Caitlin Condon

@[email protected]
1.3K Followers
713 Following
927 Posts
Adventurer. Takes a lot of photos, calls many places home. VP of research @vulncheck. Previously vulnerability research director @ Rapid7 + @metasploit. Opinions mine, etc. She/her.
Websitecaitlincondon.com
Caitlin Condon1d ago

I'm terrible at social media these days, but our research team put out a pretty neat report on #EOL network edge devices, who's exploiting them, and why they get missed sometimes in more "enterprise"-focused threat intel lists.

Full report via VulnCheck researcher Patrick Garrity: https://wwv.vulncheck.com/2026-network-edge-device-report

2026 Exploring the Network Edge Report | VulnCheck

Download Exploring the Network Edge research report to understand how network edge devices may impact cyber risk.

Caitlin CondonFeb 26
We created a data-driven, multi-dimensional list of 2025's Top Routinely Targeted Vulnerabilities based on public exploits, ransomware, threat actor, and botnet data. Explore the 2025 top 50 here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities
VulnCheck - Outpace Adversaries

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

VulnCheck
Caitlin CondonFeb 25

A ton of new research out today from the VulnCheck crew 📈

We just released our 2026 Exploit Intelligence Report, which has in-depth analysis of the public exploit ecosystem, various critical CVE timelines, threat actor and botnet deep dives, and plenty more!

https://wwv.vulncheck.com/2026-vulncheck-exploit-intelligence-report

...but what I expect most folks will focus on (because everyone loves a list) is our new annual list of Routinely Targeted Vulnerabilities, which we're releasing to the public along with select metadata here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities

We're also doing a webcast on the windfall of recent research from our team TODAY! https://wwv.vulncheck.com/in-the-wild-with-vulncheck-webinar-series

2026 VulnCheck Exploit Intelligence Report | VulnCheck

Discover key insights from the 2026 VulnCheck report on exploited vulnerabilities, highlighting attacker behavior and operational timing that left organizations vulnerable in 2025.

Caitlin CondonFeb 25
The best part of not owning a house is not owning a house in a snowstorm.
Caitlin CondonFeb 19
poptartFeb 19
There's been a comical increase in fake PoCs in GitHub that have hallucinated the completely incorrect CVE ID. Pretty representative of the care that people do with these things.
Caitlin CondonFeb 10
Video PoCs in my inbox, smdh.
Caitlin CondonFeb 3

Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.

https://www.vulncheck.com/blog/metro4shell_eitw

Metro4Shell: Exploitation of React Native’s Metro Server in the Wild | Blog | VulnCheck

VulnCheck observed in-the-wild exploitation of CVE-2025-11953 targeting exposed React Native Metro servers shortly after public disclosure. Analysis of repeated attacks shows consistent, operational payload delivery rather than opportunistic scanning. This post examines how the vulnerability was exploited and why early exploitation visibility matters for defenders.

VulnCheck
Caitlin CondonJan 28

The VulnCheck research team found an unauth RCE vuln in SmarterMail that at least three other researchers discovered independently. VulnCheck canaries are also detecting in-the-wild exploitation of CVE-2026-24423. Lots of sudden attention on this software from researchers and adversaries.

https://www.vulncheck.com/blog/smartermail-connecttohub-rce-cve-2026-24423

Street Smarts: SmarterMail ConnectToHub Unauthenticated RCE (CVE-2026-24423) | Blog | VulnCheck

Exploring an unauthenticated remote code execution in the SmarterTools SmarterMail server via the ConnectToHub mounting functionality.

VulnCheck
Caitlin CondonJan 25
Shaula EvansJan 12

A friend sent me this Covid Policy Statement (from a church in Vancouver, Canada) and I feel so seen that I'm in tears. It's well written and relatively comprehensive. It is also an astonishing example of care and compassion combined with science to inform an approach to covid.

I'm sharing it here for the many Fedi friends who may be heartened by it or find it useful.

https://www.stmargaretscedarcottage.ca/why-are-we-still-masking.html

@LonelinessCorps

#CovidIsNotOver #PandemicIsNotOver #LonelinessCorps #Covid19 #Covid

Why are we still masking?

Some people might wonder why St. Margaret’s continues to take precautions against the spread of Covid in our community when it feels like the rest of the world has moved on. Our decision may make...

ST. MARGARET 'S CEDAR COTTAGE ANGLICAN CHURCH
Caitlin CondonJan 23

Join @vulncheck next week for our new In the Wild webcast series! This month, our research team will do a deep dive on developing an exploit for Gladinet Triofox CVE-2025-12480, a process that wound up being significantly more complex than expected.

Wednesday, Jan. 28 @ 1 PM ET (and the last Wednesday of every month!)

https://wwv.vulncheck.com/in-the-wild-with-vulncheck-webinar-series

In the Wild with VulnCheck | Webinar Series