Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/08/15 3:54 p.m.6 views

Metasploit Weekly Wrap-Up 08/15/2025

Don’t forget to take the Metasploit User Engagement Survey! We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the en...

9.9CVSS9.8AI score0.92579EPSS
Exploits16
Rapid7 Blog
Rapid7 Blog
added 2025/08/15 1:0 p.m.17 views

Announcing Nmap 7.95 Upgrade and More Accurate Simple Network Management Protocol (SNMP) Fingerprinting

At Rapid7, our commitment is to provide you with the most accurate and reliable scan data possible; as such, we are continuously updating our underlying technology. Today we are excited to announce an upcoming enhancement to the InsightVM scan engine, aimed at improving the accuracy of Simple...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/08/12 9:44 p.m.11 views

Patch Tuesday - August 2025

Microsoft is addressing 111 vulnerabilities this August 2025 Patch Tuesday, a volume which is around the recent average. In a neat parallel with last month, Microsoft is aware of public disclosure for a single one of the vulnerabilities published today, and claims no evidence of in-the-wild...

9.8CVSS7.8AI score0.06706EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2025/08/08 3:57 p.m.11 views

Metasploit Wrap-Up 08/08/25

New module content 4 ICTBroadcast Unauthenticated Remote Code Execution Author: Valentin Lobstein Type: Exploit Pull request: 20446 contributed by Chocapikk Path: linux/http/ictbroadcastunauthcookie AttackerKB reference: CVE-2025-2611 Description: This adds a new module for CVE-2025-2611 -...

9.8CVSS9.1AI score0.99982EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2025/08/06 6:6 p.m.4 views

An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 1)

Building the Bench This is the first in a three part series on building and using a testing bench for ICS systems. In this series we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used ICS protocols such as Modbus, then develop malwar...

6.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/08/05 7:8 p.m.5 views

Introducing: The Metasploit Pro AD CS Metamodule

Introducing the AD CS Workflows MetaModule: Now Generally Available in Metasploit Pro We're excited to announce that the AD CS Workflows MetaModule has officially moved from early access to general availability in Metasploit Pro! This powerful new feature represents a significant advancement in...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/08/01 6:16 p.m.5 views

Metasploit Wrap-Up 08/01/2025

ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...

7.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/31 1:0 p.m.4 views

Inside the Ransomware Economy in 2025: Q2 Trends & Key Insights You Need to Know

Building on insights from Rapid7’s Q1 and Q2 2025 ransomware trend reports, it’s clear that the ransomware economy continues to evolve – and not just in volume, but also in business maturity. As threat actors shift tactics, tools, and partnerships, defenders face a complex landscape shaped by...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/28 12:9 p.m.12 views

Metasploit Wrap-Up 07/25/2025

We want to hear from you! Over the next few weeks, we’ll continue to put out user surveys on X as well as Mastodon so you can respond to some of the questions that will help us understand what you want and need from Metasploit Framework! We will also have a survey on our website during DEF CON an...

9.8CVSS10AI score0.74615EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2025/07/22 8:33 p.m.6 views

Q2 2025 Ransomware Trends Analysis: Boom and Bust

“Tumultous times” would be an accurate summary of Q2 2025 where ransomware threat actors are concerned. Rapid7’s internal and publicly-available data analysis reveals a dynamic environment where major players come and go, newer groups work their way up the heavy-hitters ladder, and threat actors...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/21 4:42 p.m.11 views

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Overview On Saturday July 19, 2025, Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution RCE vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure fro...

9.8CVSS9.4AI score0.99982EPSS
Exploits41
Rapid7 Blog
Rapid7 Blog
added 2025/07/18 8:25 p.m.10 views

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...

9.8CVSS7.5AI score0.92034EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2025/07/18 8:21 p.m.9 views

Metasploit Weekly Wrap-Up 07/18/2025

ARM64 Windows Payload This latest metasploit-framework release marks a significant milestone, introducing the inaugural payload specifically designed for Windows ARM64 architecture: windows/aarch64/exec. This addition greatly expands the framework's capabilities, enabling penetration testers and...

9.8CVSS7.7AI score0.19944EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2025/07/15 9:30 a.m.11 views

Patch Tuesday - July 2025

Microsoft is addressing 137 vulnerabilities this July 2025 Patch Tuesday, which is above average. Microsoft is aware of public disclosure for just one of the vulnerabilities published today, and Microsoft isn’t aware of in-the-wild exploitation for any of today’s batch. This is the tenth...

8.8CVSS9.5AI score0.1017EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 8:49 p.m.11 views

Metasploit Wrap-Up 07/11/2025

Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...

10CVSS9.1AI score0.95343EPSS
Exploits37
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 4:7 p.m.5 views

Why Traditional Vulnerability Management Isn’t Working and What to Do Instead

Security teams are under more pressure than ever. With attack surfaces growing, regulations tightening, and the average breach cost climbing, it's no surprise that many organizations are rethinking how they approach vulnerability management. But here’s the catch: knowing where your vulnerabilitie...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:8 p.m.5 views

Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field

Rapid7 Incident Response consultants Willow Shipperley and Noah Hemker contributed analysis and insight to this blog. Executive summary Rapid7’s Incident Response IR team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and...

8.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:8 p.m.7 views

Metasploit Weekly Wrap-Up 06/17/2025

New Modules & Adapters, and Improvements! This week’s release brings new modules, additional adapter payloads and improvements to existing modules and features. These modules target software such as ThinManager, Remote for Mac, Roundcube and more. It also includes additional work from bcoles that...

9.9CVSS8.8AI score0.89462EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:8 p.m.5 views

Critical Veeam Backup & Replication CVE-2025-23121

On Tuesday, June 17, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution RCE vulnerability tracked as CVE-2025-23121. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that...

