🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Our Metasploit Project exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: github.com/rapid7/metaspl…

Nice assessment of Sitecore XM + XP remote code execution CVE-2025-27218 c/o Rapid7's pen testing team 🎉 attackerkb.com/assessments/54…

Our security research team discovered a pre-auth RCE (CVE-2025-27218) in Sitecore XP 10.4. You can read our research here: slcyber.io/blog/sitecore-…

Be ambitious, do absurd things. Full-stack Reverse Engineering of the Original Microsoft Xbox from the inaugural RE//verse (2025) is now available to stream on YouTube. Watch it here: youtube.com/watch?v=hGlIkg…

The Rapid7 ETR team has published an analysis of CVE-2025-2825, a critical authentication bypass for CrushFTP. Check it out here: attackerkb.com/topics/k0EgiL9…

We now have a Metasploit Project exploit in the pull queue for that Oracle Access Manager vuln, CVE-2021-35587. You can check it out here: github.com/rapid7/metaspl…

We have just published our AttackerKB Rapid7 Analysis of CVE-2025-22457, an unauth stack buffer overflow in Ivanti Connect Secure. Difficult to exploit due to severe character restrictions, we detail our full RCE technique here: attackerkb.com/topics/0ybGQIk…

👍🏻👑😎

Since AFL++ is making random permutations, can I claim these bug bounties as tax free lottery winnings?

N-day analysis of Citrix NetScaler Console CVE-2024-6235 via Rapid7 researcher Calum Hutton: The vuln allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system. attackerkb.com/assessments/3b…

New blogpost! Want to see how we exploited Synology Inc. network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 blog.ret2.io/2025/04/23/pwn…

Interested in learning about Windows exploitation? This August, join us in Las Vegas for an intensive, hands-on 4-day DEFCON training: Binary Exploitation on Windows, led by Felipe and Kolja! 🗓️ When: August 9–12, 2025 📍 Where: Las Vegas Convention Center

Great work from Ryan Emmons on these! And our sincere thanks to SonicWall's PSIRT once again for their exceptionally speedy and helpful response 🙌 rapid7.com/blog/post/2025…

I’m very honored and grateful to have made it to Phrack! 😎🙏🏻

This is really nice research! karmainsecurity.com/dont-call-that…

A new Rapid7 Analysis of CVE-2024-58136 was just published to AttackerKB, courtesy of Calum Hutton 🔥 Affecting the Yii framework, this analysis details the root cause and how it can be leveraged for RCE via a dirty file write to a log file: attackerkb.com/topics/U2Ddokj…

Once again this year, a few colleagues couldn’t resist jumping into the HTB CTF to take on experts from around the world. 💻 A great challenge with a wide range of categories. The result: 1st place in 🇩🇪 and top 3 in 🇪🇺.

its funny to me that to get good VR results from LLMs, part of the prompt has to be you pumping the LLM up, like "You're an elite vulnerability researcher. You love this shit."

During a penetration testing engagement, Rapid7 discovered 3 vulns in MICI Network Co., Ltd’s #NetFax server – allowing for an authenticated attack chain & eventual RCE against the device as the root user. Find mitigation guidance & more in a new blog: r-7.co/4kdG1ux

My Sitecore CMS pre-auth RCE chain blog is public now. Enjoy 🫡