1723 matches found
Metasploit Weekly Wrap-Up 08/15/2025
Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...
Announcing Nmap 7.95 Upgrade and More Accurate Simple Network Management Protocol (SNMP) Fingerprinting
At Rapid7, our commitment is to provide you with the most accurate and reliable scan data possible; as such, we are continuously updating our underlying technology. Today we are excited to announce an upcoming enhancement to the InsightVM scan engine, aimed at improving the accuracy of Simple...
Patch Tuesday - August 2025
Microsoft is addressing 111 vulnerabilities this August 2025 Patch Tuesday, a volume which is around the recent average. In a neat parallel with last month, Microsoft is aware of public disclosure for a single one of the vulnerabilities published today, and claims no evidence of in-the-wild...
Metasploit Wrap-Up 08/08/25
New module content 4 ICTBroadcast Unauthenticated Remote Code Execution Author: Valentin Lobstein Type: Exploit Pull request: 20446 contributed by Chocapikk Path: linux/http/ictbroadcastunauthcookie AttackerKB reference: CVE-2025-2611 Description: This adds a new module for CVE-2025-2611 -...
An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 1)
Building the Bench This is the first in a three part series on building and using a testing bench for ICS systems. In this series we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used ICS protocols such as Modbus, then develop malwar...
Introducing: The Metasploit Pro AD CS Metamodule
Introducing the AD CS Workflows MetaModule: Now Generally Available in Metasploit Pro We're excited to announce that the AD CS Workflows MetaModule has officially moved from early access to general availability in Metasploit Pro! This powerful new feature represents a significant advancement in...
Metasploit Wrap-Up 08/01/2025
ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...
Inside the Ransomware Economy in 2025: Q2 Trends & Key Insights You Need to Know
Building on insights from Rapid7’s Q1 and Q2 2025 ransomware trend reports, it’s clear that the ransomware economy continues to evolve – and not just in volume, but also in business maturity. As threat actors shift tactics, tools, and partnerships, defenders face a complex landscape shaped by...
Metasploit Wrap-Up 07/25/2025
We want to hear from you! Over the next few weeks, we’ll continue to put out user surveys on X as well as Mastodon so you can respond to some of the questions that will help us understand what you want and need from Metasploit Framework! We will also have a survey on our website during DEF CON an...
Q2 2025 Ransomware Trends Analysis: Boom and Bust
“Tumultous times” would be an accurate summary of Q2 2025 where ransomware threat actors are concerned. Rapid7’s internal and publicly-available data analysis reveals a dynamic environment where major players come and go, newer groups work their way up the heavy-hitters ladder, and threat actors...
CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers
Overview On Saturday July 19, 2025, Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution RCE vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure fro...
CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild
On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...
Metasploit Weekly Wrap-Up 07/18/2025
ARM64 Windows Payload This latest metasploit-framework release marks a significant milestone, introducing the inaugural payload specifically designed for Windows ARM64 architecture: windows/aarch64/exec. This addition greatly expands the framework's capabilities, enabling penetration testers and...
Patch Tuesday - July 2025
Microsoft is addressing 137 vulnerabilities this July 2025 Patch Tuesday, which is above average. Microsoft is aware of public disclosure for just one of the vulnerabilities published today, and Microsoft isn’t aware of in-the-wild exploitation for any of today’s batch. This is the tenth...
Metasploit Wrap-Up 07/11/2025
Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...
Why Traditional Vulnerability Management Isn’t Working and What to Do Instead
Security teams are under more pressure than ever. With attack surfaces growing, regulations tightening, and the average breach cost climbing, it's no surprise that many organizations are rethinking how they approach vulnerability management. But here’s the catch: knowing where your vulnerabilitie...
Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field
Rapid7 Incident Response consultants Willow Shipperley and Noah Hemker contributed analysis and insight to this blog. Executive summary Rapid7’s Incident Response IR team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and...
Metasploit Weekly Wrap-Up 06/17/2025
New Modules & Adapters, and Improvements! This week’s release brings new modules, additional adapter payloads and improvements to existing modules and features. These modules target software such as ThinManager, Remote for Mac, Roundcube and more. It also includes additional work from bcoles that...
