81 articles · page 1 of 2
Rapid7, Friday, June 19th, 2026
Rapid7's weekly Metasploit update adds new modules including an MCP server integration and a Paperclip AI RCE chain.
more →
Rapid7, Wednesday, June 3rd, 2026
A Rapid7 summit panel explores how MDR analysts handle incidents in real time across modern SOC environments.
more →
Rapid7, Friday, May 29th, 2026
Rapid7 MDR identified active exploitation of CVE-2026-0257, a critical authentication bypass in Palo Alto Networks PAN-OS GlobalProtect affecting VPN access.
more →
Rapid7 Labs, Thursday, May 28th, 2026
Critical argument injection vulnerability in Gogs allows authenticated users to achieve RCE via malicious branch names in rebase merges.
more → Rapid7, Thursday, May 28th, 2026
Compliance is shifting from point-in-time exercises to continuous processes as frameworks like NIS2 and DORA demand ongoing accountability.
more → Rapid7, Tuesday, May 26th, 2026
Security leaders discuss strategies for managing complexity and focusing on meaningful outcomes in cybersecurity.
more → Metasploit Blog, Monday, May 25th, 2026
Metasploit releases five new exploit and auxiliary modules for recent vulnerabilities in Cisco, HustOJ, Barracuda, cPanel, and Tenable products.
more → Rapid7, Thursday, May 14th, 2026
SD-WAN controllers create concentrated risk when designed for efficiency without adequate security controls.
more →
Rapid7, Thursday, May 14th, 2026
Critical authentication bypass in Cisco Catalyst SD-WAN Controller vdaemon service allows remote unauthenticated attackers to gain privileged access.
more → Rapid7, Thursday, May 14th, 2026
Critical authentication bypass vulnerability in Palo Alto Networks PAN-OS affects firewalls and Panorama appliances with Cloud Authentication Service enabled.
more → Rapid7, Wednesday, May 13th, 2026
Microsoft releases 137 vulnerabilities in May 2026 Patch Tuesday, including critical RCE flaws in Windows Netlogon and DNS Client.
more → Rapid7 Blog, Monday, May 11th, 2026
Rapid7's 2026 Global Cybersecurity Summit on May 12-13 offers final registration for sessions on SOC operations, risk prioritization, and AI in security.
more → Rapid7 Blog, Thursday, May 7th, 2026
Organizations must implement CTEM frameworks with unified visibility, threat-aware prioritization, and continuous validation to manage modern attack surfaces.
more →
Rapid7 Blog, Thursday, May 7th, 2026
Rapid7 joins OpenAI's Trusted Access for Cyber program to accelerate preemptive security using frontier AI.
more → Rapid7, Wednesday, May 6th, 2026
Iranian APT MuddyWater conducted a false-flag operation masquerading as Chaos ransomware to establish persistence and exfiltrate data.
more → Rapid7, Thursday, April 9th, 2026
If product releases had a runway moment, Q1 at Rapid7 would've walked out in Cloud Dancer; crisp, confident, and quietly powerful, before breaking into a full gallop in the Year of the Horse.
more → Rapid7, Friday, April 3rd, 2026
This article explains why many breaches are driven by gaps in visibility rather than advanced exploits, how attackers move through modern environments, and what changes when organizations start connecting assets, identities, and attack paths into a single view.
more → Rapid7, Thursday, April 2nd, 2026
Advanced persistent threats (APTs) are constantly and consistently changing tactics as network defenders plug holes in defenses. Static indicators of compromise (IoCs) for the BPFDoor have been widely deployed, forcing threat actors to get creative in their use of this particular strain of malware. What they came up with is ingenious.
more → Rapid7, Wednesday, April 1st, 2026
In the latest episode of Rapid7's Experts on Experts, I'm joined by Rapid7 CEO Corey Thomas for a candid conversation about where AI is genuinely changing security operations, and where the hype still outruns reality.
more → Rapid7, Tuesday, March 31st, 2026
Initial Access Brokers (IABs) are a key component of the cybercrime ecosystem, offering hassle-free building blocks for ransomware, data theft, and extortion.
more → Rapid7, Monday, March 30th, 2026
Red teaming has always played a role in testing defenses, but in 2026 its role is changing. Security teams are no longer asking whether an attacker can get in. That question has already been answered. The real challenge is whether teams can detect, validate, and respond before an incident escalates.
more → Rapid7, March 27,2026
For years, cybersecurity professionals have relied on a familiar metric to dictate their day-to-day priorities: the Common Vulnerability Scoring System (CVSS).
more → Rapid7, March 26,2026
A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ever seen in telecommunications networks.
more → Rapid7, March 25,2026
Web applications are no longer just business enablers, they're often the front door to an organization. They can often generate revenue, enforce identity, connect systems and hold customer and business data.
more → Rapid7, March 24,2026
If you're a security leader operating in Germany, Austria, or Switzerland, you already know that compliance isn't a checkbox. It's a competitive differentiator. Rapid7 has completed BSI C5 Type 2 attestation for the Rapid7 Command Platform, including Threat Command, and it's a milestone worth unpacking.
