The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Vulnerabilities and Exploits

R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities

Tod Beardsley's avatar

Tod Beardsley

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

Vulnerabilities and Exploits

IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)

Tod Beardsley's avatar

Tod Beardsley

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Vulnerabilities and Exploits

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Sam Huckins's avatar

Sam Huckins

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

Vulnerabilities and Exploits

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

boB Rudis's avatar

boB Rudis

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

Vulnerabilities and Exploits

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

boB Rudis's avatar

boB Rudis

Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know

Vulnerabilities and Exploits

Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know

Tod Beardsley's avatar

Tod Beardsley

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

Vulnerabilities and Exploits

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

Tod Beardsley's avatar

Tod Beardsley

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

Vulnerabilities and Exploits

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

Tod Beardsley's avatar

Tod Beardsley

Stack-Based Buffer Overflow Attacks: Explained and Examples

Vulnerabilities and Exploits

Stack-Based Buffer Overflow Attacks: Explained and Examples

Brendan Watters's avatar

Brendan Watters

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

Vulnerabilities and Exploits

PHP Extension and Application Repository (PEAR) Compromise: What You Need to Know

boB Rudis's avatar

boB Rudis

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Vulnerabilities and Exploits

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Tod Beardsley's avatar

Tod Beardsley

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

Vulnerabilities and Exploits

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

Harley Geiger's avatar

Harley Geiger

Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up

Vulnerabilities and Exploits

Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up

Sam Huckins's avatar

Sam Huckins

How Cybercriminals Use Pinterest to Run Fraud Scams

Vulnerabilities and Exploits

How Cybercriminals Use Pinterest to Run Fraud Scams

Orin Mor's avatar

Orin Mor

How to Automate Identifying and Take Down Malicious Social Media Profiles

Vulnerabilities and Exploits

How to Automate Identifying and Take Down Malicious Social Media Profiles

Omer Shahak's avatar

Omer Shahak

R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)

Vulnerabilities and Exploits

R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)

Sam Huckins's avatar

Sam Huckins

Shoring Up the Defenses Together: 2018Q1 Wrap-Up

Vulnerabilities and Exploits

Shoring Up the Defenses Together: 2018Q1 Wrap-Up

Sam Huckins's avatar

Sam Huckins

R7-2018-01 (CVE-2018-5551, CVE-2018-5552): DocuTrac Office Therapy Installer Hard-Coded Credentials and Cryptographic Salt

Vulnerabilities and Exploits

R7-2018-01 (CVE-2018-5551, CVE-2018-5552): DocuTrac Office Therapy Installer Hard-Coded Credentials and Cryptographic Salt

Tod Beardsley's avatar

Tod Beardsley

NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes

Vulnerabilities and Exploits

NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes

Harley Geiger's avatar

Harley Geiger

R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities

Vulnerabilities and Exploits

R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities

Tod Beardsley's avatar

Tod Beardsley

The BadRabbit Ransomware Attack: What You Need To Know

Vulnerabilities and Exploits

The BadRabbit Ransomware Attack: What You Need To Know

boB Rudis's avatar

boB Rudis