In Command and Under Control

Welcome back to the Rapid7 Rundown! As always, find all the latest cybersecurity updates to take command of your attack surface.

Smarter, Faster Investigations with Incident Command

SOC teams face more data, more alerts, and more complexity than ever. Rapid7’s AI-native SIEM, Incident Command, brings clarity to investigations, helping analysts respond faster, cut through noise, and keep their organizations secure.

👉 Learn more about Incident Command

Rapid7 Named a Leader in the Frost Radar™ for Managed Detection and Response

Frost & Sullivan recognized Rapid7 for AI triage accuracy, integration with exposure management, and a unified platform with the same tools our SOC analysts use. MDR delivers 24/7 monitoring, unlimited response, threat hunting, and remediation to help teams reduce risk and stop attacks faster. Learn more about Rapid7’s MDR offering

Rapid7 MDR x RDT Limited

“With Rapid7, we gained the hawkish eyes we needed across our estate — and the confidence that nothing slips through the cracks.” - Laurence H. , Director of IT and Client Services, RDT.

That confidence comes from Rapid7 MDR’s 24/7 monitoring and expert support, giving RDT’s small team the freedom to focus on long-term strategy instead of chasing every alert.

The result: stronger security, less noise, and a clear roadmap for the future. Read the full RDT story.

What's popping up on the security landscape?

Our researchers continue to uncover the attacker behaviors that defenders must stay ahead of. Here are the latest findings from Q2 and beyond. ⤵️

• 2025 Access Brokers Report: Access brokers continue to sell compromised VPN, RDP, and domain accounts for as little as $500 — low-cost access that can ultimately lead to multi-million dollar breaches. Our researchers analyzed activity across top dark web forums, uncovering the trends, pricing, and tactics fueling this underground economy.
• Q2 2025 Incident Response Findings: Valid accounts with no MFA were the top initial access vector (43% of incidents), while Bunny Loader remained the most dominant malware across industries. Social engineering and vulnerability exploitation continue to be steady threats that defenders must account for.
• September 2025 Patch Tuesday: Microsoft issued fixes for 176 vulnerabilities, including five critical RCEs and multiple zero-days. Highlights include a long-standing JSON deserialization flaw in SQL Server (CVE-2024-21907) and a critical Azure HPC remote code execution bug (CVE-2025-55232).

See you next time!

Don't forget to subscribe to the Rapid7 Rundown! You can also keep up with the latest at Rapid7 here on LinkedIn, Bluesky, and on X.