Summary
In response to the latest CISA Cyber Vulnerability Insights Estimate (CVIE) on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response (VMDR) to help organizations immediately assess their exposure. These updates extend the current user experience to surface CVEs identified in the Iranian CVIE, provide rapid visibility into affected assets, and enable ongoing tracking of remediation progress. With dynamic threat intelligence that adapts as new information becomes available, these enhancements equip security teams and leaders to prioritize and act effectively during heightened geopolitical risk. Updates to this capability will be made as new capabilities and information are identified.
Situation Details
Forces from the United States of America, Israel, and Iran have been engaged in armed conflict that started on February 28, 2026. As security professionals/operators, the systems and software we protect may become targets of intent and opportunity for adversaries involved in this conflict. Qualys understands this reality and intends to equip our customers with the defensive capabilities to respond to this situation.
In March, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Cyber Vulnerability Insights Estimate (CVIE), an intelligence summary of the 136 CVEs that Iranian government-sponsored or linked cyber threat actors have shown interest in, targeted, or successfully exploited, according to government threat reporting. Some exploitation activities are historical, while others are recent. And while the CVIE is not exhaustive, intelligence of this nature is critical to our ability to protect our organizations and customers during a time of heightened conflict. To date, Qualys has observed the exploitation of at least one life-and-safety medical device company, and we expect that to be only the opening salvo of campaigns targeting privately held critical infrastructure.
Critical Infrastructure Sectors Targeted
More than 3,100 U.S. critical infrastructure and key resource entities have exposure to the targeted CVEs in the CVIE. Sectors of interest in this conflict are as follows:
| Targeted Sectors | |
| Chemical | Commercial Facilities |
| Communications | Critical Manufacturing |
| Dams | Defense Industrial Base |
| Emergency Services | Energy |
| Financial Services | Food and Agriculture |
| Government Services and Facilities | Healthcare and Public Health |
| Information Technology | Nuclear Reactors, Materials, and Waste |
| Transportation Systems | Water and Wastewater Systems |
If you are an operator in one or more of these sectors, Qualys strongly recommends exercising a heightened security posture by adopting the following solution.
Detect These Threats With the New Intelligence Capabilities in Qualys VMDR
In response to this CVIE, Qualys has worked to rapidly deliver business intelligence in Qualys VMDR, making it generally available today. Our goal is to extend the current user experience to surface CVEs appearing on the Iranian CVIE and track remediation progress over time.
Here is what you can expect from the Iranian-Lined Threat Management Dashboard.
- Detect CISA-Prioritized CVEs. The dashboard includes a widget that cross-references detected vulnerabilities in your environment against the catalog of prioritized CVEs. The widget tracks those CVEs and enables users to drill down and operationalize this data, leveraging various risk factors, views, and techniques.
- Track Remediation. The dashboard includes a time-series burndown chart showing the count of open listed CVEs over a configurable time window (default: 90 days). The widget supports filtering by asset group, business unit, and severity, enabling operators to prioritize based on their needs.
- Data Freshness & Source Integrity. The widget refreshes on the same polling interval as the underlying VMDR asset/vulnerability data. It is built in a way that Qualys can update it with new CVE information as intelligence is shared.
Get the Capability
Qualys customers can download this capability here.
If you are not yet a Qualys customer, sign up for a trial of VMDR today.
Statement on Qualys Platform and Products
Qualys has reviewed the vulnerabilities in the CVIE and determined that all products and platforms are safe and not affected.
Frequently Asked Questions
Q: What is the CISA CVIE, and why does it matter for my organization?
The CISA Cyber Vulnerability Insights Estimate (CVIE) is a U.S. government intelligence summary cataloging 136 CVEs that Iranian-linked threat actors have shown an interest in, targeted, or exploited. It matters because over 3,100 U.S. critical infrastructure entities have confirmed exposure to these CVEs — making the CVIE a high-priority input for any organization’s risk management program.
Q: How quickly can Qualys VMDR surface Iranian CVIE-related vulnerabilities in my environment?
Qualys VMDR can surface CISA CVIE-related CVEs as soon as the 2026 Iranian-Linked Threat Management Dashboard is deployed. The dashboard refreshes on the same polling interval as your existing VMDR data.
Q: Does the 2026 Iranian-Linked Threat Management Dashboard update automatically as new threat intelligence is released?
Qualys has built the dashboard to support ongoing updates as new CVE information and threat intelligence become available. If further threat intelligence is published by CISA, then Qualys will publish an update to this dashboard.
About the Data
Information in this post is meant to equip operators with defensive capabilities to countermand the Iranian government and linked actor threat. It does not contain TLP: Green information in the underlying source document referenced.
Contributors
Steven Lykins, Senior Security Solutions Architect, Qualys
Deixe o seu comentário