1723 matches found
Key Takeaways from the Take Command Summit 2025: Customer Panel on Future-Proofing VM Programs
One of the most actionable sessions at the Take Command 2025 Virtual Cybersecurity Summit came directly from the field. In a panel hosted by Aniket Menon, VP of Product Management at Rapid7, security leaders from Cross Financial Corp, Phibro Animal Health Corporation, and Miltenyi Biotec shared h...
Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach...
Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach...
Threats don’t wait, neither should you: Mastering Emergent Threat Response Validation
Cybersecurity is a team sport In cybersecurity, no one fights alone. Defending against modern threats requires seamless collaboration, real-time intelligence, and precision execution—just like a well-coordinated sports team. That’s why Rapid7 Labs and our Vector Command team work together to stay...
Metasploit Wrap-Up
Making Metasploit faster This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a module has been increased in 20166. Also, we've reduced Metasploit startup time - in 20155. New module content 6...
What the Take Command 2025 Survey Tells Us About the State of Security
The Take Command 2025 Virtual Cybersecurity Summit wasn’t just about sharing insights, it was about listening. After the live sessions wrapped, we surveyed attendees to understand where their security programs stand today, what challenges they’re facing, and what they found most valuable during t...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...
Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker
In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up. Moderated b...
Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker
In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up. Moderated b...
Metasploit Wrap-Up 05/16/2025
New modules for everyone This week’s release is packed with new module content. We have RCE modules for Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and Membership. We also have a persistence module for LINQPad software and an auxiliary module for POWERCOM UPSMON PRO. ...
Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...
Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...
CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products
On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 Critical, and allows an unauthenticated remote...
CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products
On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 Critical, and allows an unauthenticated remote...
Patch Tuesday - May 2025
Microsoft is addressing 77 vulnerabilities this May 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for five of the vulnerabilities published today, and these are already reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for two...
Patch Tuesday - May 2025
Microsoft is addressing 77 vulnerabilities this May 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for five of the vulnerabilities published today, and these are already reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for two...
Vendor-Agnostic Security: The Key To Smarter Risk Management
Security teams are investing in more tools than ever – but visibility into real risk is still elusive. Why? Because too many tools are locked inside closed ecosystems that don’t share data or context. A vendor-agnostic security strategy changes that. It gives you the flexibility to integrate...
Recognizing Excellence: Rapid7’s Kelly Hiscoe and Heather DeMartini Honored as CRN’s 2025 Women of the Channel
We are thrilled to announce that two outstanding Rapid7 team members, Kelly Hiscoe and Heather DeMartini, have been recognized as CRN's 2025 Women of the Channel. This prestigious recognition honors innovative and strategic leaders that demonstrate commitment to advancing channel excellence and...
Metasploit Wrap-Up 05/09/2025
New Toys and New Techniques This release features a new OPNSense login scanner, a module targeting the Sante PACS path traversal vulnerability, an additional method for stealing Network Access Account credentials via SMB to HTTP relay, and the Erlang/OTP SSH exploit everyone was excited about. Ne...
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Overview In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access “SMA” 100 series appliances SMA 200, 210, 400, 410, 500v. These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access ...
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Overview In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access “SMA” 100 series appliances SMA 200, 210, 400, 410, 500v. These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access ...
Exploring an Untethered, Unified Approach to CTEM
We live in a world where traditional Vulnerability Management VM has become infosec’s version of ‘whack-a-mole’— an attempt to tackle risks that constantly shift, multiply, and morph. As organizations push workloads to the cloud, offer customers digital experiences, or as they build AI-enabled...
Exploring an Untethered, Unified Approach to CTEM
We live in a world where traditional Vulnerability Management VM has become infosec’s version of ‘whack-a-mole’— an attempt to tackle risks that constantly shift, multiply, and morph. As organizations push workloads to the cloud, offer customers digital experiences, or as they build AI-enabled...
Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense
At Take Command 2025, bold ideas and fresh thinking took center stage — in particular in our opening talk From Zero to Hero: Building the Perfect Defense. Led by Ted Harrington, Executive Partner at ISE, and hosted by Thom Langford, EMEA CTO at Rapid7, this session challenged security leaders to...
Metasploit Wrap-Up 05/02/2025
Meterpreter Extended API Clipboard Monitoring Security is hard, and Open Source Security is a collaborative effort. This week, Metasploit released a fix for a vulnerability that was privately disclosed to us by long-time community member bcoles. The vulnerability in question impacted Metasploit...
Why is Ransomware Still a Thing in 2025?
When was the last time you had a serious conversation about cybersecurity that didn’t touch on ransomware? We all know that it’s one of the most persistent and damaging threats out there. Yet, this isn’t because it’s new—ransomware’s been around since 1989—but because we are making it far too eas...
Why is Ransomware Still a Thing in 2025?
When was the last time you had a serious conversation about cybersecurity that didn’t touch on ransomware? We all know that it’s one of the most persistent and damaging threats out there. Yet, this isn’t because it’s new—ransomware’s been around since 1989—but because we are making it far too eas...
