Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were Read More …

Password Spray Attacks Taking Advantage of Lax MFA

In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume Read More …

Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns

Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem Read More …

Court document reveals locations of WhatsApp victims targeted by NSO spyware

NSO Group’s notorious spyware Pegasus was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign, according to a new court document. The document was published on Friday as part of the lawsuit that Meta-owned Read More …

Patch Tuesday – April 2025

Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA Read More …

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors

MOONSHINE and BADBAZAAR are examples of trojans; they have malicious functions hidden inside an otherwise functioning app that can be downloaded from app stores or online file-sharing services. These apps are designed to trick a user into downloading and installing Read More …

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Recently, Kaspersky researchers noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage, on Read More …

Google fixes two actively exploited zero-day vulnerabilities in Android

Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the Read More …

2025 Ransomware: Business as Usual, Business is Booming

Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus Read More …