1 min
Metasploit
Metasploit Weekly Wrap-Up 03/14/25
New module content (1)
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
Type: Exploit
Pull request: #19950
contributed by h00die-gr3y
Path: linux/http/invoiceshelf_unauth_rce_cve_2024_55556
AttackerKB reference: CVE-2024-55556
Descripti
3 min
Exposure Command
Unlocking MSSP Success: Why CTEM is Critical
Discover why Continuous Threat Exposure Management (CTEM) is a game-changer for MSSPs. Learn how a proactive, risk-based security approach helps service providers stand out, reduce exposure, and deliver measurable security improvements.
2 min
Vector Command
Explaining External Network Assessment with Vector Command
Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service.
9 min
Vulnerability Management
Patch Tuesday - March 2025
Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.
5 min
Security Operations (SOC)
Helping us help you: Practical applications of AI in the SOC
Whether or not you're a customer of Rapid7’s managed security offerings, it's worth understanding how AI is already transforming security operations today – not as a vague promise of the future, but as a real, tangible advantage in the fight against cyber threats.
4 min
Exposure Command
Seeing The Whole Picture: A Better Way To Manage Your Attack Surface
With cloud adoption, remote work, shadow IT, and AI, security teams face an overwhelming challenge: scoping their attack surface and continuously discovering all assets and exposures before threats emerge.
3 min
Metasploit
Metasploit Wrap-Up 03/06/2025
New module content (3)
Get NAA Credentials
Authors: skelsec, smashery, and xpn
Type: Auxiliary
Pull request: #19712
contributed by smashery
Path: admin/sccm/get_naa_credentials
Description: Adds an auxiliary module which performs the retrieval of Network
Access Account (NAA) credentials from an System Center Configuration Manager
(SCCM) server. Given a computer name and password (which can typically be
cr
3 min
Events
Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
2 min
Emergent Threat Response
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
4 min
Career Development
Building a High Performance Team in India: Meet Swami Nathan
Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team, but a high performing team that drives innovation for business while propelling career trajectories for those who take the ride.
2 min
Metasploit
Metasploit Weekly Wrap-Up: 02/28/2025
New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878
contributed by h4x-x0r
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
Description: This module adds credential harvesting for MySCADA MyPro Manager
using CVE-20
3 min
Managed Detection and Response (MDR)
Why MDR In 2025 Is About Scaling With Purpose
Forrester recently released “The Forrester Wave™: Managed Detection and Response (MDR) Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide.
4 min
Managed Detection and Response (MDR)
MDR + SIEM: Why Full Access to Your Security Logs is Non-Negotiable
Pairing MDR with a Security Information and Event Management (SIEM) solution ensures complete transparency, enabling real-time investigation, historical threat hunting, compliance readiness, and deeper threat insights.
5 min
Exposure Command
Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command
This enhancement enables organizations to centralize sensitive data insights across their cloud environments, providing a unified view of data risks and exposures.
3 min
Exposure Command
Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization
Sensitive Data Discovery in Exposure Command delivers continuous visibility into sensitive data across multicloud environments, ensuring that security teams can proactively protect high-value assets.