5 min
Detection and Response
Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests.
12 min
Vulnerability Management
Patch Tuesday - April 2025
CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
11 min
Research
2025 Ransomware: Business as Usual, Business is Booming
Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware.
2 min
Events
Don’t Miss Out: What You Need to Know Before Take Command 2025
Join Rapid7’s Take Command 2025 on April 9 for expert insights into ransomware, threat trends, and live discussions with top security leaders.
3 min
Metasploit
Metasploit Wrap-Up 04/04/2025
New RCEs
Metasploit added four new modules this week, including three that leverage
vulnerabilities to obtain remote code execution (RCE)
. Among
these three, two leverage deserialization, showing that the exploit primitive is
still going strong. The Tomcat vulnerability in particular CVE-2025-24813
garnered a lot of
attention when it was disclosed; however, to f
3 min
Vector Command
Pentales: Red Team vs. N-Day (and How We Won)
While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat actors.
2 min
Emergent Threat Response
Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical a stack-based buffer overflow vulnerability that allows for remote code execution on affected devices.
2 min
Events
Preview the Action: Two New Sessions Available Before Take Command 2025
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
9 min
Research
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
In early 2025, we came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, we decided to investigate whether this was a rebrand or a new threat.
3 min
Exposure Command
A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub
Rapid7’s Remediation Hub takes a remediation-based view rather than an individual CVE based view of vulnerability management. It shows security teams the volume of vulnerabilities that will be resolved by carrying out a recommended remediation.
5 min
Exposure Management
What’s New in Rapid7 Products & Services: Q1 2025 in Review
Read on for Q1 2025 release highlights across the Command Platform, from Exposure Command to Managed Threat Complete.
3 min
Managed Detection and Response (MDR)
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard
The Detection & Response Dashboard provides a clear, high-level snapshot of your entire MDR program. The customizable and downloadable summary visualizes key metrics, helping teams quickly identify risks, trends, and security outcomes.
2 min
Metasploit
Metasploit Wrap-Up 03/28/2025
Windows LPE - Cloud File Mini Filer Driver Heap Overflow
This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in
cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This
driver allows users to manage and sync files between a remote server and a local
client. The exploit module allows users with an existing session on an affected
Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM.
This module has been tested on Windows workst
3 min
InsightVM
Overcoming the Challenges of Vulnerability Remediation
The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7’s InsightVM.
3 min
Vector Command
Unpacking a post-compromise breach simulation with Vector Command
This blog is the third in our Vector Command series, where we explore the tactics, techniques, and procedures (TTPs) leveraged by Rapid7’s expert red team.
