THREATOPS
THREAT OPSThreat News › Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

medrapid7Published 2026-06-19

<p>This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new <span>windows/local/ntlm_relay_2_self</span> module coerces the local machine account to authenticate via OpenEncryptedFileRaw (WebDAV), relays that NTLM authentication to a Domain Controller's LDAP servi

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-19-06-2026