2 min
Research
New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search
As botnets continue to evolve, so do the techniques required to detect them.
2 min
Emergent Threat Response
CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild
Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.
2 min
Awards
Rapid7 Recognized with Top Score of 100 in 2025 Corporate Equality Index
On January 7, the Human Rights Campaign Foundation released their 2025 Corporate Equality Index (CEI), where Rapid7 earned a top score of 100.
5 min
IoT
Out With the Old, In With the New: Securely Disposing of Smart Devices
Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is it broken?
11 min
Metasploit
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to
review the year’s notable additions. This year saw some great new features
added, Metasploit 6.4 released
and a slew of new modules. We’re grateful to the community members new and old
that have submitted modules and issues this year. The real privilege escalation
was the privilege of working with the contributors and friends we made alo
2 min
Metasploit
Metasploit Weekly Wrap-Up 12/20/2024
New module content (4)
GameOver(lay) Privilege Escalation and Container Escape
Authors: bwatters-r7, g1vi, gardnerapp, and h00die
Type: Exploit
Pull request: #19460
contributed by gardnerapp
Path: linux/local/gameoverlay_privesc
AttackerKB reference: CVE-2023-2640
Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local
privil
6 min
Product Updates
What’s New in Rapid7 Products & Services: Q4 2024 in Review
Below, we’ve highlighted key releases and updates from the quarter across our products and services, including the new Platform Home Navigation experience, extensibility enhancements to Exposure Command and Surface Command, expanded MXDR support, and 2024 threat landscape trends from Rapid7 Labs.
5 min
Career Development
Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech
As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.
8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs!
It's the second week of December and the weather forecast announced another
storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs
for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and
CyberPanel along with two modules to change password through LDAP and SMB
protocol.
New module content (7)
Change Password
Author: smashery
Type: Auxiliary
Pull request: #19671
contributed
4 min
Cybersecurity
Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar
Hosted by industry heavy hitter Brian Honan, CEO of BH Consulting, the webinar brought together Rapid7 security and policy experts Raj Samani, Chief Scientist, and Sabeen Malik, VP of Global Government Affairs and Public Policy.
10 min
Malware
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR team discovered a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload.
8 min
Patch Tuesday
Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
6 min
Emergent Threat Response
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating
reports of in-the-wild exploitation targeting Cleo file transfer software. Late
the evening of December 9, security firm Huntress published a blog
on active exploitation of three different Cleo products (docs
):
*
4 min
Metasploit
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release
This week's release is an impressive one. It adds 9 new modules, which will get
you remote code execution on products such as Ivanti Connect Secure, VMware
vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It
also includes an account takeover on Wordpress, a local privilege escalation on
Windows and a X11 keylogger module. Finally, this release improves the
fingerprinting logic for the TeamCity login module and adds instructions about
the in