The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Stephen Fewer's avatar

Stephen Fewer

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

Vulnerabilities and Exploits

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

Natalie Zargarov's avatar

Natalie Zargarov

Malware Campaign Lures Users With Fake W2 Form

Vulnerabilities and Exploits

Malware Campaign Lures Users With Fake W2 Form

Tom Elkins's avatar

Tom Elkins

Metasploit Weekly Wrap-Up 7/19/2024

Vulnerabilities and Exploits

Metasploit Weekly Wrap-Up 7/19/2024

Christophe De La Fuente's avatar

Christophe De La Fuente

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Vulnerabilities and Exploits

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Rapid7's avatar

Rapid7

CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

Vulnerabilities and Exploits

CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

Dani Kamanovsky's avatar

Dani Kamanovsky

Backdoored XZ Utils (CVE-2024-3094)

Vulnerabilities and Exploits

Backdoored XZ Utils (CVE-2024-3094)

Rapid7's avatar

Rapid7

How To Hunt For UEFI Malware Using Velociraptor

Vulnerabilities and Exploits

How To Hunt For UEFI Malware Using Velociraptor

Matthew Green's avatar

Matthew Green

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Vulnerabilities and Exploits

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Stephen Fewer's avatar

Stephen Fewer

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

Vulnerabilities and Exploits

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

Stephen Fewer's avatar

Stephen Fewer

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Vulnerabilities and Exploits

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Dr. Mike Cohen's avatar

Dr. Mike Cohen

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

Vulnerabilities and Exploits

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

Caitlin Condon's avatar

Caitlin Condon

Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518

Vulnerabilities and Exploits

Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518

Rapid7's avatar

Rapid7

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Vulnerabilities and Exploits

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Rapid7's avatar

Rapid7

CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability

Vulnerabilities and Exploits

CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability

Rapid7's avatar

Rapid7

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

Vulnerabilities and Exploits

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

Caitlin Condon's avatar

Caitlin Condon

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Vulnerabilities and Exploits

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Ron Bowes's avatar

Ron Bowes

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

Vulnerabilities and Exploits

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

Caitlin Condon's avatar

Caitlin Condon

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Vulnerabilities and Exploits

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Ron Bowes's avatar

Ron Bowes

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Vulnerabilities and Exploits

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Caitlin Condon's avatar

Caitlin Condon

Widespread Exploitation of Zyxel Network Devices

Vulnerabilities and Exploits

Widespread Exploitation of Zyxel Network Devices

Drew Burton's avatar

Drew Burton