Rapid7 Blog
20 articles
You Don’t Have a Security Problem, You Have a Visibility Problem
What you’ll learn in this article This article explains why many breaches are driven by gaps in visibility rather than advanced exploits, how attackers move ...
New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay
Executive Overview Advanced persistent threats (APTs) are constantly and consistently changing tactics as network defenders plug holes in defenses. Static in...
New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay
Executive Overview Advanced persistent threats (APTs) are constantly and consistently changing tactics as network defenders plug holes in defenses. Static in...
What CISOs Should Expect from AI Powered MDR in 2026, According to Rapid7 CEO Corey Thomas
In the latest episode of Rapid7’s Experts on Experts, I’m joined by Rapid7 CEO Corey Thomas for a candid conversation about where AI is genuinely changing se...
Initial Access Brokers have Shifted to High-Value Targets and Premium Pricing
Initial Access Brokers (IABs) are a key component of the cybercrime ecosystem, offering hassle-free building blocks for ransomware, data theft, and extortion...
Metasploit Wrap-Up 03/27/2026
Better NTLM Relaying Functionality This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with m...
Why CVSS is No Longer Enough for Exposure Management
For years, cybersecurity professionals have relied on a familiar metric to dictate their day-to-day priorities: the Common Vulnerability Scoring System (CVSS...
BPFdoor in Telecom Networks: Sleeper Cells in the backbone
Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has un...
From Vectors to Verdicts: Web App Testing with Vector Command
If it’s online, it’s a target Web applications are no longer just business enablers, they’re often the front door to an organization. They can often generate...
New Whitepaper: Exploiting Cellular-based IoT Devices
Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7...
CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read
Overview On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScal...
Metasploit Wrap-Up 03/20/2026
♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fix...
Negotiating with the Board: Translating Active Risk into Financial Exposure
Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions.
CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)
Overview Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain a...
Preemptive and Proactive: An enhanced CNAPP available with Exposure Command
Earlier this year, we made a significant announcement: Rapid7 partnered with ARMO to add AI-powered cloud application detection and response (CADR) – or clou...
The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report
The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk.
PACT 2026: A Stronger, Simpler, More Profitable Path for Rapid7 Partners
The cybersecurity channel is evolving fast. Buying behaviors are shifting and customers are rethinking how they evaluate solutions.
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Tea...
Metasploit Wrap-Up 03/13/2026
No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules acros...