Qualys
Company Details
Linkedin ID:
qualys
Website:
Employees number:
3,389
Number of followers:
264,112
NAICS:
541514
Industry Type:
Homepage:
qualys.com
IP Addresses:
0
Company ID:
QUA_7198901
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Qualys Vendor Cyber Rating & Cyber Score
qualys.comQualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Qualys A.I CyberSecurity Scoring
Qualys Risk Score (AI oriented)Between 700 and 749
Qualys
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Qualys Global Score (TPRM)XXXX
Qualys
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Qualys Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Qualys
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Cybersecurity firm Qualys fell victim to a data breach incident after Accellion FTA servers were targeted in a cyber attack. The Clop ransomware gang took the responsibility for the attack and posted screenshots of files stolen from Qualys. The compromised data included purchase orders, invoices, tax documents, and scan reports.
Qualys Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Qualys
Incidents vs Computer and Network Security Industry Average (This Year)
No incidents recorded for Qualys in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Qualys in 2026.
Incident Types Qualys vs Computer and Network Security Industry Avg (This Year)
No incidents recorded for Qualys in 2026.
Incident History — Qualys (X = Date, Y = Severity)
Qualys cyber incidents detection timeline including parent company and subsidiaries
Qualys Company Subsidiaries
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Loading...
Qualys Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
NETWORK-SECURITY-SOLUTIONS
## Our core business We manage linux / unix server infrastructures and build the efficient and secure networking environments using hardware cutting edge technologies suited to the needs of the project and the client. We believe in quality, opposed to quantity. Our company consists of highly
Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
.png)
Qualys CyberSecurity News
March 30, 2026 01:55 PM
A $244 Billion Arms Race Is Brewing in Cybersecurity
VANCOUVER, British Columbia, March 30, 2026 (GLOBE NEWSWIRE) -- Four hostile nations are already embedded inside America's critical...
March 27, 2026 06:10 PM
Varonis Systems, Okta, Palo Alto Networks, Qualys, and Rapid7 Shares Plummet, What You Need To Know
What Happened? A number of stocks fell in the afternoon session after the cybersecurity sector sold off amid renewed concerns about...
March 26, 2026 10:14 PM
CrackArmor Vulnerability 2026: AppArmor Root Access & Qualys Detection
CrackArmor — nine AppArmor flaws enable root access & container escape on 12M+ Linux systems. Qualys TRU discovered & validated.
March 26, 2026 06:04 PM
Qualys Inc Stock: Cloud Security Leader Faces Growth Challenges in Competitive Landscape
Qualys Inc (ISIN: US74838J1016), a pioneer in cloud-based security and compliance, trades on NASDAQ with a market cap around $4.57 billion.
March 25, 2026 09:40 AM
Qualys Unveils Agent Val As TruRisk Addition With Valuation Upside
Qualys, Inc. (NasdaqGS:QLYS) has introduced Agent Val, an agent-led exploit validation and autonomous risk remediation solution.
March 25, 2026 08:02 AM
Qualys launches Agent Val to prove exploitable risks
Qualys debuts Agent Val to validate real exploit paths in live systems, promising sharply reduced noise and faster remediation for teams.
March 25, 2026 07:00 AM
Assessing Qualys (QLYS) Valuation As New AI Security Platforms Challenge Traditional Cyber Tools
Qualys (QLYS) is back in focus after Databricks introduced LakeWatch, an AI-driven security intelligence platform, and Anthropic expanded...
March 24, 2026 12:05 PM
Assessing Qualys (QLYS) Valuation After Launch Of Agent Val Evidence Based Cybersecurity Platform
Qualys (QLYS) recently launched Agent Val within its Enterprise TruRisk Management platform, introducing agent-led exploit validation and...
March 23, 2026 10:30 PM
Qualys launches Agent Val for live exploit validation
Qualys rolls out Agent Val to live‑test exploit paths in production, promising sharper risk prioritisation and major remediation noise cuts.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Qualys CyberSecurity History Information
Official Website of Qualys
The official website of Qualys is https://www.qualys.com.
Qualys’s AI-Generated Cybersecurity Score
According to Rankiteo, Qualys’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.
How many security badges does Qualys’ have ?
According to Rankiteo, Qualys currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Qualys been affected by any supply chain cyber incidents ?
According to Rankiteo, Qualys has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Qualys have SOC 2 Type 1 certification ?
According to Rankiteo, Qualys is not certified under SOC 2 Type 1.
Does Qualys have SOC 2 Type 2 certification ?
According to Rankiteo, Qualys does not hold a SOC 2 Type 2 certification.
Does Qualys comply with GDPR ?
According to Rankiteo, Qualys is not listed as GDPR compliant.
Does Qualys have PCI DSS certification ?
According to Rankiteo, Qualys does not currently maintain PCI DSS compliance.
Does Qualys comply with HIPAA ?
According to Rankiteo, Qualys is not compliant with HIPAA regulations.
Does Qualys have ISO 27001 certification ?
According to Rankiteo,Qualys is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Qualys
Qualys operates primarily in the Computer and Network Security industry.
Number of Employees at Qualys
Qualys employs approximately 3,389 people worldwide.
Subsidiaries Owned by Qualys
Qualys presently has no subsidiaries across any sectors.
Qualys’s LinkedIn Followers
Qualys’s official LinkedIn profile has approximately 264,112 followers.
NAICS Classification of Qualys
Qualys is classified under the NAICS code 541514, which corresponds to Others.
Qualys’s Presence on Crunchbase
Yes, Qualys has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/qualys.
Qualys’s Presence on LinkedIn
Yes, Qualys maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/qualys.
Cybersecurity Incidents Involving Qualys
As of March 30, 2026, Rankiteo reports that Qualys has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Qualys has an estimated 3,667 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Qualys ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Qualys Data Breach via Accellion FTA Servers
Description: Cybersecurity firm Qualys fell victim to a data breach incident after Accellion FTA servers were targeted in a cyber attack. The Clop ransomware gang took the responsibility for the attack and posted screenshots of files stolen from Qualys. The compromised data included purchase orders, invoices, tax documents, and scan reports.
Type: Data Breach
Attack Vector: Exploit of Accellion FTA servers
Threat Actor: Clop ransomware gang
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach QUA8718422
Data Compromised: Purchase orders, Invoices, Tax documents, Scan reports
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Purchase Orders, Invoices, Tax Documents, Scan Reports and .
Which entities were affected by each incident ?
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach QUA8718422
Type of Data Compromised: Purchase orders, Invoices, Tax documents, Scan reports
Ransomware Information
Was ransomware involved in any of the incidents ?
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Clop ransomware gang.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were purchase orders, invoices, tax documents, scan reports and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were invoices, scan reports, purchase orders and tax documents.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
References
- https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
- https://lists.security.metacpan.org/cve-announce/msg/37638919/
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
- https://metacpan.org/release/SHAY/perl-5.40.4/changes
- https://metacpan.org/release/SHAY/perl-5.42.2/changes
- https://www.cve.org/CVERecord?id=CVE-2026-3381
Description
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
Risk Information
cvss3
Base: 8.3
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=qualys' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
