npm package postmark-mcp. By adding a blind copy to an external domain, attackers secretly exfiltrated email contents. This is the first known case of an MCP server exploited in the wild. Blog: https://bit.ly/474o8dy
30.09.2025 19:28 β π 0 π 0 π¬ 0 π 0
SolarWinds fixed a critical CVE in its Web Help Desk software. Successful exploitation of the flaw could allow an unauthenticated attacker to execute arbitrary code on the target system. Learn more about the vulnerability, affected versions & mitigation: https://bit.ly/46yJPAZ
26.09.2025 21:06 β π 0 π 0 π¬ 0 π 0
@Cisco patched a critical zero-day flaw in IOS & IOS XE Software. Exploitation could let low-privileged attackers cause DoS, while high-privileged attackers could execute code as root and fully compromise systems. Read the blog for mitigation details: https://bit.ly/3IChLok
25.09.2025 23:16 β π 0 π 0 π¬ 0 π 0
Fortra released security updates for a critical flaw (CVE-2025-10035) in GoAnywhere MFT License Servlet. With a CVSS of 10, exploitation could allow unauthenticated remote code execution. Learn more in this blog: https://bit.ly/4nkBFDA
#ThreatProtection #VulnerabilityManagement
Attackers exploited SharePoint ToolShell flaws to hit 145+ orgs, incl. US agencies. The campaign persisted even after patches with stealth tactics. Saeed Abbasi of @qualys.bsky.social says that when patching isnβt possible, use advanced remediation: https://bit.ly/3K6LbeU via @ismsonline.bsky.social
19.09.2025 17:45 β π 1 π 0 π¬ 0 π 0
Google released security updates to fix a critical CVE in the Chrome browser. Successful exploitation of the type confusion flaw in the V8 JavaScript & WebAssembly engine, has already been observed in the wild by Google Threat Analysis Group. Learn more: https://bit.ly/42EBpa1
19.09.2025 13:40 β π 0 π 0 π¬ 0 π 0
Over 400 npm packages have been compromised in in an ongoing supply chain attack. With 2.6B weekly downloads, thousands of apps are at risk, along with likelihood of further impact. No patches yes, users should uninstall the affected packages. Learn more: https://bit.ly/3IpDoZ3
17.09.2025 20:07 β π 0 π 0 π¬ 0 π 0
Ivanti released its Sept security bulletin, addressing 13 CVEs across its popular products. There is currently no evidence of active exploitation.
Get the details in this blog, including exploitation methods, affected versions, & detection steps: https://bit.ly/46kQWNs
#VulnerabilityManagement
Apple addressed a critical CVE across its operating systems, including macOS & iOS. The flaw could be exploited through a malicious image file to cause memory corruption. The vulnerability is already being exploited in the wild.
Learn more in this blog: https://bit.ly/3JlkzGJ
#ThreatProtection
Big win at #DefCon33! Qualys Threat Research Unit (TRU) takes homeΒ Epic AchievementΒ +Β Best RCEΒ at the #PwnieAwards for:
πΉ CVE-2024-6387 (regreSSHion) β 1st pre-auth RCE in OpenSSH in 20 yrs
πΉ CVE-2025-26465 β MITM attack on OpenSSH client
#vulnerabilityresearch #Qualys #TRU
The #Qualys Threat Research Unit (TRU) has identified and responsibly disclosed two vulnerabilities in OpenSSH: CVE-2025-26465 and CVE-2025-26466. TRU recommends upgrading to the lastest version of OpenSSH.
Details at blog.qualys.com/vulnerabilit...
#QualysThreatResearchUnit #Vulnerabilities
DeepSeek fails more than 50% of Jailbreak Tests by Qualys TotalAI: model failed 58% of jailbreak tests & 61% of security assessments.
π Read the blog & learn how Qualys TotalAI helps secure AI models against threats. bit.ly/42Cubo0
#AI #CyberSecurity #LLMSecurity
Interesting research from Qualys here where they found a botnet thatβs infected vulnerable AVTECH cameras and Huawei routers. 1500 IP addresses found to be in the bot army used to carry out further attacks. blog.qualys.com/vulnerabilit...
21.01.2025 17:51 β π 5 π 2 π¬ 0 π 0
