3 min
Managed Detection and Response (MDR)
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard
The Detection & Response Dashboard provides a clear, high-level snapshot of your entire MDR program. The customizable and downloadable summary visualizes key metrics, helping teams quickly identify risks, trends, and security outcomes.
2 min
Metasploit
Metasploit Wrap-Up 03/28/2025
Windows LPE - Cloud File Mini Filer Driver Heap Overflow
This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in
cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This
driver allows users to manage and sync files between a remote server and a local
client. The exploit module allows users with an existing session on an affected
Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM.
This module has been tested on Windows workst
3 min
InsightVM
Overcoming the Challenges of Vulnerability Remediation
The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7’s InsightVM.
3 min
Vector Command
Unpacking a post-compromise breach simulation with Vector Command
This blog is the third in our Vector Command series, where we explore the tactics, techniques, and procedures (TTPs) leveraged by Rapid7’s expert red team.
2 min
Awards
Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide
Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value.
2 min
Events
Inside the Mind of the Attacker: A Conversation with Raj Samani
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
3 min
Emergent Threat Response
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover.
3 min
Emergent Threat Response
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
2 min
Metasploit
Metasploit Wrap-Up 03/21/2025
SMB to LDAP Relay
This week, the Metasploit team have added an exciting relay module that has been
in the works for a long time. This relay module is used to host an SMB server,
and execute an SMB to LDAP relay attack against a Domain controller with an LDAP
server when NTLMv1 is being used as the SMB authentication method. PetitPotam
can be used to coerce authentication on the victim system and relay it to the
Domain Controller.The module automatically takes care of removing the relevant
flags
2 min
Managed Detection and Response (MDR)
Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts
AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise."
3 min
Exposure Management
Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report
We're pleased to share IDC analyst Michelle Abraham's insights on cyber risk exposure management and the imperative for organizations to implement proactive security strategies.
2 min
Emergent Threat Response
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have
noted on social media that it is possible to bypass the patch
for CVE-2025-23120.
Rapid7 has not directly confirmed the patch bypass, but we are relatively
confident in the validity of the finding. Customers should ensure Veeam Backup &
Replication is not internet-facing as an urgent priority.
On Wednesday, March 19, 2025, backup and recovery software provider
3 min
Emergent Threat Response
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
3 min
Research
Fake BianLian Ransomware Letters in Circulation
On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt.
2 min
Events
Fresh Faces Join the Take Command 2025 Lineup
Take Command Summit 2025 takes place on April 9, 2025, as a fully virtual, one-day event. Don’t miss the opportunity to hear from industry leaders, engage with Rapid7 experts, and walk away with actionable security strategies.