Rapid7 Blog235IN STACK · 2026-04-10 19:11
Metasploit Wrap-Up 04/10/2026
Speedup Improvements of MSFVenom & New Modules This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report related services resulting in an improved data stream, which can be queried by using the services command. We also landed an improvement to msfvenom’s bootup time, thanks to bcoles , resulting in an a...
Deeplinks20 · 2026-04-10 13:50
We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702
We go through this every couple of years: Section 702 of the Foreign Intelligence Surveillance Act (FISA), which of Americans’ communications with foreign persons overseas is up for renewal. As always, Congress can reauthorize it with or without changes, or just let it expire. We know, we know, it’s a pain to have to do this every few years –but it gives us a chance to lift the hood of this behemoth tool of government surveillance and tinker with how it works . That’s why it’s so important ...
Nvidia17 · 2026-04-10 19:40
National Robotics Week — Latest Physical AI Research, Breakthroughs and Resources
This National Robotics Week, NVIDIA is highlighting the breakthroughs that are bringing AI into the physical world — as well as the growing wave of robots transforming industries, from agricultural and manufacturing to energy and beyond. Advancements in robot learning, simulation and foundation models are accelerating development, enabling robots to move from training in virtual […]
Cyber Kendra12 · 2026-04-10 17:15
React2DoS Flaw Can Crash Servers with One Request
A newly disclosed vulnerability in React Server Components can bring production servers to a complete halt using nothing more than a single, carefully crafted HTTP request — no credentials, no special access required. Researchers at Imperva's Offensive Team discovered and reported the flaw, tracked as CVE-2026-23869 and dubbed " React2DoS ." Rated high severity, the issue affects React Server Components version 19.2.4 and below. It also impacts Next.js versions 13.x through 16.x that use the ...
Tenable Blog8 · 2026-04-10 12:10
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable One Exposure Management Platform , can tell you in minutes if your organization is running compromised versions of the Axios npm package following a recent discovery ...
ProjectDiscovery.io | Blog6 · 2026-04-10 02:42
How We Cut LLM Costs by 59% With Prompt Caching
At ProjectDiscovery, we've been building Neo, an autonomous security testing platform that runs multi-agent, multi-step workflows, routinely executing 20-40+ LLM steps per task. Vulnerability assessments, code reviews, and security audits at scale, enabling continuous testing across the entire development lifecycle. When we launched, our LLM costs were staggering. A single complex task with Opus 4.5 could consume 60 million tokens. Then we implemented prompt caching. Here's what changed: