1723 matches found
Metasploit Wrap-Up 11/21/2025
CVE-2025-64446 - Fortinet’s FortiWeb exploitation A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 CVSS 9.1, allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw...
CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)
Overview Twonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...
Metasploit Wrap-Up 11/14/2025
It has “SUS” in the name, what did you expect? This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service WSUS vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the...
Threat Landscape of the Building and Construction Sector Part Two: Ransomware
In this second installment of our two-part series on the construction industry, Rapid7 is looking at the specific threat ransomware poses, why the industry is particularly vulnerable, and ways in which threat actors exploit its weaknesses to great effect. You can catch up on the first part here:...
CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild
Overview On October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. FortiWeb is a Web Application Firewall WAF product that is designed to detect and block malicious traffic to...
Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report
The Q3 2025 Threat Landscape Report, authored by the Rapid7 Labs team, paints a clear picture of an environment where attackers are moving faster, working smarter, and using artificial intelligence to stay ahead of defenders. The findings reveal a threat landscape defined by speed, coordination,...
Patch Tuesday - November 2025
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than we’ve come to expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical...
Metasploit Wrap-Up 11/07/2025
New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...
Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things
In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries su...
Metasploit Wrap-Up 10/31/2025
New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...
When AI Accelerates Cloud Migrations, Don't Let Security Be an Afterthought
The era of on-premises infrastructure is quickly becoming a thing of the past, with research from Pluralsight showing that over 90% of organizations now leverage the cloud. What’s driving the even faster shift over the last few years? Consider AWS's foray into generative AI programs and agents fo...
Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know
The Rapid7 Threat Focus: Salt Typhoon report profiles one of the most sophisticated and persistent state-sponsored threat actors operating today. Salt Typhoon, a Chinese espionage advanced persistent threat APT group linked to the Ministry of State Security MSS, has spent years infiltrating globa...
Defend Smarter, Not Harder: The Power of Curated Vulnerability Intelligence
Let’s be honest, we as an industry spend far too long responding to issues that simply don’t matter. Chasing down false positives, reviewing threat intelligence reports that bear no relation to our sector, and more recently reviewing vulnerability advisories of systems not deployed within the...
Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond
The global threat landscape is undergoing an unprecedented transformation. Organizations are facing dizzying levels of complexity, driven by rapid technological innovation, the widespread adoption of artificial intelligence, and the expected disruptive effects of quantum computing. At the same...
Metasploit Wrap-Up 10/24/2025
Let us suggest persistence… This week's edition brings the new persistence suggester from h00die. Similar to the exploit variant, this module will list the available persistence mechanisms for your selected target. The module requires a session to target the machine, so it can run check methods...
Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel
As the 2025 edition of Pwn2Own Ireland draws to a close, we are taking a beat to reflect on Rapid7’s participation and achievements, both this year and last, in the world of competitive zero day exploit development. Pwn2Own is a zero day exploit competition run by the Zero Day Initiative ZDI and...
Independent Results Confirm Rapid7’s NGAV Delivers Strong, Reliable Protection
At Rapid7, we measure success by how well we protect our customers in the real world. That’s why independent testing like the AV-Comparatives Business Security Test matters. It’s a trusted benchmark for how endpoint security products perform against today’s constantly evolving threats, and how th...
Metasploit Wrap-Up 10/17/2025
New module content 1 Remote Code Execution Vulnerability in MotionEye Frontend CVE-2025-60787 Authors: Maksim Rogov and prabhatverma47 Type: Exploit Pull request: 20585 contributed by vognik Path: linux/http/motioneyeauthrcecve202560787 AttackerKB reference: CVE-2025-60787 Description: Adds a...
Inside the F5 Breach: What We Know and Recommended Actions
On October 15, 2025, F5 Networks disclosed a breach attributed to a sophisticated nation-state actor. In an SEC 8-K form also filed that same day, F5 confirmed unauthorized access to its internal development and knowledge-management systems dating back to August 9, 2025. Some source-code and...
When the Call Comes from Inside: The Rising Threat of Insider Recruitment in Ransomware Campaigns
In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a...
Rapid7: 7 years of recognition in Gartner® Magic Quadrant™ for SIEM
We’re proud to share that Rapid7 has been recognized in the 2025 Gartner Magic Quadrant for Security Information and Event Management SIEM. This is the seventh year we have been positioned in this report, which means we’ve been recognized in every report following the launch of our SIEM offering,...
Patch Tuesday - October 2025
Microsoft is publishing 172 new vulnerabilities today. Microsoft is aware of public disclosure for just two of the vulnerabilities published today, and claims no evidence of in-the-wild exploitation. Today sees six zero-day vulnerabilities patched, but only a single one is evaluated as critical...
Metasploit Wrap Up 10/09/2025
Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...
Inside Russian Market: Uncovering the Botnet Empire
Eliran Alon contributed to this post. Inside Russian Market: Key insights from Rapid7 threat research The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol RDP access to becoming one of the most active underground hubs for information-stealing malware...
Crimson Collective: A New Threat Group Observed Operating in the Cloud
Introduction Over the past few weeks, Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments with the goal of data exfiltration and subsequent extortion of the victim. This threat group refers to itself as ‘Crimson Collective’ and has recently announced that...
The Business of Cybercrime: Raj Samani on Access, Ransomware, and What Comes Next
Cybercrime is no longer chaotic, it’s commercial. That’s the central theme of Episode 3 in our Experts on Experts: Commanding Perspectives series, where Craig Adams sits down with Raj Samani, Chief Scientist at Rapid7, for a wide-ranging, no-nonsense conversation on today’s threat economy. They...
