3 min
Vector Command
Unpacking a post-compromise breach simulation with Vector Command
This blog is the third in our Vector Command series, where we explore the tactics, techniques, and procedures (TTPs) leveraged by Rapid7’s expert red team.
2 min
Awards
Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide
Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value.
2 min
Events
Inside the Mind of the Attacker: A Conversation with Raj Samani
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
3 min
Emergent Threat Response
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover.
4 min
Emergent Threat Response
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
2 min
Metasploit
Metasploit Wrap-Up 03/21/2025
SMB to LDAP Relay
This week, the Metasploit team have added an exciting relay module that has been
in the works for a long time. This relay module is used to host an SMB server,
and execute an SMB to LDAP relay attack against a Domain controller with an LDAP
server when NTLMv1 is being used as the SMB authentication method. PetitPotam
can be used to coerce authentication on the victim system and relay it to the
Domain Controller.The module automatically takes care of removing the relevant
flags
2 min
Managed Detection and Response (MDR)
Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts
AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise."
3 min
Exposure Management
Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report
We're pleased to share IDC analyst Michelle Abraham's insights on cyber risk exposure management and the imperative for organizations to implement proactive security strategies.
2 min
Emergent Threat Response
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have
noted on social media that it is possible to bypass the patch
for CVE-2025-23120.
Rapid7 has not directly confirmed the patch bypass, but we are relatively
confident in the validity of the finding. Customers should ensure Veeam Backup &
Replication is not internet-facing as an urgent priority.
On Wednesday, March 19, 2025, backup and recovery software provider
3 min
Emergent Threat Response
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
3 min
Research
Fake BianLian Ransomware Letters in Circulation
On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt.
2 min
Events
Fresh Faces Join the Take Command 2025 Lineup
Take Command Summit 2025 takes place on April 9, 2025, as a fully virtual, one-day event. Don’t miss the opportunity to hear from industry leaders, engage with Rapid7 experts, and walk away with actionable security strategies.
1 min
Metasploit
Metasploit Weekly Wrap-Up 03/14/25
New module content (1)
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
Type: Exploit
Pull request: #19950
contributed by h00die-gr3y
Path: linux/http/invoiceshelf_unauth_rce_cve_2024_55556
AttackerKB reference: CVE-2024-55556
Descripti
3 min
Exposure Command
Unlocking MSSP Success: Why CTEM is Critical
Discover why Continuous Threat Exposure Management (CTEM) is a game-changer for MSSPs. Learn how a proactive, risk-based security approach helps service providers stand out, reduce exposure, and deliver measurable security improvements.
2 min
Vector Command
Explaining External Network Assessment with Vector Command
Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service.