The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Rapid7's Q3 2025 Threat Landscape Report

Rapid7's Q3 2025 Threat Landscape Report

Read post
The End of Legacy SIEM as we Know it

The End of Legacy SIEM as we Know it

Read post
A New Meeting Invite, or a New Attack Vector?

A New Meeting Invite, or a New Attack Vector?

Read post
Exploit for new Vulnerability on Honeywell EBI ActiveX (CVE-2013-0108)

Vulnerabilities and Exploits

Exploit for new Vulnerability on Honeywell EBI ActiveX (CVE-2013-0108)

Juan Vazquez's avatar

Juan Vazquez

New Heap Spray Technique for Metasploit Browser Exploitation

Rapid7 Blog

New Heap Spray Technique for Metasploit Browser Exploitation

Wei Chen's avatar

Wei Chen

Malicious SSIDs And Web Apps

Vulnerabilities and Exploits

Malicious SSIDs And Web Apps

rapidmb's avatar

rapidmb

Making the Nexpose Gem Easier to Use

Products and Tools

Making the Nexpose Gem Easier to Use

daines's avatar

daines

Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass

Products and Tools

Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass

Tod Beardsley's avatar

Tod Beardsley

Per-log retention period

Products and Tools

Per-log retention period

Rapid7's avatar

Rapid7

Vulnerability Correlation -- Enabled by Default

Rapid7 Blog

Vulnerability Correlation -- Enabled by Default

Jon Hart's avatar

Jon Hart

Weekly Update: Corelan, MSFTidy, and UNC Path Injection

Products and Tools

Weekly Update: Corelan, MSFTidy, and UNC Path Injection

Tod Beardsley's avatar

Tod Beardsley

How to Verify that the Payload Can Connect Back to Metasploit on a NATed Network

Products and Tools

How to Verify that the Payload Can Connect Back to Metasploit on a NATed Network

Christian Kirsch's avatar

Christian Kirsch

Patch Tuesday - February 2013 Edition!

Rapid7 Blog

Patch Tuesday - February 2013 Edition!

Ross Barrett's avatar

Ross Barrett

Getting Started with the Nexpose Virtual Appliance

Rapid7 Blog

Getting Started with the Nexpose Virtual Appliance

Rapid7 Support's avatar

Rapid7 Support

Security Flaws in Universal Plug and Play: Unplug, Don't Play

Products and Tools

Security Flaws in Universal Plug and Play: Unplug, Don't Play

HD Moore's avatar

HD Moore

Ray Sharp CCTV DVR Password Retrieval & Remote Root

Vulnerabilities and Exploits

Ray Sharp CCTV DVR Password Retrieval & Remote Root

HD Moore's avatar

HD Moore

New VMware ESX/ESXi coverage is elegant in its simplicity

Rapid7 Blog

New VMware ESX/ESXi coverage is elegant in its simplicity

csong's avatar

csong

The Forgotten Spying Feature: Metasploit's Mic Recording Command

Products and Tools

The Forgotten Spying Feature: Metasploit's Mic Recording Command

Wei Chen's avatar

Wei Chen

Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks

Rapid7 Blog

Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks

Tod Beardsley's avatar

Tod Beardsley

Update to the Metasploit Updates and msfupdate

Products and Tools

Update to the Metasploit Updates and msfupdate

Tod Beardsley's avatar

Tod Beardsley

Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution

Products and Tools

Hacking like it's 1985: Rooting the Cisco Prime LAN Management Solution

HD Moore's avatar

HD Moore

Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy

Rapid7 Blog

Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy

webpwnized's avatar

webpwnized

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Vulnerabilities and Exploits

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

HD Moore's avatar

HD Moore

Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev

Products and Tools

Weekly Metasploit Update: Rails Scanning, ZDI, and Exploit Dev

Tod Beardsley's avatar

Tod Beardsley