The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
Block the POODLE's bite: How to scan for CVE-2014-3566

Vulnerabilities and Exploits

Block the POODLE's bite: How to scan for CVE-2014-3566

Snow Tempest's avatar

Snow Tempest

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

Vulnerabilities and Exploits

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

Christian Kirsch's avatar

Christian Kirsch

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

Vulnerabilities and Exploits

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

Snow Tempest's avatar

Snow Tempest

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Vulnerabilities and Exploits

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Jon Hart's avatar

Jon Hart

You have no SQL inj--... sorry, NoSQL injections in your application

Vulnerabilities and Exploits

You have no SQL inj--... sorry, NoSQL injections in your application

bperry's avatar

bperry

Managing the Impact of the Ebay Breach on You and Your Company

Vulnerabilities and Exploits

Managing the Impact of the Ebay Breach on You and Your Company

Jay Roxe's avatar

Jay Roxe

R7-2014-01, R7-2014-02, R7-2014-03 Disclosures: Exposure of Critical Information Via SNMP Public Community String

Vulnerabilities and Exploits

R7-2014-01, R7-2014-02, R7-2014-03 Disclosures: Exposure of Critical Information Via SNMP Public Community String

Deral Heiland's avatar

Deral Heiland

Oracular Spectacular

Vulnerabilities and Exploits

Oracular Spectacular

Greg Wiseman's avatar

Greg Wiseman

Exploiting CSRF under NoScript Conditions

Vulnerabilities and Exploits

Exploiting CSRF under NoScript Conditions

joev's avatar

joev

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability

Vulnerabilities and Exploits

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability

bperry's avatar

bperry

Metasploit's Brand New Heartbleed Scanner Module (CVE-2014-0160)

Vulnerabilities and Exploits

Metasploit's Brand New Heartbleed Scanner Module (CVE-2014-0160)

Tod Beardsley's avatar

Tod Beardsley

"Hack Away at the Unessential" with ExpLib2 in Metasploit

Vulnerabilities and Exploits

"Hack Away at the Unessential" with ExpLib2 in Metasploit

Wei Chen's avatar

Wei Chen

Metasploit Weekly Update: There's a Bug In Your Brain

Vulnerabilities and Exploits

Metasploit Weekly Update: There's a Bug In Your Brain

Tod Beardsley's avatar

Tod Beardsley

Metasploit Weekly Update: Video Chat, Meterpreter Building, and a Fresh MediaWiki Exploit

Vulnerabilities and Exploits

Metasploit Weekly Update: Video Chat, Meterpreter Building, and a Fresh MediaWiki Exploit

Tod Beardsley's avatar

Tod Beardsley

Weekly Metasploit Update: Feb. 13, 2014

Vulnerabilities and Exploits

Weekly Metasploit Update: Feb. 13, 2014

Tod Beardsley's avatar

Tod Beardsley

Bypassing Adobe Reader Sandbox with Methods Used In The Wild

Vulnerabilities and Exploits

Bypassing Adobe Reader Sandbox with Methods Used In The Wild

Juan Vazquez's avatar

Juan Vazquez

Metasploit Weekly Update: Adobe Reader Exploit and Post-Exploitation YouTube Broadcasting

Vulnerabilities and Exploits

Metasploit Weekly Update: Adobe Reader Exploit and Post-Exploitation YouTube Broadcasting

Tod Beardsley's avatar

Tod Beardsley

Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP

Vulnerabilities and Exploits

Weekly Metasploit Update: New Meterpreter Extended API, Learning About HttpServer, HttpClient, and SAP

Tod Beardsley's avatar

Tod Beardsley

Weekly Metasploit Update: BrowserExploitServer (BES), IPMI, and KiTrap0D

Vulnerabilities and Exploits

Weekly Metasploit Update: BrowserExploitServer (BES), IPMI, and KiTrap0D

Tod Beardsley's avatar

Tod Beardsley

Exploiting the Supermicro Onboard IPMI Controller

Vulnerabilities and Exploits

Exploiting the Supermicro Onboard IPMI Controller

Juan Vazquez's avatar

Juan Vazquez

Social-Engineer CTF Report Released

Vulnerabilities and Exploits

Social-Engineer CTF Report Released

socialengineer's avatar

socialengineer