Exposed RDP: The Misconfiguration Attackers Keep Exploiting

This report recounts several real-world cases where exposed Remote Desktop Protocol (RDP) and RDWeb portals were discovered and exploited by opportunistic attackers exploiting misconfigurations and a vulnerable VPN; the SOC detected and contained intrusions before persistence, but recurring exposure and attacker reuse of entry points demonstrate the need to close misconfigurations, rotate credentials, and improve cross‑surface visibility and logging.