3 min
Metasploit
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
4 min
Rapid7 Culture
Cultivating Growth and Development at Rapid7
At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7’s culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
4 min
Events
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
7 min
Incident Response
Rapid7 Q1 2025 Incident Response Findings
Rapid7’s 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
9 min
Threat Intel
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
2 min
Exposure Command
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
2 min
Events
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
3 min
Metasploit
Metasploit Wrap-Up 05/30/2025
The internet is a series of Tube
Metasploit has supported SOCKS proxies for years now, being able to both act as
both a client (by setting the Proxies datastore option) and a server (by running
the auxiliary/server/socks_proxy module). While Metasploit has supported both
SOCKS versions 4a and 5, there became some ambiguity in regards to how Domain
Name System (DNS) requests are made by Metasploit through these versions. Both
versions 4a and 5 notably enable clients to make connections to
3 min
Managed Detection and Response (MDR)
Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact
To maximize the effectiveness of security operations, MDR must continually evolve. Today at Rapid7, that means integrating Surface Command — not as a dashboard or tool to manage, but as a behind-the-scenes capability that strengthens the service our customers rely on.
7 min
Vulnerability Disclosure
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
Over a penetration testing engagement, Rapid7 discovered 3 vulnerabilities in MICI Network Co., Ltd’s NetFax server allowing for an authenticated attack chain resulting in Remote Code Execution (RCE) against the device as the root user.
2 min
Events
Key Takeaways from the Take Command Summit 2025: Customer Panel on Future-Proofing VM Programs
Learn how security leaders are evolving VM into exposure management. Get key takeaways from the Take Command 2025 customer panel. Watch on demand.
5 min
News
Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines – reflecting a growing trend where attackers exploit third-party vendors to breach businesses through a single point of entry.
4 min
Vector Command
Threats don’t wait, neither should you: Mastering Emergent Threat Response Validation
Rapid7 Labs uncovers emerging threats and delivers cutting-edge research; Vector Command puts that intelligence to work—validating response strategies, optimizing defenses, and ensuring organizations are ready when it matters most. Because in cybersecurity, the best defense is a well-prepared team.
3 min
Metasploit
Metasploit Wrap-Up
Making Metasploit faster
This week's wrap-up includes many new modules, but notably, we've upgraded
Metasploit loading. Thanks to bcoles , the bootup
performance when searching for a module has been increased in #20166
. Also, we've reduced
Metasploit startup time - in #20155
.
New module content (6)
Gather Ticket Granting Service (TGS) tickets for Use
3 min
Events
What the Take Command 2025 Survey Tells Us About the State of Security
After the Take Command 2025 Virtual Cybersecurity Summit sessions wrapped, we surveyed attendees to understand where their security programs stand today, what challenges they’re facing, and what they found most valuable during the event.