The Rapid7 Blog:
Your Signal in the Security Noise

Insights, stories, and guidance from our global security and research teams.

Weekly security updates — no spam. Privacy Policy.

Featured posts

Introducing Rapid7 MDR for Microsoft

Introducing Rapid7 MDR for Microsoft

Read post
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Read post
What’s New in Rapid7 Products & Services?

What’s New in Rapid7 Products & Services?

Read post
Metasploit Wrap-Up 02/27/2026

Products and Tools

Metasploit Wrap-Up 02/27/2026

Jacquie Harris's avatar

Jacquie Harris

Before the Breach: When digital footprints become a strategic cyber risk

Threat Research

Before the Breach: When digital footprints become a strategic cyber risk

Jeremy Makowski's avatar

Jeremy Makowski

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Vulnerabilities and Exploits

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Rapid7 Labs's avatar

Rapid7 Labs

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Threat Research

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Rapid7's avatar

Rapid7

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Threat Research

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Alexandra Blia's avatar
Efi Sherman's avatar

Alexandra Blia, Efi Sherman

Multi-Tenant API Access: Centralize, Scale, and Secure Your Operations

Products and Tools

Multi-Tenant API Access: Centralize, Scale, and Secure Your Operations

Niall Curry's avatar

Niall Curry

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Threat Research

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Rapid7's avatar

Rapid7

Alert Fatigue Isn’t Going Away. Here’s How Modern SOCs Are Fighting Back

Detection and Response

Alert Fatigue Isn’t Going Away. Here’s How Modern SOCs Are Fighting Back

Rapid7's avatar

Rapid7

Metasploit Wrap-Up 02/20/2026

Products and Tools

Metasploit Wrap-Up 02/20/2026

Diego Ledda's avatar

Diego Ledda

Hacktivism and the Winter Olympics 2026: What We’re Seeing and What it Signals

Industry Trends

Hacktivism and the Winter Olympics 2026: What We’re Seeing and What it Signals

Emma Burdett's avatar

Emma Burdett

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Vulnerabilities and Exploits

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Douglas McKee's avatar

Douglas McKee

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Vulnerabilities and Exploits

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

Cloud and Devops Security

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

Rapid7's avatar

Rapid7

Metasploit Wrap-Up 02/13/2026

Products and Tools

Metasploit Wrap-Up 02/13/2026

Christopher Granleese's avatar

Christopher Granleese

Carding-as-a-Service: The Underground Market of Stolen Cards

Threat Research

Carding-as-a-Service: The Underground Market of Stolen Cards

Alexandra Blia's avatar
Maor Weinberger's avatar

Alexandra Blia, Maor Weinberger +1

Patch Tuesday - February 2026

Exposure Management

Patch Tuesday - February 2026

Adam Barnett's avatar

Adam Barnett

Measuring AI Security: Separating Signal from Panic

Threat Research

Measuring AI Security: Separating Signal from Panic

Christiaan Beek's avatar

Christiaan Beek

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Vulnerabilities and Exploits

CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Rapid7's avatar

Rapid7

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Vulnerabilities and Exploits

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Rapid7's avatar

Rapid7

Metasploit Wrap-Up 02/06/2026

Products and Tools

Metasploit Wrap-Up 02/06/2026

Christopher Granleese's avatar

Christopher Granleese

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Threat Research

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Rapid7's avatar

Rapid7