Rapid7 Archives • Daily CyberSecurity

PAN-OS Authentication Bypass Flaw Exploited in the Wild

Do Son May 30, 2026

Serious Attacks Hit GlobalProtect VPN Gateways A dangerous security vulnerability is currently impacting enterprise perimeter networks across...

Iranian APT MuddyWater Masquerades as Chaos Ransomware in Elaborate False Flag MuddyWater APT Ransomware False Flag

Iranian APT MuddyWater Masquerades as Chaos Ransomware in Elaborate False Flag

Do Son May 11, 2026

According to a recent investigation by Rapid7 Labs, a sophisticated intrusion initially appearing to be a standard...

Operational Blackout: How Kyber Ransomware Targets the Heart of Virtualized Environments Kyber Ransomware ESXi Virtualization Attack

Operational Blackout: How Kyber Ransomware Targets the Heart of Virtualized Environments

Do Son April 24, 2026

Researchers at Rapid7 have uncovered Kyber, a specialized ransomware family that recently hit enterprise environments with a...

AI Hype Hijacked: How a Fake Claude Installer Blinds Windows Security Claude AI Phishing MSIX Malware

AI Hype Hijacked: How a Fake Claude Installer Blinds Windows Security

Do Son April 21, 2026

According to a new technical analysis from Rapid7, a sophisticated ClickFix campaign has been discovered masquerading as...

Red Menshen’s Sleeper Cells Hijack the Global Telecom “Nervous System” Red Menshen BPFdoor Stealth

Red Menshen’s Sleeper Cells Hijack the Global Telecom “Nervous System”

Do Son April 2, 2026

A months-long investigation by Rapid7 Labs has detailed the curtain on a quiet invasion. An advanced China-nexus...

PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access Grandstream VoIP Zero-Day CVE-2026-2329 PoC

PoC Publicly Disclosed: Critical Grandstream VoIP Flaw (CVSS 9.3) Grants Stealthy Root Access

Do Son February 20, 2026

If your office desks are equipped with Grandstream GXP1600 series phones, you might want to pause the...

“Carding” as a Service: How Stolen Credit Cards Became a Structured Economy Carding-as-a-Service Underground Credit Card Market

“Carding” as a Service: How Stolen Credit Cards Became a Structured Economy

Do Son February 16, 2026

A new report from Rapid7 has shed light on the sophisticated evolution of the underground credit card...

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis” Lotus Blossom Chrysalis Notepad++ Compromise

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis”

Do Son February 5, 2026

The notorious Chinese state-sponsored threat group Lotus Blossom has resurfaced with a dangerous new toolkit, compromising the...

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild

Do Son February 4, 2026

The clock is ticking for organizations running SolarWinds Web Help Desk (WHD), as a nightmare scenario unfolds:...

The “WorkMail Pivot”: Hackers Abuse AWS WorkMail to Bypass SES Sandbox AWS WorkMail Abuse SES Sandbox Bypass

The “WorkMail Pivot”: Hackers Abuse AWS WorkMail to Bypass SES Sandbox

Do Son January 30, 2026

A new investigation by Rapid7 reveals that cybercriminals have found a clever way to bypass the strict...

SantaStealer Unwrapped: New MaaS Info-Stealer Rebrands Blueline to Steal Crypto and Credentials SantaStealer MaaS, Blueline Rebrand

SantaStealer Unwrapped: New MaaS Info-Stealer Rebrands Blueline to Steal Crypto and Credentials

Do Son December 17, 2025

As the 2025 holiday season approaches, cybercriminals are unwrapping a new tool designed to spoil the festivities....

Zero-Day Warning: Unpatched Twonky Server Flaws Expose Media to Total Takeover WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Zero-Day Warning: Unpatched Twonky Server Flaws Expose Media to Total Takeover

Do Son November 27, 2025

A critical security warning has been issued for users of Twonky Server, the popular media server software...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

ZERO-DAY ATTACK WARNING: Fortinet FortiWeb Exploit Grants Unauthenticated Admin Access!

Do Son November 14, 2025

Cybersecurity firms are sounding the alarm over a critical vulnerability in Fortinet FortiWeb, the company’s Web Application...

Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)

Do Son October 7, 2025

Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities...

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7 Privileged access manager, Securden

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

Do Son August 26, 2025

Security researchers at Rapid7 have uncovered four serious vulnerabilities in Securden Unified Privileged Access Manager (PAM), a...

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models MFP Vulnerabilities, Printer Security

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models

Do Son June 26, 2025

In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range...

BlackSuit Affiliates Continue Social Engineering Attacks with Upgraded Java RAT and Cloud Abuse The credential harvesting window used by the Java RAT

The credential harvesting window used by the Java RAT

BlackSuit Affiliates Continue Social Engineering Attacks with Upgraded Java RAT and Cloud Abuse

Do Son June 12, 2025

Rapid7’s latest threat intelligence report shines a spotlight on the evolving tactics of threat actors formerly affiliated...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Do Son June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes

Do Son April 24, 2025

A critical vulnerability—CVE-2024-6235—in Citrix NetScaler Console has been dissected by security researcher chutton-r7, revealing a severe unauthenticated...

Ivanti Zero-Day CVE-2025-22457 Exploit Details Released Ivanti CVE-2025-22457 Ivanti zero-day

Ivanti Zero-Day CVE-2025-22457 Exploit Details Released

Do Son April 11, 2025

Researchers at Rapid7 published technical details and proof-of-concept exploit code for a critical zero-day vulnerability in Ivanti...

Critical Alert 1 Active Exploit Detected Today