Rapid7

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

0-day, APT, Cisco, Don't miss, Hot stuff, News, Rapid7, SD-WAN /

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) 2026-05-15 at 16:07 By Zeljka Zorz Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco […]

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

0-day, cPanel, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, security update, WatchTowr, web hosting /

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks

backdoor, critical infrastructure, Don't miss, Hot stuff, Linux, Malware, News, Rapid7, remote access, telecommunications /

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks Read More »

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)

Arctic Wolf Networks, Citrix, Don't miss, Hot stuff, NetScaler, News, Rapid7, vulnerability /

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) 2026-03-24 at 16:13 By Zeljka Zorz Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory of affected devices. Anil Shetty, senior VP of Engineering with Cloud

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) Read More »

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis

Industry news, Rapid7, RSAC 2026 /

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis 2026-03-20 at 19:32 By Industry News Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risks based on real-world attack paths and business

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis Read More »

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

AI, Artificial Intelligence, Incident Response, Rapid7, report, Vulnerabilities /

The Collapse of Predictive Security in the Age of Machine-Speed Attacks 2026-03-18 at 21:42 By Kevin Townsend With exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders. The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek. This article is an excerpt

The Collapse of Predictive Security in the Age of Machine-Speed Attacks Read More »

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Don't miss, Hot stuff, Immersive, Microsoft, MS Office, MS SQL Server, NCSC-NL, News, Outlook, Rapid7, security update, Trend Micro, vulnerability, Windows /

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited 2026-03-11 at 12:31 By Zeljka Zorz On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. Privilege escalation vulnerabilities abound The two publicly disclosed flaws are CVE-2026-21262, a

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

APT, Asia, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Kaspersky, News, Rapid7 /

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)

CISA, data center, Don't miss, Hot stuff, HPE, Metasploit, News, Rapid7, security update, vulnerability /

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) 2026-01-08 at 16:43 By Zeljka Zorz An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) Read More »

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn

Defused, Don't miss, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security /

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn 2025-11-14 at 14:10 By Zeljka Zorz A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnerability (or this specific path for triggering it) has

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn Read More »

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)

Don't miss, Hot stuff, Immersive, Ivanti, Microsoft, MS Office, News, Patch Tuesday, Rapid7, security update, Trend Micro, Windows /

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) 2025-11-12 at 14:44 By Zeljka Zorz Microsoft has delivered a rather light load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have received a fix, among them an actively exploited Windows Kernel flaw (CVE-2025-62215). CVE-2025-62215 CVE-2025-62215 is a memory corruption issue that stems

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) Read More »

Rapid7 strengthens security with AI-powered risk and vulnerability insights

Industry news, Rapid7 /

Rapid7 strengthens security with AI-powered risk and vulnerability insights 2025-10-29 at 15:47 By Industry News Rapid7 announced AI-generated risk intelligence as part of the Rapid7 Command Platform. Delivered through Remediation Hub, the new capability accelerates remediation by giving security teams a contextual, and actionable view of each exposure, transforming vulnerability data into risk intelligence informed

Rapid7 strengthens security with AI-powered risk and vulnerability insights Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

0-day, Don't miss, enterprise, Fortra, Hot stuff, News, Rapid7, WatchTowr /

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

credentials, Don't miss, Endpoint Security, enterprise, Hot stuff, Huntress, News, Ransomware, Rapid7, SMBs, SonicWall /

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents 2025-09-16 at 15:46 By Zeljka Zorz All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents Read More »

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls

ACSC, Australia, Don't miss, Hot stuff, News, Ransomware, Rapid7, SonicWall, vulnerability /

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »

Microsoft pins on-prem SharePoint attacks on Chinese threat actors

Check Point, China, Don't miss, exploit, Eye Security, Hot stuff, News, Palo Alto Networks, Rapid7, SentinelOne, SharePoint, Trend Micro, vulnerability /

Microsoft pins on-prem SharePoint attacks on Chinese threat actors 2025-07-22 at 18:54 By Zeljka Zorz As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones they have detected. Most intriguingly, Check Point Research says that they observed

Microsoft pins on-prem SharePoint attacks on Chinese threat actors Read More »

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

CrushFTP, Don't miss, enterprise, exploit, file-sharing, Hot stuff, News, Rapid7, Shadowserver, SMBs, vulnerability /

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) 2025-07-21 at 15:42 By Zeljka Zorz Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) Read More »

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

Don't miss, exploit, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security /

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) 2025-07-14 at 16:34 By Zeljka Zorz With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon. About CVE-2025-25257 CVE-2025-25257 is found

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) Read More »

Review: Metasploit, 2nd Edition

Binary Defense, book, Don't miss, Metasploit, News, OffSec, Rapid7, Review, Reviews, TrustedSec /

Review: Metasploit, 2nd Edition 2025-06-02 at 08:18 By Mirko Zorz If you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how pentesters are using the tool. It mostly succeeds, with some caveats depending on your experience level

Review: Metasploit, 2nd Edition Read More »

LockBit hacked: What does the leaked data show?

cybercrime, Data leak, Don't miss, Hot stuff, News, Ransomware, Rapid7, Searchlight Cyber /

LockBit hacked: What does the leaked data show? 2025-05-09 at 14:33 By Zeljka Zorz The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate panel (Source: Help Net

LockBit hacked: What does the leaked data show? Read More »

Scroll to Top