Lightnews — Scholar-powered news

Rapid7 @rapid7.com · 3h

🚨 On 10/15/25, #F5Networks disclosed a breach attributed to a sophisticated nation-state actor – confirming unauthorized access to select internal systems that dates back to August 2025.

Read on for Rapid7 Labs' analysis & actionable next steps: r-7.co/46VivhN

Inside the F5 Breach: What We Know and Recommended Actions

Rapid7 Labs reports & advises on a breach that F5 Networks recently disclosed – attributed to a sophisticated nation-state actor.

r-7.co

Rapid7 @rapid7.com · 1d

Microsoft’s October Patch Tuesday fixes 172 vulnerabilities, including 6 zero-days and 5 critical RCEs.

Microsoft reports exploitation in the wild for 3 zero-days and public disclosure for another 3. Only 1 critical RCE is considered likely to be exploited.

Full analysis: https://r-7.co/4oEU4vh

Rapid7 @rapid7.com · 2d

👾 Get to know Russian Market, the underground hub where info-stealing malware logs & stolen user credentials are traded daily.

Dive into key vendors, malware variants & more via our latest research blog: r-7.co/4hdurir

Rapid7 @rapid7.com · 9d

🚨 Rapid7 has observed increased activity involving a new threat group and #AWS cloud environments.

Self-referred to as ‘Crimson Collective’, the group has claimed responsibility for the recent theft of private repositories from the #RedHat GitLab. More: r-7.co/48ltfqS

1

Rapid7 @rapid7.com · 10d

⚠️ The auto industry, retail, & the public sector have one thing in common: each was impacted by cyberattacks in some new (and costly) way in 2025.

October is Cybersecurity Awareness Month, and it's high time for orgs everywhere to 'be ready.' Read on ⤵️

What Recent Cyber Attacks Reveal About Readiness in 2025

Retail, automotive, public sector, transport, and legal services have all been impacted in new and costly ways - exposing organizations not just to downtime and data loss, but to a more systemic risk:...

r-7.co

1

Rapid7 @rapid7.com · 10d

On 10/4/25, #Oracle published an advisory & patch for CVE-2025-61882 – an RCE vuln affecting the Oracle Concurrent Processing product within E-Business Suite (EBS).

Claims of exploitation in-the-wild at the hands of #Cl0p are supported. More in our blog: r-7.co/46VXYbM

Critical 0day in Oracle E-Business Suite exploited in-the-wild

A new vulnerability, CVE-2025-61882, affecting Oracle E-Business Suite has been exploited in-the-wild by the Cl0p ransomware gang.

r-7.co

2

Rapid7 @rapid7.com · 13d

“At the end of the day, it’s about peace of mind. Customers trust us to watch their backs so they can focus on running their business.” 🛡️

In our SOC, that’s the mission.

Rapid7 @rapid7.com · 14d

🚨 The Rapid7 MDR team has observed a significant rise in the number of threat actors leveraging Direct Send, a lesser-known feature within #Microsoft365.

Find our mitigation advice & more in a new blog: r-7.co/3VMtAeH

Rapid7 @rapid7.com · 15d

Automated security scanners are often stopped in their tracks by MFA. This is great for security, but poses a challenge for scanning.

Luckily, Rapid7's InsightAppSec makes it easy to handle Time-based One-Time Passwords (TOTP). Find a guide in our blog: http://r-7.co/46DTiXV

Rapid7 @rapid7.com · 16d

Threat actors are exploiting CVE-2025-53770, a critical Microsoft #SharePoint vulnerability, to gain initial access to victim networks – notably across the public sector.

Find actionable next steps & a free download of Rapid7's September Threat Report in our latest blog: r-7.co/3VILFu7

Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know

Rapid7's September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770 – used by threat actors to gain initial access to government syste...

r-7.co

Rapid7 @rapid7.com · 21d

🚨 On September 25, 2025, #Cisco published advisories for 3 vulnerabilities affecting multiple different Cisco products.

CVE-2025-20333 & CVE-2025-20362 are known to be exploited in the wild, while the third, CVE-2025-20363, is at high risk thereof.

More in our blog: r-7.co/4pLZs0Y

Multiple critical vulnerabilities affecting Cisco products | CVE-2025-20333, CVE-2025-20362, CVE-2025-20363

On September 25, 2025, Cisco published advisories for 3 notable vulnerabilities affecting many different products. 2 are known to be exploited in the wild, while the third is at high risk for exploita...

r-7.co

1

Reposted by Rapid7

Stephen Fewer @stephenfewer.bsky.social · 22d

We have published our AttackerKB @rapid7.com Analysis for the recent GoAnywhere MFT vuln, CVE-2025-10035. It's an access control bypass + unsafe deserialization + an as-yet unknown issue in how an attacker can know a specific private key! attackerkb.com/topics/LbA9A...

