All Posts

5 min Ransomware

The 2024 Ransomware Landscape: Looking back on another painful year

In this post, we’ll examine the latest data points, discuss notable groups, and estimate the potential impact on victims — helping security teams plan their defenses for the months ahead.

2 min Metasploit

Metasploit Weekly Wrap-Up 01/24/2025

LibreNMS Authenticated RCE module and ESC15 improvements This week the Metasploit Framework was blessed with an authenticated RCE module in LibreNMS, an autodiscovering PHP/MySQL-based network monitoring system. An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. These two defects combined to allow arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. Additionally, i

4 min Exposure Management

The Vulnerability Vortex: Escaping the Whirlpool of Ineffective Security

In today's interconnected digital landscape, organizations find themselves caught in a relentless torrent of security alerts and vulnerability notifications.

1 min Surface Command

Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command

In our recent webinar, Cheney Edwards, Senior Security Solutions Engineer at Rapid7, shares actionable techniques to cut through noise, prioritize effectively, and command your attack surface.

2 min Metasploit

Metasploit Wrap-Up 01/17/2025

Three new Metasploit exploit modules released, including a module targeting Cleo File Transfer Software (CVE-2024-55956)

9 min Research

Perfect Fit or Business Threat? How to Mitigate the Risk of Rogue Employees

Recruitment fraud is an expensive and time-consuming threat to business. The risk of malware deployment and data exfiltration is high from threat actors trained to bypass each stage of a typical recruitment process. This blog outlines how an organization can secure the hiring process weak points.

4 min Emergent Threat Response

Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak

Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.

14 min Patch Tuesday

Patch Tuesday - January 2025

Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.

3 min Metasploit

Metasploit Wrap-Up 01/10/2025

New module content (5) OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: #19614 contributed by vultza Path: gather/onedev_arbitrary_file_read AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary file read vulnerability, tracked as CVE-202

2 min Security Operations (SOC)

Securing Success: Stories from the SOC Webinar Series

Cyberattacks are evolving, threat volumes are skyrocketing, and attackers are exploiting vulnerabilities faster than ever. To navigate these challenges, Rapid7 has launched the "Securing Success: Stories from the SOC" webinar series.

2 min Artificial Intelligence

Unlocking the Power of AI in Cybersecurity: Key Takeaways from Our Latest Webinar

In our recent webinar, "Enhancing MDR with AI: Real-World Use Cases & Security Insights," cybersecurity and AI experts shared their perspectives on how advancements in artificial intelligence are reshaping security operations.

2 min Career Development

Built In Honors Rapid7 with “2025 Best Places To Work” Award

3 Rapid7 Offices Included in Built In’s “Best Places to Work” Lists.

2 min Research

New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search

As botnets continue to evolve, so do the techniques required to detect them.

2 min Emergent Threat Response

CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild

Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.

2 min Awards

Rapid7 Recognized with Top Score of 100 in 2025 Corporate Equality Index

On January 7, the Human Rights Campaign Foundation released their 2025 Corporate Equality Index (CEI), where Rapid7 earned a top score of 100.