Lucene search
+L
Rapid7blogMost viewed

1731 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/04/08 8:30 p.m.9 views

Patch Tuesday - April 2025

Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...

8.8CVSS7.3AI score0.00936EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/26 5:0 p.m.9 views

Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide

Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value. Recognition...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 1:0 p.m.9 views

Helping us help you: Practical applications of AI in the SOC

Security teams can be understandably hesitant to integrate artificial intelligence AI into incident response workflows. A single mistaken action could lead to widespread disruption, monetary loss, or reputational harm. Meanwhile, attackers are increasingly leveraging AI to enhance the scale and...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/26 5:3 p.m.9 views

MDR + SIEM: Why Full Access to Your Security Logs is Non-Negotiable

Many Managed Detection and Response MDR providers promise world-class threat detection, but behind the scenes they lock away your security logs, limiting your visibility and control. It’s your data — so why don’t you have full access to it? Isn’t the whole point of security to see everything...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/25 1:55 p.m.9 views

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Modern organizations grapple with the complex task of securing sensitive data in sprawling hybrid and multi-cloud environments. Due to insufficient visibility and governance, data is often misplaced, duplicated, or left exposed. This fragmented environment makes it difficult for teams to accurate...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/24 7:6 p.m.9 views

Under The Hoodie: The Pen Test Diaries

Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...

8.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/11 9:30 p.m.9 views

Patch Tuesday - February 2025

Microsoft is addressing 56 vulnerabilities this February 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for two of the vulnerabilities published today, which is reflected in CISA KEV. Microsoft is aware of public disclosure for two other vulnerabilities. This is now the...

8.8CVSS8.5AI score0.01547EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/01/08 7:43 p.m.9 views

New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search

As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security TLS encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control C2 traffic. These malicious actors often have identifiable characteristics...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/04 3:45 p.m.9 views

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/25 1:0 p.m.9 views

Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command

Over the 15 years I spent as a practitioner and consultant prior to joining Rapid7, a metric that I found to be ever elusive was a true custom prioritization score. You could get close- with enough time, energy, spreadsheets, and logs. But even then it wasn’t without fault. There were still...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/07/09 8:3 p.m.9 views

Patch Tuesday - July 2024

Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the...

9.9CVSS9.3AI score0.84345EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2024/02/15 7:38 p.m.9 views

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...

10CVSS10AI score0.99984EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2023/12/11 8:59 p.m.9 views

Living our Values and Leveraging Diverse Skill Sets: How Jonathan Atwood Built a Successful Career as a Customer Advisor at Rapid7

At Rapid7, our Customer Advisors play a pivotal role at ensuring our customers understand their threat landscape – and feel confident in their security programs. By collaborating across various internal teams, strengthening customer relationships, and proactively seeking solutions and advocating...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/19 2:0 p.m.9 views

Gimme! Gimme! Gimme! (More Data): What Security Pros Are Saying

Eight in 10 organizations collect, process, and analyze security operations data from more than 10 sources, ESG identified in a new ebook SOC Modernization and the Role of XDR, sponsored by Rapid7. Security professionals believe that the most important sources are endpoint security data 24%, thre...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/02/02 3:54 p.m.9 views

Demystifying XDR: Where SIEM and XDR Collide

Innovations solve longstanding problems in creative, impactful ways — but they also raise new questions, especially when they're in the liminal space between being an emerging idea and a fully fledged, widely adopted reality. One of the still-unanswered questions about extended detection and...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2 days ago8 views

CVE-2026-63030: wp2shell a Critical Remote Code Execution Vulnerability in WordPress Core

Overview On July 17, 2026, a GitHub Security Advisory was published for CVE-2026-63030, a critical unauthenticated remote code execution vulnerability affecting WordPress Core. While the official GitHub security advisory classifies the severity as Critical, the vulnerability has currently been...

9.8CVSS6.5AI score0.08946EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2026/04/03 7:6 p.m.8 views

Metasploit Wrap-Up 04/03/2026

Additional Adapters and More Modules This week, we added a whole new bunch of HTTP/HTTPS-based CMD payloads for X64 and X86 versions of Windows. The additional breadth of selectable payloads and delivery techniques allows users new options to tailor the attack workflow for their environment. This...

10CVSS6.6AI score0.3114EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2026/04/02 1:0 p.m.8 views

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Executive Overview Advanced persistent threats APTs are constantly and consistently changing tactics as network defenders plug holes in defenses. Static indicators of compromise IoCs for the BPFDoor have been widely deployed, forcing threat actors to get creative in their use of this particular...

5.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/03/20 1:0 p.m.8 views

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Overview Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw CVE-2026-31381 and a Reflected Cross-Site Scripting XSS...

6.1CVSS5.8AI score0.00303EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2026/02/03 2:23 p.m.8 views

ICYMI: Experts on Experts – Season One Roundup

In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI,...

5.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/11/24 2:21 p.m.8 views

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/10/31 1:0 p.m.8 views

When AI Accelerates Cloud Migrations, Don't Let Security Be an Afterthought

The era of on-premises infrastructure is quickly becoming a thing of the past, with research from Pluralsight showing that over 90% of organizations now leverage the cloud. What’s driving the even faster shift over the last few years? Consider AWS's foray into generative AI programs and agents fo...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/10/29 12:55 p.m.8 views

Defend Smarter, Not Harder: The Power of Curated Vulnerability Intelligence

Let’s be honest, we as an industry spend far too long responding to issues that simply don’t matter. Chasing down false positives, reviewing threat intelligence reports that bear no relation to our sector, and more recently reviewing vulnerability advisories of systems not deployed within the...

