News
EOL/EOS Detection for Containers: Cloud-Native Lifecycle Visibility
10+ hour, 38+ min ago (431+ words) That changes the role of lifecycle visibility entirely. The challenge is no longer just knowing what software exists. It is understanding where unsupported components are actively running, how widely they have propagated, and which parts of the environment inherit the…...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
1+ week, 1+ day ago (125+ words) The primitive is reliable and turns any local shell into a path to root or to sensitive credential material. To characterize impact across real systems, TRU built four exploits against widely deployed userland targets: You can find the technical details…...
Bringing AI Code Security into Qualys ETM
2+ week, 2+ day ago (710+ words) AI-driven code security is becoming a real category. Anthropic's Claude Code Security and Open AI's Codex Security are the leading examples, and more will follow. These tools reason about source code at a depth that traditional SAST cannot reach, surfacing…...
Qualys Total AI Achieves Fed RAMP Moderate Authorization
3+ week, 2+ day ago (1153+ words) Most agencies struggle to meet these requirements because their existing security tools lack the necessary Fed RAMP-authorized, AI-specific oversight. The goal is to gain end-to-end visibility, reduce risk, and produce audit-ready evidence from a single platform built for the entire…...
AI-Powered App Sec Scanning, How Enterprise Teams Scan Faster Without Losing Coverage
1+ mon, 2+ week ago (1179+ words) Security teams today are accountable for an ever-expanding estate of web applications and APIs. In large enterprises, that often means hundreds or thousands of assets distributed across regions, cloud environments, and business units. And yet most organizations cannot confirm, within…...
The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence
2+ mon, 1+ week ago (1166+ words) Application security is entering a new phase. It is now an AI problem, an API problem, and a runtime risk problem. This shift is already visible. Anthropic's Claude Code Security is designed to reason through codebases and surface complex vulnerabilities…...
Public Container Registry Risks 2026: Malicious Images & Mitigation
4+ mon, 6+ day ago (287+ words) Verification before pulling, combined with the use of trusted publishers and image scanning, is essential to reducing exposure in containerized environments." These images are often designed to visually resemble well-known base images or popular application stacks, relying on subtle differences…...