Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- German Government Summons Russian Ambassador Over Major Cyberattack
December 12, 2025
The German government has formally summoned the Russian ambassador following the attribution of a significant cyberattack and coordinated disinformation campaign to Russian actors. This development comes amid heightened concerns regarding interference in Germany’s political processes and critical infrastructure. According to official statements, the cyberattack in question targeted the German Air Traffic Control (Deutsche Flugsicherung, DFS) in ...
- Lazarus, Kimsuky Conduct 58 Attacks Targeting South Korea
December 12, 2025
The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit. It has been confirmed that Lazarus carried out at least 31 hacking attacks over the past year. According to AhnLab’s “2025 Cyber Threat Trends & ...
- Google and Apple roll out emergency security updates after zero-day attacks
December 12, 2025
Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. ...
- Data breach at credit check giant 700Credit affects at least 5.6 million
December 12, 2025
At least 5.6 million people had their names, addresses, dates of birth, and Social Security numbers stolen in a data breach at 700Credit, a company that runs credit checks and identity verification services for auto dealerships across the United States. In a statement on its website, the Michigan-based company blamed the October data breach on an ...
- NANOREMOTE, cousin of FINALDRAFT
December 11, 2025
In October 2025, Elastic Security Labs discovered a newly-observed Windows backdoor in telemetry. The fully-featured backdoor Elastic Security Lab call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. One of the malware’s primary features is centered around shipping data back and forth from the victim endpoint using the Google ...
- SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
December 11, 2025
In October and November 2025, campaigns targeting sectors such as energy, defence, pharmaceuticals, and cybersecurity shared characteristics with older campaigns attributed to Void Rabisuopen on a new tab (also known as ROMCOM, Tropical Scorpius, Storm-0978). Void Rabisu is known to be associated with an actor group that has both financial and espionage motivations that are ...