Rapid7

Last year, we introduced the concept of taking command of your attack surface — this year, we're going even further. Mark your calendar for the upcoming Take Command Summit, happening on April 9. You don't want to miss this: https://r-7.co/3EW3H79

?? On Wednesday, March 19, 2025, #Veeam published a?security advisory?for CVE-2025-23120, a critical RCE vulnerability affecting domain joined Backup & Replication systems. According to Veeam, all supported versions of Backup & Replication are affected. Find mitigation guidance & more in the Rapid7 blog: https://r-7.co/423kzk6

The TL;DR on Apache #Tomcat CVE-2025-24813: patch, but no need to panic. Disclosed on March 10, 2025, this unauthenticated RCE vuln affects #Apache Tomcat’s partial PUT feature. And while it's reportedly been exploited in the wild, Rapid7 has been unable to confirm any successful exploitation occurring against real-world production environments. ?? Get the latest in our blog: https://r-7.co/4iZ7Cyz

I'm excited to join the Take Command Summit, Rapid7's virtual cybersecurity event, giving my dual perspective as both a (former) threat actor and a (now) defender on how to build cyber resilience through AI. Please join me and Laura Grace Ellis as we share our thoughts on: - what CISOs really think about AI adoption and security - share how Threat Actors are weaponizing AI to target individuals and businesses - how to utilize AI now that the genie is out of the bottle Join the debate - save your seat below! #ai #cybersecurity #threatactor #ciso?#securityawareness

What attracts attackers the most to your environment? ?? Surface Command answers that question. Discover how threat actors see an attack surface to understand the services or vulnerabilities at greater breach risk. See it for yourself — Get a free, read-only demo experience of Surface Command today: https://r-7.co/41pGyBz

With Managed Threat Complete, Rapid7 is Arcadis' first line of defense. ??? Round-the-clock visibility into their environment has been a huge relief, says Jordy Damen, Global Security Operations Director — and the difference has been transformative. When the software and service are delivered by the same company — a rare, single point of contact — you win. Learn more about Arcadis' journey with Rapid7: https://r-7.co/3FjIwvG

As part of our continued global growth, Rapid7 is expanding into India! ???? Opening in April 2025, Pune will be the home of Rapid7’s newest Global Capability Center (GCC) to serve as an innovation hub and SOC, expanding Rapid7’s ability to provide seamless, 24x7 security operations coverage to our growing customers worldwide. ??? Learn more about the expansion: https://r-7.co/4iwqQLY ?? Join the Rapid7 team in Pune: https://r-7.co/4kAYVMO

“CISOs need to be aware that ransomware is no longer just targeting large companies, but now even mid-sized organizations are at risk." Christiaan Beek, senior director, threat analytics. In CSO Online, 5 things to know about ransomware threats in 2025 ??

The Phish that netted an entire finance firm’s data ???? A fake email, a cloned login page, and a hundred unsuspecting employees. When 8 of them entered their credentials, our pen tester had access to financial data, payroll systems – even proxy rights to other accounts. ?? Rapid7's Under the Hoodie miniseries is back! Find 9 brand new Pen Testing Tales on our YouTube: https://r-7.co/4hPUjAl