What the first 24 hours of a cyber incident should look like
New blog by me, details the evolving nature of #cybersecurity operations in light of escalating capabilities of threat groups:
www.information-age.com/what-the-fir... #infosec #metasploit
Delighted to share that Vulnerability Intelligence is now incorporated within our @rapid7.com - sharing contextual indicators including which CVEs are actively exploited, by whom, and what impact they have.
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
The @cyberalliance.bsky.social thrilled to welcome @rajsamani.bsky.social to our Board of Directors. His expertise and vision will be a huge asset to our journey ahead.
✨ Get to know more about Raj in our spotlight feature!
www.cyberthreatalliance.org/cta-board-of...
#cybersecurity #EmpoweringCTA
Our latest @rapid7.com advisory details a threat briefing including TTPs into the Scattered Spider threat group: www.rapid7.com/blog/post/sc... #infosec #cybersecurity
Our latest @rapid7.com vuln disclosure details eight vulnerabilities into multi-function printers impacts 742 models across 4 vendors. The most serious of the findings is the authentication bypass CVE-2024-51978. www.rapid7.com/blog/post/mu...
H/T @stephenfewer.bsky.social
Our latest @rapid7.com analysis details a critical remote code execution (RCE) vulnerability tracked as CVE-2025-23121 within Veeam Backup & Replication. more details here: www.rapid7.com/blog/post/et... #infosec #cybersecurity
Our latest @rapid7.com analysis reveals the most common initial access vector for observed incidents were valid account credentials, and yes no MFA in place! www.rapid7.com/blog/post/20... #infosec #cybersecurity
We have published analysis into CVE-2024-58136 on #AttackerKB - This new CVE is a patch bypass of CVE-2024-4990 and exploited in the wild by threat actors, particularly in regard to CraftCMS, where this vulnerability was used to trigger RCE. attackerkb.com/topics/U2Ddo... #infosec #cybersecurity
Our latest @rapid7.com analysis does a deep dive into CVE-2025-32756 which is exploited in the Wild, Affecting Multiple Fortinet Products. H/T @stephenfewer.bsky.social www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis details three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances courtesy of @booleanblind.bsky.social are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821 www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest #Metasploit weekly wrap up details a a new module “exploit/multi/http/wondercms_rce” which exploits CVE-2023-41425 - a file upload vulnerability. The module will authenticate against the vulnerable WonderCMS instance. More details available here: www.rapid7.com/blog/post/20... #infosec
From noise to action: Introducing Intelligence Hub. Delighted to share details of our latest @rapid7.com release, intelligence Hub. Details of our curated intelligence platform now available here: www.rapid7.com/blog/post/20...
#infosec #cybersecurity
Our latest #Metasploit weekly wrap up details new modules including an unauthenticated remote code execution in BentoML (CVE-2025-27520). For more details including an enhancement to the fetch payload feature available here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis does a deep dive into the #ransomware eco-system revealing "80 active groups in Q1, 16 of them new since January 1. There are also 13 groups that were active in Q4, 2024, but have thus far been silent in 2025" www.rapid7.com/blog/post/20... #malware #cybersecurity
This is brilliant!
Analysis confirms that babuk.exe, advertised in the Babuk 2.0 #Ransomware Affiliates Telegram channel, is actually based entirely on LockBit 3.0 source code—not Babuk. More details in our @rapid7.com analysis here: www.rapid7.com/blog/post/20... #infosec #malware
Our latest @rapid7.com analysis details CVE-2025-22457 a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways (exploited in wild). Links and confirmation of content coverage detailed here: www.rapid7.com/blog/post/20... #infosec
Full technical analysis of CrushFTP CVE-2025-2825 now available in @rapid7.com's AttackerKB, c/o @booleanblind.bsky.social: attackerkb.com/topics/k0Egi...
Our latest @rapid7.com analysis details two notable (unrelated) vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis details Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP. These (unrelated) vulns in Next.js, a React framework for building web apps, and CrushFTP, has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Good context on Next.js CVE-2025-29927 here from @rapid7.com's research crew — long story short, while patching = good, we're not quite sold on the world-ending nature of this bug. We're also highlighting an unrelated vulnerability in file transfer software CrushFTP. www.rapid7.com/blog/post/20...
I wanted to thank the team at Cyber Daily for the opportunity to discuss details of our latest research in which we do a deep dive into prevalent #ransomware groups, and the evolving TTPs of APT groups. www.cyberdaily.au/digital-tran... #infosec #cybersecurity
Our latest @rapid7.com analysis into Apache Tomcat CVE-2025-24813, note this has reportedly been exploited in the wild; we are unable to confirm any successful exploitation occurring against real-world production environments: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest #Metasploit weekly wrap-up details a deserialization module for CVE-2024-55556, exploiting unauthenticated PHP deserialization vulnerability in InvoiceShelf. More details plus plenty more here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
I agree - invariably this is never a binary decision but generally I agree with you of not paying. Prevention is so much more cost effective too.
Here is a video interview I did with the team #Saepio with their "In Conversation" series to discuss the trends, threats, and strategies impacting all of us within the #cybersecurity industry.
www.youtube.com/watch?v=Qfuw...
Our latest #Metasploit weekly wrap up details an auxiliary module which performs the retrieval of Network Access Account (NAA) credentials from an System Center Configuration Manager (SCCM) server. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Now available courtesy of Matt Green and Herbert Bärschneider is an artifact that hunts for Remote Monitoring and Management (RMM) tools using the LolRMM project. The goal is to detect installed or running instances. github.com/mgreen27/Det... #Velociraptor #DFIR #infosec
A number of new modules detailed within our #Metasploit wrap up including a module which adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 and CVE-2025-22896. More details here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @metasploit weekly wrap up details a new module for an unauthenticated remote code execution bug in NetAlertX (CVE-2024-46506 plus more... rapid7.com/blog/post/20... #infosec #cybersecurity