CVE-2025-10035 | AttackerKB

On September 18, 2025, Fortra published a security advisory for a new vulnerability affecting their managed file transfer product, GoAnywhere MFT. The new vuln…

attackerkb.com

1 2 5

Rapid7 @rapid7.com · 23d

Most SIEMs collect data. Incident Command helps you act on it.

AI-powered workflows give analysts speed and clarity, while leaders see progress they can measure. Faster investigations, smarter response, real outcomes.

🔗 https://r-7.co/4n01JUs

Rapid7 @rapid7.com · 23d

⚠️ Rapid7 has identified a permission bypass vuln. in multiple versions of #OnePlus OxygenOS installed on its Android smartphones.

When leveraged, any app on the device may read SMS/MMS data & metadata via the default Telephony provider. More in our blog: r-7.co/42EujlR

1 1

Rapid7 @rapid7.com · 27d

Analysts shouldn’t have to carry the weight of 4,400 alerts a day.

Incident Command flips the model: AI trained by Rapid7’s SOC drives accurate triage, guided investigations, and a unified workflow that actually accelerates analysts.

🔗 https://r-7.co/4mui03e

Rapid7 @rapid7.com · 27d

🚨 On 9/18/2025, #Fortra published an advisory for CVE-2025-10035, a new vulnerability affecting GoAnywhere MFT.

The vulnerability allows an attacker to achieve unauthenticated remote code execution. More details & mitigation guidance in a new blog: https://r-7.co/4mAaweQ

Rapid7 @rapid7.com · 28d

Casinos rely on eyes in the sky to see every table and every move.

Rapid7 gives you that same clarity across your environment—endpoint to cloud, users to attackers—with the context to act.

Watch the full interview for more insights: https://r-7.co/45Rshje

Rapid7 @rapid7.com · 28d

🚨 Yesterday, September 17, 2025, #SonicWall disclosed a security breach affecting customers with MySonicWall[.]com cloud backups enabled.

Rapid7 has updated its September 10 blog with the latest guidance: r-7.co/46hbAOu

Akira Ransomware Group Utilizing SonicWall Devices for Initial Access

The Rapid7 MDR team is continually monitoring our customers’ environments for post-exploitation activity using the latest threat detections. Customers leveraging Rapid7’s Intelligence Hub can track th...

r-7.co

Rapid7 @rapid7.com · Sep 16

You may be outnumbered, but with Rapid7 MDR, you're never outmatched.

Rapid7 MDR delivers expert-led, attacker-aware detection and response across every corner of your environment.

Discover the Rapid7 MDR difference: https://r-7.co/3Ibgi8r

Rapid7 @rapid7.com · Sep 12

September #PatchTuesday: 176 fixes, five critical RCEs, and multiple zero-days. Key priorities include SQL Server (CVE-2024-21907), Azure HPC (CVE-2025-55232), and SMB server (CVE-2025-55234).

Full analysis 👉 https://r-7.co/4m9MBm1

1

Rapid7 @rapid7.com · Sep 11

In Q2, 2025...

🛡️ Bunny Loader was still one of the most commonly observed malicious files
🛡️ Helpdesk & MS Teams remained top targets for social engineering
🛡️ Valid accounts with no MFA: here for the long haul

More insights from our IR team in a new blog: r-7.co/4mZrTqr

1

Rapid7 @rapid7.com · Sep 11

🚨 An #Akira ransomware campaign targeting #SonicWall devices kicked off early August, 2025.

While initially believed to be a new, emerging threat, SonicWall has since disclosed disclosed this is related to a CVE from 2024.

More in our latest blog: https://r-7.co/46hbAOu

Akira Ransomware Group Utilizing SonicWall Devices for Initial Access

The Rapid7 MDR team is continually monitoring our customers’ environments for post-exploitation activity using the latest threat detections. Customers leveraging Rapid7’s Intelligence Hub can track th...

r-7.co

1

Rapid7 @rapid7.com · Sep 10

Salt Typhoon uses rootkits, backdoors, & “living-off-the-land” tools to infiltrate telecoms & critical sectors worldwide.

🛡️ Our report covers their TTPs and provides defensive recommendations for defenders: https://r-7.co/3VHDz4V

Rapid7 @rapid7.com · Sep 9

What if your company’s network was already for sale?

Initial Access Brokers are selling access, often with user privileges, for as little as $500. Our 2025 Access Brokers Report shows how they operate and how to fight back: r-7.co/411cmgP

Rapid7 @rapid7.com · Sep 4

Learn from casinos. Seriously. They observe everything, manage risk tightly, and the house always wins.

Can your security program do the same? Watch the full interview for more insights: https://r-7.co/45Rshje