Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management ASM toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with...

Biting the CHERI Bullet: Blockers, Enablers and Security Implications of CHERI in Defence

There is growing interest in securing the hardware foundations software stacks build upon. However, before making any investment decision, software and hardware supply chain stakeholders require evidence from realistic, multiple long-term studies of adoption. We present results from a 12 month...

The vulnerability of ConneXium Network Manager software, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of ConneXium Network Manager software relates to insufficient verification of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

You Can’t Secure What You Can’t See: The Real Pain CAASM Solves

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! Let’s cut through the marketing haze for a moment. There’s a reas...

API Security Is Key to Cyber Resilience in Media and Entertainment

For media and entertainment companies, API expansion means a broader attack surface. Security needs to stay a step ahead...

KubeFence: Security Hardening of the Kubernetes Attack Surface

Kubernetes K8s is widely used to orchestrate containerized applications, including critical services in domains such as finance, healthcare, and government. However, its extensive and feature-rich API interface exposes a broad attack surface, making K8s vulnerable to exploits of software...

The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and drivi...

2025 Ransomware: Business as Usual, Business is Booming

Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack...

How SSL Misconfigurations Impact Your Attack Surface

When assessing an organization's external attack surface, encryption-related issues especially SSL misconfigurations receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights...

Seeing The Whole Picture: A Better Way To Manage Your Attack Surface

Do you trust your view of your organization’s risk? With cloud adoption, remote work, shadow IT, and AI, security teams face an overwhelming challenge: scoping their attack surface and continuously discovering all assets and exposures before threats emerge. This aligns with the critical first ste...

Linux Distros Unpatched Vulnerability : CVE-2024-32473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. I...

The vulnerability of the pfifo_tail_enqueue() function (net/sched/sch_fifo.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pfifotailenqueue function net/sched/schfifo.c in the Linux operating system is related to a discrepancy in functionality according to the specification. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

Independent Analyst Firm: Qualys Recognized as a Leader in Attack Surface Management

As the modern attack surface continues to grow in complexity, the need for simplified asset discovery and risk assessment has never been more acute. In 2021, Qualys introduced CyberSecurity Asset Management CSAM, a visionary ASM offering designed to bolster the customer’s coverage of the attack...

Why MDR In 2025 Is About Scaling With Purpose

Forrester recently released “The Forrester Wave™: Managed Detection and Response MDR Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide. While we’re honored to be recognized in such a competitive market, Rapid7’s designation underscores a fundamental...

Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization

Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified vi...

Exploit for CVE-2025-26794

CVE-2025-26794: Blind SQL injection in Exim 4.98 SQLite DBM...

CISO's Expert Guide To CTEM And Why It Matters

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management CTEM is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM's comprehensive approach is the best...

Vector Command Opportunistic Phishing Blog

Gone Phishing with Vector Command During one of our customer engagements, our red team will continuously attack your network to see if we can exploit a vulnerability. One of the tactics, techniques and proceduresTTPs we use is “Opportunistic Phishing”. First, let’s share a quick reminder about...

Managed Network Cloud Firewall: Comprehensive Protection for Network Attack Surface

...

4 Reasons Why MSPs & MSSPs Need to Enhance Attack Surface Management

In today’s rapidly evolving digital landscape, Managed Service Providers MSPs and Managed Security Service Providers MSSPs face increasing challenges. As businesses expand their digital footprints, MSPs and MSSPs are under pressure to deliver comprehensive security services while managing costs,...