The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)

Vulnerabilities and Exploits

Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)

Juan Vazquez's avatar

Juan Vazquez

Exploiting a 64-bit browser with Flash CVE-2015-5119

Vulnerabilities and Exploits

Exploiting a 64-bit browser with Flash CVE-2015-5119

Juan Vazquez's avatar

Juan Vazquez

Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)

Vulnerabilities and Exploits

Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)

Tod Beardsley's avatar

Tod Beardsley

R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)

Vulnerabilities and Exploits

R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)

Tod Beardsley's avatar

Tod Beardsley

What Exactly is Duqu 2.0?

Vulnerabilities and Exploits

What Exactly is Duqu 2.0?

Tim Stiller's avatar

Tim Stiller

Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)

Vulnerabilities and Exploits

Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)

csong's avatar

csong

Breaking down the Logjam (vulnerability)

Vulnerabilities and Exploits

Breaking down the Logjam (vulnerability)

Maria Varmazis's avatar

Maria Varmazis

How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?

Vulnerabilities and Exploits

How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?

Tod Beardsley's avatar

Tod Beardsley

A Closer Look at February 2015's Patch Tuesday

Vulnerabilities and Exploits

A Closer Look at February 2015's Patch Tuesday

Justin Pagano's avatar

Justin Pagano

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Vulnerabilities and Exploits

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Tod Beardsley's avatar

Tod Beardsley

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

Vulnerabilities and Exploits

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

Snow Tempest's avatar

Snow Tempest

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

Vulnerabilities and Exploits

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

Jen Ellis's avatar

Jen Ellis

POODLE Jr.: The Revenge - How to scan for CVE-2014-8730

Vulnerabilities and Exploits

POODLE Jr.: The Revenge - How to scan for CVE-2014-8730

Snow Tempest's avatar

Snow Tempest

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

Vulnerabilities and Exploits

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

rep's avatar

rep

R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access

Vulnerabilities and Exploits

R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access

HD Moore's avatar

HD Moore

Block the POODLE's bite: How to scan for CVE-2014-3566

Vulnerabilities and Exploits

Block the POODLE's bite: How to scan for CVE-2014-3566

Snow Tempest's avatar

Snow Tempest

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

Vulnerabilities and Exploits

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

Christian Kirsch's avatar

Christian Kirsch

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

Vulnerabilities and Exploits

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

Snow Tempest's avatar

Snow Tempest

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Vulnerabilities and Exploits

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Jon Hart's avatar

Jon Hart

You have no SQL inj--... sorry, NoSQL injections in your application

Vulnerabilities and Exploits

You have no SQL inj--... sorry, NoSQL injections in your application

bperry's avatar

bperry

Managing the Impact of the Ebay Breach on You and Your Company

Vulnerabilities and Exploits

Managing the Impact of the Ebay Breach on You and Your Company

Jay Roxe's avatar

Jay Roxe