Skip to content
The Nexus
DossierENTITY

Rapid7

Coverage of Rapid7 in the Nexus archive.

Earliest in view: Apr 30 · 20:49 UTCMost recent: Jun 9 · 22:07 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 9 · 22:07 UTCKREBS ON SECURITY
    A Record-Breaking Patch Tuesday for June 2026

    Microsoft released a record 200 security patches in June 2026's Patch Tuesday, with 30 critical vulnerabilities and public exploits for three flaws. AI tools are increasingly used to discover bugs, and researcher Nightmare Eclipse disclosed multiple zero-day exploits, including CVE-2026-49160 and CVE-2026-50507, sparking controversy over Microsoft's legal stance on researchers.

  • SECURITYJun 1 · 22:29 UTCCYBERSCOOP
    Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

    Palo Alto Networks' CVE-2026-0257 vulnerability, initially rated medium severity, was escalated to critical after active exploitation was confirmed. Attackers exploit the flaw to bypass authentication and establish unauthorized VPN connections, leveraging a publicly available TLS certificate to forge valid authentication cookies.

  • SECURITYJun 1 · 12:15 UTCTHE REGISTER
    Palo Alto VPN bug graduates from advisory to active exploitation

    Palo Alto Networks disclosed a critical security flaw, CVE-2026-0257, in PAN-OS GlobalProtect that allows attackers to bypass authentication and gain unauthorized VPN access. Researchers at Rapid7 confirmed active exploitation since May 17, prompting Palo Alto to elevate the severity rating and CISA to add it to its exploited vulnerabilities catalog with a June 1 patch deadline.

  • SECURITYMay 29 · 18:26 UTCTHE REGISTER
    No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

    A critical remote code execution (RCE) vulnerability in Gogs, a self-hosted Git service, remains unpatched despite being reported in March. The flaw allows authenticated users to exploit default installations, steal credentials, and execute arbitrary code. Rapid7 researcher Jonah Burgess disclosed the issue (GHSA-qf6p-p7ww-cwr9) and submitted a proposed fix, but Gogs maintainers have not released a patch, prompting a Metasploit module to be published.

  • SECURITYMay 28 · 17:24 UTCTHE HACKER NEWS
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.

  • SECURITYMay 15 · 14:11 UTCCYBERSCOOP
    Cisco zero-day under ongoing attack by persistent threat group

    Cisco is under attack by a persistent threat group exploiting a zero-day vulnerability in its Catalyst SD-WAN Controller and Manager, with a CVSS rating of 10. The vulnerability, CVE-2026-20182, allows attackers to bypass authentication and gain administrative access. Cisco has released a patch for the vulnerability.

  • SECURITYMay 15 · 11:15 UTCTHE REGISTER
    Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day

    Cisco admins must patch a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager, which allows unauthenticated remote attackers to gain admin privileges. The vulnerability, CVE-2026-20182, has been exploited as a zero-day and was added to the Known Exploited Vulnerabilities catalog. Cisco strongly recommends applying available fixes.

  • SECURITYMay 12 · 21:46 UTCKREBS ON SECURITY
    Patch Tuesday, May 2026 Edition

    Microsoft released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products on Patch Tuesday. This is the first Patch Tuesday in nearly two years that Microsoft is not shipping any fixes to deal with emergency zero-day flaws. The patches include critical vulnerabilities such as CVE-2026-41089 and CVE-2026-41096.

  • SECURITYMay 7 · 21:30 UTCRECORDED FUTURE NEWS
    Iranian government hackers using Chaos ransomware as cover, researchers say

    Researchers discovered an Iranian government-backed hacking group, MuddyWater, using Chaos ransomware as a cover for their attacks. The incident was initially thought to be a Chaos ransomware attack but was later attributed to MuddyWater, tied to Iran's Ministry of Intelligence and Security. This revelation highlights the evolving tactics of state-sponsored hacking groups.

  • TECHNOLOGYMay 6 · 18:20 UTCTHE REGISTER
    Arctic Wolf kicks 250 employees out of the pack to save money for AI

    Arctic Wolf laid off 250 employees to invest more in AI and position the company for long-term strategy. The layoffs represent less than 10 percent of the total workforce. The company aims to operate more efficiently and deliver strong value to customers.

  • SECURITYMay 6 · 16:03 UTCTHE REGISTER
    Iran cybersnoops still LARPing as ransomware crooks in espionage ops

    Iranian intelligence cyber unit posed as Chaos ransomware gang to hide state-sponsored espionage operation, using phishing campaign and social engineering to gain access to targets' credentials. The attackers then executed various commands and downloaded payloads, including backdoor malware. The operation was spotted by Researchers at Rapid7 earlier this year.

  • SECURITYMay 6 · 13:00 UTCTHE HACKER NEWS
    MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

    MuddyWater, an Iranian state-sponsored hacking group, has been attributed to a false flag ransomware attack that leverages social engineering techniques via Microsoft Teams. The attack was observed by Rapid7 in early 2026 and initiates the infection sequence. MuddyWater is also known as Mango Sandstorm, Seedworm, and Static Kitten.

  • SECURITYMay 4 · 21:54 UTCCYBERSCOOP
    ‘Copy Fail’ is a real Linux security crisis wrapped in AI slop

    A Linux vulnerability known as 'Copy Fail' is being actively exploited, allowing attackers to gain total control of a system with authenticated local access. The vulnerability was discovered by Theori using AI and affects Linux kernels built since 2017. Patches have been issued for major Linux distributions.

  • SECURITYMay 1 · 16:20 UTCRECORDED FUTURE NEWS
    Federal agencies must patch cPanel bug by Sunday, CISA says

    CISA has mandated federal agencies to patch the cPanel vulnerability CVE-2026-41940 by Sunday. Rapid7's incident responders warned that successful exploitation allows attackers full control over cPanel systems, configurations, databases, and managed websites.

  • SECURITYApr 30 · 20:49 UTCCYBERSCOOP
    cPanel’s authentication bypass bug is being exploited in the wild, CISA warns

    cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.

Rapid7 · Dossier · The Nexus