5 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
2 min
Emergent Threat Response
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.
9 min
Vulnerability Management
Patch Tuesday - May 2023
A relatively light 49 vulnerabilities patched in May 2023, including a new entry method for BlackLotus bootkit malware.
4 min
InsightVM
Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem
Rapid7 Insight Agent and InsightVM Scan Assistant can improve visibility into your environment. This article explores how and when to use each.
12 min
Vulnerability Management
Patch Tuesday - April 2023
114 vulnerabilities patched, including a zero-day driver-based LPE. Message Queueing Service RCE. End of support for 2013 products.
8 min
Vulnerability Management
Using InsightVM Remediation Projects To Ensure Accountability
In this blog, we look at two types of console-driven reports and two types of cloud-driven reports (projects)—and how you might use them.
3 min
Vulnerability Management
What’s New in InsightVM and Nexpose: Q1 2023 in Review
In Q1, we focused driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance.
11 min
Vulnerability Management
Patch Tuesday - March 2023
Microsoft March 2023 Patch Tuesday fixes 101 security issues, including a Critical zero-day vulnerability in Outlook which has been exploited by Russia-based actors against European government & critical infrastructure targets.
4 min
Vulnerability Management
Vulnerability Management vs. Vulnerability Assessment
Vulnerability assessment (VA) and vulnerability management (VM) are two of the best ways to protect your enterprise against threats, but these terms are often used incorrectly
4 min
Emergent Threat Response
Active Exploitation of ZK Framework CVE-2022-36537
Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software.
2 min
Research
A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report
We’re excited to release Rapid7’s 2022 Vulnerability Intelligence Report—a deep dive into 50 of the most notable vulnerabilities our research team investigated throughout the year.
8 min
Vulnerability Management
Patch Tuesday - February 2023
Microsoft has patched 72 CVEs, including three actively-exploited zero-days affecting Windows and Microsoft 365 for Enterprise.
8 min
Vulnerability Management
Patch Tuesday - January 2023
The first Patch Tuesday of 2023 sees Microsoft patching nearly 100 CVEs, including two zero-day vulnerabilities.
5 min
InsightVM
Year in Review: Rapid7 Vulnerability Management
For the InsightVM and Nexpose team, 2022 began with a lot of introspection on how we can add more value and better meet customer needs.
1 min
Emergent Threat Response
CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability
On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.