Lucene search
K
Rapid7blogRecent

1723 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/04/08 8:30 p.m.7 views

Patch Tuesday - April 2025

Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...

8.8CVSS7.3AI score0.00884EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/08 1:1 p.m.29 views

2025 Ransomware: Business as Usual, Business is Booming

Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack...

9.1CVSS8.2AI score0.99999EPSS
Exploits37
Rapid7 Blog
Rapid7 Blog
added 2025/04/08 1:1 p.m.5 views

2025 Ransomware: Business as Usual, Business is Booming

Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack...

9.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/07 1:0 p.m.10 views

Don’t Miss Out: What You Need to Know Before Take Command 2025

Take Command 2025 is just two days away, and there’s still time to secure your spot. Whether you’ve already registered or are building your agenda now, there’s plenty to look forward to — and it all starts this Wednesday, April 9. In the lead-up to the live summit, two new on-demand sessions are...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/04 8:19 p.m.31 views

Metasploit Wrap-Up 04/04/2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...

9.8CVSS9.2AI score0.99945EPSS
Exploits53
Rapid7 Blog
Rapid7 Blog
added 2025/04/04 1:0 p.m.14 views

Pentales: Red Team vs. N-Day (and How We Won)

During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/03 6:50 p.m.45 views

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...

9.8CVSS9.9AI score0.99973EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2025/04/03 6:50 p.m.9 views

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...

9.8CVSS10AI score0.99973EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 4:48 p.m.11 views

Preview the Action: Two New Sessions Available Before Take Command 2025

Take Command 2025 is packed with insights from cybersecurity experts, threat intelligence leaders, and hands-on practitioners. But you don’t have to wait until April 9 to start learning. Two exclusive sessions are now available on-demand — giving you early access to critical content designed to...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 1:0 p.m.16 views

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 1:0 p.m.4 views

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/01 4:1 p.m.9 views

A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub

The volume of common vulnerabilities and exposures CVEs identified has now reached a level that even the organization tasked with managing them can no longer keep up. The National Vulnerability Database NVD announced in February 2024 that it would no longer provide common vulnerability scoring...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/01 1:0 p.m.42 views

What’s New in Rapid7 Products & Services: Q1 2025 in Review

At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Comma...

5.9CVSS10AI score0.99971EPSS
Exploits176
Rapid7 Blog
Rapid7 Blog
added 2025/03/31 1:1 p.m.14 views

Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/28 7:44 p.m.60 views

Metasploit Wrap-Up 03/28/2025

Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local...

8.8CVSS9.7AI score0.86182EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2025/03/28 1:0 p.m.11 views

Overcoming the Challenges of Vulnerability Remediation

The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7’s InsightVM. Scaling vulnerability remediation with AI Vulnerability remediation is a crucial-yet-complex task...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/27 1:31 p.m.9 views

Unpacking a post-compromise breach simulation with Vector Command

The reality of modern cyber threats In today’s evolving cyber landscape, breaches are not a matter of if , but when. Attackers continue to refine their techniques, using stealthy post-compromise tactics to maintain persistence, escalate privileges, and move laterally across networks. The key to...

8.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/26 5:0 p.m.8 views

Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide

Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value. Recognition...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/26 1:0 p.m.12 views

Inside the Mind of the Attacker: A Conversation with Raj Samani

With Take Command 2025 just around the corner, we sat down with Raj Samani, Chief Scientist at Rapid7, for a preview of his upcoming session: Inside the Mind of an Attacker: Navigating the Threat Horizon. Raj will be joined by Trent Teyema, Founder and President at CSG Strategies and former head ...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.34 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.1AI score0.99098EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.7 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.99098EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 3:12 p.m.27 views

Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP

Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...

9.8CVSS9.9AI score0.99621EPSS
Exploits66
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 3:12 p.m.9 views

Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP

Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...

9.8CVSS8.9AI score0.99963EPSS
Exploits80
Rapid7 Blog
Rapid7 Blog
added 2025/03/21 7:6 p.m.14 views

Metasploit Wrap-Up 03/21/2025

SMB to LDAP Relay This week, the Metasploit team have added an exciting relay module that has been in the works for a long time. This relay module is used to host an SMB server, and execute an SMB to LDAP relay attack against a Domain controller with an LDAP server when NTLMv1 is being used as th...

7.8CVSS8.9AI score0.02551EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2025/03/21 1:0 p.m.19 views

Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts

Co-authored by Yaron Kaplan and Gil Shamgar. AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise." These alerts go beyond traditional threat detection by focusing on attack...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/20 5:19 p.m.14 views

Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report

Rapid7 recently collaborated with IDC on their comprehensive Attack Surface Management Spotlight guide. These Spotlight publications deliver expert analyst perspectives on critical business and technology challenges, emerging industry trends, and innovative solutions. We're pleased to share IDC...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 7:51 p.m.38 views

Critical Veeam Backup & Replication CVE-2025-23120

Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...

9.9CVSS10AI score0.18335EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 7:51 p.m.5 views

Critical Veeam Backup & Replication CVE-2025-23120

Update Friday, March 28, 2025:Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...

