The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Vulnerabilities and Exploits

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Rapid7's avatar

Rapid7

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Vulnerabilities and Exploits

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Rapid7's avatar

Rapid7

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Vulnerabilities and Exploits

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7's avatar

Rapid7

Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Vulnerabilities and Exploits

Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Adam Barnett's avatar

Adam Barnett

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Vulnerabilities and Exploits

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Rapid7's avatar

Rapid7

Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n

Vulnerabilities and Exploits

Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n

Rapid7's avatar

Rapid7

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Vulnerabilities and Exploits

MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

Rapid7's avatar

Rapid7

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Vulnerabilities and Exploits

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

Rapid7's avatar

Rapid7

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

Vulnerabilities and Exploits

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

Rapid7's avatar

Rapid7

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Vulnerabilities and Exploits

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Deral Heiland's avatar
Sam Moses's avatar

Deral Heiland, Sam Moses

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Vulnerabilities and Exploits

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Ryan Emmons's avatar

Ryan Emmons

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

Vulnerabilities and Exploits

React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

Rapid7's avatar

Rapid7

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Vulnerabilities and Exploits

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons's avatar

Ryan Emmons

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Vulnerabilities and Exploits

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Rapid7's avatar

Rapid7

When Your Calendar Becomes the Compromise

Vulnerabilities and Exploits

When Your Calendar Becomes the Compromise

Rapid7 Labs's avatar

Rapid7 Labs

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Vulnerabilities and Exploits

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Stephen Fewer's avatar

Stephen Fewer

Inside the F5 Breach: What We Know and Recommended Actions

Vulnerabilities and Exploits

Inside the F5 Breach: What We Know and Recommended Actions

Rapid7's avatar

Rapid7

CVE-2025-61882: Critical 0day in Oracle E-Business Suite exploited in-the-wild

Vulnerabilities and Exploits

CVE-2025-61882: Critical 0day in Oracle E-Business Suite exploited in-the-wild

Stephen Fewer's avatar
Christiaan Beek's avatar

Stephen Fewer, Christiaan Beek

CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products

Vulnerabilities and Exploits

CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products

Ryan Emmons's avatar

Ryan Emmons

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Vulnerabilities and Exploits

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Rapid7's avatar

Rapid7

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Vulnerabilities and Exploits

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Stephen Fewer's avatar

Stephen Fewer