Back to Blog

Posts tagged Research

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Threat Research

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

Milan Spinka's avatar

Milan Spinka

Before the Breach: When digital footprints become a strategic cyber risk

Threat Research

Before the Breach: When digital footprints become a strategic cyber risk

Jeremy Makowski's avatar

Jeremy Makowski

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Threat Research

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Rapid7's avatar

Rapid7

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Threat Research

The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground

Alexandra Blia's avatar
Efi Sherman's avatar

Alexandra Blia, Efi Sherman

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Threat Research

New Report: The Digital Footprints of Many Executives Can Leave Their Companies Seriously Exposed

Rapid7's avatar

Rapid7

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Vulnerabilities and Exploits

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Douglas McKee's avatar

Douglas McKee

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Vulnerabilities and Exploits

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Measuring AI Security: Separating Signal from Panic

Threat Research

Measuring AI Security: Separating Signal from Panic

Christiaan Beek's avatar

Christiaan Beek

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Threat Research

Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next

Rapid7's avatar

Rapid7

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Threat Research

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Ivan Feigl's avatar

Ivan Feigl

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Vulnerabilities and Exploits

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Deral Heiland's avatar
Sam Moses's avatar

Deral Heiland, Sam Moses

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Vulnerabilities and Exploits

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Ryan Emmons's avatar

Ryan Emmons

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Threat Research

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Alexandra Blia's avatar
Gal Givon's avatar

Alexandra Blia, Gal Givon

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Vulnerabilities and Exploits

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons's avatar

Ryan Emmons

Threat Landscape of the Building and Construction Sector Part Two: Ransomware

Threat Research

Threat Landscape of the Building and Construction Sector Part Two: Ransomware

Jeremy Makowski's avatar

Jeremy Makowski

Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report

Threat Research

Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report

Rapid7's avatar

Rapid7

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

Threat Research

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

Jeremy Makowski's avatar

Jeremy Makowski

Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know

Threat Research

Salt Typhoon APT Group: What Public Sector Leaders and Defenders Should Know

Rapid7 Labs's avatar

Rapid7 Labs

Defend Smarter, Not Harder: The Power of Curated Vulnerability Intelligence

Products and Tools

Defend Smarter, Not Harder: The Power of Curated Vulnerability Intelligence

Stephen Fewer's avatar

Stephen Fewer

Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond

Industry Trends

Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond

Jeremy Makowski's avatar

Jeremy Makowski

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Vulnerabilities and Exploits

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

Stephen Fewer's avatar

Stephen Fewer