Our latest Rapid7 analysis details Widespread exploitation of Cleo file transfer software (CVE-2024-50623) - with links to detection/mitigation guidance included: rapid7.com/blog/post/2024… #infosec #cybersecurity

Our latest Rapid7 analysis into a payload from the recent Cleo file transfer vuln reveals an encoded Java Archive payload. Note that this isn’t necessarily the only payload that has or will be deployed rapid7.com/blog/post/2024… H/T Christiaan Beek #cybersecurity

Our latest Metasploit Project weekly wrap-up details RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change password through LDAP and SMB. rapid7.com/blog/post/2024… #infosec

Now available on AttackerKB is our @Rapid7 technical analysis of#Cleo CVE-2024-55956 - H/T Stephen Fewer this is a new vuln, not a patch bypass of CVE-2024-50623. IoCs included here: attackerkb.com/topics/geR0H8d… #infosec

Our technical analysis now available AttackerKB on CVE-2024-53677, a flawed upload logic vuln in Apache Struts 2 which permits an attacker to override internal file upload variables in apps using Apache Struts 2 File Upload Interceptor. attackerkb.com/topics/YfjepZ7… H/T Ryan Emmons

I enjoyed taking part in this webinar with Raj Samani and Sabeen Malik from Rapid7 to discuss our #cybersecurity predictions for 2025. What trends you see happening next year in #cybersecurity ? information.rapid7.com/Security-Predi…

My latest article is now published on SC Media UK detailing the challenges in dealing with a #ransomware attack, and technical and ethical challenges this poses: insight.scmagazineuk.com/ransomware-rea… #malware #cybersecurity

Our Metasploit Project 2024 wrap-up details the most notable improvements and modules including expanded support for Active Directory Certificate Services AD CS attacks. More details here: rapid7.com/blog/post/2025… #infosec

Our latest Rapid7 advisory details CVE-2025-0282: Ivanti Connect Secure zero-day which has been exploited in the wild. More details here: rapid7.com/blog/post/2025… #infosec #cybersecurity

Our latest Metasploit Project weekly wrap up includes multiple new modules including an exploit module for an unauthenticated arbitrary file read vulnerability, tracked as CVE-2024-45309, which affects OneDev versions <= 11.0.8. rapid7.com/blog/post/2025… #infosec #cybersecurity

Our latest Rapid7 analysis details CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy rapid7.com/blog/post/2025… #infosec #0day

Our latest Metasploit Project weekly wrap-up includes an exploit module for CVE-2024-55956, an unauthenticated file write vulnerability affecting Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. rapid7.com/blog/post/2025… #infosec #cybersecurity

Our latest Metasploit Project weekly wrap-up includes a new module for exploiting CVE-2024-51092, an authenticated command injection in LibreNMS. It allows the attacker to run system commands and gain remote code execution (RCE) rapid7.com/blog/post/2025… #infosec #cybersecurity

Our latest @Rapid7 analysis details the 2024 #ransomware landscape. Included are the 10 most prolific ransomware groups in 2024, ranked by the number of posts on leak sites. rapid7.com/blog/post/2025… #infosec #cybersecurity H/T Christiaan Beek

Our latest Metasploit Project weekly wrap up details a new exploit module for Craft CMS, when the attacker can use malicious FTP server to gain remote code execution rapid7.com/blog/post/2025… #infosec #cybersecurity

Our weekly Metasploit Project wrap-up details a module which exploits CVE-2018-15745, an unauthenticated directory traversal leading to file disclosure in Argus Surveillance DVR 4.0.0.0. rapid7.com/blog/post/2025… #infosec #cybersecurity

Today Rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: rapid7.com/blog/post/2025…

Our latest Rapid7 analysis details the discovery of a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. More details available in our write-up here: rapid7.com/blog/post/2025… #infosec #cybersecurity H/T Stephen Fewer

Our latest Metasploit Project weekly wrap up details a new module for an unauthenticated remote code execution bug in NetAlertX (CVE-2024-46506 plus more... rapid7.com/blog/post/2025… #infosec #cybersecurity