Metasploit 2025 Annual Wrap-Up
Hard to believe it's that time again, and that Metasploit Framework will see the dawn of another Annual Wrap-Up (and a New Year). All...
Metasploit Wrap-Up 01/23/2026
Oracle E-Business Suite Unauth RCEThis week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution...
Metasploit Wrap-Up 01/16/2025
Persistence, dMSA Abuse & RCE GoodiesThis week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly...
Metasploit Wrap-Up 01/16/2026
Persistence, dMSA Abuse & RCE GoodiesThis week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly...
Alert Fatigue Isn’t Going Away. Here’s How Modern SOCs Are Fighting Back
Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn’t getting better. It’s getting worse.As environments...
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer...
Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and...
Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility
IntroductionIf you received an email with the subject “I LOVE YOU” and an attachment called “LOVE-LETTER-FOR-YOU.TXT”, would you open it? Probably not, but back...
Metasploit Wrap-Up 02/27/2026
No Prob-ollamaThis release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal...
Metasploit Wrap-Up 02/20/2026
Hacking Churches and Backdooring EmacsThis release packs some solid exploit module additions! Two new unauthenticated RCE modules are a major win: the StoryChief WordPress plugin...
Latest article
Apple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
Apple’s 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track.
The post Apple’s...
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads...
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is...
Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era - Read more
