The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

Vulnerabilities and Exploits

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

Erick Galinkin's avatar

Erick Galinkin

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Vulnerabilities and Exploits

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Tod Beardsley's avatar

Tod Beardsley

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

Vulnerabilities and Exploits

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

Tod Beardsley's avatar

Tod Beardsley

Metasploit Wrap-Up: 6/11/21

Vulnerabilities and Exploits

Metasploit Wrap-Up: 6/11/21

Spencer McIntyre's avatar

Spencer McIntyre

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

Vulnerabilities and Exploits

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

boB Rudis's avatar

boB Rudis

State-Sponsored Threat Actors Target Security Researchers

Vulnerabilities and Exploits

State-Sponsored Threat Actors Target Security Researchers

boB Rudis's avatar

boB Rudis

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

Vulnerabilities and Exploits

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

Vulnerabilities and Exploits

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

Tod Beardsley's avatar

Tod Beardsley

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Vulnerabilities and Exploits

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

boB Rudis's avatar

boB Rudis

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Vulnerabilities and Exploits

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

boB Rudis's avatar

boB Rudis

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Vulnerabilities and Exploits

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

boB Rudis's avatar

boB Rudis

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

Vulnerabilities and Exploits

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Vulnerabilities and Exploits

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Caitlin Condon's avatar

Caitlin Condon

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

Vulnerabilities and Exploits

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

Vulnerabilities and Exploits

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

Vulnerabilities and Exploits

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

Rapid7's avatar

Rapid7

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

Vulnerabilities and Exploits

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

boB Rudis's avatar

boB Rudis

May 2020 Cisco Remote Vulnerabilities Guidance

Vulnerabilities and Exploits

May 2020 Cisco Remote Vulnerabilities Guidance

boB Rudis's avatar

boB Rudis

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

Vulnerabilities and Exploits

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

boB Rudis's avatar

boB Rudis

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

Vulnerabilities and Exploits

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

Sam Huckins's avatar

Sam Huckins

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

Vulnerabilities and Exploits

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

Brent Cook's avatar

Brent Cook