Metasploit Framework 6.4 is out now! 🆕🎉 Features include: 🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation 🔹DNS configuration 1/4

In the latest Hacktics and Telemetry's Mitigation Minute, @_CryptoCat dives into his recent zero-day Gogs exploit and Metasploit module as he discusses what to do when there is no patch youtube.com/watch?v=EPioibHR…

Checkout the War Room segment on the latest Hacktics and Telemetry episode where @stephenfewer and @_CryptoCat discuss a Cisco Catalyst SD-WAN 0-day that @rapid7 discovered and added to Metasploit youtube.com/watch?v=GWSX1fI1…

This week's release has a whooping 5 new modules including LPE 'sploits for dirty frag and a info leak scanner for Citrix NetScaler. Check it out at rapid7.com/blog/post/pt-meta…

Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup @metasploit module available now! 🔗rapid7.com/blog/post/ve-auth…

Episode 6 of Hacktics and Telemetry is Live! Cisco SD-WAN Zero-Days, Mythos AI Evaluations, and Pwn2Own Drama Get it here: youtube.com/watch?v=tg4TkzDI…

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway? Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253). As always, check it out the blog: rapid7.com/blog/post/pt-meta…

This weeks' release is themed "Spring Cleanup" and brings some improvements to Metasploit! Key updates include payload fixes for Copy Fail on x64 and new support for ARMLE Linux, enhancements to the shiro_rememberme_v124_deserialize module for broader targeting, and general fixes for FTP utility modules. Checkout the details at rapid7.com/blog/post/pt-meta…

Catch this episode of Hacktics and Telemetry on Youtube, featuring our very own @zeroSteiner talking about the Metasploit MCP! youtube.com/watch?v=A05dD51m…

This weeks wrap up is packed with new stuff including an MCP server, and new modules for relaying NTLM from HTTP to LDAP and a Copy Fail exploit with x64 and AARCH64 support rapid7.com/blog/post/pt-meta…

Modern attacks move in minutes, so resilience depends on acting earlier. At Rapid7’s Global Cybersecurity Summit, see how security teams are prioritizing real risk and moving beyond reactive operations. Save your spot: r-7.co/4sUjTK3

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules! Read more: rapid7.com/blog/post/pt-meta…

Reactive workflows can’t keep up with AI-driven attacks and expanding attack surfaces. ⏳ In under a month, Rapid7’s Global Cybersecurity Summit will show how teams are aligning exposure, MDR, and AI to anticipate and act on risk earlier. Save your spot: r-7.co/41y8aoA

Episode 4 of Hacktics and Telemetry is Live! Bug Bounties, AI Superpowers, and Breach Impersonations youtube.com/watch?v=-xv0w61K… The goodness contains: 02:13 - The Situation Room: Vercel breach, Shiny Hunter impersonators, and Anthropic’s Opus 4.7. 16:00 - The War Room: Bug bounty strategies and the Arson Framework with Harrison Richardson. 43:07 - The Mitigation Minute: Defending against supply chain attacks and identity compromise.

Happy Friday, Metasploit users! 🎉 The weekly wrapup is here with a massive update: 7 new modules, including 4 fresh RCE exploits (targeting AVideo, openDCIM, ChurchCRM, & Selenium Grid/Selenoid) and 3 new Windows persistence techniques. Get the details and happy hacking! rapid7.com/blog/post/pt-meta…

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-meta…

Check out Episode 3 of Hacktics and Telemetry! youtu.be/dPYH5OfHTfQ Inside you'll find 🔍: 00:00 - Welcome to Hacktics and Telemetry & The WordPress Dongle April Fool's Joke 02:56 - The Situation Room: LightLLM Hacks, Claude Source Code Leaks, & Chrome Zero-Days 23:10 - The War Room: Weaponizing Cellular IoT with Deral Heiland 41:59 - The Mitigation Minute: Supply Chain Defenses & Hardware Protections

Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit rapid7.com/blog/post/pt-meta…

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector. Check it out at rapid7.com/blog/post/pt-meta…

Get the latest Metasploit Framework update! It includes 2 new exploit modules targeting AVideo Encoder (Unauthenticated Command Injection) and FreePBX, along with LDAP query enhancements and 7 bug fixes. rapid7.com/blog/post/pt-meta…