7 min
Incident Response
Rapid7 Q1 2025 Incident Response Findings
Rapid7’s 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
7 min
Vulnerability Disclosure
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
Over a penetration testing engagement, Rapid7 discovered 3 vulnerabilities in MICI Network Co., Ltd’s NetFax server allowing for an authenticated attack chain resulting in Remote Code Execution (RCE) against the device as the root user.
14 min
Research
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote access.
19 min
Vulnerability Disclosure
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.
11 min
Research
2025 Ransomware: Business as Usual, Business is Booming
Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware.
9 min
Research
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
In early 2025, we came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, we decided to investigate whether this was a rebrand or a new threat.
3 min
Research
Fake BianLian Ransomware Letters in Circulation
On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt.
3 min
Vulnerability Disclosure
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered and is disclosing CVE-2025-1094, a high-severity SQL injection vulnerability affecting the PostgreSQL interactive tool psql.
5 min
Research
How To Protect Your Organization's Bluesky Account From Security Threats
This blog explains how to secure your Bluesky account from security threats such as malware and phishing, as well as establishing your identity to help prevent fraud and impersonation.
5 min
Ransomware
The 2024 Ransomware Landscape: Looking back on another painful year
In this post, we’ll examine the latest data points, discuss notable groups, and estimate the potential impact on victims — helping security teams plan their defenses for the months ahead.
9 min
Research
Perfect Fit or Business Threat? How to Mitigate the Risk of Rogue Employees
Recruitment fraud is an expensive and time-consuming threat to business. The risk of malware deployment and data exfiltration is high from threat actors trained to bypass each stage of a typical recruitment process. This blog outlines how an organization can secure the hiring process weak points.
2 min
Research
New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search
As botnets continue to evolve, so do the techniques required to detect them.
5 min
IoT
Out With the Old, In With the New: Securely Disposing of Smart Devices
Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is it broken?
8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.
9 min
Research
New “CleverSoar” Installer Targets Chinese and Vietnamese Users
In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.