Rapid7
@rapid7.com
Rapid7 can help you command your attack surface, smash silos, stay steps ahead of attackers, and take breaches from “inevitable” to preventable. Rapid7 technology, services, and research give organizations around the world control.
🔗: rapid7.com
🔗: rapid7.com
🖨️ Advancements in #MFP devices allow them to be conveniently integrated throughout enterprise environments. But they're often left overlooked & underprotected – breeding far-reaching security implications.
Dive into the latest research from Rapid7: r-7.co/44u48zq
Dive into the latest research from Rapid7: r-7.co/44u48zq
December 23, 2025 at 2:11 PM
🖨️ Advancements in #MFP devices allow them to be conveniently integrated throughout enterprise environments. But they're often left overlooked & underprotected – breeding far-reaching security implications.
Dive into the latest research from Rapid7: r-7.co/44u48zq
Dive into the latest research from Rapid7: r-7.co/44u48zq
🚨 On 12/17/25, Hewlett Packard (#HP) Enterprise published an advisory for CVE-2025-37164, a vuln in HPE OneView.
Assigned a CVSS score of 10.0, it facilitates unauth. RCE on versions of #OneView before 11.0. Find our hotfix analysis & more in the Rapid7 blog: r-7.co/4pE9rVs
Assigned a CVSS score of 10.0, it facilitates unauth. RCE on versions of #OneView before 11.0. Find our hotfix analysis & more in the Rapid7 blog: r-7.co/4pE9rVs
CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView.
r-7.co
December 18, 2025 at 6:17 PM
🚨 On 12/17/25, Hewlett Packard (#HP) Enterprise published an advisory for CVE-2025-37164, a vuln in HPE OneView.
Assigned a CVSS score of 10.0, it facilitates unauth. RCE on versions of #OneView before 11.0. Find our hotfix analysis & more in the Rapid7 blog: r-7.co/4pE9rVs
Assigned a CVSS score of 10.0, it facilitates unauth. RCE on versions of #OneView before 11.0. Find our hotfix analysis & more in the Rapid7 blog: r-7.co/4pE9rVs
🚨 A recently disclosed pair of vulns affecting #Fortinet devices are being actively exploited in the wild.
CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: r-7.co/4j32ZF7
CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: r-7.co/4j32ZF7
Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild
CVE-2025-59718 and CVE-2025-59719, critical vulnerabilities affecting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb, are actively being exploited in the wild.
r-7.co
December 17, 2025 at 9:08 PM
🚨 A recently disclosed pair of vulns affecting #Fortinet devices are being actively exploited in the wild.
CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: r-7.co/4j32ZF7
CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: r-7.co/4j32ZF7
Wishing everyone a wonderful holiday season! May your days be merry, bright, and bug-free. 🎁✨🧡
December 17, 2025 at 5:45 PM
Wishing everyone a wonderful holiday season! May your days be merry, bright, and bug-free. 🎁✨🧡
Reposted by Rapid7
Connected Yet Divided: Navigating Cybersecurity in a Fracture World.
Join us Thursday December 18th 8 am PT / 11 am ET
us06web.zoom.us/webinar/regi...
Panelists explore how eroding trust drives #cyberthreats, supply chain risks, and disinformation—asking if cooperation is our strongest defense
Join us Thursday December 18th 8 am PT / 11 am ET
us06web.zoom.us/webinar/regi...
Panelists explore how eroding trust drives #cyberthreats, supply chain risks, and disinformation—asking if cooperation is our strongest defense
December 15, 2025 at 6:37 PM
Connected Yet Divided: Navigating Cybersecurity in a Fracture World.
Join us Thursday December 18th 8 am PT / 11 am ET
us06web.zoom.us/webinar/regi...
Panelists explore how eroding trust drives #cyberthreats, supply chain risks, and disinformation—asking if cooperation is our strongest defense
Join us Thursday December 18th 8 am PT / 11 am ET
us06web.zoom.us/webinar/regi...
Panelists explore how eroding trust drives #cyberthreats, supply chain risks, and disinformation—asking if cooperation is our strongest defense
12/16 update: After publication, Rapid7 observed a message from the official Telegram channel announcing the release of SantaStealer.
The infostealer is now deemed production-ready by the developers and can be expected in the wild.
The infostealer is now deemed production-ready by the developers and can be expected in the wild.
'Tis the season for a new infostealer: #SantaStealer. Active promotion on Telegram and underground forums state the malware-as-a-service plans to be released before year-end.
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums | Rapid7 Blog
Rapid7 Website
r-7.co
December 16, 2025 at 8:23 PM
12/16 update: After publication, Rapid7 observed a message from the official Telegram channel announcing the release of SantaStealer.
The infostealer is now deemed production-ready by the developers and can be expected in the wild.
The infostealer is now deemed production-ready by the developers and can be expected in the wild.
'Tis the season for a new infostealer: #SantaStealer. Active promotion on Telegram and underground forums state the malware-as-a-service plans to be released before year-end.
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums | Rapid7 Blog
Rapid7 Website
r-7.co
December 15, 2025 at 1:56 PM
'Tis the season for a new infostealer: #SantaStealer. Active promotion on Telegram and underground forums state the malware-as-a-service plans to be released before year-end.
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
Rapid7 Labs analyzed unstripped samples to detail how it operates and what defenders should know: https://r-7.co/4q5pk75
🚨 Earlier this year, Rapid7 researchers discovered a stored cross-site scripting (XSS) vuln. in #Ivanti Endpoint Manager (EPM) – affecting versions 2024 SU4 and below.
Now patched, CVE-2025-10573 has been assigned a CVSS score of 9.6. More in our blog: r-7.co/4rN6TWo
Now patched, CVE-2025-10573 has been assigned a CVSS score of 9.6. More in our blog: r-7.co/4rN6TWo
CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)
Rapid7 Website
r-7.co
December 9, 2025 at 5:32 PM
🚨 Earlier this year, Rapid7 researchers discovered a stored cross-site scripting (XSS) vuln. in #Ivanti Endpoint Manager (EPM) – affecting versions 2024 SU4 and below.
Now patched, CVE-2025-10573 has been assigned a CVSS score of 9.6. More in our blog: r-7.co/4rN6TWo
Now patched, CVE-2025-10573 has been assigned a CVSS score of 9.6. More in our blog: r-7.co/4rN6TWo
🚨 On December 3, 2025, #Meta disclosed a critical unauthenticated RCE vulnerability affecting #React – a popular library for building modern web apps.
CVE-2025-55182 has been assigned the maximum CVSS rating of 10.0. Find mitigation guidance and more in the Rapid7 blog: r-7.co/4rAf48q
CVE-2025-55182 has been assigned the maximum CVSS rating of 10.0. Find mitigation guidance and more in the Rapid7 blog: r-7.co/4rAf48q
React2Shell, Critical unauthenticated RCE affecting React Server Components (CVE-2025-55182)
CVE-2025-55182 is a critical unauthenticated remote code execution vulnerability affecting React, a very popular library for building modern web applications.
r-7.co
December 4, 2025 at 4:19 PM
🚨 On December 3, 2025, #Meta disclosed a critical unauthenticated RCE vulnerability affecting #React – a popular library for building modern web apps.
CVE-2025-55182 has been assigned the maximum CVSS rating of 10.0. Find mitigation guidance and more in the Rapid7 blog: r-7.co/4rAf48q
CVE-2025-55182 has been assigned the maximum CVSS rating of 10.0. Find mitigation guidance and more in the Rapid7 blog: r-7.co/4rAf48q
⚠️ In Aug. 2025, Rapid7 found #TwonkyServer susceptible to multiple vulns – granting unauthenticated attackers plaintext admin credentials, full admin access to the instance & control of all stored media files.
At the time of publication, these vulns have not been patched. Read on: r-7.co/4a0JiuU
At the time of publication, these vulns have not been patched. Read on: r-7.co/4a0JiuU
CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)
Rapid7 has identified two vulnerabilities that facilitate administrator authentication bypass in Twonky Server, a media solution.
r-7.co
November 19, 2025 at 6:21 PM
⚠️ In Aug. 2025, Rapid7 found #TwonkyServer susceptible to multiple vulns – granting unauthenticated attackers plaintext admin credentials, full admin access to the instance & control of all stored media files.
At the time of publication, these vulns have not been patched. Read on: r-7.co/4a0JiuU
At the time of publication, these vulns have not been patched. Read on: r-7.co/4a0JiuU
🚨 On 10/6/25, an exploit was published around a new vuln that allows an attacker to gain admin-level access to the #Fortinet FortiWeb Manager panel & websocket CLI.
Today, 11/14, Fortinet PSIRT published CVE-2025-64446 and an official advisory on the vulnerability. Read on: r-7.co/47VAm7r
Today, 11/14, Fortinet PSIRT published CVE-2025-64446 and an official advisory on the vulnerability. Read on: r-7.co/47VAm7r
Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild
On October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. Read more in Rapid7'...
r-7.co
November 14, 2025 at 6:43 PM
🚨 On 10/6/25, an exploit was published around a new vuln that allows an attacker to gain admin-level access to the #Fortinet FortiWeb Manager panel & websocket CLI.
Today, 11/14, Fortinet PSIRT published CVE-2025-64446 and an official advisory on the vulnerability. Read on: r-7.co/47VAm7r
Today, 11/14, Fortinet PSIRT published CVE-2025-64446 and an official advisory on the vulnerability. Read on: r-7.co/47VAm7r
November #PatchTuesday drops 66 new vulnerabilities, with 1 critical zero-day exploited in the wild (no public disclosure yet).
3 critical RCEs patched, all rated less likely to be exploited. Find Rapid7's analysis in a new blog: r-7.co/4nOaIre
3 critical RCEs patched, all rated less likely to be exploited. Find Rapid7's analysis in a new blog: r-7.co/4nOaIre
November 12, 2025 at 2:41 PM
November #PatchTuesday drops 66 new vulnerabilities, with 1 critical zero-day exploited in the wild (no public disclosure yet).
3 critical RCEs patched, all rated less likely to be exploited. Find Rapid7's analysis in a new blog: r-7.co/4nOaIre
3 critical RCEs patched, all rated less likely to be exploited. Find Rapid7's analysis in a new blog: r-7.co/4nOaIre
Reposted by Rapid7
We just published our AttackerKB @rapid7.com analysis of CVE-2025-12480. Disclosed yesterday, but patched back in July, it's an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Full analysis & RCE details here: attackerkb.com/topics/5C4wR...
November 11, 2025 at 2:47 PM
We just published our AttackerKB @rapid7.com analysis of CVE-2025-12480. Disclosed yesterday, but patched back in July, it's an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Full analysis & RCE details here: attackerkb.com/topics/5C4wR...
🔺 Global threat activity surged in Q3.
Rapid7 Labs’ latest Threat Landscape Report tracks faster exploitation, new ransomware alliances, AI-assisted evasion, and state-backed campaigns reshaping the cyber domain.
🛡️ Download the report: https://r-7.co/3Lyxead
Rapid7 Labs’ latest Threat Landscape Report tracks faster exploitation, new ransomware alliances, AI-assisted evasion, and state-backed campaigns reshaping the cyber domain.
🛡️ Download the report: https://r-7.co/3Lyxead
November 12, 2025 at 2:00 PM
🔺 Global threat activity surged in Q3.
Rapid7 Labs’ latest Threat Landscape Report tracks faster exploitation, new ransomware alliances, AI-assisted evasion, and state-backed campaigns reshaping the cyber domain.
🛡️ Download the report: https://r-7.co/3Lyxead
Rapid7 Labs’ latest Threat Landscape Report tracks faster exploitation, new ransomware alliances, AI-assisted evasion, and state-backed campaigns reshaping the cyber domain.
🛡️ Download the report: https://r-7.co/3Lyxead
🗓️ A new meeting invite on your calendar, or a new attack vector?
Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments. More in a new blog from Rapid7 Labs: r-7.co/3Jwc9wx
Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments. More in a new blog from Rapid7 Labs: r-7.co/3Jwc9wx
November 6, 2025 at 6:50 PM
🗓️ A new meeting invite on your calendar, or a new attack vector?
Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments. More in a new blog from Rapid7 Labs: r-7.co/3Jwc9wx
Because calendar files (.ics) often bypass traditional email & attachment defenses, they offer attackers a low-friction path into corporate environments. More in a new blog from Rapid7 Labs: r-7.co/3Jwc9wx
Reposted by Rapid7
Delighted to share that Vulnerability Intelligence is now incorporated within our @rapid7.com - sharing contextual indicators including which CVEs are actively exploited, by whom, and what impact they have.
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
Defend Smarter, Not Harder, with Rapid7: The Power of Curated Vulnerability Intelligence
Rapid7 delivers actionable intelligence through Intelligence Hub; identifying the vulnerabilities that actually matter, rather than relying on generic security ratings – or trying to decipher whether ...
www.rapid7.com
October 30, 2025 at 10:40 AM
Delighted to share that Vulnerability Intelligence is now incorporated within our @rapid7.com - sharing contextual indicators including which CVEs are actively exploited, by whom, and what impact they have.
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
More details available within our announcement: www.rapid7.com/blog/post/pt... #infosec
#SaltTyphoon, a Chinese espionage APT group linked to the Ministry of State Security (MSS), has spent years infiltrating global telecommunications & government networks.
Find a free download of our pubsec-focused Salt Typhoon report here: r-7.co/47tz4QT
Find a free download of our pubsec-focused Salt Typhoon report here: r-7.co/47tz4QT
Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know
Salt Typhoon’s long-term infiltration strategy is a reminder that modern cyber defense is as much about proactive endurance as innovation. More from Rapid7 Labs in a new research blog.
r-7.co
October 30, 2025 at 6:12 PM
#SaltTyphoon, a Chinese espionage APT group linked to the Ministry of State Security (MSS), has spent years infiltrating global telecommunications & government networks.
Find a free download of our pubsec-focused Salt Typhoon report here: r-7.co/47tz4QT
Find a free download of our pubsec-focused Salt Typhoon report here: r-7.co/47tz4QT
Reposted by Rapid7
As Pwn2Own Ireland 2025 draws to a close, a huge thank you to @thezdi.bsky.social for putting on another great contest! I reflected on why @rapid7.com has taken part at #Pwn2Own over the last two years, and our successes so far in the world of competitive zero day exploit development r-7.co/4o6RM85
Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel
As the 2025 edition of Pwn2Own Ireland draws to a close, we are taking a beat to reflect on Rapid7’s participation & achievements in the world of competitive zero day exploit development.
r-7.co
October 24, 2025 at 4:51 PM
As Pwn2Own Ireland 2025 draws to a close, a huge thank you to @thezdi.bsky.social for putting on another great contest! I reflected on why @rapid7.com has taken part at #Pwn2Own over the last two years, and our successes so far in the world of competitive zero day exploit development r-7.co/4o6RM85
Tomorrow’s threats don’t wait. Neither should your defenses.
This Cybersecurity Awareness Month, explore Rapid7’s collection of expert insights, case studies, and research to help you anticipate attacks and strengthen your defenses.
👉 Dive in here: https://r-7.co/3LmjwqG
This Cybersecurity Awareness Month, explore Rapid7’s collection of expert insights, case studies, and research to help you anticipate attacks and strengthen your defenses.
👉 Dive in here: https://r-7.co/3LmjwqG
October 22, 2025 at 11:27 PM
Tomorrow’s threats don’t wait. Neither should your defenses.
This Cybersecurity Awareness Month, explore Rapid7’s collection of expert insights, case studies, and research to help you anticipate attacks and strengthen your defenses.
👉 Dive in here: https://r-7.co/3LmjwqG
This Cybersecurity Awareness Month, explore Rapid7’s collection of expert insights, case studies, and research to help you anticipate attacks and strengthen your defenses.
👉 Dive in here: https://r-7.co/3LmjwqG
🚨 On 10/15/25, #F5Networks disclosed a breach attributed to a sophisticated nation-state actor – confirming unauthorized access to select internal systems that dates back to August 2025.
Read on for Rapid7 Labs' analysis & actionable next steps: r-7.co/46VivhN
Read on for Rapid7 Labs' analysis & actionable next steps: r-7.co/46VivhN
Inside the F5 Breach: What We Know and Recommended Actions
Rapid7 Labs reports & advises on a breach that F5 Networks recently disclosed – attributed to a sophisticated nation-state actor.
r-7.co
October 16, 2025 at 6:30 PM
🚨 On 10/15/25, #F5Networks disclosed a breach attributed to a sophisticated nation-state actor – confirming unauthorized access to select internal systems that dates back to August 2025.
Read on for Rapid7 Labs' analysis & actionable next steps: r-7.co/46VivhN
Read on for Rapid7 Labs' analysis & actionable next steps: r-7.co/46VivhN
Microsoft’s October Patch Tuesday fixes 172 vulnerabilities, including 6 zero-days and 5 critical RCEs.
Microsoft reports exploitation in the wild for 3 zero-days and public disclosure for another 3. Only 1 critical RCE is considered likely to be exploited.
Full analysis: https://r-7.co/4oEU4vh
Microsoft reports exploitation in the wild for 3 zero-days and public disclosure for another 3. Only 1 critical RCE is considered likely to be exploited.
Full analysis: https://r-7.co/4oEU4vh
October 14, 2025 at 10:52 PM
Microsoft’s October Patch Tuesday fixes 172 vulnerabilities, including 6 zero-days and 5 critical RCEs.
Microsoft reports exploitation in the wild for 3 zero-days and public disclosure for another 3. Only 1 critical RCE is considered likely to be exploited.
Full analysis: https://r-7.co/4oEU4vh
Microsoft reports exploitation in the wild for 3 zero-days and public disclosure for another 3. Only 1 critical RCE is considered likely to be exploited.
Full analysis: https://r-7.co/4oEU4vh
👾 Get to know Russian Market, the underground hub where info-stealing malware logs & stolen user credentials are traded daily.
Dive into key vendors, malware variants & more via our latest research blog: r-7.co/4hdurir
Dive into key vendors, malware variants & more via our latest research blog: r-7.co/4hdurir
October 14, 2025 at 3:27 PM
👾 Get to know Russian Market, the underground hub where info-stealing malware logs & stolen user credentials are traded daily.
Dive into key vendors, malware variants & more via our latest research blog: r-7.co/4hdurir
Dive into key vendors, malware variants & more via our latest research blog: r-7.co/4hdurir
🚨 Rapid7 has observed increased activity involving a new threat group and #AWS cloud environments.
Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
October 7, 2025 at 7:48 PM
🚨 Rapid7 has observed increased activity involving a new threat group and #AWS cloud environments.
Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS
⚠️ The auto industry, retail, & the public sector have one thing in common: each was impacted by cyberattacks in some new (and costly) way in 2025.
October is Cybersecurity Awareness Month, and it's high time for orgs everywhere to 'be ready.' Read on ⤵️
October is Cybersecurity Awareness Month, and it's high time for orgs everywhere to 'be ready.' Read on ⤵️
What Recent Cyber Attacks Reveal About Readiness in 2025
Retail, automotive, public sector, transport, and legal services have all been impacted in new and costly ways - exposing organizations not just to downtime and data loss, but to a more systemic risk:...
r-7.co
October 6, 2025 at 7:42 PM
⚠️ The auto industry, retail, & the public sector have one thing in common: each was impacted by cyberattacks in some new (and costly) way in 2025.
October is Cybersecurity Awareness Month, and it's high time for orgs everywhere to 'be ready.' Read on ⤵️
October is Cybersecurity Awareness Month, and it's high time for orgs everywhere to 'be ready.' Read on ⤵️
On 10/4/25, #Oracle published an advisory & patch for CVE-2025-61882 – an RCE vuln affecting the Oracle Concurrent Processing product within E-Business Suite (EBS).
Claims of exploitation in-the-wild at the hands of #Cl0p are supported. More in our blog: r-7.co/46VXYbM
Claims of exploitation in-the-wild at the hands of #Cl0p are supported. More in our blog: r-7.co/46VXYbM
Critical 0day in Oracle E-Business Suite exploited in-the-wild
A new vulnerability, CVE-2025-61882, affecting Oracle E-Business Suite has been exploited in-the-wild by the Cl0p ransomware gang.
r-7.co
October 6, 2025 at 1:24 PM
On 10/4/25, #Oracle published an advisory & patch for CVE-2025-61882 – an RCE vuln affecting the Oracle Concurrent Processing product within E-Business Suite (EBS).
Claims of exploitation in-the-wild at the hands of #Cl0p are supported. More in our blog: r-7.co/46VXYbM
Claims of exploitation in-the-wild at the hands of #Cl0p are supported. More in our blog: r-7.co/46VXYbM