ZCyberNews
中文

#rapid7

6 articles

Over 15 articles from April 13 to May 15, 2026, cover Rapid7’s reporting on threat actors KongTuke and Kyber. Critical vulnerabilities CVE-2026-20127 and CVE-2026-20182, both with a CVSS score of 10, alongside CVE-2025-59718 and CVE-2026-41940, are highlighted. The coverage spans enterprise, enterprise IT, enterprise networking, financial services, and government sectors across Global, Europe, and North America, with a severity mix of three high, four critical, and five informational reports.

Metasploit Adds Vim Plugin Persistence, Exploits for Three CVEsHIGH
Tools & Techniques

Metasploit Adds Vim Plugin Persistence, Exploits for Three CVEs

Rapid7's Metasploit Framework adds Vim plugin persistence, exploits for CVE-2025-6793 (Marvell QConvergeConsole), CVE-2024-48760 (GestioIP), and CVE-2023-30253 (Dolibarr).

CVE-2025-6793CVE-2024-48760CVE-2023-30253
3 min read
Cisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores PerfectCRITICAL
Vulnerabilities

Cisco Catalyst SD-WAN Controller Flaw CVE-2026-20182 Scores Perfect

Rapid7 discovered CVE-2026-20182, a 10.0-CVSS authentication bypass in Cisco Catalyst SD-WAN Controller. Unauthenticated attackers can inject SSH keys and issue NETCONF commands.

CVE-2026-20182CVE-2026-20127
4 min read
ModeloRAT Campaign Abuses Microsoft Teams for Enterprise IntrusionCRITICAL
Threat Intel

ModeloRAT Campaign Abuses Microsoft Teams for Enterprise Intrusion

Rapid7 dissects an April 2026 intrusion where a fake IT Support Teams message delivered ModeloRAT via Dropbox, leading to privilege escalation, credential theft, and lateral...

CVE-2023-36036
4 min readKongTuke
cPanel & WHM Authentication Bypass CVE-2026-41940: CVSS 9.8CRITICAL
Vulnerabilities

cPanel & WHM Authentication Bypass CVE-2026-41940: CVSS 9.8

CVE-2026-41940: Unauthenticated remote attackers can bypass authentication in cPanel & WHM and WP Squared. CVSS 9.8. Patch released April 28, 2026.

CVE-2026-41940
3 min read
FortiGate SSO Bypass CVE-2025-59718 Exploited in Active AttacksCRITICAL
Vulnerabilities

FortiGate SSO Bypass CVE-2025-59718 Exploited in Active Attacks

Rapid7 IR confirms active exploitation of CVE-2025-59718 — a 9.8-CVSS FortiGate SSO bypass — enabling attackers to gain persistent admin access on unpatched appliances.

CVE-2025-59718
2 min read
Kyber Ransomware Deploys Dual Payloads for Windows and VMware ESXiHIGH
Malware

Kyber Ransomware Deploys Dual Payloads for Windows and VMware ESXi

Kyber ransomware deploys two distinct payloads to encrypt both Windows systems and VMware ESXi servers, using a custom tool to wipe ESXi snapshots and hinder recovery. The attack chain begins with compromised RDP credentials.

3 min readKyber

Stay Updated

Get the latest cybersecurity news delivered to your inbox.