What Recent Cyber Attacks Reveal About Readiness in 2025
When we last wrote about the rising tide of cyberattacks hitting the retail sector, the headlines were already sobering: disruption at major brands, ransomware claims, and attackers showing a deep understanding of how to break into systems and exploit trust. But that was just the beginning. Since...
CVE-2025-61882: Critical 0day in Oracle E-Business Suite exploited in-the-wild
Overview On Saturday, October 4, 2025, Oracle published an advisory and accompanying patch for CVE-2025-61882. This new vulnerability affects the Oracle Concurrent Processing product within Oracle E-Business Suite EBS, and has a CVSS score of 9.8 Critical. Per the vendor advisory, the vulnerabili...
Metasploit Wrap-Up 10/03/2025
Windows LNK and Linux persistence This week, happybear-21 introduced four new modules that abuse Windows Shell Link LNK to execute various attacks. Three of these modules are designed to trigger authentication attempts to a remote server, facilitating the harvesting of NTLM authentication...
Microsoft 365 Direct Send Abuse
The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging a lesser-known feature within Microsoft 365 called Direct Send. Rapid7 encourages organizations to immediately review their authenticated mail flow configurations, specifically related to Microsoft 365...
Rapid7 Extends Command Platform Capability with Middle East Region Launch
We’re excited to announce that Rapid7’s Command Platform expansion allows Exposure Command to be available in a new AWS region in the Middle East with the API name, me-central-1. This AWS addition gives organizations across the region faster access to our leading exposure management platform — an...
Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day attack is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple othe...
Metasploit Wrap-Up 09/26/2025
New module content 2 Cron Persistence Author: h00die [email protected] Type: Exploit Pull request: 20508 contributed by h00die Path: multi/persistence/cron Description: Update cron persistence to use the new mixin. FreePBX ajax.php authenticated SQLi to RCE Authors: EchoSlow, Piotr...
CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products
Overview On September 25, 2025, Cisco published advisories for three notable vulnerabilities affecting many different Cisco products. Two of these vulnerabilities, CVE-2025-20333 and CVE-2025-20362, are known to be exploited in the wild, and CVE-2025-20363 is at high risk for exploitation in the...
CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)
Overview Rapid7 has identified a permission bypass vulnerability in multiple versions of OnePlus OxygenOS installed on its Android smartphones, across multiple devices. It is expected that a wider range of devices than those tested are affected. When leveraged, the vulnerability allows any...
Metasploit Weekly Wrap-Up 09/19/2025
Consistently Persistent The Metasploit Framework has around 26 different modules which can be used to establish persistence on a target. Persistence modules help operators ensure they can maintain a consistent foothold within an environment once a target has been compromised and are quite helpful...
CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT
Overview On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that ha...
Metasploit Wrap-Up 09/12/25
New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...
Rapid7 Q2 2025 Incident Response Findings
Rapid7’s Q2 incident response IR data illustrates a solidification of trends first observed in Q1. There are no sweeping changes to commonly observed malware, or noticeably different software being deployed by threat actors in Q2. If you were expecting Bunny Loader to lose its impressive...
Akira Ransomware Group Utilizing SonicWall Devices for Initial Access
Latest update – September 18, 2025 On September 17, 2025, SonicWall disclosed a security breach affecting all SonicWall customers with MySonicWall.com cloud backups enabled. The firm detected suspicious activity targeting MySonicWall.com, through which threat actors were able to access backup...
Patch Tuesday - September 2025
Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide SUG for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software OSS fixes published...
Metasploit Weekly Wrap-Up 09/05/2025
Persistence Improvements and Exploits This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques. A new exploit has also been added thi...
An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 2)
Program Vulnerabilities and Manual Assessment This is the second in a three-part series on building and using a testing bench for Industrial Control Systems ICS. In this series, we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used I...
Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise
Each year at DEF CON’s IoT Village, Rapid7 researchers showcase their skills in penetration testing, hardware hacking, and more. At DEF CON 33, Principal Security Researcher, IoT, Deral Heiland took attendees step by step through a brand-new, hands-on exercise that pushed past last year’s lessons...
Metasploit Weekly Wrap-Up 08/28/2025
New module content 2 Pretalx Arbitrary File Read/Limited File Write Authors: Stefan Schiller and msutovsky-r7 Type: Auxiliary and Exploit Pull request: 20480 contributed by msutovsky-r7 Path: auxiliary/scanner/http/pretalxfilereadcve202328459 and exploit/linux/http/pretalxrcecve202328458 Attacker...
CVE-2025-7775: Critical NetScaler vulnerability exploited in-the-wild
Overview On August 26, 2025, Citrix published a security bulletin for three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Of the three vulnerabilities disclosed, the vendor has indicated that CVE-2025-7775 has been exploited in-the-wild by an as-yet unknown threat actor. As...
Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)
Overview While performing continuous red teaming exercises through Rapid7’s Vector Command service, Rapid7 discovered a total of four vulnerabilities in Securden Unified PAM. Three vulnerabilities were identified that allow an attacker to bypass authentication and view stored passwords or execute...
Metasploit Weekly Wrap-Up 08/22/2025
An Early Festivus Airing of Grievances Want to tell us how much you like us? We hope! Want to tell us how much you hate us? We hope not! We are somewhat familiar with the reclusive security expert lifestyle, as it is our own, but we are asking our users and non-users to steel themselves and take ...
Rapid7 named a representative vendor in 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
Being a cloud security professional can feel like you’re caught in the middle of a tug-of-war. On one side, developers, driven by the need for speed and innovation, see security as a potential bottleneck; on the other, business leaders, who are often removed from the technical weeds, have little...