9.9CVSS9.9AI score0.18335EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 5:40 p.m.10 views

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

10CVSS9.6AI score0.99945EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 5:40 p.m.23 views

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

9.8CVSS9.6AI score0.99945EPSS
Exploits46
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 4:0 p.m.11 views

Fake BianLian Ransomware Letters in Circulation

At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 4:0 p.m.4 views

Fake BianLian Ransomware Letters in Circulation

At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 1:0 p.m.9 views

Fresh Faces Join the Take Command 2025 Lineup

Take Command 2025 is bringing together some of the sharpest minds in cybersecurity to tackle today’s most urgent challenges. From attacker methodologies and AI-driven security to MDR, red teaming, and exposure management, this year’s virtual event will provide security professionals with practica...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/14 7:9 p.m.16 views

Metasploit Weekly Wrap-Up 03/14/25

New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...

9.8CVSS9.9AI score0.4356EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2025/03/14 1:0 p.m.10 views

Unlocking MSSP Success: Why CTEM is Critical

Co-authored by Thomas Green and Sid Nanda What is Continuous Threat Exposure Management CTEM? Continuous Threat Exposure Management CTEM is a five-stage, continuous security program introduced by Gartner in 2022. It proactively assesses an organization’s exposure across networks, systems, cloud...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/12 1:1 p.m.5 views

Explaining External Network Assessment with Vector Command

Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service. Understanding threat exposure management Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 8:16 p.m.33 views

Patch Tuesday - March 2025

Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware...

8.8CVSS9.4AI score0.58974EPSS
Exploits49
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 8:16 p.m.7 views

Patch Tuesday - March 2025

Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware...

8.4CVSS8.7AI score0.03705EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 1:0 p.m.8 views

Helping us help you: Practical applications of AI in the SOC

Security teams can be understandably hesitant to integrate artificial intelligence AI into incident response workflows. A single mistaken action could lead to widespread disruption, monetary loss, or reputational harm. Meanwhile, attackers are increasingly leveraging AI to enhance the scale and...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/10 1:0 p.m.13 views

Seeing The Whole Picture: A Better Way To Manage Your Attack Surface

Do you trust your view of your organization’s risk? With cloud adoption, remote work, shadow IT, and AI, security teams face an overwhelming challenge: scoping their attack surface and continuously discovering all assets and exposures before threats emerge. This aligns with the critical first ste...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/06 9:57 p.m.26 views

Metasploit Wrap-Up 03/06/2025

New module content 3 Get NAA Credentials Authors: skelsec, smashery, and xpn Type: Auxiliary Pull request: 19712 contributed by smashery Path: admin/sccm/getnaacredentials Description: Adds an auxiliary module which performs the retrieval of Network Access Account NAA credentials from an System...

9.8CVSS10AI score0.77951EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2025/03/05 2:0 p.m.6 views

Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?

The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats. That’s why Take Command...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/04 5:0 p.m.27 views

Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products

On Tuesday, March 4, 2025, Broadcom published a critical security advisory VMSA-2025-0004 on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and...

9.3CVSS7.4AI score0.01676EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/04 5:0 p.m.5 views

Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products

On Tuesday, March 4, 2025, Broadcom published a critical security advisory VMSA-2025-0004 on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and...

9.3CVSS8.5AI score0.01676EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/04 2:0 p.m.11 views

Building a High Performance Team in India: Meet Swami Nathan

Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team - but a high performing team that drives innovation and growth for business while propelling career trajectories for those who...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/28 2:54 p.m.23 views

Metasploit Weekly Wrap-Up: 02/28/2025

New module content 5 mySCADA myPRO Manager Credential Harvester CVE-2025-24865 and CVE-2025-22896 Author: Michael Heinzl Type: Auxiliary Pull request: 19878 contributed by h4x-x0r Path: admin/scada/mypromgrcreds AttackerKB reference: CVE-2025-22896 Description: This module adds credential...

10CVSS9.9AI score0.95151EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2025/02/27 2:44 p.m.7 views

Why MDR In 2025 Is About Scaling With Purpose

Forrester recently released “The Forrester Wave™: Managed Detection and Response MDR Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide. While we’re honored to be recognized in such a competitive market, Rapid7’s designation underscores a fundamental...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/26 5:3 p.m.8 views

MDR + SIEM: Why Full Access to Your Security Logs is Non-Negotiable

Many Managed Detection and Response MDR providers promise world-class threat detection, but behind the scenes they lock away your security logs, limiting your visibility and control. It’s your data — so why don’t you have full access to it? Isn’t the whole point of security to see everything...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/25 1:55 p.m.9 views

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Modern organizations grapple with the complex task of securing sensitive data in sprawling hybrid and multi-cloud environments. Due to insufficient visibility and governance, data is often misplaced, duplicated, or left exposed. This fragmented environment makes it difficult for teams to accurate...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/25 1:51 p.m.10 views

Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization

Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified vi...

6.9AI score
Exploits0
Total number of security vulnerabilities1723