Hacktivism and the Winter Olympics 2026: What We’re Seeing and What it Signals
The 2026 Winter Olympics have been live for several weeks, and the cyber activity many predicted is already unfolding.Threat intelligence reporting from Intel471 highlights...
The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP
I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over...
CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)
OverviewRapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol (VoIP) phones. This research resulted in the...
Metasploit Wrap-Up 02/13/2026
SolarWinds Web Help DeskOur very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the...
Carding-as-a-Service: The Underground Market of Stolen Cards
Rapid7 software engineer Eliran Alon also contributed to this post.IntroductionDespite sustained efforts by the global banking and payments industry, credit card fraud continues to...
Patch Tuesday – February 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and...
Measuring AI Security: Separating Signal from Panic
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise...
CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote...
OverviewOn February 6, 2026, BeyondTrust released security advisory BT26-02, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability affecting its Remote Support (RS) and...
Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)
We are grateful to the research team at Atredis for sharing their findings around a vulnerability (CVE-2026-1814) impacting our vulnerability management offerings (InsightVM and...
Metasploit Wrap-Up 02/06/2026
Google Summer of Code 2026Our very own Jack Heysel has added some documentation which outlines the Metasploit Framework project ideas for GSoC 2026. For anyone interested...
Latest article
Apple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
Apple’s 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track.
The post Apple’s...
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads...
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is...
Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era - Read more
