Five Things we Took Away from Gartner SRM Sydney 2026
At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the...
Rapid7 Blog
14 articles
CVE-2026-41940: cPanel & WHM Authentication Bypass
Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel...
Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect
This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landsca...
MDR Selection is a Partnership Decision
Managed Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 2...
Metasploit Wrap-Up 04/25/2026
Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability...
AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it
Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, whic...
Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained
Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform depl...
From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent Skill
Security teams want more from their data than APIs and one-off reports. They want to ask better questions, move faster, and bring security context into the w...
Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action
Anthropic’s Project Glasswing has sparked plenty of discussion about what AI might soon do for vulnerability discovery, but the more useful question for most...
Metasploit Wrap-Up 04/17/2026
Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug...
CVE-2026-33032: Nginx UI Missing MCP Authentication
Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to ce...
ClickFix Phishing Campaign Masquerading as a Claude Installer
Overview It is no secret that phishing campaigns utilizing various ClickFix techniques have been a commonly used method of social engineering. One of the mai...
A Clearer Path from Prioritized Exposures to Remediation Progress
Security leaders know that reducing risk is not just about finding the right exposures, but helping the organization act on them before known issues turn int...
Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, a...