Rapid7 - Experts & Thought Leaders

Rapid7, a pioneer in threat detection and exposure management, has released its Q3 2025 Threat Landscape Report, revealing how threat actors are accelerating the race between vulnerability disclosure and exploitation, consolidating ransomware power structures, and increasingly weaponising artificial intelligence to evade detection.  The report draws from Rapid7’s Intelligence Hub, AttackerKB, incident response, and managed detection and response (MDR) telemetry, offering data-driven insight into how adversaries are evolving and how defenders can adapt. “Ransomware has evolved significantly beyond its early days to become a calculated strategy that destabilises industries,” said Raj Samani, Chief Scientist at Rapid7. “In addition, the groups themselves are operating like shadow corporations. They merge infrastructure, tactics, and PR strategies to project dominance and erode trust faster than ever.” Critical vulnerability exploitation Rapid7’s quarterly analysis shows that the total number of newly exploited vulnerabilities trended downward, dropping 21% from Q2 to Q3. However, adversaries doubled down on older, unpatched weaknesses, including CVEs more than a decade old, indicating that historic exposures remain potent attack vectors. The mass exploitation of critical vulnerabilities in Microsoft SharePoint (CVE-2025-53770) and Cisco ASA/FTD products underscores the narrowing window between patch disclosure and in-the-wild attacks. “The moment a vulnerability is disclosed, it becomes a bullet in the attacker’s arsenal,” said Christiaan Beek, Senior Director of Threat Intelligence and Analytics at Rapid7, adding “Attackers are no longer waiting. Instead, they’re weaponising vulnerabilities in real time and turning every disclosure into an opportunity for exploitation. Organisations must now assume that exploitation begins the moment a vulnerability is made public and act accordingly.” Ransomware activity spikes The quarter also saw 88 active ransomware groups, up from 65 in Q2 and 76 in Q1, signalling an increase in activity as well as underscoring these groups’ fluidity. Groups like Qilin, SafePay, and WorldLeaks led a wave of alliances targetting industries like business services, manufacturing, and healthcare, and experimenting with fileless operations, single-extortion data leaks, and affiliate service offerings, such as ransom negotiation assistance, where a more senior member of the group partners with a less experienced player to extort the victim. Generative AI The report details how generative AI is lowering the barrier for creating convincing phishing campaigns and enabling adaptive malware, such as LAMEHUG, which can dynamically generate new commands. Meanwhile, nation-state operators from Russia, China, and Iran refine their tactics, blurring the line between espionage and disruption by targetting supply chains and identity systems with an emphasis on stealth and persistence.

Rapid7, Inc., a pioneer in threat detection and exposure management, announced AI-generated risk intelligence as part of the Rapid7 Command Platform. Delivered through Remediation Hub, the new capability accelerates remediation by giving security teams a clear, contextual, and actionable view of each exposure, transforming vulnerability data into risk intelligence-informed decisions that help teams to prioritise remediation, and communicate and collaborate with internal teams to drive measurable risk reduction. In addition, Rapid7 added new vulnerability intelligence capabilities to Intelligence Hub, the company’s integrated threat intelligence solution designed to provide security teams with meaningful context and actionable insights for accelerated detection and response. Rapid7’s latest innovations The gap between detection and action continues to widen. According to Forrester, “lack of comprehensive vulnerability and exposure remediation prioritisation strategy is among the biggest IT/security challenges for 22% of enterprise security decision-makers’ organisations.” As threat actors exploit vulnerabilities within days and security teams face mounting pressure to show measurable risk reduction, organisations need faster, more intelligent ways to decide what to fix first. Rapid7’s latest innovations directly address this need, empowering teams to cut through noise, focus on impact, and remediate exposures with precision and confidence. Latest innovations around AI-generated risk “Exposures are growing faster than teams can respond,” said Craig Adams, chief product officer at Rapid7. “Organisations rely on their security partners to give them the context they need to prioritise." "Our latest innovations around AI-generated risk and vulnerability intelligence provide important insights into exploitability, asset criticality, and potential risk. The result: shared context, fewer debates, and faster mean time to remediate (MTTR).” AI-generated risk summaries in Remediation Hub With these new risk summaries, organisations can immediately see which systems are affected, the real-world activity surrounding each risk, and recommend next steps – from patching to applying compensating controls. By embedding AI-driven context directly into these summaries, Rapid7 enables faster decision-making and stronger alignment between security and IT teams. Within seconds, Rapid7’s AI-generated summaries fuse exploit signals, asset criticality, and vulnerability data from multiple sources into a concise, plain-language brief that enables teams to quickly prioritise risks. Each summary provides: Prioritisation clarity based on exploitation likelihood and business impact IT-ready context for tickets and change windows Fact-based urgency using CISA KEV, EPSS, and threat intelligence data Effort estimates for patch coverage and blockers Vulnerability intelligence in Intelligence Hub With its latest vulnerability intelligence capabilities, Intelligence Hub delivers curated, real-world threat context to exploited CVEs, allowing security teams to effectively prioritise remediation efforts based on their organisation’s specific risk. Rapid7's vulnerability intelligence, available within Intelligence Hub, cuts through the noise and alert storms to identify and surface the vulnerabilities that actually matter, rather than leaving security teams to rely on generic security ratings to decipher what is a true risk for their organisation. Vulnerability intelligence capabilities Curated CVE profiles, powered by a combination of Rapid7 Labs vulnerability and threat research, real-world vulnerability assessments from AttackerKB, and public metadata, enable actionable, adversary-aware prioritisation and mitigation of exploited CVEs for security teams. These insights will also be integrated into Remediation Hub, providing customers with threat actor context to support their vulnerability prioritisation process. AI-generated risk summaries will begin rolling out to Exposure Command and Surface Command customers in late November within the Rapid7 Command Platform. Vulnerability intelligence capabilities within Intelligence Hub will also begin rolling out in November.

Rapid7, Inc., a pioneer in threat detection and exposure management, announced the launch of Vector Command Advanced. The new offering adds to its continuous red teaming and exposure validation service to now help organisations meet compliance requirements with internal penetration and segmentation testing on top of validating the effectiveness of internal controls and lateral movement protections.  Vector Command Advanced “Security leaders today are looking for outcomes. Ultimately, they need to be able to demonstrate that their controls work, they’re reducing risk, and they can pass the audit. Vector Command Advanced delivers that proof,” said Craig Adams, chief product officer at Rapid7. “Combined with the deep visibility of Surface Command and the scalable, integrated power of our Command Platform, Vector Command Advanced underscores how automation, integration, and human-led red teaming can transform how organisations manage their attack surface and meet growing regulatory pressure.” Expert-led validation Vector Command Advanced delivers continuous, expert-led validation across both sides of the firewall Vector Command Advanced delivers continuous, expert-led validation across both sides of the firewall, combining always-on red teaming with internal network and segmentation testing. This unified approach helps organisations meet compliance requirements such as PCI, ISO 27001, and NIST, while uncovering and validating real-world attack paths that span both external and internal environments. By emulating adversary behaviour and mapping exposures to business-critical systems, security teams can focus remediation efforts where they matter most and confidently support audit workflows. Automated evidence These capabilities align with Gartner’s definition of Adversarial Exposure Validation (AEV): ”Technologies that deliver consistent, continuous, and automated evidence of the feasibility of an attack.” “These technologies confirm how potential attack techniques could successfully exploit an organisation and circumvent prevention and detection security controls. They achieve this by performing attack scenarios and modelling or measuring the outcome to prove the existence and exploitability of exposures.” Key benefits Key benefits of Vector Command Advanced include: Surface Command integration: External asset discovery enriched with business context to support effective risk prioritisation. Persistent reconnaissance: Continuous mapping of internet-facing exposures from an attacker’s point of view. Internal control validation: Annual, scoped testing of segmentation and internal defenses to meet regulatory and audit standards. Streamlined audit reporting: Advisor-led documentation packaged for compliance frameworks like PCI, ISO, NIST, and internal reviews. Human-led adversary simulation: Real-world attack scenarios, including phishing, lateral movement, and breach simulation using the latest TTPs. Attack path visualisation: Clear mapping of multi-vector exposure chains to drive faster, more targeted remediation.

Despite any negativity you may hear, Hikvision is optimistic about their role in the U.S. market. “We demonstrate that we can be trusted, and that we should be trusted,” says Jeffrey He, Vice President, Hikvision, and President, Hikvision USA and Hikvision Canada. “We have sound products and technology. Our mission in the security industry is to protect, not to harm. Otherwise why would we be in this industry?” Hikvision is committed to investing in the North American market, where there was ‘positive year-over-year growth’ in 2018 and ‘strong’ sales in Q1 this year, according to Eric Chen, General Manager of Hikvision USA and Hikvision Canada. HikCentral central management software The company’s U.S. focus is shifting from products to solution sales, with emphasis on ‘mid-market’ small- and medium-sized businesses (SMBs). The largest verticals are retail and education, and there are emerging opportunities in the cannabis market. Launch of the HikCentral central management software (CMS) is a component of the company’s solution-sales approach. Launch of the HikCentral central management software is a component of the company’s solution-sales approachMr. He acknowledges the growth of ‘anti-China sentiment’ in the United States and other parts of the world, which he says will impact Hikvision’s operations globally. Specifically, in the U.S., ‘political’ elements impacting Hikvision’s business include ongoing tariffs and a trade war, Congressional calls for export controls and sanctions, and a provision of the National Defense Authorization Act (NDAA) that bans use of Chinese video surveillance products in government applications. Specifying cybersecurity initiatives at ISC West In spite of it all, Hikvision’s message at the recent ISC West show was overwhelmingly positive, and the company also detailed cybersecurity initiatives they say put the Chinese company ahead of many competitors in the industry. Eric Chen came in as General Manager last year; he previously spent a decade working for Hikvision in China. Chen reports solid 18.8% year-over-year growth for Hikvision globally, totalling $7.4 billion last year. He notes the company saw 40% compounded growth between 2010 and 2018. Globally, there are 34,000 employees, 16,000 of whom are research and development (R&D) engineers. Hikvision’s expanding global footprint includes 46 international branches. There are three manufacturing facilities in China, in addition to one in India. HikRewards program for HDP customers At ISC West, Hikvision’s theme was ‘Focus on Your Success’, including introduction of the HikRewards program that provides rebates to HDP (Hikvision Dealer Partner) customers, their core dealer base. A new online Hikvision Knowledge Library for HDPs provides training and reference materials dealers can share with employees. A new tech centre, introduced in December, provides data sheets, product information, and support resources. There is also a North American R&D team headquartered in Montreal. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls A customer satisfaction survey launched in March provided good feedback from customers. “They know who to call if they have a problem,” says Chen. “We want to focus on making customers successful.” The success theme also extends to Hikvision employees, who are featured in videos describing their jobs and enthusiasm for Hikvision. There are some 400 employees in the North American operation. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls. Half of the booth was focussed on solutions, especially retail and education, and also gaming and commercial real estate. Security products displayed at ISC West A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS systemProduct highlights at the ISC West booth included the 32-megapixel PanoVu multi-sensor dome camera, whose 180-degree panoramic image was displayed on a 65-inch monitor. A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS system. Some products new to the North American market, including intercoms, turnstiles, emergency call stations, and under-vehicle inspection, were displayed. Hikvision’s deep learning products are moving into their second generation, including the ability to obscure private information on videos to comply with GDPR/privacy requirements (previewed at ISC West and released later in the year). Algorithm components of Hikvision’s DeepInMind artificial intelligence are being adapted into a platform called AcuSense for value-priced products, which can recognise a human or vehicle and help filter out false alarms. Also being adapted to products with lower price points are the ColorVu system that incorporates visible light LEDs to provide colour images at night, and DarkFighter low-light capabilities. Penetration testing of cameras and NVRs As a global manufacturer, Hikvision faces a high level of scrutiny about cybersecurity, which Mr. Chen says is “a good thing for us,” enabling them to highlight the steps they are taking to improve cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity In September 2017, Hikvision began working with third parties (including Rapid7) for penetration testing (ethical hacking) of its cameras and recorders. That same month, Hikvision set up a Cybersecurity Hotline open to anyone with questions about cybersecurity, including white-hat hackers and researchers. Even before that, Hikvision had an open-door policy on cybersecurity and a program for patching and disclosing responsibility. In February of 2018, Hikvision released a 40-page Cybersecurity White Paper describing cybersecurity testing and processes built into the software development lifecycle. That same month, Hikvision launched an Opened Source Code Transparency Center and offered an open invitation to anyone wanting to inspect Hikvision’s source code and let them know of any vulnerabilities. FIPS 140-2 certification by NIST Hikvision has also become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), which ensures their patching and incident reporting programs have been reviewed by a CNA partnering company. Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVRsIn August, Hikvision received Federal Information Processing Standard (FIPS) 140-2 certification, a U.S. government encryption standard created by the National Institute of Standards and Technology (NIST). Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVR products. Davis said the FIPS 140-2 certification process began before the NDAA ban on use of Hikvision products in the U.S. government, and in any case is a standard that ensures a high level of encryption. “We wanted to make sure we had the same level of technology,” he says. “It was not to win over the government.” Making industry more cybersecure “We are really trying to have third parties test and certify our equipment,” adds Davis. “We are trying to be open and transparent. Education and awareness are key.” “We need the trust of customers in the security community,” says Mr. He. “No matter what, we have to follow the highest standards to offset the concerns and accusations.” In April 2018, Davis became a member of the Security Industry Association (SIA) Cybersecurity Advisory Board to help make the entire industry more cybersecure through education, awareness and standards. Hikvision has also joined the Forum of Incident Response and Security Teams (FIRST at first.org), a global cybersecurity incident response consortium that cooperatively handles computer security incidents and promotes incident prevention programs. Davis has presented Cybersecurity Road Shows in 22 cities in the United States and Canada, and also in Australia and New Zealand. The 90-minute presentations focus on education awareness around cybersecurity and seek to get attendees engaged and aware about cybersecurity in business and also in their homes.