Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Accenture confirms breach after hacker steals 35GB of source code and other data
July 9, 2026
Accenture has confirmed suffering a cyberattack, days after threat actors started selling an archive allegedly coming from the firm. “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” Accenture said in a statement. It follows a relatively unknown threat actor called 888 posting ...
- 6.9 million driver’s license numbers stolen from AssuranceAmerica
July 9, 2026
Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents. The breach notice letter also mentions information about customers’ auto insurance policies and accounts, their drivers and ...
- Fake Netflix, Coca-Cola, and FIFA job scams target marketers
July 7, 2026
Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA. The lure is a fake job interview or scheduling request from a “recruiter” representing one of ...
- Hacktivists call out Trump by hacking and defacing US Army websites
July 7, 2026
The U.S. Army has reportedly fixed two of its websites that had been defaced to display pro-Kurdish messages and to call out President Donald Trump, the latest case of hackers compromising systems run by the federal government in recent months. Security researcher Ronald Lovelace told Cyberscoop, which first reported the defacements, that error pages were modified on two U.S. Army ...
- When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
July 6, 2026
One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly ...
- Fake IT bods on Microsoft Teams coax workers into installing malware
July 6, 2026
Cybercriminals are using fake IT support calls on Microsoft Teams to persuade employees to surrender control of their PCs before installing the EtherRAT remote access trojan, according to researchers at Palo Alto Networks’ Unit 42. Victims receive a phishing email disguised as an employee survey before a follow-up Microsoft Teams call from someone claiming to be IT ...

