All Posts

6 min Attack Surface Security

Cyber Asset Attack Surface Management 101

CAASM is intended to be an authoritative source of asset information complete with ownership, network, and business context for IT and security teams.

5 min Metasploit

Metasploit Weekly Wrap-Up

Metasploit T-Shirt Design Contest In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition t-shirts - and we're inviting members of our community to have a hand in its creation. The contest winner will have their design featured on the shirts, which will then be available to pick up at Black Hat 2023. We will be accepting submissions from now through June 30! Contest details, design guidelines, and submission instructions here [

3 min Emergent Threat Response

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.

10 min Vulnerability Management

Patch Tuesday - June 2023

No zero-day vulns this month. PGM & .NET/Visual Studio critical RCEs. SharePoint EoP. Exchange RCEs.

2 min Emergent Threat Response

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.

3 min Metasploit

Metasploit Weekly Wrap-Up

MOVEit It has been a busy few weeks in the security space; the MOVEit [] vulnerability filling our news feeds with dancing lemurs and a Barracuda [,linkedin&utm_me

6 min Application Security

OWASP TOP 10 API Security Risks: 2023!

The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.

3 min Cloud Security

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec

We are pleased to introduce our next advancement of identity-related risk management and remediation in Rapid7's InsightCloudSec: Identity Analysis.

3 min Emergent Threat Response

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.

10 min Velociraptor

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.

4 min Metasploit

Metasploit Weekly Wrap-Up

Metasploit adds new support for Amazon Web Services EC2 instance enumeration with integrated session support, Apache NiFi scanners, and more

5 min Detection and Response

This is Ceti Alpha Five!

In this blog, we explore how Star Trek II: The Wrath of Khan demonstrates the very best and worst of cybersecurity in the 23rd Century.

2 min Metasploit

Metasploit Weekly Wrap-Up

Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module

8 min Emergent Threat Response

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.

4 min Rapid7 Culture

Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive

Devin Poulter is a Sales Director with over 20 years of experience in the tech industry. Recently, we spoke with him about building a career in tech sales.