Rapid7 Research

Building a safer world through open sources that go beyond code

View Open Datasets

Research at a Glance

Our Philosophy

We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.

Latest Research

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker to turn any stolen Exchange user account into a complete system compromise. In many implementations, this could be used to completely compromise the entire Exchange environment...
Tom Sellers
Apr 06, 2020
Read More
Rapid7 2020 Threat Report: Exposing Common Attacker Trends
If you joined Rapid7 at RSAC 2020 just a few days ago, you probably caught wind of Rapid7’s end-of-year threat report. I’m happy to announce that now that the RSAC dust has settled, we’ve released that report here. <!--kg-card-begin: html--> Read the full Rapid7 2020 Threat Report today Get Started <!--kg-card-end:...
Tod Beardsley
Mrz 03, 2020
Read More
How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways
This blog was co-authored by Mark Hamill and Bob Rudis. There’s nothing quite like attending the annual RSA security conference in San Francisco, but amid the noise of more than 40,000 attendees, hundreds of vendors, and a whirlwind of information, it can be tough to pull out key messages to take back...
Mark Hamill
Mrz 02, 2020
Read More
View More Research
Impact Across Industries
Rapid7 researchers constantly work to uncover unknowns as far as technology reaches.
Consumer Technology
It’s hard to imagine our lives without tech glued to our hands. Reality is, security risks are present in even the most unassuming, commonplace devices. Over the years, our researchers have discovered and made public several critical vulnerabilities capable of compromising your personal data and safety in everything from printers, baby monitors, vehicles, and even children’s toys.
Business Technology
It’s no big secret that security has far-reaching impacts on a business—including on its bottom line. The work of our researchers has helped global organizations secure their internal processes, as well as the safety of the customers who rely on them; these improvements can be seen in medical devices, healthcare software, broadcasting equipment, corporate networks, and more.
Public Infrastructure
While most of us don’t spend our days thinking about critical infrastructure, it’s core to the functioning of our world as we know it. Therefore, as the need to innovate it grows, so does our need to secure it. Given our collective dependency on infrastructure, our researchers make it a priority to investigate how to secure emerging tech like smart sensors, while our Public Policy efforts aim to help governments adopt these innovations securely.

Vulnerability Disclosures

Stay ahead of attackers by keeping up with the latest disclosures. Rapid7 is a CVE Numbering Authority, helping drive industry standards for vuln and exposure identifiers and classification. Learn about our Vulnerability and Disclosure Policy.

Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Wow, this past week has been a pretty long year for Zoom. As the COVID-19 global pandemic moved the whole knowledge-working world abruptly to work-from-home, virtual meetings are rapidly becoming de rigueur for pretty much everyone I know. As a result, Zoom's stock price hit an all-time high in mid-March...
Tod Beardsley
Apr 02, 2020
Read More
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC. A malicious actor who gains authenticated, administrative access to a Barracuda Load Balancer ADC can edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system,...
Sam Huckins
Mrz 05, 2020
Read More
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
A number of information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries intended to work with the Bloomsky SKY2 Weather Camera Stations. This includes individual users' email addresses, mobile operating system information, and lat/long geographical data, which...
Tod Beardsley
Jan 29, 2020
Read More
Submit a Vulnerability
The Minds Behind the Research
Meet the Full Team
Tas Giakouminakis
Tas Giakouminakis
Bob Rudis
Bob Rudis
Derek Abdine
Derek Abdine
Tod Beardsley
Tod Beardsley
Deral Heiland
Deral Heiland

Where Research Meets the Roadmap

Explore how Rapid7’s unparalleled understanding of attackers makes our products more powerful.

  • Threat feed dashboard informed by Project Heisenberg honeypots in InsightVM
  • Attacker Based Analytics sourced from Projects Sonar and Heisenberg and threat intelligence in InsightIDR
  • Accelerated discovery and coverage of zero-days and other low-notice exploits in InsightVM
  • Discovery of internet-facing assets in InsightVM using integration with Project Sonar
  • Identification of weak or distrusted certs using research on SSL certificate ecosystem
View All Products

Want to dive deeper into our research data?

View Open Data