WordPress plugin Multicollab: Content Team Collaboration and Editorial Workflow 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Cyber Threat Exposure Management: A 5-Step Guide

Attackers don’t care about your long list of CVEs. They look for the path of least resistance to your most valuable assets. So, why are we still managing security from a defender’s checklist instead of an attacker’s playbook? A modern security program needs to see the entire attack surface throug...

A Guide to Exposure Management Cybersecurity Best Practices

Attackers don't think in terms of CVE scores. They look for the path of least resistance, whether it's a forgotten server, a misconfigured cloud bucket, or an exposed API. While your team is busy prioritizing a long list of software flaws, a real threat could be exploiting a simple oversight that...

5 Exposure Management Best Practices for Your Team

Let's be honest: the traditional approach to vulnerability management is broken. Your team is likely drowning in a sea of alerts, staring at scan reports thousands of lines long, and struggling to figure out what to fix first. This constant state of reactive fire-fighting is exhausting and, worse...

Beyond CVSS: Critical CVE Vulnerabilities Analysis

Attackers don't care about your CVSS scores. They care about finding a path into your network. That path might not be a single, glaring "critical" vulnerability. Often, it’s a chain of lower-severity weaknesses on overlooked assets that, when combined, give them the keys to the kingdom. This is w...

EUVD-2025-8865

Malicious code in bioql PyPI...

EUVD-2023-37368

Malicious code in bioql PyPI...

CISA and UK NCSC Release Joint Guidance for Securing OT Systems

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology OT Architecture. Building...

Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams

Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secur...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2024-42929)

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. Mitel MiCollab suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious script or HTML code...

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

KNIME Business Hub Security Vulnerability

KNIME Business Hub is KNIME's enterprise software for data science automation, deployment modeling, team collaboration and management workflows. A security vulnerability exists in KNIME Business Hub versions 1.10.0 and 1.10.1 that stems from vulnerability to denial-of-service attacks, which can...

CVE-2024-28253

OpenMetadata (policy handling) is affected by a SpEL injection in PUT /api/v1/policies. The vulnerability arises because SpEL expressions are evaluated in PolicyRepository.prepare() before authorization checks, allowing an attacker to craft a policy payload that executes arbitrary code via a runt...

CVE-2024-21630

CVE-2024-21630 (Zulip) describes a flaw in Zulip 8.0 where non-admins can invite users and create multi‑use invitations, while only admins can invite users to streams. The vulnerability is limited to streams the inviter can already see and is not an arbitrary- stream invite. Version 8.1 fixes the...

CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

The Hand-y Etiquette of Modern All-Remote Culture

In today’s fast-paced digital world, remote work has become the new normal. With the rise of video conferencing platforms like Zoom and Microsoft Teams, we have adapted to an all-remote culture where communication is largely virtual. One aspect of this culture that has become increasingly importa...

Rapid7 Podcast Explores Hybrid-First Workplace Learnings

As the world continues to navigate the post-pandemic shift in work environments, Rapid7 is operating on a hybrid-first approach that balances flexibility and productivity with collaboration and optimizing for customer success. In the spirit of cross-collaboration, the People Development and...

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...