Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.

blog.rapid7.com

Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog
help.rapid7.com

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

State-Sponsored Threat Actors Target Security Researchers

On Monday, Google’s Threat Analysis Group published a blog on a widespread social engineering campaign that targeted security researchers working on vulnerability research and development.…

Finding Results at the Intersection of Security and Engineering

In this blog, Chaim Mazal discusses the importance of collaborating with teams to build a comprehensive security culture within an organization.…

Metasploit Wrap-Up

A new Microsoft Windows Spooler privesc module, along with some fixes and improvements!…

NICER Protocol Deep Dive: Internet Exposure of NTP

In the latest installment of our NICER Protocol Deep Dive blog series, we take a closer look at the internet exposure of NTP.…

Principles for personal information security legislation

Rapid7's principles for laws to protect personal information: 1) Strong but flexible security requirements; 2) Security exemptions from privacy restrictions; 3) State preemption without undermining cybersecurity.…

You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace

Learn more about our set of listings and how Marketplace might be able to help you find budget for that shiny new Rapid7 solution you’ve had your eye on.…

InsightIDR: 2020 Highlights and What’s Ahead in 2021

As we kick off the New Year, we wanted to highlight some key InsightIDR product investments and take a look ahead at detection and response in 2021.…

Metasploit Wrap-Up

Commemorating the 2020 December Metasploit community CTF A new commemorative banner has been added to the Metasploit console to celebrate the teams that participated in the 2020 December Metasploit community CTF and achieved 100 or more points: If you missed out on participating in this…

NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS

In this edition of our NICER Protocol Deep Dive blog series, we'll take a closer look at the internet exposure of DNS-over-TLS.…

Patch Tuesday - January 2021

We arrive at the first Patch Tuesday of 2021 (2021-Jan) with 83 vulnerabilities across our standard spread of products.  Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office (which includes the SharePoint family of products), and lastly some from less frequent products…

Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations

New research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack.…

Metasploit Wrap-Up

Eight new Metasploit modules for various targets (and outcomes!), with a good set of improvements and fixes!…

What’s New in InsightAppSec and tCell: Q4 2020 in Review

In this blog, we'll recap some of the new and exciting features we have released as a part of our application security portfolio.…

How COVID-19 Reinforced the Need for Mobile Device Management

Remote workforces and mobile device management (MDM) are more important than ever in 2020’s pandemic reality.…

What’s New in InsightVM: Q4 2020 in Review

Here’s our roundup of the new and improved InsightVM features we’ve updated in Q4 2020.…

Never miss a blog

Get the latest stories, expertise, and news about security today.