@rapid7.com
Rapid7 is a leader in AI-powered managed cybersecurity operations, trusted to advance organizationsβ cyber resilience. Unified exposure and detection enable 11,500+ customers to reduce risk and disrupt attackers. π: rapid7.com
The RAMP forum was a prominent hub for threat actors until early 2026, when the FBI seized its infrastructure.
The result was a splintering of groups, actors, and tactics β and now, less visibility into centralized coordination. Get the full story in a research blog from Rapid7 Labs: r-7.co/3PeOnY9
Rapid7's Global Cybersecurity Summit is back ‡οΈ
For the first time ever, the Summit will span 2 days, with dedicated tracks designed to meet the distinct needs of security leaders and practitioners alike.
π More details coming soon. Save your spot: https://r-7.co/46yJyir
When #Anthropic announced Claude Code Security, the market reacted immediately, a legitimate signal that AI is already reshaping parts of the security landscape.
The questions now are what parts, and what this means for the rest of the stack. More: r-7.co/4co5Irt
Threat actors today are weaponizing digital footprints β correlating data on systems, infrastructure, and especially employees β often without generating a single security alert.
More in our blog. Find a free download of Rapid7 Labs' latest report within: r-7.co/3MtmMlm
π¨ On 2/25/26, #Cisco disclosed a critical authentication bypass vuln. in Cisco Catalyst SDβWAN Controller & SDβWAN Manager β tracked as CVEβ2026β20127.
Exposure in the wild led CISA to issue an emergency directive requiring that patches be installed by 2/27. More: r-7.co/3MvmEln
The Jan. 2026 seizure of RAMP disrupted a major ransomware coordination hub, but it did not dismantle the ecosystem behind it. It destabilized trust and accelerated fragmentation across the underground.
Get the full story in our latest blog: r-7.co/4qW3yTy
An executiveβs online footprint can be more than a privacy issue, itβs also a business risk. π£
Rapid7 Labs analyzed 100s of engagements from 2024-2025 to understand how exposed todayβs executives really are, & what that means for the enterprise. Read on: https://r-7.co/46mH0E3
SOC teams are flooded with signals but still lack the context to act. False positives and low-value alerts slow investigations and pull focus from real threats.
Our latest eBook outlines 4 practical shifts to move beyond alert fatigue π https://r-7.co/4aO37EH
π
πΏ The '26 Winter Olympics have been live for several weeks, and threat intel has reported a surge in hacktivist chatter.
Some actors are actively targeting the defense industry, as well as orgs that might overlap with Olympic infrastructure & supply chains. More in a new blog: r-7.co/4kRFCzm
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
π Read more: www.helpnetsecurity.com/2026/02/19/g...
#cybersecurity #cybersecuritynews #securityupdate #vulnerability #VoIP #SMBs @rapid7.com @stephenfewer.bsky.social @fulmetalpackets.bsky.social
We have disclosed CVE-2026-2329, a critical unauth stack-based buffer overflow vuln affecting the Grandstream GXP1600 series of VoIP phones. Read our disclosure on the @rapid7.com blog, including technical details for unauth RCE, and accompanying @metasploit-r7.bsky.social modules: r-7.co/4tIzope
π¨ In conducting 0 day research against #Grandstream GXP1600 VoIP phones, Rapid7 Labs discovered CVE-2026-2329.
The unauthenticated stack-based buffer overflow vulnerability ultimately allows an attacker to intercept phone calls and eavesdrop on audio. Read on: r-7.co/4tIzope
What happens when stolen credit card data is sold like a service? π³
Dump shops have evolved into carding-as-a-service (CaaS) marketplaces bundling stolen card data, tools, and support.
A new blog explores how these illegal marketplaces operate: https://r-7.co/463WvAF
For Februaryβs #PatchTuesday, Microsoft published 55 vulnerabilities.
