Mastodawn

This week's release has a whooping 5 new modules including LPE 'sploits for dirty frag and a info leak scanner for Citrix NetScaler. Check it out at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-29-2026/

Metasploit Wrap Up 05/29/2026

This week's Metasploit release focuses heavily on Linux Local Privilege Escalation (LPE) with new modules for the "Dirty Frag" vulnerabilities, identified as CVE-2026-43284 and CVE-2026-43500. The update adds five new modules in total, including scanners for Citrix ADC (NetScaler) info leaks and Ollama LLM installations, alongside remote code execution exploits for Dompdf and the Supsystic Contact Form Wordpress plugin. Four bugs were also fixed, addressing issues such as refining smb_to_ldap relay attack reporting and updating RubyZip to support files larger than 4GB.

Rapid7

Metasploit May 21

Episode 6 of Hacktics and Telemetry is Live!

Cisco SD-WAN Zero-Days, Mythos AI Evaluations, and Pwn2Own Drama
Get it here: https://www.youtube.com/watch?v=tg4TkzDIrKw

Hacktics and Telemetry, E6: Cisco SD-WAN Zero-Days, Mythos AI Evaluations, and Pwn2Own Drama

YouTube

Metasploit May 15

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway?

Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253).

As always, check it out the blog: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-15-2026/

Metasploit Wrap-Up 05/15/2026

The latest security wrap-up introduces a novel Linux persistence mechanism: a Vim plugin exploit module. New Metasploit modules detail critical vulnerabilities, including an unauthenticated path traversal in Marvell QConvergeConsole (CVE-2025-6793). Exploits for GestioIP (CVE-2024-48760) allow for authenticated remote code execution via an unsafe upload handler. Read about the clever case-change bypass for a PHP injection vulnerability in Dolibarr ERP/CRM (CVE-2023-30253) and an OptArray datastore option enhancement.

Rapid7

Metasploit May 8

This weeks' release is themed "Spring Cleanup" and brings some improvements to Metasploit! Key updates include payload fixes for Copy Fail on x64 and new support for ARMLE Linux, enhancements to the shiro_rememberme_v124_deserialize module for broader targeting, and general fixes for FTP utility modules. Checkout the details at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-08-2026/

Metasploit Wrap-Up 05/08/2026

This week's Metasploit "Spring cleanup" delivers foundational improvements and expanded target reach across the framework. Key enhancements include payload fixes for the Copy Fail exploit module, introducing support for ARMLE Linux and broadening its x64 capabilities. Operators can now exploit a wider range of targets with the enhanced shiro_rememberme_v124_deserialize module, plus benefit from improved utility and database reporting for critical FTP scanner modules. Update your framework today to benefit from these important security and exploitation advances.

Rapid7

Metasploit May 1

This weeks wrap up is packed with new stuff including an MCP server, and new modules for relaying NTLM from HTTP to LDAP and a Copy Fail exploit with x64 and AARCH64 support https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-01-2026/

Metasploit Wrap-Up 05/01/2026

Metasploit Framework now features the new read-only MCP Server, enabling AI applications like Claude and custom agents to query Metasploit data for modules and reconnaissance. This release also delivers an exploit for the high-profile Linux local privilege escalation bug, Copy Fail (CVE-2026-31431), which affects nearly every Linux Kernel since 2017. Additionally, new modules include an NTLM relay from HTTP to LDAP and a Linux execute command payload.

Rapid7

Metasploit Apr 24

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

Metasploit Wrap-Up 04/25/2026

Metasploit Weekly Wrapup 2026-04-24 covers significant updates including improved check method visibility with detailed reasoning, enhancements for legacy SMB targets, and four new modules. The new content includes an auxiliary module for Camaleon CMS Directory Traversal (CVE-2024-46987), an exploit for Langflow RCE (CVE-2026-27966) due to a prompt injection vulnerability, an updated WebDAV PHP Upload exploit with Linux support and cleanup, and a new Linux Chmod payload for loongarch64 architectures. The wrapup also lists eleven enhancements, such as reduced memory footprint and improved module metadata caching, and four bug fixes, including fixes for SMB/Samba issues and check method false positives.

Rapid7

Metasploit Apr 23

Episode 4 of Hacktics and Telemetry is Live!
Bug Bounties, AI Superpowers, and Breach Impersonations
https://youtube.com/watch?v=-xv0w61K5L0
The goodness contains:
02:13 - The Situation Room: Vercel breach, Shiny Hunter impersonators, and Anthropic’s Opus 4.7.
16:00 - The War Room: Bug bounty strategies and the Arson Framework with Harrison Richardson.
43:07 - The Mitigation Minute: Defending against supply chain attacks and identity compromise.

Hacktics and Telemetry, E4: Bug Bounties, AI Superpowers, and Breach Impersonations

YouTube

Metasploit Apr 17

Happy Friday, Metasploit users! 🎉 The weekly wrapup is here with a massive update: 7 new modules, including 4 fresh RCE exploits (targeting AVideo, openDCIM, ChurchCRM, & Selenium Grid/Selenoid) and 3 new Windows persistence techniques. Get the details and happy hacking!

https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-17-2026/

Metasploit Wrap-Up 04/17/2026

The Metasploit Framework received a major update, introducing seven new modules alongside various bug fixes and enhancements. Four new Remote Code Execution (RCE) exploit modules were added this week. These RCE modules target critical vulnerabilities in AVideo (unauthenticated SQLi for credential dumping), openDCIM (chained SQLi to RCE), ChurchCRM (file upload RCE), and a unified module for unauthenticated Selenium Grid/Selenoid instances. For post-exploitation, three new Windows persistence techniques are now available. These new persistence modules abuse the Windows Telemetry scheduled task, PowerShell profiles, and Microsoft BITS jobs to maintain system access. The update was rounded out with 11 general enhancements, including RISC-V Linux support for fileless payloads, and four resolved bugs.

Rapid7

Metasploit Apr 10

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-10-2026/

Metasploit Wrap-Up 04/10/2026

Get the latest Metasploit Framework update, featuring an approximate two-times speedup in msfvenom's bootup time. This release introduces new modules targeting critical vulnerabilities, including an authentication bypass zero-day in Cisco Catalyst SD-WAN Controller (CVE-2026-20127) and an authenticated file read in osTicket (CVE-2026-22200). Key improvements also include a new AD/CS Web Enrollment service module, enhancements to Windows service-for-user persistence, and better reporting for LDAP/ADCS-related services.

Rapid7

Metasploit Apr 9

Check out Episode 3 of Hacktics and Telemetry! https://youtu.be/dPYH5OfHTfQ
Inside you'll find 🔍:
00:00 - Welcome to Hacktics and Telemetry & The WordPress Dongle April Fool's Joke
02:56 - The Situation Room: LightLLM Hacks, Claude Source Code Leaks, & Chrome Zero-Days
23:10 - The War Room: Weaponizing Cellular IoT with Deral Heiland
41:59 - The Mitigation Minute: Supply Chain Defenses & Hardware Protections

Hacktics and Telemetry, E3: Claude Leaks, Supply Chain Attacks, and the Magic Smoke of IoT

YouTube

Website	https://metasploit.com
GitHub	https://github.com/rapid7/metasploit-framework
Documentation	https://docs.metasploit.com