The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

Vulnerabilities and Exploits

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

Rapid7's avatar

Rapid7

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

Vulnerabilities and Exploits

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

boB Rudis's avatar

boB Rudis

May 2020 Cisco Remote Vulnerabilities Guidance

Vulnerabilities and Exploits

May 2020 Cisco Remote Vulnerabilities Guidance

boB Rudis's avatar

boB Rudis

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

Vulnerabilities and Exploits

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability Remediation Guidance and Exposure Overview

boB Rudis's avatar

boB Rudis

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

Vulnerabilities and Exploits

R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)

Sam Huckins's avatar

Sam Huckins

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

Vulnerabilities and Exploits

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

Brent Cook's avatar

Brent Cook

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Vulnerabilities and Exploits

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Tod Beardsley's avatar

Tod Beardsley

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

Vulnerabilities and Exploits

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

Tod Beardsley's avatar

Tod Beardsley

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Vulnerabilities and Exploits

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Sam Huckins's avatar

Sam Huckins

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

Vulnerabilities and Exploits

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

boB Rudis's avatar

boB Rudis

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

Vulnerabilities and Exploits

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

boB Rudis's avatar

boB Rudis

Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know

Vulnerabilities and Exploits

Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know

Tod Beardsley's avatar

Tod Beardsley

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

Vulnerabilities and Exploits

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

Tod Beardsley's avatar

Tod Beardsley

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

Vulnerabilities and Exploits

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

Tod Beardsley's avatar

Tod Beardsley

Stack-Based Buffer Overflow Attacks: Explained and Examples

Vulnerabilities and Exploits

Stack-Based Buffer Overflow Attacks: Explained and Examples

Brendan Watters's avatar

Brendan Watters

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

Vulnerabilities and Exploits

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

boB Rudis's avatar

boB Rudis

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Vulnerabilities and Exploits

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Tod Beardsley's avatar

Tod Beardsley

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

Vulnerabilities and Exploits

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

Harley Geiger's avatar

Harley Geiger

Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up

Vulnerabilities and Exploits

Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up

Sam Huckins's avatar

Sam Huckins

How Cybercriminals Use Pinterest to Run Fraud Scams

Vulnerabilities and Exploits

How Cybercriminals Use Pinterest to Run Fraud Scams

Orin Mor's avatar

Orin Mor

How to Automate Identifying and Take Down Malicious Social Media Profiles

Vulnerabilities and Exploits

How to Automate Identifying and Take Down Malicious Social Media Profiles

Omer Shahak's avatar

Omer Shahak