1723 matches found
Patch Tuesday - April 2025
Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has...
2025 Ransomware: Business as Usual, Business is Booming
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack...
2025 Ransomware: Business as Usual, Business is Booming
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack...
Don’t Miss Out: What You Need to Know Before Take Command 2025
Take Command 2025 is just two days away, and there’s still time to secure your spot. Whether you’ve already registered or are building your agenda now, there’s plenty to look forward to — and it all starts this Wednesday, April 9. In the lead-up to the live summit, two new on-demand sessions are...
Metasploit Wrap-Up 04/04/2025
New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...
Pentales: Red Team vs. N-Day (and How We Won)
During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks...
Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...
Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...
Preview the Action: Two New Sessions Available Before Take Command 2025
Take Command 2025 is packed with insights from cybersecurity experts, threat intelligence leaders, and hands-on practitioners. But you don’t have to wait until April 9 to start learning. Two exclusive sessions are now available on-demand — giving you early access to critical content designed to...
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...
A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub
The volume of common vulnerabilities and exposures CVEs identified has now reached a level that even the organization tasked with managing them can no longer keep up. The National Vulnerability Database NVD announced in February 2024 that it would no longer provide common vulnerability scoring...
What’s New in Rapid7 Products & Services: Q1 2025 in Review
At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Comma...
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard
Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...
Metasploit Wrap-Up 03/28/2025
Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local...
Overcoming the Challenges of Vulnerability Remediation
The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7’s InsightVM. Scaling vulnerability remediation with AI Vulnerability remediation is a crucial-yet-complex task...
Unpacking a post-compromise breach simulation with Vector Command
The reality of modern cyber threats In today’s evolving cyber landscape, breaches are not a matter of if , but when. Attackers continue to refine their techniques, using stealthy post-compromise tactics to maintain persistence, escalate privileges, and move laterally across networks. The key to...
Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide
Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value. Recognition...
Inside the Mind of the Attacker: A Conversation with Raj Samani
With Take Command 2025 just around the corner, we sat down with Raj Samani, Chief Scientist at Rapid7, for a preview of his upcoming session: Inside the Mind of an Attacker: Navigating the Threat Horizon. Raj will be joined by Trent Teyema, Founder and President at CSG Strategies and former head ...
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable unrelated vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js...
Metasploit Wrap-Up 03/21/2025
SMB to LDAP Relay This week, the Metasploit team have added an exciting relay module that has been in the works for a long time. This relay module is used to host an SMB server, and execute an SMB to LDAP relay attack against a Domain controller with an LDAP server when NTLMv1 is being used as th...
Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts
Co-authored by Yaron Kaplan and Gil Shamgar. AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise." These alerts go beyond traditional threat detection by focusing on attack...
Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report
Rapid7 recently collaborated with IDC on their comprehensive Attack Surface Management Spotlight guide. These Spotlight publications deliver expert analyst perspectives on critical business and technology challenges, emerging industry trends, and innovative solutions. We're pleased to share IDC...
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025:Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...
Fake BianLian Ransomware Letters in Circulation
At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...
Fake BianLian Ransomware Letters in Circulation
At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...
Fresh Faces Join the Take Command 2025 Lineup
Take Command 2025 is bringing together some of the sharpest minds in cybersecurity to tackle today’s most urgent challenges. From attacker methodologies and AI-driven security to MDR, red teaming, and exposure management, this year’s virtual event will provide security professionals with practica...
Metasploit Weekly Wrap-Up 03/14/25
New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...
Unlocking MSSP Success: Why CTEM is Critical
Co-authored by Thomas Green and Sid Nanda What is Continuous Threat Exposure Management CTEM? Continuous Threat Exposure Management CTEM is a five-stage, continuous security program introduced by Gartner in 2022. It proactively assesses an organization’s exposure across networks, systems, cloud...
Explaining External Network Assessment with Vector Command
Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service. Understanding threat exposure management Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure...
Patch Tuesday - March 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware...
Patch Tuesday - March 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware...
Helping us help you: Practical applications of AI in the SOC
Security teams can be understandably hesitant to integrate artificial intelligence AI into incident response workflows. A single mistaken action could lead to widespread disruption, monetary loss, or reputational harm. Meanwhile, attackers are increasingly leveraging AI to enhance the scale and...
Seeing The Whole Picture: A Better Way To Manage Your Attack Surface
Do you trust your view of your organization’s risk? With cloud adoption, remote work, shadow IT, and AI, security teams face an overwhelming challenge: scoping their attack surface and continuously discovering all assets and exposures before threats emerge. This aligns with the critical first ste...
Metasploit Wrap-Up 03/06/2025
New module content 3 Get NAA Credentials Authors: skelsec, smashery, and xpn Type: Auxiliary Pull request: 19712 contributed by smashery Path: admin/sccm/getnaacredentials Description: Adds an auxiliary module which performs the retrieval of Network Access Account NAA credentials from an System...
Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?
The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats. That’s why Take Command...
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory VMSA-2025-0004 on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and...
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory VMSA-2025-0004 on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and...
Building a High Performance Team in India: Meet Swami Nathan
Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team - but a high performing team that drives innovation and growth for business while propelling career trajectories for those who...
Metasploit Weekly Wrap-Up: 02/28/2025
New module content 5 mySCADA myPRO Manager Credential Harvester CVE-2025-24865 and CVE-2025-22896 Author: Michael Heinzl Type: Auxiliary Pull request: 19878 contributed by h4x-x0r Path: admin/scada/mypromgrcreds AttackerKB reference: CVE-2025-22896 Description: This module adds credential...
Why MDR In 2025 Is About Scaling With Purpose
Forrester recently released “The Forrester Wave™: Managed Detection and Response MDR Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide. While we’re honored to be recognized in such a competitive market, Rapid7’s designation underscores a fundamental...
MDR + SIEM: Why Full Access to Your Security Logs is Non-Negotiable
Many Managed Detection and Response MDR providers promise world-class threat detection, but behind the scenes they lock away your security logs, limiting your visibility and control. It’s your data — so why don’t you have full access to it? Isn’t the whole point of security to see everything...
Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command
Modern organizations grapple with the complex task of securing sensitive data in sprawling hybrid and multi-cloud environments. Due to insufficient visibility and governance, data is often misplaced, duplicated, or left exposed. This fragmented environment makes it difficult for teams to accurate...
Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization
Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified vi...