The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Vulnerabilities and Exploits

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Rapid7's avatar

Rapid7

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Vulnerabilities and Exploits

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Stephen Fewer's avatar

Stephen Fewer

Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise

Vulnerabilities and Exploits

Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise

Rapid7's avatar

Rapid7

CVE-2025-7775: Critical NetScaler vulnerability exploited in-the-wild

Vulnerabilities and Exploits

CVE-2025-7775: Critical NetScaler vulnerability exploited in-the-wild

Stephen Fewer's avatar

Stephen Fewer

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Aaron Herndon's avatar
Marcus Chang's avatar

Aaron Herndon, Marcus Chang

PenTales: Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor

Vulnerabilities and Exploits

PenTales: Weak passwords, Weaker MFA Protocols, and One Absent-Minded Professor

Philip Giattino's avatar

Philip Giattino

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Vulnerabilities and Exploits

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Rapid7's avatar

Rapid7

Rapid7 Named a Strong Performer in the 2025 Forrester Wave for Unified Vulnerability Management

Vulnerabilities and Exploits

Rapid7 Named a Strong Performer in the 2025 Forrester Wave for Unified Vulnerability Management

Rapid7's avatar

Rapid7

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

Vulnerabilities and Exploits

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

Ryan Emmons's avatar

Ryan Emmons

Critical Veeam Backup & Replication CVE-2025-23121

Vulnerabilities and Exploits

Critical Veeam Backup & Replication CVE-2025-23121

Rapid7's avatar

Rapid7

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Vulnerabilities and Exploits

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Calum Hutton's avatar

Calum Hutton

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Vulnerabilities and Exploits

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Deral Heiland's avatar

Deral Heiland

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway

Vulnerabilities and Exploits

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway

Stephen Fewer's avatar

Stephen Fewer

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Vulnerabilities and Exploits

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Brandon Fisher's avatar

Brandon Fisher

Coverage Plus Context Equals Intelligent Exposure Management

Vulnerabilities and Exploits

Coverage Plus Context Equals Intelligent Exposure Management

Joel Alcon's avatar

Joel Alcon

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Stephen Fewer's avatar

Stephen Fewer

BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Vulnerabilities and Exploits

BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Tyler McGraw's avatar

Tyler McGraw

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Vulnerabilities and Exploits

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Anna Katarina Quinn's avatar

Anna Katarina Quinn

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Vulnerabilities and Exploits

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Anna Širokova's avatar
Ivan Feigl's avatar

Anna Širokova, Ivan Feigl

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

Vulnerabilities and Exploits

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

Stephen Fewer's avatar

Stephen Fewer

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Deral Heiland's avatar

Deral Heiland