Caitlin Condon – Noise

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

Caitlin Condon — Mon, 28 Apr 2025 11:57:12 +0000

A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.

Apache Tomcat CVE-2025-24813: What You Need to Know

Caitlin Condon — Wed, 19 Mar 2025 17:40:52 +0000

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild. Tomcat is widely deployed and

Fortinet firewalls hit with new zero-day attack, older data leak

Caitlin Condon — Thu, 16 Jan 2025 15:57:23 +0000

Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild

Caitlin Condon — Wed, 08 Jan 2025 18:13:13 +0000

Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.

Zero-day exploitation targeting Palo Alto Networks firewall management interfaces

Caitlin Condon — Fri, 15 Nov 2024 12:44:09 +0000

Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

Caitlin Condon — Wed, 23 Oct 2024 16:21:47 +0000

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Caitlin Condon — Tue, 23 Apr 2024 15:26:06 +0000

CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, and remote code execution.

CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls

Caitlin Condon — Fri, 12 Apr 2024 12:59:48 +0000

On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. CVE-2024-3400 allows for arbitrary code execution as root.

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

Caitlin Condon — Tue, 23 Jan 2024 18:42:31 +0000

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Caitlin Condon — Thu, 11 Jan 2024 13:00:40 +0000

CVE-2023-46805 and CVE-2024-21887 are zero-day vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure gateways. They have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

Caitlin Condon — Thu, 09 Nov 2023 14:12:55 +0000

A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

Caitlin Condon — Tue, 17 Oct 2023 19:50:03 +0000

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

Caitlin Condon — Wed, 04 Oct 2023 15:28:53 +0000

On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical privilege escalation vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.

Critical Vulnerabilities in WS_FTP Server

Caitlin Condon — Fri, 29 Sep 2023 13:33:05 +0000

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WS_FTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical (CVE-2023-40044 and CVE-2023-42657).

Rapid7 is not aware of any exploitation in the wild as

CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers

Caitlin Condon — Mon, 25 Sep 2023 17:32:48 +0000

On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.

Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

Caitlin Condon — Tue, 18 Jul 2023 15:28:45 +0000

Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.

Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities

Caitlin Condon — Mon, 17 Jul 2023 19:48:51 +0000

Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.

SonicWall Recommends Urgent Patching for GMS and Analytics CVEs

Caitlin Condon — Thu, 13 Jul 2023 14:56:13 +0000

SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Caitlin Condon — Thu, 08 Jun 2023 16:52:32 +0000

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Caitlin Condon — Thu, 01 Jun 2023 15:23:53 +0000

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.