Rapid7 is a leader in AI-powered managed cybersecurity operations. 11,500+ customers utilize Rapid7 to disrupt attackers and advance their cyber resilience.
We are thrilled to announce that today, the @NHLBruins named Rapid7 as their first-ever jersey patch partner and the official cybersecurity partner of the Bruins and @tdgarden – beginning with the 2022-23 season.
Read the release here: bit.ly/3r1hFdH
🚨 Rapid7 has observed increased activity involving a new threat group and #AWS cloud environments.
Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
The @owasp Top 10 API Security Risks 2023 has arrived! In a new blog, we dig a little deeper into each item on the list – a key component of API security preparedness for the year.
Read on: r-7.co/3X3LCsK
Happy 25th scan-iversary, #Nmap! 🎉 September 1, 1997 was the day Fyodor's Nmap was released to the world. Check out a quick blog post from Rapid7 Director of Research, @todb on the impact of 25 years of Nmap: r-7.co/3cyJh6s
🚨 Rapid7's ETR team has begun responding to CVE-2023-27997, a critical RCE vulnerability in Fortinet Fortigate SSL-VPN firewalls.
Fortinet is expected to publish their advisory tomorrow, June 13, 2023. Find mitigation advice & more in our blog: r-7.co/43AjXSI
You asked, we deliver: Register for the @Metasploit community CTF to hack the Linux version of Metasploitable3 (and win prizes). 500 spots. Play starts Monday! r-7.co/communityCTF17
On July 18, Citrix published a security bulletin warning of 3 new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
CVE-2023-3519, an RCE vulnerability and the most severe of the 3, is known to be exploited in the wild.
More in our blog: r-7.co/3ry9ybY
One of @Metasploit's strengths is the ability to offer a lingua franca for expressing vulns and exploits. @todb underscores this point with a #HaXmas story r-7.co/haXmas1
The rumors are true: Rapid7's @PDXbek is hosting a Threat Intelligence Book Club! We’ll be digging into The Cuckoo’s Egg starting 2/21. Details and registration here: r-7.co/R7tibc1
🛡️ New emergent threat response: "CVE-2022-41080, CVE-2022-41082: Exploitation of 'OWASSRF' in Exchange for RCE". Details and mitigation guidance in our blog below: r-7.co/3v6WSY3
Spoofing (noun) /spōōfiNG/: A lot like deking, according to @RayBourque77
🥸 When a threat actor disguises their messaging to look like a trusted source, shutting 'em down can be as simple as "watching their hips."
Take command with Rapid7: r-7.co/3VysBiF | @NHLBruins
100 years of grit, passion, and community. Happy Birthday to our @NHLBruins! 👏🐻🧡
The game on Sunday marks the team's centennial anniversary – the B's took the ice for the first time in Boston on December 1, 1924.
A quick message from Rapid7 & @RayBourque77 ⤵️
CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.
Read more & find mitigation guidance ⤵️
r-7.co/3eH05Jp
Internet researchers, security scholars, and data nerds, have we got something for you! Today we’re unveiling our National/Industry/Cloud Exposure Report (NICER), a data-rich analysis of risk across the internet complete with actionable security advice. r-7.co/2WCQO8W
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. Check out our five-part blog series featuring testimonials of what goes on beneath the hoodie. r-7.co/2wHEyH5
Whether you’re just getting started with #pentesting, or simply interested in the basics, this blog for you. Guest author Bo Weaver walks through how to create a secure and portable Kali installation: r-7.co/2MHZIeF
🔥🐻 Rapid7 is proud to kick off another year as the @NHLBruins' Official Jersey Patch & Cybersecurity Partner!
Tune in tonight for the 2025-2026 season opener, then tomorrow as our B's look to command the ultimate attack surface: Home ice 🏒
🎣 Rapid7 defends against Phishing. @RayBourque77 defends against fishing.
Whether you spell it with an F or a P (and no matter if you're in pro sports or the SOC), it's a pesky threat that our defenders work to shut down.
Take command: r-7.co/3VysBiF | @NHLBruins
If your org’s security data is everywhere – like a @RayBourque77 yard sale, everywhere – it might take more than Tully to get things back in order. 🧹
Everything in one place, with Rapid7: r-7.co/3VysBiF | @NHLBruins
🛡️ The best Defense is so many steps ahead that it’s practically Offense. @RayBourque77 – the NHL’s all-time scoring leader among Defensemen – would know a thing or two about that.
