3 min
Events
Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
2 min
Emergent Threat Response
Multiple zero-day vulnerabilities in Broadcom VMware ESXi and other products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
4 min
Career Development
Building a High Performance Team in India: Meet Swami Nathan
Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team, but a high performing team that drives innovation for business while propelling career trajectories for those who take the ride.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 02/28/2025
New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878
contributed by h4x-x0r
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
Description: This module adds credential harvesting for MySCADA MyPro Manager
using CVE-20
3 min
Managed Detection and Response (MDR)
Why MDR In 2025 Is About Scaling With Purpose
Forrester recently released “The Forrester Wave™: Managed Detection and Response (MDR) Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide.
4 min
Managed Detection and Response (MDR)
MDR + SIEM: Why Full Access to Your Security Logs is Non-Negotiable
Pairing MDR with a Security Information and Event Management (SIEM) solution ensures complete transparency, enabling real-time investigation, historical threat hunting, compliance readiness, and deeper threat insights.
5 min
Exposure Command
Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command
This enhancement enables organizations to centralize sensitive data insights across their cloud environments, providing a unified view of data risks and exposures.
3 min
Exposure Command
Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization
Sensitive Data Discovery in Exposure Command delivers continuous visibility into sensitive data across multicloud environments, ensuring that security teams can proactively protect high-value assets.
3 min
Penetration Testing
Under The Hoodie: The Pen Test Diaries
Welcome to Under the Hoodie, where we share stories straight from the frontlines of ethical hacking. Below are real accounts from our testers, revealing just how easy it can be to break into supposedly secure environments.
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/21/2025
BeyondTrust exploit + fetch payload updates
This Metasploit release includes an exploit module that chains two
vulnerabilities, one exploited in the wild by APT groups and another one, a
0-day discovered by Rapid7
during
the vulnerability analysis. This week's release also includes a significant
enhancement to Metasploit's fetch payloads, which now support PPC, MIPS and ARM
architectures. This allows the payloads to be use
2 min
Events
Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup
Take Command Summit 2025 takes place on April 9, 2025, as a fully virtual, one-day event. Don’t miss the opportunity to hear from industry leaders, engage with Rapid7 experts, and walk away with actionable security strategies.
2 min
Exposure Management
Rapid7 Fills Gaps in the CVE Assessment Process with AI-Generated Vulnerability Scoring in Exposure Command
To address this widening gap in vulnerability scoring and ensure our customers are making informed decisions with the most accurate understanding of their current risk posture we’re excited to announce the release of AI-Generated Risk Scoring in Exposure Command.
2 min
Metasploit
Metasploit Weekly Wrap-Up 02/14/2025
New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868
contributed by Takahiro-Yoko
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
Description: A new module for an unauthenticated remote code execution bug i
4 min
Vulnerability Disclosure
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks.
3 min
Vulnerability Disclosure
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered and is disclosing CVE-2025-1094, a high-severity SQL injection vulnerability affecting the PostgreSQL interactive tool psql.