The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

Vulnerabilities and Exploits

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

Caitlin Condon's avatar

Caitlin Condon

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Vulnerabilities and Exploits

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Ron Bowes's avatar

Ron Bowes

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

Vulnerabilities and Exploits

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

Caitlin Condon's avatar

Caitlin Condon

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Vulnerabilities and Exploits

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Ron Bowes's avatar

Ron Bowes

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Vulnerabilities and Exploits

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Caitlin Condon's avatar

Caitlin Condon

Widespread Exploitation of Zyxel Network Devices

Vulnerabilities and Exploits

Widespread Exploitation of Zyxel Network Devices

Drew Burton's avatar

Drew Burton

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

Vulnerabilities and Exploits

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

Drew Burton's avatar

Drew Burton

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Vulnerabilities and Exploits

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Rapid7's avatar

Rapid7

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Vulnerabilities and Exploits

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Rapid7's avatar

Rapid7

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

Vulnerabilities and Exploits

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

Ron Bowes's avatar

Ron Bowes

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Vulnerabilities and Exploits

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Tod Beardsley's avatar

Tod Beardsley

Microsoft Defender for Cloud Management Port Exposure Confusion

Vulnerabilities and Exploits

Microsoft Defender for Cloud Management Port Exposure Confusion

Tod Beardsley's avatar

Tod Beardsley

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Vulnerabilities and Exploits

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Glenn Thorpe's avatar

Glenn Thorpe

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Vulnerabilities and Exploits

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Tod Beardsley's avatar

Tod Beardsley

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Vulnerabilities and Exploits

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Ron Bowes's avatar

Ron Bowes

Exploitation of Control Web Panel CVE-2022-44877

Vulnerabilities and Exploits

Exploitation of Control Web Panel CVE-2022-44877

Caitlin Condon's avatar

Caitlin Condon

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Vulnerabilities and Exploits

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Glenn Thorpe's avatar

Glenn Thorpe

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Vulnerabilities and Exploits

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Tod Beardsley's avatar

Tod Beardsley

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Vulnerabilities and Exploits

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Glenn Thorpe's avatar

Glenn Thorpe

Cengage LTI Session Management Leakage

Vulnerabilities and Exploits

Cengage LTI Session Management Leakage

Tod Beardsley's avatar

Tod Beardsley

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Vulnerabilities and Exploits

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Glenn Thorpe's avatar

Glenn Thorpe