Critical Veeam Backup & Replication CVE-2025-23121
On Tuesday, June 17, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution RCE vulnerability tracked as CVE-2025-23121. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that...
Key Takeaways from the Take Command Summit 2025: Inside the SOC – Expert Stories from the Frontlines of Threat Hunting and Malware Detection
What does it really look like to detect, contain, and respond to modern cyber threats in real time? At the Take Command 2025 Virtual Cybersecurity Summit, Inside the SOC session offered a behind-the-scenes look at how security teams are tackling everything from ransomware staging to advanced soci...
CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability...
Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)
Overview During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers MFPs were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following...
CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway
Overview On June 25, 2025, Cloud Software Group published a security bulletin for CVE-2025-6543, a new vulnerability affecting NetScaler ADC and NetScaler Gateway. The vendor has described CVE-2025-6543 as a “Memory overflow vulnerability leading to unintended control flow and Denial of Service”...
Key Takeaways from the Take Command Summit 2025: Outpacing the Adversary – Red Teaming in a Complex Threat Landscape
The evolving complexity of modern infrastructures calls for more than traditional pen testing. In this session from the Take Command 2025 Virtual Cybersecurity Summit, red team experts shared how organizations are using continuous testing to outpace attackers — and better prepare their teams to...
From .pth to p0wned: Abuse of Pickle Files in AI Model Supply Chains
Executive summary Recent threat research highlights a growing risk in the Python and machine learning ML ecosystem: the exploitation of serialized model files, specifically those using Python’s pickle module. While commonly used for saving and loading ML models, pickle files can execute arbitrary...
Scattered Spider: Rapid7 Insights, Observations, and Recommendations
Overview of Scattered Spider and recent activity Scattered Spider also tracked as UNC3944, Scatter Swine, Muddled Libra, among other aliases is a financially motivated cybercriminal group active since at least May 2022. The group is notorious for targeting large enterprises — especially...
CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)
Overview During a Virtual Desktop Infrastructure VDI breakout assessment, Rapid7 identified a Local Privilege Escalation LPE vulnerability affecting Citrix Virtual Apps and Desktops. This issue was assigned CVE-2025-6759 and has a CVSS score of 7.3 High. Rapid7 observed a SYSTEM process handle wi...
Coverage Plus Context Equals Intelligent Exposure Management
Common Vulnerabilities and Exposures CVEs is the standardized directory of publicly known software flaws that attackers can exploit to carry out cyber attacks. Vulnerability management solutions scan for CVEs to give you a list of all the gaps in your attack surface, but the volume of new...
Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...
Patch Tuesday - June 2025
Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted...
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict
Executive Summary There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid...
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted...
Patch Tuesday - June 2025
Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict
Executive Summary There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid...
5 Things Security Leaders Need to Know About Agentic AI
From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving...
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...
Metasploit Wrap-up 06/06/25
ThinManager Path Traversal CVE-2023-27855 Arbitrary File Upload Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 20138 contributed by h4x-x0r Path: admin/networking/thinmanagertraversalupload AttackerKB reference: CVE-2023-2917 Description: Adds an auxiliary module that targets...
Cultivating Growth and Development at Rapid7
At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company success and innovation...
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders in Mumbai, Delhi, and Bengaluru to address the most pressing cyber threats faci...
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...
Rapid7 Q1 2025 Incident Response Findings
Rapid7’s Q1 2025 incident response data highlights several key initial access vector IAV trends, shares salient examples of incidents investigated by the Rapid7 Incident Response IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing i...
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
Co-authored by Yaniv Allender and Alexandra Blia Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical...
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
The rise of GenAI-powered applications – from internal copilots to customer-facing chatbots – is changing how businesses operate. While these tools drive innovation, they also introduce a fast moving, often invisible layer of risk. Most traditional AppSec tools were never built to handle the uniq...
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical causes, hacktivist groups have historically engaged i...
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies...
Metasploit Wrap-Up 05/30/2025
The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...
Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact
Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many organizations face today when relyin...
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...