1723 matches found
Under The Hoodie: The Pen Test Diaries
Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates This Metasploit release includes an exploit module that chains two vulnerabilities, one exploited in the wild by APT groups and another one, a 0-day discovered by Rapid7 during the vulnerability analysis. This week's release also includes a significant...
Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup
Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable...
Rapid7 Fills Gaps in the CVE Assessment Process with AI-Generated Vulnerability Scoring in Exposure Command
NIST released an update highlighting that there would be delays in adding information on newly published CVEs this is also discussed in detail in our blog post from March of 2024. Due to resource constraints and an inability to keep up with the volume of newly-disclosed vulnerabilities, NVD shift...
Metasploit Weekly Wrap-Up 02/14/2025
New module content 2 Unauthenticated RCE in NetAlertX Authors: Chebuya Rhino Security Labs and Takahiro Yokoyama Type: Exploit Pull request: 19868 contributed by Takahiro-Yoko Path: linux/http/netalertxrcecve202446506 AttackerKB reference: CVE-2024-46506 Description: A new module for an...
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
Patch Tuesday - February 2025
Microsoft is addressing 56 vulnerabilities this February 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for two of the vulnerabilities published today, which is reflected in CISA KEV. Microsoft is aware of public disclosure for two other vulnerabilities. This is now the...
Patch Tuesday - February 2025
Microsoft is addressing 56 vulnerabilities this February 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for two of the vulnerabilities published today, which is reflected in CISA KEV. Microsoft is aware of public disclosure for two other vulnerabilities. This is now the...
How To Protect Your Organization's Bluesky Account From Security Threats
When a new platform suddenly becomes popular, it’s not uncommon to see it stress tested by malware authors and fraudsters. Many organizations are making the leap to Bluesky without necessarily understanding the potential threats to an account and the business should a compromise take place. This...
Interning at Rapid7 Prague: Meet Mko
Mkrtich Hovsepyan – most people call him Mko – is an intern at Rapid7’s fast-growing office in Prague. He graduated from the luminous Charles University in Prague, and is currently a first-year master’s student in Artificial Intelligence there. He was in our first impressive crop of interns, and ...
Vector Command Opportunistic Phishing Blog
Gone Phishing with Vector Command During one of our customer engagements, our red team will continuously attack your network to see if we can exploit a vulnerability. One of the tactics, techniques and proceduresTTPs we use is “Opportunistic Phishing”. First, let’s share a quick reminder about...
Metasploit Weekly Wrap-Up 02/07/2025
Gathering data and improving workflows This week's release includes 2 new auxiliary modules targeting Argus Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell Francis, and based on the work of John Page, can be used to retrieve arbitrary files on the target's filesyste...
4 Reasons Why MSPs & MSSPs Need to Enhance Attack Surface Management
In today’s rapidly evolving digital landscape, Managed Service Providers MSPs and Managed Security Service Providers MSSPs face increasing challenges. As businesses expand their digital footprints, MSPs and MSSPs are under pressure to deliver comprehensive security services while managing costs,...
Take Command | Rapid7’s 2025 Cybersecurity Summit: Own Your Attack Surface on April 9
Save the date:April 9, 2025 Take Command is back. After a hugely successful event last year, Rapid7’s cybersecurity summit returns with another stellar lineup to equip security teams with the latest threat intelligence, expert insights, and real-world strategies to take control of an evolving...
Introducing the Exposure Management Webinar Series: Commanding Your Attack Surface
The digital landscape is expanding rapidly, and with it, the complexity of managing an organization's attack surface. To help cybersecurity professionals navigate this challenge, Rapid7 presents a three-part webinar series, "Commanding Your Attack Surface." This series dives deep into the evolvin...
Excellence in Leadership: CRN Recognizes Alex Page Among Its 2025 Channel Chiefs
For the third consecutive year, Rapid7’s Alex Page has been honored as a CRN Channel Chief, a testament to his unwavering commitment to driving growth, fostering innovation, and strengthening our global channel partnerships. CRN’s annual Channel Chiefs list showcases the top leaders throughout th...
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection This week, Metasploit’s jheysel-r7 updated the existing ldapescvulnerablecertfinder module to include detecting template objects that can be written to by the authenticated user. This means the module can now identify instances of ESC4 from the perspective of the account that the...
Paying It Forward: Giving and Receiving Mentorship in Tech
I’ve never actually seen the 2000 romantic drama Pay It Forward , but the movie’s core idea has stayed with me since I first heard of it: The best way to repay a favor or good deed is to do one for someone else. You ‘pay it forward,’ and ask that person to do likewise, creating an expanding web o...
