Rapid7 Cybersecurity Blog & Latest Vulnerability News

Exposure Management

High-Risk Vulnerabilities in Common Enterprise Technologies

Rapid7

Exposure Management

CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices

Rapid7

Exposure Management

Multiple Vulnerabilities in Veeam Backup & Replication

Rapid7

Detection and Response

VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

Rapid7

Exposure Management

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

Ryan Emmons

Detection and Response

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7

Exposure Management

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

Stephen Fewer

Exposure Management

CVE-2024-24919: Check Point Security Gateway Information Disclosure

Rapid7

Vulnerabilities and Exploits

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Rapid7

Detection and Response

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Rapid7

Exposure Management

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Caitlin Condon

Exposure Management

CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls

Caitlin Condon

Vulnerabilities and Exploits

Backdoored XZ Utils (CVE-2024-3094)

Rapid7

Threat Research

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Rapid7

Threat Research

High-Risk Vulnerabilities in ConnectWise ScreenConnect

Rapid7

Threat Research

RCE to Sliver: IR Tales from the Field

Noah Hemker

Threat Research

Critical Fortinet FortiOS CVE-2024-21762 Exploited

Rapid7

Threat Research

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

Caitlin Condon

Threat Research

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Rapid7

Threat Research

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Caitlin Condon

Vulnerabilities and Exploits

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

Stephen Fewer

The Rapid7 Blog:
Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Categories

Popular Tags

High-Risk Vulnerabilities in Common Enterprise Technologies

CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices

Multiple Vulnerabilities in Veeam Backup & Replication

VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

Malvertising Campaign Leads to Execution of Oyster Backdoor

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

CVE-2024-24919: Check Point Security Gateway Information Disclosure

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise