Raj Samani
@rajsamani.bsky.social
Chief Scientist @Rapid7 (ex @McAfee) | @cloudsa | Co-author of @CyberGridBook & CSA Guide to Cloud | Advisor
@EC3Europol
https://bsky.app/profile/rajsamani.bsky.social
@EC3Europol
https://bsky.app/profile/rajsamani.bsky.social
Delighted to share that Vulnerability Intelligence is now incorporated within our @rapid7.com - sharing contextual indicators including which CVEs are actively exploited, by whom, and what impact they have.
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
Defend Smarter, Not Harder, with Rapid7: The Power of Curated Vulnerability Intelligence
Rapid7 delivers actionable intelligence through Intelligence Hub; identifying the vulnerabilities that actually matter, rather than relying on generic security ratings – or trying to decipher whether ...
www.rapid7.com
October 30, 2025 at 10:40 AM
Delighted to share that Vulnerability Intelligence is now incorporated within our @rapid7.com - sharing contextual indicators including which CVEs are actively exploited, by whom, and what impact they have.
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
Reposted by Raj Samani
The @cyberalliance.bsky.social thrilled to welcome @rajsamani.bsky.social to our Board of Directors. His expertise and vision will be a huge asset to our journey ahead.
✨ Get to know more about Raj in our spotlight feature!
www.cyberthreatalliance.org/cta-board-of...
#cybersecurity #EmpoweringCTA
✨ Get to know more about Raj in our spotlight feature!
www.cyberthreatalliance.org/cta-board-of...
#cybersecurity #EmpoweringCTA
CTA Board of Directors Spotlight: Raj Samani, Rapid7 - Cyber Threat Alliance
Welcome to the CTA board of directors. We are delighted to have you on the board. What inspired you to want to be on the CTA board? I have been engaged with the CTA from its inception, having seen the...
www.cyberthreatalliance.org
July 30, 2025 at 12:20 PM
The @cyberalliance.bsky.social thrilled to welcome @rajsamani.bsky.social to our Board of Directors. His expertise and vision will be a huge asset to our journey ahead.
✨ Get to know more about Raj in our spotlight feature!
www.cyberthreatalliance.org/cta-board-of...
#cybersecurity #EmpoweringCTA
✨ Get to know more about Raj in our spotlight feature!
www.cyberthreatalliance.org/cta-board-of...
#cybersecurity #EmpoweringCTA
Our latest @rapid7.com advisory details a threat briefing including TTPs into the Scattered Spider threat group: www.rapid7.com/blog/post/sc... #infosec #cybersecurity
Rapid7
Scattered Spider is a cybercrime group known for targeting enterprises via social engineering. Learn their TTPs, defenses, and more in our latest blog.
www.rapid7.com
July 4, 2025 at 6:18 AM
Our latest @rapid7.com advisory details a threat briefing including TTPs into the Scattered Spider threat group: www.rapid7.com/blog/post/sc... #infosec #cybersecurity
Our latest @rapid7.com vuln disclosure details eight vulnerabilities into multi-function printers impacts 742 models across 4 vendors. The most serious of the findings is the authentication bypass CVE-2024-51978. www.rapid7.com/blog/post/mu...
H/T @stephenfewer.bsky.social
H/T @stephenfewer.bsky.social
June 25, 2025 at 9:29 AM
Our latest @rapid7.com vuln disclosure details eight vulnerabilities into multi-function printers impacts 742 models across 4 vendors. The most serious of the findings is the authentication bypass CVE-2024-51978. www.rapid7.com/blog/post/mu...
H/T @stephenfewer.bsky.social
H/T @stephenfewer.bsky.social
Our latest @rapid7.com analysis details a critical remote code execution (RCE) vulnerability tracked as CVE-2025-23121 within Veeam Backup & Replication. more details here: www.rapid7.com/blog/post/et... #infosec #cybersecurity
Rapid7
On Tuesday, June 17, 2025, backup and recovery software provider #Veeam published a security advisory for a critical remote code execution (RCE) vulnerability, tracked as CVE-2025-23121. Read more in ...
www.rapid7.com
June 19, 2025 at 10:06 AM
Our latest @rapid7.com analysis details a critical remote code execution (RCE) vulnerability tracked as CVE-2025-23121 within Veeam Backup & Replication. more details here: www.rapid7.com/blog/post/et... #infosec #cybersecurity
Our latest @rapid7.com analysis reveals the most common initial access vector for observed incidents were valid account credentials, and yes no MFA in place! www.rapid7.com/blog/post/20... #infosec #cybersecurity
June 4, 2025 at 9:31 AM
Our latest @rapid7.com analysis reveals the most common initial access vector for observed incidents were valid account credentials, and yes no MFA in place! www.rapid7.com/blog/post/20... #infosec #cybersecurity
We have published analysis into CVE-2024-58136 on #AttackerKB - This new CVE is a patch bypass of CVE-2024-4990 and exploited in the wild by threat actors, particularly in regard to CraftCMS, where this vulnerability was used to trigger RCE. attackerkb.com/topics/U2Ddo... #infosec #cybersecurity
CVE-2024-58136 | AttackerKB
Yii framework is a component-based MVC web application framework, providing developers with the building blocks to create complex web applications including mo…
attackerkb.com
May 27, 2025 at 10:03 AM
We have published analysis into CVE-2024-58136 on #AttackerKB - This new CVE is a patch bypass of CVE-2024-4990 and exploited in the wild by threat actors, particularly in regard to CraftCMS, where this vulnerability was used to trigger RCE. attackerkb.com/topics/U2Ddo... #infosec #cybersecurity
Our latest @rapid7.com analysis does a deep dive into CVE-2025-32756 which is exploited in the Wild, Affecting Multiple Fortinet Products. H/T @stephenfewer.bsky.social www.rapid7.com/blog/post/20... #infosec #cybersecurity
Multiple Fortinet products CVE-2025-32756 exploited in the wild | Rapid7 Blog
On 5/13/25, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple FortiNet products. Learn more!
www.rapid7.com
May 20, 2025 at 9:59 AM
Our latest @rapid7.com analysis does a deep dive into CVE-2025-32756 which is exploited in the Wild, Affecting Multiple Fortinet Products. H/T @stephenfewer.bsky.social www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis details three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances courtesy of @booleanblind.bsky.social are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821 www.rapid7.com/blog/post/20... #infosec #cybersecurity
Multiple Vulnerabilities in SonicWall SMA 100 Series (FIXED) | Rapid7 Blog
In April 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access ("SMA") 100 series appliances. Learn more!
www.rapid7.com
May 12, 2025 at 10:27 AM
Our latest @rapid7.com analysis details three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances courtesy of @booleanblind.bsky.social are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821 www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest #Metasploit weekly wrap up details a a new module “exploit/multi/http/wondercms_rce” which exploits CVE-2023-41425 - a file upload vulnerability. The module will authenticate against the vulnerable WonderCMS instance. More details available here: www.rapid7.com/blog/post/20... #infosec
Metasploit Wrap-Up 05/02/2025 | Rapid7 Blog
www.rapid7.com
May 6, 2025 at 6:38 AM
Our latest #Metasploit weekly wrap up details a a new module “exploit/multi/http/wondercms_rce” which exploits CVE-2023-41425 - a file upload vulnerability. The module will authenticate against the vulnerable WonderCMS instance. More details available here: www.rapid7.com/blog/post/20... #infosec
From noise to action: Introducing Intelligence Hub. Delighted to share details of our latest @rapid7.com release, intelligence Hub. Details of our curated intelligence platform now available here: www.rapid7.com/blog/post/20...
#infosec #cybersecurity
#infosec #cybersecurity
From Noise to Action: Introducing Intelligence Hub | Rapid7 Blog
We are delighted to announce the availability of Intelligence Hub, an evolution in threat intelligence delivery that is designed to provide meaningful context and actionable insights integrated with t...
www.rapid7.com
April 23, 2025 at 3:26 PM
From noise to action: Introducing Intelligence Hub. Delighted to share details of our latest @rapid7.com release, intelligence Hub. Details of our curated intelligence platform now available here: www.rapid7.com/blog/post/20...
#infosec #cybersecurity
#infosec #cybersecurity
Our latest #Metasploit weekly wrap up details new modules including an unauthenticated remote code execution in BentoML (CVE-2025-27520). For more details including an enhancement to the fetch payload feature available here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Metasploit Wrap-Up 04/18/2025 | Rapid7 Blog
www.rapid7.com
April 21, 2025 at 8:33 AM
Our latest #Metasploit weekly wrap up details new modules including an unauthenticated remote code execution in BentoML (CVE-2025-27520). For more details including an enhancement to the fetch payload feature available here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis does a deep dive into the #ransomware eco-system revealing "80 active groups in Q1, 16 of them new since January 1. There are also 13 groups that were active in Q4, 2024, but have thus far been silent in 2025" www.rapid7.com/blog/post/20... #malware #cybersecurity
April 9, 2025 at 9:46 AM
Our latest @rapid7.com analysis does a deep dive into the #ransomware eco-system revealing "80 active groups in Q1, 16 of them new since January 1. There are also 13 groups that were active in Q4, 2024, but have thus far been silent in 2025" www.rapid7.com/blog/post/20... #malware #cybersecurity
Analysis confirms that babuk.exe, advertised in the Babuk 2.0 #Ransomware Affiliates Telegram channel, is actually based entirely on LockBit 3.0 source code—not Babuk. More details in our @rapid7.com analysis here: www.rapid7.com/blog/post/20... #infosec #malware
A Rebirth of a Cursed Existence? - The Babuk Locker 2.0 | Rapid7 Blog
In early 2025, we came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, we decided to investigate whether this was a rebrand or a new threat.
www.rapid7.com
April 7, 2025 at 8:48 AM
Analysis confirms that babuk.exe, advertised in the Babuk 2.0 #Ransomware Affiliates Telegram channel, is actually based entirely on LockBit 3.0 source code—not Babuk. More details in our @rapid7.com analysis here: www.rapid7.com/blog/post/20... #infosec #malware
Our latest @rapid7.com analysis details CVE-2025-22457 a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways (exploited in wild). Links and confirmation of content coverage detailed here: www.rapid7.com/blog/post/20... #infosec
Ivanti Connect Secure CVE-2025-22457 exploited in the wild | Rapid7 Blog
www.rapid7.com
April 4, 2025 at 12:15 PM
Our latest @rapid7.com analysis details CVE-2025-22457 a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways (exploited in wild). Links and confirmation of content coverage detailed here: www.rapid7.com/blog/post/20... #infosec
Reposted by Raj Samani
Full technical analysis of CrushFTP CVE-2025-2825 now available in @rapid7.com's AttackerKB, c/o @booleanblind.bsky.social: attackerkb.com/topics/k0Egi...
CVE-2025-2825 | AttackerKB
On Friday, March 21, 2025, CrushFTP, a managed file transfer solution vendor, announced a new vulnerability to customers via email. This vulnerability was late…
attackerkb.com
March 31, 2025 at 9:20 PM
Full technical analysis of CrushFTP CVE-2025-2825 now available in @rapid7.com's AttackerKB, c/o @booleanblind.bsky.social: attackerkb.com/topics/k0Egi...
Our latest @rapid7.com analysis details two notable (unrelated) vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP | Rapid7 Blog
www.rapid7.com
March 27, 2025 at 12:24 PM
Our latest @rapid7.com analysis details two notable (unrelated) vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest @rapid7.com analysis details Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP. These (unrelated) vulns in Next.js, a React framework for building web apps, and CrushFTP, has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP | Rapid7 Blog
www.rapid7.com
March 26, 2025 at 7:01 AM
Our latest @rapid7.com analysis details Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP. These (unrelated) vulns in Next.js, a React framework for building web apps, and CrushFTP, has previously been targeted by adversaries. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Reposted by Raj Samani
Good context on Next.js CVE-2025-29927 here from @rapid7.com's research crew — long story short, while patching = good, we're not quite sold on the world-ending nature of this bug. We're also highlighting an unrelated vulnerability in file transfer software CrushFTP. www.rapid7.com/blog/post/20...
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP | Rapid7 Blog
www.rapid7.com
March 25, 2025 at 4:47 PM
Good context on Next.js CVE-2025-29927 here from @rapid7.com's research crew — long story short, while patching = good, we're not quite sold on the world-ending nature of this bug. We're also highlighting an unrelated vulnerability in file transfer software CrushFTP. www.rapid7.com/blog/post/20...
I wanted to thank the team at Cyber Daily for the opportunity to discuss details of our latest research in which we do a deep dive into prevalent #ransomware groups, and the evolving TTPs of APT groups. www.cyberdaily.au/digital-tran... #infosec #cybersecurity
PODCAST: Nation-state cyber threats – how Australian organisations must prepare, with Rapid7’s Raj Samani
In this episode of the Cyber Uncut podcast, Raj Samani, senior vice president and chief scientist at Rapid7, joins host Liam Garman to unpack how nation-state threats are actively targeting Australian...
www.cyberdaily.au
March 24, 2025 at 9:57 AM
I wanted to thank the team at Cyber Daily for the opportunity to discuss details of our latest research in which we do a deep dive into prevalent #ransomware groups, and the evolving TTPs of APT groups. www.cyberdaily.au/digital-tran... #infosec #cybersecurity
Our latest @rapid7.com analysis into Apache Tomcat CVE-2025-24813, note this has reportedly been exploited in the wild; we are unable to confirm any successful exploitation occurring against real-world production environments: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Apache Tomcat CVE-2025-24813: What You Need to Know | Rapid7 Blog
www.rapid7.com
March 20, 2025 at 12:50 PM
Our latest @rapid7.com analysis into Apache Tomcat CVE-2025-24813, note this has reportedly been exploited in the wild; we are unable to confirm any successful exploitation occurring against real-world production environments: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Our latest #Metasploit weekly wrap-up details a deserialization module for CVE-2024-55556, exploiting unauthenticated PHP deserialization vulnerability in InvoiceShelf. More details plus plenty more here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Metasploit Weekly Wrap-Up: 03/14/25 | Rapid7 Blog
This Metasploit Weekly Wrap-Up saw a deserialization module for CVE-2024-55556, exploiting unauthenticated PHP deserialization vulnerability in InvoiceShelf.
www.rapid7.com
March 17, 2025 at 10:05 AM
Our latest #Metasploit weekly wrap-up details a deserialization module for CVE-2024-55556, exploiting unauthenticated PHP deserialization vulnerability in InvoiceShelf. More details plus plenty more here: www.rapid7.com/blog/post/20... #infosec #cybersecurity
Here is a video interview I did with the team #Saepio with their "In Conversation" series to discuss the trends, threats, and strategies impacting all of us within the #cybersecurity industry.
www.youtube.com/watch?v=Qfuw...
www.youtube.com/watch?v=Qfuw...
Ep.1 In Conversation with Raj Samani
YouTube video by Saepio Information Security
www.youtube.com
March 13, 2025 at 10:30 AM
Here is a video interview I did with the team #Saepio with their "In Conversation" series to discuss the trends, threats, and strategies impacting all of us within the #cybersecurity industry.
www.youtube.com/watch?v=Qfuw...
www.youtube.com/watch?v=Qfuw...
Our latest #Metasploit weekly wrap up details an auxiliary module which performs the retrieval of Network Access Account (NAA) credentials from an System Center Configuration Manager (SCCM) server. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Metasploit Wrap-Up 03/06/2025 | Rapid7 Blog
www.rapid7.com
March 10, 2025 at 8:52 AM
Our latest #Metasploit weekly wrap up details an auxiliary module which performs the retrieval of Network Access Account (NAA) credentials from an System Center Configuration Manager (SCCM) server. www.rapid7.com/blog/post/20... #infosec #cybersecurity
Now available courtesy of Matt Green and Herbert Bärschneider is an artifact that hunts for Remote Monitoring and Management (RMM) tools using the LolRMM project. The goal is to detect installed or running instances. github.com/mgreen27/Det... #Velociraptor #DFIR #infosec
github.com
March 6, 2025 at 9:16 AM
Now available courtesy of Matt Green and Herbert Bärschneider is an artifact that hunts for Remote Monitoring and Management (RMM) tools using the LolRMM project. The goal is to detect installed or running instances. github.com/mgreen27/Det... #Velociraptor #DFIR #infosec