Rapid7 Cybersecurity Blog & Latest Vulnerability News

Vulnerabilities and Exploits

CVE-2026-33032: Nginx UI Missing MCP Authentication

Rapid7

Vulnerabilities and Exploits

ClickFix Phishing Campaign Masquerading as a Claude Installer

Nicholas Spagnola

Vulnerabilities and Exploits

FortiGate CVE-2025-59718 Exploitation: Incident Response Findings

Eric Carey, Olivia Henderson +1

Vulnerabilities and Exploits

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

Rapid7

Vulnerabilities and Exploits

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Christopher O’Boyle

Vulnerabilities and Exploits

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Rapid7 Labs

Vulnerabilities and Exploits

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Douglas McKee, Director, Vulnerability Intelligence

Vulnerabilities and Exploits

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Stephen Fewer

Vulnerabilities and Exploits

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Rapid7

Vulnerabilities and Exploits

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Rapid7

Vulnerabilities and Exploits

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7

Vulnerabilities and Exploits

Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Adam Barnett

Vulnerabilities and Exploits

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Rapid7

Vulnerabilities and Exploits

Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n

Rapid7

Vulnerabilities and Exploits

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Rapid7

Vulnerabilities and Exploits

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Rapid7

Vulnerabilities and Exploits

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

Rapid7

Vulnerabilities and Exploits

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Deral Heiland, Sam Moses

Vulnerabilities and Exploits

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Ryan Emmons

Vulnerabilities and Exploits

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

Rapid7

Vulnerabilities and Exploits

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons

The Rapid7 Blog:
Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Categories

Popular Tags

CVE-2026-33032: Nginx UI Missing MCP Authentication

ClickFix Phishing Campaign Masquerading as a Claude Installer

FortiGate CVE-2025-59718 Exploitation: Incident Response Findings

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

The Rapid7 Blog:Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Categories

Categories

Popular Tags

Popular Tags

CVE-2026-33032: Nginx UI Missing MCP Authentication

ClickFix Phishing Campaign Masquerading as a Claude Installer

FortiGate CVE-2025-59718 Exploitation: Incident Response Findings

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

The Rapid7 Blog:
Your Signal in the Security Noise