Posts tagged Zero-Day

3 min Emergent Threat Response

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.

8 min Emergent Threat Response

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

3 min Emergent Threat Response

Exploitation of GoAnywhere MFT zero-day vulnerability

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.

3 min Emergent Threat Response

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

5 min Emergent Threat Response

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.

15 min Emergent Threat Response

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.

3 min Emergent Threat Response

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN.

18 min Zero-Day

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.

4 min Emergent Threat Response

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

5 min News

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR []’s Attacker Behavior Analytics (ABA).  The Managed Detection and Response (MDR) identified multiple, related compromises in the past 72 hours. In most cases, the attacker is uploading an “eval” webshell, commonly referred to as a “chopper” or “China chopper”. With this foothold, the attacker would then

3 min Emergent Threat Response

SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know

2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software.

4 min Threat Intel

Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap

The final section of Kim Zetter's “Countdown to Zero Day”pulls together the many factors that are present in attacks such as Stuxnet.

2 min Internet Explorer

IE 0-day: exploit code is now widely available (CVE-2013-3893)

Any newly discovered Internet Explorer zero day vulnerability is bad for users. But once the exploit code gets around to public disclosure sites, it's so much worse. In the past day or so exploit code has been submitted to and Users and administrators should take immediate action to mitigate the risk posed by CVE-2013-3893 [].  Considering the timing, I personally expect to see an out of band patch fro

3 min Metasploit

New Critical Microsoft IE Zero-Day Exploits in Metasploit

We've been noticing a lot of exploit activities against Microsoft vulnerabilities lately. We decided to look into some of these attacks, and released two modules for CVE-2012-1889 [] and CVE-2012-1875 [] within a week of the vulnerabilities' publication for our users to test their systems. Please note that both are very important to any organization using Windows, because one of