Rapid7

Exploited high and critical vulnerabilities increased 105% YoY‼️ Attackers are moving faster than ever, collapsing disclosure timelines, industrializing ransomware, and accelerating attacks with AI. More in the new 2026 Global Threat Landscape Report: r-7.co/4dsL49S

🚨 Rapid7 Labs recently identified a chain of security vulns in #Gainsight Assist, an email plugin for the popular Customer Success software. CVE-2026-31381 & CVE-2026-31382 are an info. disclosure flaw and a reflected XSS vulnerability, respectively: r-7.co/4uG8I93

☁️ Most cloud security programs that still rely on static assessment could be overlooking active exploits. Rapid7 Exposure Command brings runtime validation and data context to help teams identify and prioritize risk. 📰 r-7.co/479uojW

We're forging ahead on Ep. 2 of Hacktics and Telemetry as we speak! In the meantime, enjoy a clip as hosts @fulmetalpackets & @_CryptoCat unpack one of the featured threats du jour – now AI-flavored! ▶️ You can dive into the full episode here: r-7.co/3NiQfP2

Heading to #RSAC next week? You can find Rapid7 at Booth 3102. Come by to chat about the latest threat trends and what they mean for your security program.

Exploited high and critical vulnerabilities increased 105% YoY‼️ Attackers are moving faster than ever, collapsing disclosure timelines, industrializing ransomware, and accelerating attacks with AI. More in the new 2026 Global Threat Landscape Report: r-7.co/4dsL49S

If attackers compromised an identity in your environment, what data could they realistically reach? Rapid7 & @SymmetrySystems have partnered to address that gap, aligning sensitive data intel with real-world exposure paths across human & AI identities: r-7.co/41bGAgB

MDR looks different when it's designed to disrupt attackers earlier in the chain... Not just react to them. Continuous, preemptive threat response is central to Rapid7's upcoming Global Cybersecurity Summit. Sneak a peek at our MDR sessions track here: r-7.co/4bueNwJ

New updates to the Rapid7 PACT Partner Program strengthen how Rapid7 and its partners engage customers and deliver value faster. Partner tiers, streamlined deal motions, and improved program economics support scalable partner-led growth. 📰 r-7.co/4rBnvPS

Social engineering via IT support impersonation is nothing new. Here, the takeaway should be that #Teams often allows any external user to message internal staff – granting threat actors a direct, high-trust channel to your end users.

🚨 Rapid7 MDR is monitoring an increase in phishing campaigns via #MicrosoftTeams, wherein threat actors are impersonating internal IT departments then persuading users to grant remote access. Find our guidance in a new blog: r-7.co/46Y0grO

Rapid7 is bringing new research and insights to RSAC. Christiaan Beek, VP of Cyber Intelligence, will present new research on how threat actors sustain covert telecom espionage using stealth Linux backdoors. More on everything Rapid7 has planned for RSAC: r-7.co/45NKu20

Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details rapid7.com/blog/post/pt-a…

Make room in your RSAC itinerary for Principal Researcher (IoT) Deral Heiland's session on how hardware hacking techniques exploit cellular IoT to gain trusted access & how organizations can better defend against these risks. Get the details: r-7.co/3PywfbV | @Percent_X

🎤👾 Introducing Hacktics and Telemetry, a bi-weekly video and audio podcast out of Rapid7 Labs, starring Rapid7's @fulmetalpackets & @_CryptoCat! 🧵 Find Ep 1's companion blog here: r-7.co/4di8tuH ▶️ Or dive right into the full vid on YouTube: r-7.co/3NiQfP2

Today, Rapid7 Labs published 2 advisory blogs around the conflict in Iran: 👉 Iran’s Cyber Playbook | Observed cyber activity & trends: r-7.co/4sFoP5c 👉 Detection Coverage for Rapid7 customers: r-7.co/4be3vfW

Microsoft published 77 vulnerabilities for March's #PatchTuesday. 2 were publicly disclosed, though none have evidence of exploitation in the wild (yet). 🔍 Get the full analysis of what stood out this month: r-7.co/4cFPY3c

🟣 What is Purple Teaming, and what does it look like in practice? The marriage between red & blue teams aims to replace assumption with tested validation. Get the rundown for your security program here: r-7.co/4df4leV

🔎 Rapid7 Labs has identified an ongoing, widespread compromise of legitimate #WordPress websites, including regional news outlets, local business websites, and in one case, a Senator's official webpage. Find our full technical analysis in a new blog: r-7.co/3MXudl0

The RAMP forum was a prominent hub for threat actors until early 2026, when the FBI seized its infrastructure. The result was a splintering of groups, actors, and tactics – and now, less visibility into centralized coordination. More from Rapid7 Labs: r-7.co/3PeOnY9

Rapid7's Global Cybersecurity Summit is back ⤵️ For the first time ever, the Summit will span 2 days, with dedicated tracks designed to meet the distinct needs of security leaders and practitioners alike. 👀 More details coming soon. Save your spot: r-7.co/4b33TxJ