6 are already being exploited in the wild, and 3 were publicly disclosed before patches were released. Here's what to know before you patch: https://r-7.co/4rcV1fX
Each week, headlines warn of AI-driven jailbreaks, agents gone rogue, and LLM-enabled cybercrime β raising important questions, but rarely answering the most basic one:
What does the attack surface of today's AI systems actually look like? Rapid7's Christiaan Beek ran the numbers: r-7.co/4r9aq0B
π¨ On 2/6/26, #BeyondTrust disclosed a critical RCE vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products.
The flaw has been assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9.
More in the Rapid7 blog: r-7.co/4arAjln
Your Friday reading sorted: Rapid7's findings around the 'Chrysalis' backdoor & Notepad++ compromise made their media rounds this week.
Dive into some of the top pieces below:
ποΈ Reuters: r-7.co/4qhvpNH
ποΈ TechCrunch: r-7.co/4tcjuTQ
ποΈ BleepingComputer: r-7.co/4kkDEHp
ποΈ The Hacker News: r-7.co/4cfkgJD
After publishing our analysis of the Chrysalis backdoor (and Notepad++ compromise), customers & security teams had questions.
π Find an FAQ rundown in our latest blog, plus a link to Christiaan Beek's "Inside Chrysalis" session, now available on demand: r-7.co/3MrkJxZ
Rapid7 thanks @AiexGP (on X) for contributing the IoCs we've shared in our blog.
π Rapid7 Labs, alongside our MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group #LotusBlossom.
Find a deep technical analysis of the custom backdoor 'Chrysalis', Notepad++, Warbird, and more in our latest blog: r-7.co/4kaerPA
π¨ On 1/29/26, #Ivanti disclosed 2 new critical vulnerabilities affecting Endpoint Manager Mobile (EPMM): CVE-2026-1281 & CVE-2026-1340.
The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. More in our blog: r-7.co/4qZBsaH
Which #Microsoft vulnerabilities were of the most value to attackers in 2025? Turns out, the more things change, the more they stay the same.
Tech debt, backwards compatibility, elevations of privilege, and a dash of AI β this blog's got it all. Dive in: r-7.co/4qaqduX
π¨ On 1/28/26, #SolarWinds published an advisory for multiple new vulns affecting their Web Help Desk product.
Of the 6 new CVEs, 4 are critical, and allow a remote attacker to either achieve unauthenticated RCE or bypass authentication. Read on: r-7.co/4rgPjsR
π Geopolitics, insider risk, and threat intel have long influenced our world's cyber operations. What's changing is how they're now affecting everyday, company-level security decisions.
Read on and find a link to Rapid7's year-end session on demand here: r-7.co/4b9aQz3
π Rapid7 MDR now delivers preemptive detection, investigation, & response for Microsoft environments.
Defender signals are integrated into Rapid7 MDR, where they are monitored and investigated by our SOC with exposure and asset risk context. Learn more: https://r-7.co/4a5emcw
π¨ In November 2025, a critical vuln. was patched in #n8n, a popular piece of automation software.
The advisory for (what the finders have dubbed) #Ni8mare was published on January 7, 2026 β now tracked as CVE-2026-21858 with a CVSS score of 10.0.
More: r-7.co/3Z3aGBP
New year, same mission: helping teams take command of the attack surface. π₯
Wishing you a secure New Year from Rapid7!
Here are the top 3 predictions Rapid7 experts are seeing for 2026 π
Now available on demand, Rapid7βs cybersecurity predictions webinar breaks down what those shifts could mean for security teams in the year ahead: https://r-7.co/4j48Wlf
π¨ On 12/19/25, MongoDB Inc. disclosed a critical new vuln. affecting #MongoDB β one of the most popular document-oriented databases.
CVE-2025-14847, or #MongoBleed, is a high-severity unauthenticated memory leak. More in the Rapid7 blog: r-7.co/4piWbER
π¨οΈ Advancements in #MFP devices allow them to be conveniently integrated throughout enterprise environments. But they're often left overlooked & underprotected β breeding far-reaching security implications.
Dive into the latest research from Rapid7: r-7.co/44u48zq
