Rapid7

The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

How Modern SOCs are Fighting against Alert Fatigue

How Modern SOCs are Fighting against Alert Fatigue

Read post
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Products and Tools

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Alan David Foster's avatar

Alan David Foster

Why Security Teams Need To Start Earlier

Industry Trends

Why Security Teams Need To Start Earlier

Tom Caiazza's avatar

Tom Caiazza

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Threat Research

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Anna Širokova's avatar

Anna Širokova

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Security Operations

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Sabeen Malik's avatar

Sabeen Malik

Does Your Security Programme Align With NIS2 Requirements?

Security Operations

Does Your Security Programme Align With NIS2 Requirements?

Sabeen Malik's avatar

Sabeen Malik

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

Artificial Intelligence

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

Rapid7's avatar

Rapid7

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

Products and Tools

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

Spencer McIntyre's avatar

Spencer McIntyre

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Vulnerabilities and Exploits

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Jonah Burgess's avatar

Jonah Burgess

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Threat Research

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Jeremy Makowski's avatar

Jeremy Makowski

Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Artificial Intelligence

Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Blake McDermott's avatar

Blake McDermott

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Vulnerabilities and Exploits

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Rapid7's avatar

Rapid7

Patch Tuesday - June 2026

Exposure Management

Patch Tuesday - June 2026

Adam Barnett's avatar

Adam Barnett

Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity

Artificial Intelligence

Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity

Wade Woolwine's avatar

Wade Woolwine

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Vulnerabilities and Exploits

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Rapid7's avatar

Rapid7

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

Products and Tools

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

Brendan Watters's avatar

Brendan Watters

How the “Swiss Cheese” model can help you choose the right MDR provider

Detection and Response

How the “Swiss Cheese” model can help you choose the right MDR provider

David Higgs's avatar

David Higgs

A Day in the Life of an MDR Analyst: Inside the Modern SOC

Industry Trends

A Day in the Life of an MDR Analyst: Inside the Modern SOC

Emma Burdett's avatar

Emma Burdett

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

Vulnerabilities and Exploits

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

Douglas McKee, Director, Vulnerability Intelligence's avatar

Douglas McKee, Director, Vulnerability Intelligence

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Vulnerabilities and Exploits

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Rapid7 and Exclusive Networks Expand Partnership Across the Nordics

Culture

Rapid7 and Exclusive Networks Expand Partnership Across the Nordics

Mike Ryan's avatar

Mike Ryan

Metasploit Wrap Up 05/29/2026

Products and Tools

Metasploit Wrap Up 05/29/2026

Spencer McIntyre's avatar

Spencer McIntyre