The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The End of Legacy SIEM as we Know it

The End of Legacy SIEM as we Know it

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
This One Time on a Pen Test: Nerds in the NERC

Threat Research

This One Time on a Pen Test: Nerds in the NERC

Jonathan Stines's avatar

Jonathan Stines

How to Set Up InsightVM in Your Google Cloud Environment

Exposure Management

How to Set Up InsightVM in Your Google Cloud Environment

Shane Queeney's avatar

Shane Queeney

Application Security 101: The Importance of DevSecOps in AppSec

Cloud and Devops Security

Application Security 101: The Importance of DevSecOps in AppSec

Bria Grangard's avatar

Bria Grangard

Summer Security Fundamentals Recap: Vulnerability Management

Products and Tools

Summer Security Fundamentals Recap: Vulnerability Management

Tori Sitcawich's avatar

Tori Sitcawich

Metasploit Wrap-Up 8/23/19

Products and Tools

Metasploit Wrap-Up 8/23/19

Adam Cammack's avatar

Adam Cammack

This One Time on a Pen Test: Missed a Spot

Threat Research

This One Time on a Pen Test: Missed a Spot

Ted Raffle's avatar

Ted Raffle

How to Prevent Cross-Site Scripting (XSS) Attacks

Products and Tools

How to Prevent Cross-Site Scripting (XSS) Attacks

Kelly Schwarzhoff's avatar

Kelly Schwarzhoff

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Exposure Management

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Aaron Herndon's avatar

Aaron Herndon

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Products and Tools

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Lonnie Best's avatar

Lonnie Best

Automating the Cloud: AWS Security Done Efficiently

Detection and Response

Automating the Cloud: AWS Security Done Efficiently

Josh Frantz's avatar

Josh Frantz

Metasploit Wrap-Up 8/16/19

Products and Tools

Metasploit Wrap-Up 8/16/19

William Vu's avatar

William Vu

This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold

Exposure Management

This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold

Trevor O'Donnal's avatar

Trevor O'Donnal

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

Security Operations

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

Tyler Terenzoni's avatar

Tyler Terenzoni

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

Rapid7 Blog

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

Tod Beardsley's avatar

Tod Beardsley

Patch Tuesday - August 2019

Exposure Management

Patch Tuesday - August 2019

Greg Wiseman's avatar

Greg Wiseman

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

Vulnerabilities and Exploits

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

boB Rudis's avatar

boB Rudis

Cloud Security Primer: The Basics You Need to Know

Detection and Response

Cloud Security Primer: The Basics You Need to Know

Meaghan Buchanan's avatar

Meaghan Buchanan

How to Protect the File System from Your App with WAFs and RASP

Products and Tools

How to Protect the File System from Your App with WAFs and RASP

Boris Chen's avatar

Boris Chen

Metasploit Wrap-Up 8/9/19

Products and Tools

Metasploit Wrap-Up 8/9/19

James Barnett's avatar

James Barnett

This One Time on a Pen Test: Paging Doctor Hackerman

Industry Trends

This One Time on a Pen Test: Paging Doctor Hackerman

Nick Powers's avatar

Nick Powers

The Importance of Preventing and Detecting Malicious PowerShell Attacks

Detection and Response

The Importance of Preventing and Detecting Malicious PowerShell Attacks

Rohit Chettiar's avatar

Rohit Chettiar