We now have a (draft) @metasploit exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: https://t.co/J4EG2Wk5f5

In the first half of 2025, Rapid7 Labs tracked 96 unique ransomware groups — a 41% increase over the same period in 2024. This isn’t just a number; it’s a wake-up call ⏰:

Just released :

🚨 Scattered Spider is a financially motivated cybercriminal group notorious for targeting large enterprises – often by exploiting IT help desks via social engineering. In a new blog, Rapid7 outlines known TTPs, provides defensive recommendations & more: https://t.co/L8NwBV8WDg

My talk “Why is #Ransomware Still a Thing in 2025?” has been accepted for #RSAC this year! Looking forward to examining the key challenges and share some interesting observations.

The 2024 #Ransomware landscape @rapid7 :

Dear followers, I will start to switch more to Bsky for posts:

The #malware side of the Rapid7 house published an analysis of one of the payloads our MDR folks have seen dropped in the #Cleo exploitation campaign — a modular Java backdoor that facilitates follow-on attacker behavior. Props to @ChristiaanBeek + team!

An experimental #Yara rule for Memory detection of the Modular RAT can be downloaded here:

📷 The Java classes provide a modular multi-stage system (Java-RAT) designed to communicate with a C2, has file-transfer and management functionality, can execute commands and applies packet level encryption/decryption.

While we (@rapid7 ) researched the exploitation of the Cleo File transfer software CVE-2024-50623: https://t.co/csVj6vBEFP... I also took a stab on analyzing the Java classes that appeared in the final payload, a zip with 9 files aka Java classes in it. 🧵

Phobos #Ransomware Administrator Extradited from South Korea to Face Cybercrime Charges.

🐚🐐 Full Rapid7 analysis for #FortiManager CVE-2024-47575 — just a chill Wednesday for @stephenfewer

Why Cybercriminals are not necessarily embracing #AI

The Security Pyramid of pAIn https://t.co/qaPkKRiMzB #AI #risk #cyber #dfir

AttackerKB has a technical assessment of the CUPS exploit chain, along with additional observations and IOCs c/o @stephenfewer (big thanks also to @the_emmons!)

ROFL, someone made this with #AI :

Rapid7 Labs’ #ransomware radar report 👇

📈 Just dropped: the Ransomware Radar report. A fresh perspective on the global ransomware threat—and we mean fresh. All data was compiled from analyzing attacker activity and techniques over 18 months, ending June 30, 2024. 🔎 Download the report here: https://t.co/Tyu30Vbwgc