CVE-2026-41940: cPanel & WHM Authentication Bypass
OverviewOn April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In...
Get Motivated: What to Expect from Our Keynote at Rapid7’s Global Cybersecurity Summit
Security teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge...
Metasploit Wrap-Up 04/25/2026
Check Method VisibilityMetasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead...
3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats,...
Security teams are dealing with a different kind of pressure now. It is not just the volume of alerts or the pace of attacks,...
AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change...
Wade Woolwine is Senior Director, Product Security at Rapid7.The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, which has naturally...
Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained
OverviewFor executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization...
What Project Glasswing Means for Security Leaders
Anthropic’s Project Glasswing matters because it offers an early look at how quickly software flaws may soon be found, validated, and potentially turned into...
FortiGate CVE-2025-59718 Exploitation: Incident Response Findings
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving exploitation of CVE-2025-59718 against a vulnerable FortiGate appliance. In December 2025, Fortinet...
A First Look at Our Speaker Lineup and Agenda for the Rapid7 2026 Global...
The agenda for the Rapid7 2026 Global Cybersecurity Summit is starting to take shape, and with it, a clearer picture of the conversations security...
Metasploit Wrap-Up 04/03/2026
Additional Adapters and More ModulesThis week, we added a whole new bunch of HTTP/HTTPS-based CMD payloads for X64 and X86 versions of Windows. The...
Latest article
Apple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
Apple’s 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track.
The post Apple’s...
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads...
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is...
Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era - Read more