9.9CVSS9.9AI score0.18335EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.4 views

Key Takeaways from the Take Command Summit 2025: Inside the SOC – Expert Stories from the Frontlines of Threat Hunting and Malware Detection

What does it really look like to detect, contain, and respond to modern cyber threats in real time? At the Take Command 2025 Virtual Cybersecurity Summit, Inside the SOC session offered a behind-the-scenes look at how security teams are tackling everything from ransomware staging to advanced soci...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.6 views

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability...

9.4CVSS10AI score0.21331EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.7 views

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Overview During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers MFPs were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following...

6.8CVSS7.1AI score0.00277EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.6 views

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway

Overview On June 25, 2025, Cloud Software Group published a security bulletin for CVE-2025-6543, a new vulnerability affecting NetScaler ADC and NetScaler Gateway. The vendor has described CVE-2025-6543 as a “Memory overflow vulnerability leading to unintended control flow and Denial of Service”...

9.8CVSS8.4AI score0.99999EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.5 views

Key Takeaways from the Take Command Summit 2025: Outpacing the Adversary – Red Teaming in a Complex Threat Landscape

The evolving complexity of modern infrastructures calls for more than traditional pen testing. In this session from the Take Command 2025 Virtual Cybersecurity Summit, red team experts shared how organizations are using continuous testing to outpace attackers — and better prepare their teams to...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.6 views

From .pth to p0wned: Abuse of Pickle Files in AI Model Supply Chains

Executive summary Recent threat research highlights a growing risk in the Python and machine learning ML ecosystem: the exploitation of serialized model files, specifically those using Python’s pickle module. While commonly used for saving and loading ML models, pickle files can execute arbitrary...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.7 views

Scattered Spider: Rapid7 Insights, Observations, and Recommendations

Overview of Scattered Spider and recent activity Scattered Spider also tracked as UNC3944, Scatter Swine, Muddled Libra, among other aliases is a financially motivated cybercriminal group active since at least May 2022. The group is notorious for targeting large enterprises — especially...

10CVSS10AI score0.99999EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.5 views

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Overview During a Virtual Desktop Infrastructure VDI breakout assessment, Rapid7 identified a Local Privilege Escalation LPE vulnerability affecting Citrix Virtual Apps and Desktops. This issue was assigned CVE-2025-6759 and has a CVSS score of 7.3 High. Rapid7 observed a SYSTEM process handle wi...

7.8CVSS6.3AI score0.00242EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.3 views

Coverage Plus Context Equals Intelligent Exposure Management

Common Vulnerabilities and Exposures CVEs is the standardized directory of publicly known software flaws that attackers can exploit to carry out cyber attacks. Vulnerability management solutions scan for CVEs to give you a list of all the gaps in your attack surface, but the volume of new...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/25 12:0 a.m.8 views

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...

9.8CVSS9.7AI score0.7656EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 8:8 p.m.51 views

Patch Tuesday - June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...

9.8CVSS9.5AI score0.81558EPSS
Exploits35
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 6:30 p.m.5 views

Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR

Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 3:0 p.m.15 views

BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Executive Summary There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid...

8.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 1:0 p.m.8 views

Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR

Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 12:0 a.m.8 views

Patch Tuesday - June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...

9.8CVSS9.3AI score0.81558EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 12:0 a.m.4 views

BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Executive Summary There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/09 1:30 p.m.14 views

5 Things Security Leaders Need to Know About Agentic AI

From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/09 1:29 p.m.12 views

Navigating AWS Migration: Achieving Clarity and Confidence

Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/06 10:42 p.m.41 views

Metasploit Wrap-up 06/06/25

ThinManager Path Traversal CVE-2023-27855 Arbitrary File Upload Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 20138 contributed by h4x-x0r Path: admin/networking/thinmanagertraversalupload AttackerKB reference: CVE-2023-2917 Description: Adds an auxiliary module that targets...

9.8CVSS8.5AI score0.99589EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2025/06/06 12:58 p.m.8 views

Cultivating Growth and Development at Rapid7

At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company success and innovation...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/06 3:0 a.m.10 views

India's Cyber Leaders Prepare for AI-Driven Threats

As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders in Mumbai, Delhi, and Bengaluru to address the most pressing cyber threats faci...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/05 2:0 p.m.5 views

Navigating AWS Migration: Achieving Clarity and Confidence

Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/04 8:0 a.m.18 views

Rapid7 Q1 2025 Incident Response Findings

Rapid7’s Q1 2025 incident response data highlights several key initial access vector IAV trends, shares salient examples of incidents investigated by the Rapid7 Incident Response IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing i...

9.9CVSS9.9AI score0.98259EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2025/06/03 5:0 p.m.10 views

From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime

Co-authored by Yaniv Allender and Alexandra Blia Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/03 2:0 p.m.6 views

Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss

The rise of GenAI-powered applications – from internal copilots to customer-facing chatbots – is changing how businesses operate. While these tools drive innovation, they also introduce a fast moving, often invisible layer of risk. Most traditional AppSec tools were never built to handle the uniq...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/03 12:0 a.m.4 views

From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime

Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical causes, hacktivist groups have historically engaged i...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/02 1:0 p.m.8 views

Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management

At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/05/30 6:8 p.m.25 views

Metasploit Wrap-Up 05/30/2025

The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...

9.8CVSS8.8AI score0.92727EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2025/05/30 2:0 p.m.9 views

Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact

Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many organizations face today when relyin...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/05/29 12:0 p.m.16 views

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

9.4CVSS8.6AI score0.1172EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/05/29 12:0 a.m.4 views

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

9.4CVSS9AI score0.1172EPSS
Exploits0
Total number of security vulnerabilities1723