The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
Trojan Source CVE-2021-42572: No Panic Necessary

Vulnerabilities and Exploits

Trojan Source CVE-2021-42572: No Panic Necessary

boB Rudis's avatar

boB Rudis

NPM Library (ua-parser-js) Hijacked: What You Need to Know

Vulnerabilities and Exploits

NPM Library (ua-parser-js) Hijacked: What You Need to Know

Glenn Thorpe's avatar

Glenn Thorpe

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Vulnerabilities and Exploits

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Tod Beardsley's avatar

Tod Beardsley

Fortinet FortiWeb OS Command Injection

Vulnerabilities and Exploits

Fortinet FortiWeb OS Command Injection

Tod Beardsley's avatar

Tod Beardsley

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

Vulnerabilities and Exploits

Microsoft SAM File Readability CVE-2021-36934: What You Need to Know

Caitlin Condon's avatar

Caitlin Condon

Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

Vulnerabilities and Exploits

Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies

boB Rudis's avatar

boB Rudis

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

Vulnerabilities and Exploits

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

Erick Galinkin's avatar

Erick Galinkin

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Vulnerabilities and Exploits

CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities

Tod Beardsley's avatar

Tod Beardsley

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

Vulnerabilities and Exploits

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

Tod Beardsley's avatar

Tod Beardsley

Metasploit Wrap-Up: 6/11/21

Vulnerabilities and Exploits

Metasploit Wrap-Up: 6/11/21

Spencer McIntyre's avatar

Spencer McIntyre

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

Vulnerabilities and Exploits

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

boB Rudis's avatar

boB Rudis

State-Sponsored Threat Actors Target Security Researchers

Vulnerabilities and Exploits

State-Sponsored Threat Actors Target Security Researchers

boB Rudis's avatar

boB Rudis

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

Vulnerabilities and Exploits

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

Vulnerabilities and Exploits

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

Tod Beardsley's avatar

Tod Beardsley

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Vulnerabilities and Exploits

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

boB Rudis's avatar

boB Rudis

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

Vulnerabilities and Exploits

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

boB Rudis's avatar

boB Rudis

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Vulnerabilities and Exploits

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

boB Rudis's avatar

boB Rudis

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

Vulnerabilities and Exploits

HP Device Manager Cavalcade of Critical CVEs (CVE-2020-6925:6927): What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Vulnerabilities and Exploits

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Caitlin Condon's avatar

Caitlin Condon

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

Vulnerabilities and Exploits

Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know

boB Rudis's avatar

boB Rudis

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

Vulnerabilities and Exploits

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability: What You Need to Know

boB Rudis's avatar

boB Rudis