Rapid7 Delivers Command Platform Offerings for Exposure Management

Blog

Byadmblake March 4, 2025

Post Content

Blog

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications

Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days…

Read More [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
Blog

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by…

Read More ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
Blog

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times. “Hidden inside the

Read More Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Blog

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login…

Read More Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Blog

Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,” Trend Micro researchers Jacob Santos, Raymart Yambot,…

Read More Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
Blog

County Pays $600K to Wrongfully Jailed Pen Testers

Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.

Read More County Pays $600K to Wrongfully Jailed Pen Testers

Related