The GitHub RCE That Could Have Compromised Millions of Repositories: CVE-2026-3854 — And How Qualys Helps You Find ItMay 24, 2026·18 min read
Claude Mythos: When an AI Gets Too Good at Hacking to ReleaseAnthropic built its most capable model yet, then locked it away. Here's why VM and compliance practitioners should care.Jun 12, 2026·8 min read·7
The Dark Side of AI: Hallucinations, Attacker Playbooks, and What Defenders Must KnowFeb 11, 2026·15 min read
Mapping Qualys PC Controls to CIS Level 1: A Practitioner's GuideIf you have spent time working with Qualys Policy Compliance (PC), you know that the platform ships with pre-built policies mapped to CIS Benchmarks. On the surface, this looks like a complete solutioJan 18, 2026·6 min read
Understanding AI: The Technology Everyone Talks About But Few Really ExplainI remember sitting in a SOC war room in 2019, staring at a QRadar dashboard flooded with alerts, wishing something — anything — could help me triage faster. A senior colleague leaned over and said, "SNov 30, 2025·7 min read
India's DPDP Act 2023: What Security Teams Need to Actually DoIndia's Digital Personal Data Protection Act (DPDP) 2023 is not just a privacy compliance exercise that lives in the legal team's domain. It has direct and practical implications for how security teamNov 16, 2025·5 min read
CIS Benchmarks vs DISA STIGs: Choosing the Right Baseline for Your EnvironmentWhen you start building a hardening standard for your organization, two names come up almost immediately: CIS Benchmarks from the Center for Internet Security, and DISA STIGs from the Defense InformatSep 21, 2025·4 min read
Cloud Security Posture Management (CSPM): The Gap Between Promise and RealityCSPM tools promise something genuinely appealing: continuous visibility into your cloud configuration, automatic detection of misconfigurations, and a single dashboard that governs security across AWSAug 9, 2025·3 min read
