3 min
Metasploit Weekly Wrapup
Metasploit Wrap-Up 05/16/2025
New modules for everyone
This week’s release is packed with new module content. We have RCE modules for
Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and
Membership. We also have a persistence module for LINQPad software and an
auxiliary module for POWERCOM UPSMON PRO. We have also added support for 32-bit
architectures to our execute-assembly post module, which now supports injection
of both 64-bit and 32-bit .NET assembly binaries.
New module content (5)
POWERCOM UP
2 min
Emergent Threat Response
Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile: CVE-2025-4427 and CVE-2025-4428.
2 min
Emergent Threat Response
CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products
On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple FortiNet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera.
10 min
Patch Tuesday
Patch Tuesday - May 2025
Seven zero-days: Window Scripting Engine, 2x CLFS, DWM, Visual Studio, AFD for Winsock, Defender for Identity.
3 min
Exposure Management
Vendor-Agnostic Security: The Key To Smarter Risk Management
In this post, we’ll explore how a vendor-agnostic approach, powered by exposure assessment platforms (EAPs), helps you manage risk smarter – by unifying your attack surface and helping your team focus on what matters most.
3 min
Rapid7 Culture
Recognizing Excellence: Rapid7’s Kelly Hiscoe and Heather DeMartini Honored as CRN’s 2025 Women of the Channel
We are thrilled to announce that two outstanding Rapid7 team members, Kelly Hiscoe and Heather DeMartini, have been recognized as CRN's 2025 Women of the Channel.
2 min
Metasploit
Metasploit Wrap-Up 05/09/2025
New Toys and New Techniques
This release features a new OPNSense login scanner, a module targeting the Sante
PACS path traversal vulnerability, an additional method for stealing Network
Access Account credentials via SMB to HTTP relay, and the Erlang/OTP SSH exploit
everyone was excited about.
New module content (4)
Sante PACS Server Path Traversal (CVE-2025-2264)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #20124
19 min
Vulnerability Disclosure
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.
5 min
Exposure Command
Exploring an Untethered, Unified Approach to CTEM
Unlike traditional standalone VM, CASM, EASM, SIEM, or EDR tools that rely on proprietary agents, Exposure Command from Rapid7 brings it all together into one platform.
2 min
Events
Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense
Discover key lessons from Take Command 2025 on building proactive, resilient cybersecurity defenses. Watch Ted Harrington’s full session on demand.
3 min
Metasploit
Metasploit Wrap-Up 05/02/2025
Meterpreter Extended API Clipboard Monitoring
Security is hard, and Open Source Security is a collaborative effort. This week,
Metasploit released a fix for a vulnerability that was privately disclosed to us
by long-time community member bcoles . The
vulnerability in question impacted Metasploit users who were using the clipboard
monitoring functionality contained within the extended-API Meterpreter extension
(extapi). After a user enables monitoring, they would typica
6 min
Ransomware
Why is Ransomware Still a Thing in 2025?
Ransomware remains a crisis because we are still giving attackers the upper hand. To regain control, we need to understand how we’ve made it so easy for them, and what we can do to change that.
3 min
Gartner
AI and Resilience Take the Spotlight in 2025: Key Trends from Gartner® Cybersecurity Research
Here are three trends that stand out for leaders aiming to build a more resilient, AI-ready security program in 2025.
2 min
Gartner
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Latest research from Gartner, How to Grow Vulnerability Management Into Exposure Management, highlights the need for security teams to move beyond simply tracking vulnerabilities and embrace a more comprehensive approach to exposure management.
3 min
Managed Detection and Response (MDR)
Reinforcing resilience with financial assurance: Breach protection matters now more than ever
Introducing Rapid7’s value-added Breach Protection Warranty that delivers confidence, clarity, and coverage when it matters most.
