8 min
Vulnerability Management
Patch Tuesday - June 2025
WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.
21 min
Incident Response
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed its members.
2 min
Events
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Explore key takeaways from Take Command 2025 on modern cloud detection and response. Learn how SOCs are adapting. Watch the full session on demand.
4 min
Artificial Intelligence
5 Things Security Leaders Need to Know About Agentic AI
Generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving fast.
5 min
Surface Command
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services (AWS) represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy introduce unforeseen risks, operational delays, and more.
3 min
Metasploit
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
4 min
Rapid7 Culture
Cultivating Growth and Development at Rapid7
At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7’s culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
4 min
Events
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
7 min
Incident Response
Rapid7 Q1 2025 Incident Response Findings
Rapid7’s 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
9 min
Threat Intel
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
2 min
Exposure Command
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
2 min
Events
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
3 min
Metasploit
Metasploit Wrap-Up 05/30/2025
The internet is a series of Tube
Metasploit has supported SOCKS proxies for years now, being able to both act as
both a client (by setting the Proxies datastore option) and a server (by running
the auxiliary/server/socks_proxy module). While Metasploit has supported both
SOCKS versions 4a and 5, there became some ambiguity in regards to how Domain
Name System (DNS) requests are made by Metasploit through these versions. Both
versions 4a and 5 notably enable clients to make connections to
3 min
Managed Detection and Response (MDR)
Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact
To maximize the effectiveness of security operations, MDR must continually evolve. Today at Rapid7, that means integrating Surface Command — not as a dashboard or tool to manage, but as a behind-the-scenes capability that strengthens the service our customers rely on.
7 min
Vulnerability Disclosure
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
Over a penetration testing engagement, Rapid7 discovered 3 vulnerabilities in MICI Network Co., Ltd’s NetFax server allowing for an authenticated attack chain resulting in Remote Code Execution (RCE) against the device as the root user.