Anticipate with Rapid7: r-7.co/3VysBiF | @NHLBruins
Thanks to @RandomDhiraj for finding and disclosing a Code Execution issue on the Nexpose installer, which we were able to remediate quickly thanks to this report.
📣 GIVEAWAY ALERT! Rapid7 has partnered with @RayBourque77 to gift 2 winners a signed 7⃣7⃣ jersey!
Enter on LinkedIn: r-7.co/3MMte3j
Enter on Instagram: r-7.co/3B05tSx
Winners will be selected on 9/20, just before our @NHLBruins take the ice for preseason 🐻🏒
We just opened our newest Rapid7 office in Arlington, VA! The Arlington office is inspired by video game platforms and is also home to our security operations center (SOC), where our hardworking team detects and responds to security issues.
RT @metasploit: Headed to #DEFCON26? Find us and the rest of the @Rapid7 family in the vendor hall selling limited edition #Metasploit0xf Anniversary Tour shirts to benefit @EFF. Get it.
Rapid7 researchers discovered 2 high-severity vulnerabilities that, when successfully exploited, can grant attackers persistent root access to F5 device management interfaces.
More from @TheHackersNews: thehackernews.com/2022/11/hi…
🗓️ A new meeting invite on your calendar, or a new attack vector?
Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments.
Read on via Rapid7 Labs: r-7.co/3Jwc9wx
We conducted 268 penetration testing service engagements. In this post, we review interesting detection trends, including exactly where our red team found success. blog.rapid7.com/2018/08/02/d…
New emergent threat response: "CVE-2022-42475: Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported." More details in the blog post ⤵️
r-7.co/3hkuRsW
RT @metasploit: Headed to #DEFCON26? Find us and the rest of the @Rapid7 family in the vendor hall selling limited edition #Metasploit0xf Anniversary Tour shirts to benefit @EFF. Get it.
The start of a new data model for @Metasploit: The team landed the beginning of a nifty new backend service for Framework users this week—plus, a windfall of modules and several open roles! r-7.co/2pZl9gN
We’re thrilled to announce plans for our new global headquarters at The Hub on Causeway, where we’ll continue to build a fantastic experience for employees and invest in the #Boston community as we grow. r-7.co/BostonHQ
Relentless offense and tireless defense. It's a winning recipe in hockey, cybersecurity, and beyond 🏆
@RayBourque77 recently stopped by our Boston HQ – and clearly, he's made himself right at home. See how Rapid7 and #77 are commanding the attack surface together ⤵️
Yesterday, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache. Read more about exploitation and remediation in this blog write up from @Junior_Baines: r-7.co/3rngOEA
A new research paper from Metasploit and Rapid7 Labs looks at practical exploitation of Java serialization vulnerabilities and internet exposure of Java services. r-7.co/2Od4K3Y
Rumors of Metasploit 5 development have not been greatly exaggerated. More from @busterbcook and team in this week's @Metasploit wrap-up: r-7.co/2DTRH2x
Securing IoT devices? Be warned that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom. IoT Research Lead @Percent_X talks about the security impact of easily accessible UART on IoT technology: r-7.co/2t7Vnt8
The OWASP Top 10 is regarded as the single source of truth for the most common application security risks we see in today’s environments. Tune in for this #AppSec 101 topic in this week’s #WBW.
An Intro to the OWASP Top 10 | Rapid7
We discuss the OWASP Top 10, how the list was assembled, and introduces the most prevalent cyber attacks included in the list.
💡 Introducing Fetch Payloads to @Metasploit!
These simplify & replace some command stager use cases, providing for faster, more intuitive command injection module dev'pment – and offering a useful on-the-fly hacking tool. More in a brand new blog: r-7.co/3q9jbgL
Rapid7's Metasploit Framework research team has noticed a marked increase in both CVEs and exploit module PRs for Java serialization vulnerabilities. Security researchers @_surefire_ and @jhartftw delve into exploitation of Java Serialized Objects. r-7.co/2Od4K3Y
Whether you’re just getting started with #pentesting, or simply interested in the basics, this blog for you. Guest author Bo Weaver walks through how to create a secure and portable Kali installation: r-7.co/2MHZIeF
AppDomain Manager Injection can be a very powerful technique for red teams – operators can package DLLs in initial access payloads, perform lateral movement, and even utilize it for persistence. 🛡
Learn the basics in a new blog: r-7.co/42Bu20y