The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
Strategies to Secure Cloud Environments

Products and Tools

Strategies to Secure Cloud Environments

Aaron Sawitsky's avatar

Aaron Sawitsky

How to Drive Cybersecurity Transformation in Healthcare

Industry Trends

How to Drive Cybersecurity Transformation in Healthcare

Bri Hand's avatar

Bri Hand

Metasploit Wrap-Up: Sep. 13, 2019

Products and Tools

Metasploit Wrap-Up: Sep. 13, 2019

Brendan Watters's avatar

Brendan Watters

This One Time on a Pen Test: The Pizza of Doom

Exposure Management

This One Time on a Pen Test: The Pizza of Doom

Jonathan Stines's avatar

Jonathan Stines

Automating User Provisioning and Deprovisioning with Security Orchestration, Automation, and Response (SOAR)

Products and Tools

Automating User Provisioning and Deprovisioning with Security Orchestration, Automation, and Response (SOAR)

Christie Ott's avatar

Christie Ott

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

Products and Tools

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

boB Rudis's avatar

boB Rudis

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Vulnerabilities and Exploits

R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)

Sam Huckins's avatar

Sam Huckins

Metasploit Wrap-Up 9/6/19

Exposure Management

Metasploit Wrap-Up 9/6/19

Sonny Gonzalez's avatar

Sonny Gonzalez

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

Products and Tools

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

Brent Cook's avatar

Brent Cook

This One Time on a Pen Test: Your Mouse Is My Keyboard

Exposure Management

This One Time on a Pen Test: Your Mouse Is My Keyboard

Rapid7's avatar

Rapid7

RASP 101: What Is Runtime Application Self-Protection?

Cloud and Devops Security

RASP 101: What Is Runtime Application Self-Protection?

Bria Grangard's avatar

Bria Grangard

Metasploit Wrap-Up 8/30/19

Products and Tools

Metasploit Wrap-Up 8/30/19

Adam Cammack's avatar

Adam Cammack

This One Time on a Pen Test: Nerds in the NERC

Threat Research

This One Time on a Pen Test: Nerds in the NERC

Jonathan Stines's avatar

Jonathan Stines

How to Set Up InsightVM in Your Google Cloud Environment

Exposure Management

How to Set Up InsightVM in Your Google Cloud Environment

Shane Queeney's avatar

Shane Queeney

Application Security 101: The Importance of DevSecOps in AppSec

Cloud and Devops Security

Application Security 101: The Importance of DevSecOps in AppSec

Bria Grangard's avatar

Bria Grangard

Summer Security Fundamentals Recap: Vulnerability Management

Products and Tools

Summer Security Fundamentals Recap: Vulnerability Management

Tori Sitcawich's avatar

Tori Sitcawich

Metasploit Wrap-Up 8/23/19

Products and Tools

Metasploit Wrap-Up 8/23/19

Adam Cammack's avatar

Adam Cammack

This One Time on a Pen Test: Missed a Spot

Threat Research

This One Time on a Pen Test: Missed a Spot

Ted Raffle's avatar

Ted Raffle

How to Prevent Cross-Site Scripting (XSS) Attacks

Products and Tools

How to Prevent Cross-Site Scripting (XSS) Attacks

Kelly Schwarzhoff's avatar

Kelly Schwarzhoff

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Exposure Management

Ask a Pen Tester: Q&A with Rapid7 Penetration Tester Aaron Herndon

Aaron Herndon's avatar

Aaron Herndon

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Products and Tools

How Attackers Can Harvest Users’ Microsoft 365 Credentials with New Phishing Campaign

Lonnie Best's avatar

Lonnie Best