The 2024 Ransomware Landscape: Looking back on another painful year
The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...
The 2024 Ransomware Landscape: Looking back on another painful year
The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...
Metasploit Weekly Wrap-Up 01/24/2025
LibreNMS Authenticated RCE module and ESC15 improvements This week the Metasploit Framework was blessed with an authenticated RCE module in LibreNMS, an autodiscovering PHP/MySQL-based network monitoring system. An authenticated attacker can create dangerous directory names on the system and alte...
The Vulnerability Vortex: Escaping the Whirlpool of Ineffective Security
Drowning in data: The modern security dilemma In today's interconnected digital landscape, organizations find themselves caught in a relentless torrent of security alerts and vulnerability notifications. As cyber threats evolve at breakneck speed, security teams struggle to keep their heads above...
Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command
Managing risk in today’s sprawling IT environments demands precision and adaptability. Security teams face a constant influx of data from various tools, each offering fragmented insights. Rapid7’s Surface Command takes control of this chaos, consolidating data and delivering actionable insights...
Metasploit Wrap-Up 01/17/2025
Clarity in Cleo Exploitation Last Month, Huntress reported that several Cleo products were being attacked in the wild, including Harmony, VLTrader, and LexiCom. Cleo announced CVE-2024-50623 and that these issues were patched in 5.8.0.21, but Huntress reported the vulnerability was still in those...
Perfect Fit or Business Threat? How to Mitigate the Risk of Rogue Employees
Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider...
Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak
Executive summary Rapid7 is investigating two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain...
Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak
Executive summary Rapid7 is investigating two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain...
Patch Tuesday - January 2025
Microsoft is addressing 161 vulnerabilities this January 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has...
Patch Tuesday - January 2025
Microsoft is addressing 161 vulnerabilities this January 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has...
Metasploit Wrap-Up 01/10/2025
New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...
Securing Success: Stories from the SOC Webinar Series
In today’s fast-paced threat landscape, SOC Security Operations Center teams are under relentless pressure. Cyberattacks are evolving, threat volumes are skyrocketing, and attackers are exploiting vulnerabilities faster than ever. To navigate these challenges, Rapid7 has launched the "Securing...
Unlocking the Power of AI in Cybersecurity: Key Takeaways from Our Latest Webinar
Today's SOC teams have to face dramatic challenges that include overwhelming volumes of alerts, blurred perimeter protections, and resource constraints; meanwhile, AI is bursting into SOC workflows as one of the most important elements in addressing these issues more productively and letting team...
Built In Honors Rapid7 with “2025 Best Places To Work” Award
3 Rapid7 Offices Included in Built In’s “Best Places to Work” Lists Built In has announced that Rapid7 is being honored in the 2025 Best Places To Work Awards. Specifically, Rapid7 earned recognition for three office locations: Austin, Boston, and Arlington Washington DC. The annual awards progra...
New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search
As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security TLS encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control C2 traffic. These malicious actors often have identifiable characteristics...
CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild
On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is ...
Rapid7 Recognized with Top Score of 100 in 2025 Corporate Equality Index
On January 7, the Human Rights Campaign Foundation released their 2025 Corporate Equality Index CEI, where Rapid7 earned a top score of 100. The CEI is the nation’s leading benchmark for LGBTQ+ workforce equality, evaluating policies and practices in areas such as non-discrimination, equitable...
Out With the Old, In With the New: Securely Disposing of Smart Devices
So, what did you get for Christmas this year? Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is ...
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to review the year’s notable additions. This year saw some great new features added, Metasploit 6.4 released and a slew of new modules. We’re grateful to the community members new and old that have submitted modules and...
Metasploit Weekly Wrap-Up 12/20/2024
New module content 4 GameOverlay Privilege Escalation and Container Escape Authors: bwatters-r7, g1vi, gardnerapp, and h00die Type: Exploit Pull request: 19460 contributed by gardnerapp Path: linux/local/gameoverlayprivesc AttackerKB reference: CVE-2023-2640 Description: Adds a module for...
What’s New in Rapid7 Products & Services: Q4 2024 in Review
This quarter at Rapid7 we continued to make investments across our Command Platform to provide security professionals with a holistic, actionable view of their entire attack surface - from Exposure Management to Detection and Response. Below, we’ve highlighted key releases and updates from the...
Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech
As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.For women in tech, this reflection period can be an especially powerful tool. The industry often demands that...
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change...
Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar
It's that time of year again — one year is ending and another is set to begin.. And what a year it's been for the security community! The sheer scale of incidents has left SecOps teams breathless, so thinking about what could be in store next year can be overwhelming. But there's no need to panic...
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...