Rapid7
Back to Blog

Posts tagged Research

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

Vulnerabilities and Exploits

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

Jonah Burgess's avatar

Jonah Burgess

Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

Threat Research

Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

Rapid7 Labs's avatar

Rapid7 Labs

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Vulnerabilities and Exploits

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Jonah Burgess's avatar
Stephen Fewer's avatar

Jonah Burgess, Stephen Fewer

The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers

Vulnerabilities and Exploits

The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers

Douglas McKee, Director, Vulnerability Intelligence's avatar

Douglas McKee, Director, Vulnerability Intelligence

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Threat Research

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Anna Širokova's avatar

Anna Širokova

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Threat Research

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Rapid7 Labs's avatar

Rapid7 Labs

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

Threat Research

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

Rapid7 Labs's avatar

Rapid7 Labs

New Whitepaper: Exploiting Cellular-based IoT Devices

Threat Research

New Whitepaper: Exploiting Cellular-based IoT Devices

Deral Heiland's avatar

Deral Heiland

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Vulnerabilities and Exploits

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Christopher O’Boyle's avatar

Christopher O’Boyle

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

Threat Research

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

Rapid7 Labs's avatar

Rapid7 Labs

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Threat Research

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Milan Spinka's avatar

Milan Spinka

Before the Breach: When digital footprints become a strategic cyber risk

Threat Research

Before the Breach: When digital footprints become a strategic cyber risk

Jeremy Makowski's avatar

Jeremy Makowski

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Threat Research

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Rapid7's avatar

Rapid7

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Threat Research

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Alexandra Blia's avatar
Efi Sherman's avatar

Alexandra Blia, Efi Sherman

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Threat Research

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Rapid7's avatar

Rapid7

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Vulnerabilities and Exploits

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Douglas McKee, Director, Vulnerability Intelligence's avatar

Douglas McKee, Director, Vulnerability Intelligence

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Vulnerabilities and Exploits

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Measuring AI Security: Separating Signal from Panic

Threat Research

Measuring AI Security: Separating Signal from Panic

Christiaan Beek's avatar

Christiaan Beek

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Threat Research

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Rapid7's avatar

Rapid7

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Threat Research

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Ivan Feigl's avatar

Ivan Feigl

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Vulnerabilities and Exploits

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Deral Heiland's avatar
Sam Moses's avatar

Deral Heiland, Sam Moses