The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
This One Time on a Pen Test: Missed a Spot

Threat Research

This One Time on a Pen Test: Missed a Spot

Ted Raffle's avatar

Ted Raffle

How to Prevent Cross-Site Scripting (XSS) Attacks

Products and Tools

How to Prevent Cross-Site Scripting (XSS) Attacks

Kelly Schwarzhoff's avatar

Kelly Schwarzhoff

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Exposure Management

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Aaron Herndon's avatar

Aaron Herndon

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Products and Tools

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Lonnie Best's avatar

Lonnie Best

Automating the Cloud: AWS Security Done Efficiently

Detection and Response

Automating the Cloud: AWS Security Done Efficiently

Josh Frantz's avatar

Josh Frantz

Metasploit Wrap-Up 8/16/19

Products and Tools

Metasploit Wrap-Up 8/16/19

William Vu's avatar

William Vu

This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold

Exposure Management

This One Time on a Pen Test: How I Compromised a Healthcare Portal Before My Hot Cocoa Went Cold

Trevor O'Donnal's avatar

Trevor O'Donnal

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

Security Operations

Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub

Tyler Terenzoni's avatar

Tyler Terenzoni

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

Rapid7 Blog

Black Hat, DEF CON, and BSides 2019: Highlights and Emerging Industry Trends

Tod Beardsley's avatar

Tod Beardsley

Patch Tuesday - August 2019

Exposure Management

Patch Tuesday - August 2019

Greg Wiseman's avatar

Greg Wiseman

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

Vulnerabilities and Exploits

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

boB Rudis's avatar

boB Rudis

Cloud Security Primer: The Basics You Need to Know

Detection and Response

Cloud Security Primer: The Basics You Need to Know

Meaghan Buchanan's avatar

Meaghan Buchanan

How to Protect the File System from Your App with WAFs and RASP

Products and Tools

How to Protect the File System from Your App with WAFs and RASP

Boris Chen's avatar

Boris Chen

Metasploit Wrap-Up 8/9/19

Products and Tools

Metasploit Wrap-Up 8/9/19

James Barnett's avatar

James Barnett

This One Time on a Pen Test: Paging Doctor Hackerman

Industry Trends

This One Time on a Pen Test: Paging Doctor Hackerman

Nick Powers's avatar

Nick Powers

The Importance of Preventing and Detecting Malicious PowerShell Attacks

Detection and Response

The Importance of Preventing and Detecting Malicious PowerShell Attacks

Rohit Chettiar's avatar

Rohit Chettiar

How to Monitor Your AWS S3 Activity with InsightIDR

Detection and Response

How to Monitor Your AWS S3 Activity with InsightIDR

Alan Foster's avatar

Alan Foster

Should You Use a SAST, DAST, or RASP Application Security Tool?

Cloud and Devops Security

Should You Use a SAST, DAST, or RASP Application Security Tool?

Garrett Gross's avatar

Garrett Gross

Metasploit Wrap-Up 8/2/19

Products and Tools

Metasploit Wrap-Up 8/2/19

Wei Chen's avatar

Wei Chen

Introducing Pingback Payloads

Products and Tools

Introducing Pingback Payloads

Brendan Watters's avatar

Brendan Watters

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

Vulnerabilities and Exploits

BlueKeep Exploits May Be Coming: Our Observations and Recommendations

boB Rudis's avatar

boB Rudis