#rapid7
6 articles
This tag archive covers 16 articles published between April 13 and June 10, 2026, tracking vulnerabilities and threats reported by Rapid7. The threat actors KongTuke and Kyber were observed in these reports. Key vulnerabilities include CVE-2026-20127, CVE-2026-20182, CVE-2025-59718, CVE-2026-41940, and CVE-2023-30253, with two carrying a CVSS score of 10 and two at 9.8. Affected sectors include cybersecurity, enterprise, enterprise IT, enterprise networking, and financial services, with impacts reported across Global, Europe, and North America regions. The coverage includes three high, four critical, and five informational severity items.
HIGHMetasploit Adds Vim Plugin Persistence, Exploits for Three CVEs
Rapid7's Metasploit Framework adds Vim plugin persistence, exploits for CVE-2025-6793 (Marvell QConvergeConsole), CVE-2024-48760 (GestioIP), and CVE-2023-30253 (Dolibarr).
CRITICALCisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores Perfect
Rapid7 discovered CVE-2026-20182, a 10.0-CVSS authentication bypass in Cisco Catalyst SD-WAN Controller. Unauthenticated attackers can inject SSH keys and issue NETCONF commands.
CRITICALModeloRAT Campaign Abuses Microsoft Teams for Enterprise Intrusion
Rapid7 dissects an April 2026 intrusion where a fake IT Support Teams message delivered ModeloRAT via Dropbox, leading to privilege escalation, credential theft, and lateral...
CRITICALcPanel & WHM Authentication Bypass CVE-2026-41940: CVSS 9.8
CVE-2026-41940: Unauthenticated remote attackers can bypass authentication in cPanel & WHM and WP Squared. CVSS 9.8. Patch released April 28, 2026.
CRITICALFortiGate SSO Bypass CVE-2025-59718 Exploited in Active Attacks
Rapid7 IR confirms active exploitation of CVE-2025-59718 — a 9.8-CVSS FortiGate SSO bypass — enabling attackers to gain persistent admin access on unpatched appliances.
HIGHKyber Ransomware Deploys Dual Payloads for Windows and VMware ESXi
Kyber ransomware deploys two distinct payloads to encrypt both Windows systems and VMware ESXi servers, using a custom tool to wipe ESXi snapshots and hinder recovery. The attack chain begins with compromised RDP credentials.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.