AI and Resilience Take the Spotlight in 2025: Key Trends from Gartner® Cybersecurity Research
Cybersecurity has never stood still — but in 2025, it’s not just evolving. It’s transforming. Cybersecurity has entered a pivotal new phase. According to Gartner®, Top Trends in Cybersecurity for 2025 , “Security and risk management SRM leaders must enable business value and double down on...
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Security leaders today face a harsh reality: traditional vulnerability management isn’t enough. Threat actors are evolving, attack surfaces are expanding, and organizations need a more proactive approach to stay ahead of risk. Latest research from Gartner, How to Grow Vulnerability Management Int...
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Security leaders today face a harsh reality: traditional vulnerability management isn’t enough. Threat actors are evolving, attack surfaces are expanding, and organizations need a more proactive approach to stay ahead of risk. Latest research from Gartner, How to Grow Vulnerability Management Int...
Reinforcing resilience with financial assurance: Breach protection matters now more than ever
Introducing Rapid7’s value-added Breach Protection Warranty that delivers confidence, clarity, and coverage when it matters most. Life’s old adage often applies in security: Hope for the best, prepare for the worst. In today’s threat landscape, even the best-prepared organizations can’t guarantee...
InsightIDR AI Alert Triage Automatically Classifies Alerts with 99.93% Accuracy
Rapid7 AI Alert Triage helps SOC analysts quickly and accurately triage thousands of daily alerts, improving efficiency and enabling focus. One universal truth in Security Operations Centers SOCs is that analysts are overwhelmed by the high volume of alerts they receive. In a recent survey, SOC...
Deepening the MDR partnership: Rapid7 now delivers Active Remediation with Velociraptor
Rapid7 is expanding its response capabilities to meet the demands and relentless pace of today’s threat landscape – and the operational needs of our customers. Partnership means many things to us here at Rapid7. It means showing up with trusted expertise, providing clear guidance in moments of...
Driving down MTTR with Remediation Hub, Available in Rapid7 Exposure Command
Co-authored by Peter Whibley, Ed Montgomery, and Joel Alcon Technology innovation combined with the highly fragmented nature of today's IT landscape means that vulnerabilities are being exploited faster and at greater scale than ever. Security teams contend with a daily surge of new threat actors...
From Exposure to Assurance: Unified Remediation Across the Security Lifecycle
When it comes to defending your organization, every second counts. The time to detect, respond, and remediate is critical, but speed alone isn't enough. Fragmentation across security tools, siloed teams, and manual workflows leaves organizations constantly reactive, overwhelmed by alerts, and at...
Introducing Rapid7’s Exposure Assessment Platform Buyer’s Guide
Cybersecurity threats are evolving at an unprecedented pace, making it imperative for organizations to stay ahead of attackers with proactive security measures. To help organizations navigate this rapidly changing threat landscape, we are excited to introduce the Exposure Assessment Platform EAP...
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...
Metasploit Wrap-Up 04/25/2025
AD CS workflow improvement with new PKCS12 features Given the increasing popularity of AD CS misconfiguration exploitation in recent years, Metasploit has been consistently improving its capabilities in this area. This week’s release introduces a new certs command to the msfconsole, enabling user...
THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments
Complex ecosystems. Custom applications. Specialized log sources. Distributed operations. Enterprise security leaders aren’t just defending against threats—they’re navigating a fragmented environment where visibility, coverage, and coordination are constant challenges. Our MDR service provides...
From Noise to Action: Introducing Intelligence Hub
Co-authored by Raj Samani Chief Scientist & Craig Adams Chief Product Officer In traditional conflicts, intelligence is both integral and beneficial to decision-making at every level. Unfortunately, in cybersecurity, the impact of threat intelligence as an asset for organizations—and in particula...
Top Lessons from Take Command 2025
The live sessions may be over, but with every talk now available on demand, it’s the perfect time to reflect on the biggest takeaways from this year’s summit—and how they can help security teams move faster, act smarter, and take control of their attack surface. From red teaming tactics to...
Metasploit Wrap-Up 04/18/2025
Smaller Fetch Payloads This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPEFETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously...
Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding
The current situation On April 16, CISA extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures CVE program. This was in response to a letter sent by MITRE on April 15 to CVE board members warning of a potential issue with MITRE's support for the CVE...
Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding
The current situation On April 16, CISA extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures CVE program. This was in response to a letter sent by MITRE on April 15 to CVE board members warning of a potential issue with MITRE's support for the CVE...
Take Command 2025: A Day of Insight, Innovation, and Impact
Take Command 2025 is officially in the books. From the opening sessions to the final takeaways, the summit delivered a full day of high-impact discussions, fresh research, and powerful stories from across the cybersecurity spectrum. This year’s event brought together cybersecurity leaders,...
Metasploit Weekly Wrap-Up 04/11/2025
Spring Exploits This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL CVE-2024-55964; Pandora FMS, a monitoring solution, where, once gained access...
Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...
Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...
Patch Tuesday - April 2025
Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...