CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

Velocidex Velociraptor 安全漏洞

Velocidex Velociraptor is a tool developed by the Australian company Velocidex, which uses the Velociraptor Query Language VQL to retrieve host-based status information. Versions of Velocidex Velociraptor prior to 0.76.5 contained a security vulnerability. This vulnerability stemmed from errors i...

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response DFIR tool, in connection with ransomware attacks likely orchestrated by Storm-2603 aka CL-CRI-1040 or Gold Salem, which is known for deploying the Warlock and LockBit ransomware. The threat actor's use ...

Deepening the MDR partnership: Rapid7 now delivers Active Remediation with Velociraptor

Rapid7 is expanding its response capabilities to meet the demands and relentless pace of today’s threat landscape – and the operational needs of our customers. Partnership means many things to us here at Rapid7. It means showing up with trusted expertise, providing clear guidance in moments of...

Velocidex Velociraptor 缓冲区错误漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based state information. A security vulnerability exists in Velocidex Velociraptor versions prior to 0.6.8 that stems from insufficient validation of the PE and OLE parsers,...