Rapid7 Research

Building a safer world through open sources that go beyond code

View Open Datasets

Research at a Glance

Our Philosophy

We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.

Latest Research

How Rapid7 Industry Research Strengthens InsightVM
Every modern organization understands the importance of cybersecurity, but the ever-evolving, increasingly complex threat landscape makes it hard to keep up with where to focus your efforts. A tool that effectively defended your assets last year can quickly become obsolete without new data on attacker...
Vivian Ma
Sep 09, 2019
Read More
This One Time on a Pen Test: Your Mouse Is My Keyboard
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2019 Under the Hoodie report. In one engagement,...
Sep 05, 2019
Read More
Rapid7 Introduces Industry Cyber-Exposure Report: Nikkei 225
Today, Rapid7 released our fourth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Nikkei 225 index. The Nikkei 225 is a selection of Japanese common stocks, drawn from the First Section of the Tokyo Stock Exchange maintained by The Nikkei newspaper....
Tod Beardsley
Sep 03, 2019
Read More
View More Research
Impact Across Industries
Rapid7 researchers constantly work to uncover unknowns as far as technology reaches.
Consumer Technology
It’s hard to imagine our lives without tech glued to our hands. Reality is, security risks are present in even the most unassuming, commonplace devices. Over the years, our researchers have discovered and made public several critical vulnerabilities capable of compromising your personal data and safety in everything from printers, baby monitors, vehicles, and even children’s toys.
Business Technology
It’s no big secret that security has far-reaching impacts on a business—including on its bottom line. The work of our researchers has helped global organizations secure their internal processes, as well as the safety of the customers who rely on them; these improvements can be seen in medical devices, healthcare software, broadcasting equipment, corporate networks, and more.
Public Infrastructure
While most of us don’t spend our days thinking about critical infrastructure, it’s core to the functioning of our world as we know it. Therefore, as the need to innovate it grows, so does our need to secure it. Given our collective dependency on infrastructure, our researchers make it a priority to investigate how to secure emerging tech like smart sensors, while our Public Policy efforts aim to help governments adopt these innovations securely.

Vulnerability Disclosures

Stay ahead of attackers by keeping up with the latest disclosures. Rapid7 is a CVE Numbering Authority, helping drive industry standards for vuln and exposure identifiers and classification. Learn about our Vulnerability and Disclosure Policy.

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
Deja vu all over again In a recent blog post we noted that attackers have been working on exploits for the “BlueKeep” RDP vulnerability for months and there has been a consistent, major uptick in opportunistic/malicious scanning for internet-facing RDP systems, including a few campaigns that have been...
boB Rudis
Aug 13, 2019
Read More
R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
Rapid7 offers IoT Security Testing Services as part of our portfolio of assessment services, and as a result, from time to time, our researchers uncover IoT vulnerabilities in hardware, mobile apps, and cloud infrastructure as part of ongoing academic efforts. This disclosure represents one such independent,...
Tod Beardsley
Aug 01, 2019
Read More
Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
On the evening of July 8, 2019, security researcher Jonathan Leitschuh posted a disclosure on Medium, "Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!." However, it looks like the issues at play are a little more subtle then what this headline might suggest. Here's...
Tod Beardsley
Jul 10, 2019
Read More
Submit a Vulnerability
The Minds Behind the Research
Meet the Full Team
Tas Giakouminakis
Tas Giakouminakis
Bob Rudis
Bob Rudis
Derek Abdine
Derek Abdine
Tod Beardsley
Tod Beardsley

Where Research Meets the Roadmap

Explore how Rapid7’s unparalleled understanding of attackers makes our products more powerful.

  • Threat feed dashboard informed by Project Heisenberg honeypots in InsightVM
  • Attacker Based Analytics sourced from Projects Sonar and Heisenberg and threat intelligence in InsightIDR
  • Accelerated discovery and coverage of zero-days and other low-notice exploits in InsightVM
  • Discovery of internet-facing assets in InsightVM using integration with Project Sonar
  • Identification of weak or distrusted certs using research on SSL certificate ecosystem
View All Products

Want to dive deeper into our research data?

View Open Data