more → Rapid7, March 24,2026
Rapid7 has released a whitepaper titled 'The Weaponization of Cellular Based IoT Technology,' by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific.
more → Rapid7, Friday, March 20th, 2026
Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions.
more → Rapid7, Monday, March 16th, 2026
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Teams.
more → Rapid7, Thursday, March 12th, 2026
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an organization's security posture.
more → Rapid7, Thursday, March 12th, 2026
If you spend your days building, shipping, defending, or fixing systems, you already know how this goes. A new technique shows up in a research thread, someone drops a 'has anyone checked if we're exposed?' comment, and suddenly you're juggling risk, patches, logging gaps, and whatever tool is in the blast radius this week.
more → Rapid7, Wednesday, March 11th, 2026
Rapid7 and Symmetry Systems are partnering to help organizations reduce breach impact by aligning sensitive data intelligence with real-world exposure paths across both human and machine identities.
more → Rapid7, Tuesday, March 10th, 2026
Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge (CAPTCHA).
more → Rapid7, Tuesday, March 10th, 2026
Purple teaming is often described as the collaboration between red teams and blue teams. That definition is accurate, but incomplete. At its core, purple teaming is about exposure validation: deliberately testing whether the threats you believe you can detect and contain are actually visible in your environment.
more → Rapid7, Monday, March 9th, 2026
To understand your attack surface, and all related exposures, Rapid7's Command Platform provides Attack Surface Management, (included in Surface Command, Exposure Command and Incident Command).
more → Rapid7, Thursday, February 26th, 2026
For years, organizations have prioritized strengthening technical defenses, including hardening networks, accelerating patch management, and expanding endpoint detection and response capabilities. Defensive systems have become more adaptive, identity has moved to the center of security architectures, and zero-trust has emerged as a foundational design principle.
more → Rapid7, Tuesday, February 24th, 2026
Senior leaders are visible by design. They speak at events, post on LinkedIn, sit on boards, and sign public filings. That visibility builds brands and drives growth. It also creates risk.
more → Rapid7, Monday, February 23rd, 2026
Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn't getting better. It's getting worse.
more → Rapid7, Thursday, February 12th, 2026
Despite sustained efforts by the global banking and payments industry, credit card fraud continues to affect consumers and organizations on a large scale. Underground 'dump shops' play a central role in this activity, selling stolen credit and debit card data to criminals who use it to conduct unauthorized transactions and broader fraud campaigns.
more → Rapid7, Tuesday, February 10th, 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today's vulnerabilities, and notes public disclosure for three of those. Earlier in the month, Microsoft provided patches to address three browser vulnerabilities, which are not included in the Patch Tuesday count above.
more → Rapid7, Tuesday, February 10th, 2026
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It's easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore something we need to lock down before it gets out of hand.
more → Rapid7, Thursday, February 5th, 2026
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams.
more → Rapid7, Tuesday, February 3rd, 2026
In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them.
more → Rapid7, Wednesday, January 28th, 2026
If you received an email with the subject 'I LOVE YOU' and an attachment called 'LOVE-LETTER-FOR-YOU.TXT', would you open it? Probably not, but back in the year 2000, plenty of people did exactly that.
more → Rapid7, Thursday, January 22nd, 2026
The 2026 Security Predictions webinar reinforced a simple but uncomfortable truth. The forces shaping cyber risk are not new, but they are converging faster and with greater impact than many organizations are ready for. Geopolitics, insider risk, and threat intelligence have long influenced cyber operations. What has changed is the extent to which they directly affect everyday security decisions.
more → Rapid7, Wednesday, January 14th, 2026
Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today's menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure.
more → Rapid7, Wednesday, December 17th, 2025
Philip Ingram, Former Senior Military Intelligence Officer, hosted Rapid7's annual Cybersecurity predications webinar to hear from three of the company's experts, each discussing the evolving nature of the cybersecurity landscape.
more →
Rapid7, December 11,2025
Rapid7 released its top cybersecurity predictions for 2026 from executives Raj Samani, Sabeen Malik, and Rob Dooley during its Top Cybersecurity Predictions for 2026 webinar.
more → Rapid7, Thursday, November 6th, 2025
It starts innocently enough. A new meeting appears in your Google calendar and the subject seems ordinary, perhaps even urgent: 'Security Update Briefing,' 'Your Account Verification Meeting,' or 'Important Notice Regarding Benefits.' You assume you missed this invitation in your overloaded email inbox, and click 'Yes' to accept.
more → Rapid7, Thursday, November 6th, 2025
Cybersecurity ROI is notoriously difficult to define, but not impossible. In this Experts on Experts: Commanding Perspectives episode, Craig Adams chats with Steve Edwards, Director of Threat Intelligence & Detection Engineering, about what customers really get from Rapid7 MDR and how to think more clearly about value.
more → Rapid7, Thursday, October 30th, 2025
The Rapid7 Threat Focus: Salt Typhoon report profiles one of the most sophisticated and persistent state-sponsored threat actors operating today.
more →