Countering Current Geopolitical Cyber Threats With Qualys
Summary
In response to the latest public sector threat intelligence on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response (VMDR) to help organizations immediately assess their exposure. These updates extend the current user experience to surface CVEs identified in the current geopolitical campaigns, provide rapid visibility into affected assets, and enable ongoing tracking of remediation progress. With dynamic threat intelligence that adapts as new information becomes available, these enhancements equip security teams and leaders to prioritize and act effectively during heightened geopolitical risk. Updates to this capability will be made as new capabilities and information are identified.
Situation Details
Forces from the United States of America, Israel, and Iran have been engaged in armed conflict that started on February 28, 2026. As security professionals/operators, the systems and software we protect may become targets of intent and opportunity for adversaries involved in this conflict. Qualys understands this reality and intends to equip our customers with the defensive capabilities to respond to this situation.
In March, Qualys reviewed shared agency and partner threat intelligence to surface the geopolitical threat vectors most relevant to defenders. These shared insights suggested that government‑sponsored or aligned cyber actors continue to probe, target, and in some cases successfully exploit known vulnerabilities across critical sectors. Some of this activity reflects historical exploitation patterns, while other indicators point to more recent campaigns. Although the information is not exhaustive, threat intelligence of this nature remains essential for helping organizations strengthen their defenses during periods of elevated global tension. Qualys has already observed exploitation affecting a life‑safety medical technology company, and we expect this to represent the early stages of broader campaigns aimed at privately held critical infrastructure.
Critical Infrastructure Sectors Targeted
Specific U.S. critical infrastructure and key resource entities have exposure to the targeted CVEs. Sectors of interest in this conflict are as follows:
| Targeted Sectors | |
| Chemical | Commercial Facilities |
| Communications | Critical Manufacturing |
| Dams | Defense Industrial Base |
| Emergency Services | Energy |
| Financial Services | Food and Agriculture |
| Government Services and Facilities | Healthcare and Public Health |
| Information Technology | Nuclear Reactors, Materials, and Waste |
| Transportation Systems | Water and Wastewater Systems |
If you are an operator in one or more of these sectors, Qualys strongly recommends exercising a heightened security posture by adopting the following solution.
Detect These Threats With the New Intelligence Capabilities in Qualys VMDR
In response to the shared threat insights, Qualys has worked to rapidly deliver business intelligence in Qualys VMDR, making it generally available today. Our goal is to extend the current user experience to surface CVEs appearing in the most current geopolitical threat campaigns and track remediation progress over time.
Here is what you can expect from the Threat Management Dashboard.
- Detect Prioritized CVEs. The dashboard includes a widget that cross-references detected vulnerabilities in your environment against the catalog of prioritized CVEs. The widget tracks those CVEs and enables users to drill down and operationalize this data, leveraging various risk factors, views, and techniques.
- Track Remediation. The dashboard includes a time-series burndown chart showing the count of open listed CVEs over a configurable time window (default: 90 days). The widget supports filtering by asset group, business unit, and severity, enabling operators to prioritize based on their needs.
- Data Freshness & Source Integrity. The widget refreshes on the same polling interval as the underlying VMDR asset/vulnerability data. It is built in a way that Qualys can update it with new CVE information as intelligence is shared.
Get the Capability
Qualys customers can download this capability here.
If you are not yet a Qualys customer, sign up for a trial of VMDR today.
Statement on Qualys Platform and Products
Qualys has reviewed the vulnerabilities in the shared partner threat intelligence and determined that all products and platforms are safe and not affected.
Frequently Asked Questions
Q: How quickly can Qualys VMDR surface geopolitical campaign-related vulnerabilities in my environment?
Qualys VMDR can surface partner-shared CVEs as soon as the Threat Management Dashboard is deployed. The dashboard refreshes on the same polling interval as your existing VMDR data.
Q: Does the Threat Management Dashboard update automatically as new threat intelligence is released?
Qualys has built the dashboard to support ongoing updates as new CVE information and threat intelligence become available. If further threat intelligence is published by our threat intelligence partners, then Qualys will publish an update to this dashboard.
About the Data
Information in this post is meant to equip operators with defensive capabilities to countermand the known linked actor threats. It does not contain TLP: Green information in the underlying source document referenced.
Contributors
Steven Lykins, Senior Security Solutions Architect, Qualys