8.6CVSS9.2AI score0.85543EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/10/17 6:48 p.m.8 views

Metasploit Wrap-Up 10/17/2025

New module content 1 Remote Code Execution Vulnerability in MotionEye Frontend CVE-2025-60787 Authors: Maksim Rogov and prabhatverma47 Type: Exploit Pull request: 20585 contributed by vognik Path: linux/http/motioneyeauthrcecve202560787 AttackerKB reference: CVE-2025-60787 Description: Adds a...

7.2CVSS7.4AI score0.18993EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2025/10/09 7:52 p.m.8 views

Metasploit Wrap Up 10/09/2025

Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...

9CVSS7.2AI score0.00907EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2025/09/26 5:28 p.m.8 views

Metasploit Wrap-Up 09/26/2025

New module content 2 Cron Persistence Author: h00die [email protected] Type: Exploit Pull request: 20508 contributed by h00die Path: multi/persistence/cron Description: Update cron persistence to use the new mixin. FreePBX ajax.php authenticated SQLi to RCE Authors: EchoSlow, Piotr...

10CVSS8.2AI score0.93286EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/09/23 1:0 p.m.8 views

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Overview Rapid7 has identified a permission bypass vulnerability in multiple versions of OnePlus OxygenOS installed on its Android smartphones, across multiple devices. It is expected that a wider range of devices than those tested are affected. When leveraged, the vulnerability allows any...

8.2CVSS7.3AI score0.0367EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/09/12 7:51 p.m.8 views

Metasploit Wrap-Up 09/12/25

New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...

10CVSS8.3AI score0.60875EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2025/09/09 8:45 p.m.8 views

Patch Tuesday - September 2025

Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide SUG for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software OSS fixes published...

10CVSS9.6AI score0.32908EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2025/09/02 6:0 p.m.8 views

An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 2)

Program Vulnerabilities and Manual Assessment This is the second in a three-part series on building and using a testing bench for Industrial Control Systems ICS. In this series, we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used I...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:8 p.m.8 views

Metasploit Weekly Wrap-Up 06/17/2025

New Modules & Adapters, and Improvements! This week’s release brings new modules, additional adapter payloads and improvements to existing modules and features. These modules target software such as ThinManager, Remote for Mac, Roundcube and more. It also includes additional work from bcoles that...

9.9CVSS8.8AI score0.94741EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.8 views

From .pth to p0wned: Abuse of Pickle Files in AI Model Supply Chains

Executive summary Recent threat research highlights a growing risk in the Python and machine learning ML ecosystem: the exploitation of serialized model files, specifically those using Python’s pickle module. While commonly used for saving and loading ML models, pickle files can execute arbitrary...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.8 views

Scattered Spider: Rapid7 Insights, Observations, and Recommendations

Overview of Scattered Spider and recent activity Scattered Spider also tracked as UNC3944, Scatter Swine, Muddled Libra, among other aliases is a financially motivated cybercriminal group active since at least May 2022. The group is notorious for targeting large enterprises — especially...

10CVSS10AI score0.99999EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2025/06/06 12:58 p.m.8 views

Cultivating Growth and Development at Rapid7

At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company success and innovation...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/02 1:0 p.m.8 views

Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management

At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/05/23 1:0 p.m.8 views

Threats don’t wait, neither should you: Mastering Emergent Threat Response Validation

Cybersecurity is a team sport In cybersecurity, no one fights alone. Defending against modern threats requires seamless collaboration, real-time intelligence, and precision execution—just like a well-coordinated sports team. That’s why Rapid7 Labs and our Vector Command team work together to stay...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/05/14 2:59 p.m.8 views

CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products

On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 Critical, and allows an unauthenticated remote...

9.8CVSS10AI score0.31974EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2025/04/28 11:57 a.m.8 views

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

10CVSS9.1AI score0.99406EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/04/16 2:56 p.m.9 views

Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding

The current situation On April 16, CISA extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures CVE program. This was in response to a letter sent by MITRE on April 15 to CVE board members warning of a potential issue with MITRE's support for the CVE...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.8 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.99098EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 8:16 p.m.8 views

Patch Tuesday - March 2025

Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware...

8.4CVSS8.7AI score0.03705EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2025/02/11 2:0 p.m.8 views

How To Protect Your Organization's Bluesky Account From Security Threats

When a new platform suddenly becomes popular, it’s not uncommon to see it stress tested by malware authors and fraudsters. Many organizations are making the leap to Bluesky without necessarily understanding the potential threats to an account and the business should a compromise take place. This...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/01/27 2:0 p.m.8 views

The 2024 Ransomware Landscape: Looking back on another painful year

The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/16 2:9 p.m.8 views

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

10CVSS9.7AI score0.99999EPSS
Exploits185
Rapid7 Blog
Rapid7 Blog
added 2024/12/12 2:0 p.m.8 views

Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar

It's that time of year again — one year is ending and another is set to begin.. And what a year it's been for the security community! The sheer scale of incidents has left SecOps teams breathless, so thinking about what could be in store next year can be overwhelming. But there's no need to panic...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/18 1:0 p.m.8 views

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/08 9:28 p.m.8 views

Patch Tuesday - October 2024

Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as critical yet. Of those five, Microsoft lists two as...

8.1CVSS9.4AI score0.66571EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2024/08/15 1:30 p.m.8 views

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/07 2:37 p.m.8 views

Keys to the Kingdom - Gaining access to the Physical Facility through Internal Access

This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt by the client to discover h...

7.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/06 1:0 p.m.8 views

Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.

Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable. But there is one more facet to this threat that mak...

7.2AI score
Exploits0
Total number of security vulnerabilities1731