Rapid7 is a leader in AI-powered managed cybersecurity operations. 11,500 customers utilize Rapid7 to disrupt attackers and advance their cyber resilience.

Joined March 2009
2,418 Photos and videos
Threat actors are integrating AI into their exploit chains. Rapid7's Red Team is doing the same. A newly formalized multi-agent system follows our pen testing methodology end-to-end – from scoping an engagement to validating findings & generating reports: r-7.co/4y2fZlp
1
1
1,300
During a recent private sector consultation with the White House, Corey Thomas and Sabeen Malik presented Rapid7’s new policy paper: Modernizing Global Vulnerability Standards. Get the full picture in our latest blog, and find a download link within: r-7.co/3Rb0sPw
3
1,354
πŸ”Ž In a special episode of Hacktics & Telemetry, your hosts (@fulmetalpackets and @_CryptoCat) dedicate the entire runtime to the story of how @brutecat made $500K in bug bounties hacking Google's core. ▢️ YouTube: r-7.co/4uHQaUG 🎧 Spotify: r-7.co/4eqmIN2
1
2
7
1,582
The security environment is changing faster than today's operating model. That means the operating model needs to change. πŸ‘‰ Get Rapid7's latest eBook – Preemptive Security: From Resilience to Action. Find a download link in our blog: r-7.co/4xDrVK3
2
1,051
Rapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor #DroppingElephant, characterized by the use of a China-themed decoy document to deliver a heavily reworked, in-memory RAT. Technical analysis, IoCs & more: r-7.co/4va2vSF
13
54
6,184
🚨 On 6/10/26, #Oracle published a security alert for CVE-2026-35273, a critical vuln. affecting PeopleSoft Enterprise PeopleTools. The campaign has been attributed to the ShinyHunters collective, well known for data theft and extortion. More in our blog: r-7.co/4aEClz9
1
1
16
2,396
AI is actively embedding itself into today's criminal tradecraft – lending itself to social engineering, fraud, impersonation, identity abuse & more. Get to know tools like WormGPT and BruteforceAI, plus, how orgs should react, all in a new blog: r-7.co/4ooQFS7
3
10
2,322
🚨 On 6/9/26, #Ivanti published a security advisory for 2 critical vulns affecting Ivanti Sentry (FKA MobileIron Sentry). CVE-2026-10520 (CVSS 10.0) is an OS command injection vuln, and CVE-2026-10523 (CVSS 9.9) is an authentication bypass vuln. Read on: r-7.co/4arpQHd
1
4
13
2,849
Rapid7 is joining @Anthropic’s Project Glasswing, gaining access to Claude Mythos Research Preview. We will explore internal use cases across product security, vuln research, red-teaming, and D&R – building on our focus of AI-powered, preemptive security: r-7.co/4e1qwEi
1
1
14
1,712
πŸ‘Ύ In Hacktics & Telemetry, Ep7, @fulmetalpackets and @_CryptoCat break down expensive AI operational blunders, a grueling race against vendor patches, and a critical 0-day vuln in self-hosted Git software. 🎀 Spotify: r-7.co/4oi7s9u ▢️ YouTube: r-7.co/4oiOmQL
6
956
🚨 On 6/8/26, #CheckPoint published an advisory for a critical vuln. affecting its Remote Access VPN, Mobile Access & Spark Firewall products. CVE-2026-50751 allows an unauth. attacker to establish a VPN session without providing valid credentials. More: r-7.co/4fyoJJc
3
15
48
8,775
⚠️ In conducting a 0-day research project against an #HP Poly VVX 450 VoIP phone, Rapid7 Labs discovered CVE-2026-0826 – a critical unauthenticated stack-based buffer overflow vuln affecting all VXX series and 3 Trio IP Conference series models. Read on: r-7.co/4wQuXul
1
18
55
6,991
#PaloAltoNetworks published a security advisory for CVE-2026-0257. Exploitation of this vulnerability allows a remote unauthenticated attacker to establish a VPN connection through the GlobalProtect gateway of an affected appliance. More via our blog: r-7.co/4uzDIao
13
27
5,802
Headed to #GartnerSEC next week? Meet up with Rapid7 at Booth #909! Don't miss our featured session – in The CISO's Role in Enterprise Transformation, Rapid7 leaders offer their candid perspectives on embedding security into the fabric of the business: r-7.co/4x2G4jV
2
1,556
Rapid7 reposted
Found an unpatched RCE in Gogs πŸ‘€ Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup @metasploit module available now! πŸ”—rapid7.com/blog/post/ve-auth…
1
32
171
15,587
🌐 Announcing Rapid7's Threat Landscape Report for Q1, 2026. Threat actors favor 0-click vulns over social engineering, lines blur between state actors & hacktivist groups, and the cybercriminal economy splinters. Blog: r-7.co/49Ybbmw Report: r-7.co/43koLwV
1
10
1,701
On May 14, #PaloAltoNetworks published a security advisory for CVE-2026-0265 –a signature verification vulnerability that facilitates authentication bypass on PAN-OS. Palo Alto Networks assigned CVE-2026-0265 a β€œHigh” 7.2 CVSS score. More via our blog: r-7.co/438oEV7
1
6
1,732
🚨 Rapid7 Labs has discovered an authentication bypass vuln. affecting #Cisco Catalyst SD-WAN Controller (FKA vSmart). CVE-2026-20182 has a Critical CVSSv3.1 score of 10.0 and allows a remote unauth. attacker to perform privileged operations. Read on: r-7.co/4uLxSlR
3
45
118
23,878
In Episode 5 of Hacktics and Telemetry, @fulmetalpackets & @_CryptoCat talk zero-click XSS vulns (featuring @J0R1AN), bug bounty updates, Copyfail, and @metasploit's new MCP server πŸ”₯ πŸ‘‰ Full video on YouTube: r-7.co/49wOqG9 🎧 Audio on Spotify: r-7.co/436KHLS
7
1,497
Rapid7 observed a recent enterprise intrusion that began with a fake IT support Teams message, escalated via fake lock screens, Python-based RATs & a kernel exploit, then secured domain-wide credential access – all within 2 days. Get to know #ModeloRAT: r-7.co/4npcZuB
2
11
39
4,684