We're cooking something up for Black Hat this year. Check out what's on the menu: | #BHUSA

“Due to the sensitive nature of this host, such exploits were not explored.”. Rapid7 noticed this theme across 5 years of a client's pentesting reports, a hallmark of overly fearful & risk-averse consultancy. Read on in a new PenTales blog:

Security teams can't afford to chase CVEs forever. Exposure management brings the full visibility, context, and prioritization needed to keep your organization secure. Learn how to cut through the noise in a new eBook:

📊 In 2024, there were over 100 software vulnerabilities announced each day. But you don’t have to rush to remediate each CVE the moment they arise – having key details surfaced gives you the power of choice, context, and command. More in a new blog:

📈 Microsoft addresses 137 vulnerabilities in July's Patch Tuesday, including 1 publicly disclosed vulnerability, and 11 critical RCE vulnerabilities. Find a full breakdown in a new blog:

🎣 Social engineering isn’t just phishing anymore. Today's threat actors are bypassing controls via real-time impersonation, help desk fraud & more. In a new blog, check out 3 ways social engineering is evolving – plus how security teams can stay ahead:

🚨 During a Virtual Desktop Infrastructure (VDI) breakout assessment, Rapid7 identified an LPE vulnerability affecting #Citrix Virtual Apps and Desktops. This issue was assigned CVE-2025-6759 and has a CVSS score of 7.3 (High). Read on in a new blog:

"Third-party systems have become an integral part of many organizations. and are increasingly targeted by threat actors.". Rapid7's @ChristiaanBeek spoke to @guardian about the human side of modern cyberattacks, like those used by Scattered Spider:

Looking for an EAP? Here's the questions you should be asking. The right EAP could be your CTEM program's superpower. Get a checklist of questions that can help identify your must-have capabilities:

🚨 Scattered Spider is a financially motivated cybercriminal group notorious for targeting large enterprises – often by exploiting IT help desks via social engineering. In a new blog, Rapid7 outlines known TTPs, provides defensive recommendations & more:

With agentic AI workflows for MDR, we’ve reimagined alert investigations by building an intelligent partner that knows how to think, plan, and act — & surfaces the right insights to human analysts for action. Read on in a new blog:

Reactive security is a cycle of chasing a never-ending string of vulnerabilities. 🔄 . True exposure management means full attack surface visibility, context, and prioritization. Find guidance on transitioning from VM to EM in a new eBook:

ICYMI: Rapid7 disclosed 8 new vulnerabilities impacting 748 models of multifunction printers across 5 vendors. Find a summary of the vulnerabilities in a blog, plus Rapid7's whitepaper with detailed technical analysis:

Sponsored by Rapid7, the SANS 2025 CTI survey highlights a cyber threat intelligence field that is steadily maturing. How are other cybersecurity professionals navigated the evolving cyber landscape? Download the report:

🚨 On 6/25/2025, Cloud Software Group published a security bulletin for CVE-2025-6543, a memory overflow vulnerability, affecting #NetScaler ADC and NetScaler Gateway. Find exploitation details & mitigation guidance in a new blog:

Rapid7 has observed a recent spike in incidents involving domain generation algorithms (DGAs), leading to a final payload that collects information about infected hosts – such as installed antivirus products, crypto-related applications and wallets & more:

RT @SCMagazine: A zero-day research project into multifunction printers by @rapid7 found eight new vulnerabilities, one of them a critical….

Ransomware keys aren't always reliable: some are broken, some never arrive. Chief Scientist Raj Samani outlines what to expect in ransomware negotiations via @cyberdailyau:

6/25/25 Update: Statistics updated to reflect an additional 6 affected models from Konica Minolta, Inc. Vulnerabilities now impact 748 models across 5 vendors.

RT @stephenfewer: Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coord….