Caitlin Condon

@[email protected]
1.3K Followers
713 Following
928 Posts
Adventurer. Takes a lot of photos, calls many places home. VP of research @vulncheck. Previously vulnerability research director @ Rapid7 + @metasploit. Opinions mine, etc. She/her.
Websitecaitlincondon.com
Caitlin Condon2d ago

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

CVE-2026-20079 - Cisco FMC Authentication Bypass RCE Analysis | Blog | VulnCheck

VulnCheck's Initial Access Intelligence team analysis of CVE-2026-20079, an authentication bypass and remote code execution vulnerability in Cisco Secure Firewall Management Center.

VulnCheck
Caitlin Condon5d ago

I'm terrible at social media these days, but our research team put out a pretty neat report on #EOL network edge devices, who's exploiting them, and why they get missed sometimes in more "enterprise"-focused threat intel lists.

Full report via VulnCheck researcher Patrick Garrity: https://wwv.vulncheck.com/2026-network-edge-device-report

2026 Exploring the Network Edge Report | VulnCheck

Download Exploring the Network Edge research report to understand how network edge devices may impact cyber risk.

Caitlin CondonFeb 26
We created a data-driven, multi-dimensional list of 2025's Top Routinely Targeted Vulnerabilities based on public exploits, ransomware, threat actor, and botnet data. Explore the 2025 top 50 here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities
VulnCheck - Outpace Adversaries

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

VulnCheck
Caitlin CondonFeb 25

A ton of new research out today from the VulnCheck crew 📈

We just released our 2026 Exploit Intelligence Report, which has in-depth analysis of the public exploit ecosystem, various critical CVE timelines, threat actor and botnet deep dives, and plenty more!

https://wwv.vulncheck.com/2026-vulncheck-exploit-intelligence-report

...but what I expect most folks will focus on (because everyone loves a list) is our new annual list of Routinely Targeted Vulnerabilities, which we're releasing to the public along with select metadata here: https://www.vulncheck.com/2025-routinely-targeted-vulnerabilities

We're also doing a webcast on the windfall of recent research from our team TODAY! https://wwv.vulncheck.com/in-the-wild-with-vulncheck-webinar-series

2026 VulnCheck Exploit Intelligence Report | VulnCheck

Discover key insights from the 2026 VulnCheck report on exploited vulnerabilities, highlighting attacker behavior and operational timing that left organizations vulnerable in 2025.

Caitlin CondonFeb 25
The best part of not owning a house is not owning a house in a snowstorm.
Caitlin CondonFeb 19
poptartFeb 19
There's been a comical increase in fake PoCs in GitHub that have hallucinated the completely incorrect CVE ID. Pretty representative of the care that people do with these things.
Show threadCaitlin CondonFeb 11
@jvoisin This is a very cool idea.
Caitlin CondonFeb 10
Video PoCs in my inbox, smdh.
Caitlin CondonFeb 3

Our team wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which VulnCheck's Canary Intelligence network detected for the first time in December 2025.

https://www.vulncheck.com/blog/metro4shell_eitw

Metro4Shell: Exploitation of React Native’s Metro Server in the Wild | Blog | VulnCheck

VulnCheck observed in-the-wild exploitation of CVE-2025-11953 targeting exposed React Native Metro servers shortly after public disclosure. Analysis of repeated attacks shows consistent, operational payload delivery rather than opportunistic scanning. This post examines how the vulnerability was exploited and why early exploitation visibility matters for defenders.

VulnCheck
Caitlin CondonJan 29
@TomSellers preach girl