The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Vulnerabilities and Exploits

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Rapid7's avatar

Rapid7

When Your Calendar Becomes the Compromise

Vulnerabilities and Exploits

When Your Calendar Becomes the Compromise

Rapid7 Labs's avatar

Rapid7 Labs

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Vulnerabilities and Exploits

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Stephen Fewer's avatar

Stephen Fewer

Inside the F5 Breach: What We Know and Recommended Actions

Vulnerabilities and Exploits

Inside the F5 Breach: What We Know and Recommended Actions

Rapid7's avatar

Rapid7

CVE-2025-61882: Critical 0day in Oracle E-Business Suite exploited in-the-wild

Vulnerabilities and Exploits

CVE-2025-61882: Critical 0day in Oracle E-Business Suite exploited in-the-wild

Stephen Fewer's avatar
Christiaan Beek's avatar

Stephen Fewer, Christiaan Beek

CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products

Vulnerabilities and Exploits

CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products

Ryan Emmons's avatar

Ryan Emmons

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Vulnerabilities and Exploits

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Rapid7's avatar

Rapid7

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Vulnerabilities and Exploits

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Stephen Fewer's avatar

Stephen Fewer

Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise

Vulnerabilities and Exploits

Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise

Rapid7's avatar

Rapid7

CVE-2025-7775: Critical NetScaler vulnerability exploited in-the-wild

Vulnerabilities and Exploits

CVE-2025-7775: Critical NetScaler vulnerability exploited in-the-wild

Stephen Fewer's avatar

Stephen Fewer

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Aaron Herndon's avatar
Marcus Chang's avatar

Aaron Herndon, Marcus Chang

PenTales: Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor

Vulnerabilities and Exploits

PenTales: Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor

Philip Giattino's avatar

Philip Giattino

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Vulnerabilities and Exploits

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Rapid7's avatar

Rapid7

Rapid7 Named a Strong Performer in the 2025 Forrester Wave for Unified Vulnerability Management

Vulnerabilities and Exploits

Rapid7 Named a Strong Performer in the 2025 Forrester Wave for Unified Vulnerability Management

Rapid7's avatar

Rapid7

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

Vulnerabilities and Exploits

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

Ryan Emmons's avatar

Ryan Emmons

Critical Veeam Backup & Replication CVE-2025-23121

Vulnerabilities and Exploits

Critical Veeam Backup & Replication CVE-2025-23121

Rapid7's avatar

Rapid7

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Vulnerabilities and Exploits

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Calum Hutton's avatar

Calum Hutton

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Vulnerabilities and Exploits

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Deral Heiland's avatar

Deral Heiland

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway

Vulnerabilities and Exploits

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway

Stephen Fewer's avatar

Stephen Fewer

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Vulnerabilities and Exploits

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Brandon Fisher's avatar

Brandon Fisher

Coverage Plus Context Equals Intelligent Exposure Management

Vulnerabilities and Exploits

Coverage Plus Context Equals Intelligent Exposure Management

Joel Alcon's avatar

Joel Alcon