SpiderLabs Blog

August 07, 2019 | Andreas Georgiou

[+] Introduction:

July 31, 2019 | Martin Rakhmanov

While recently upgrading my laptop with a new Solid State Drive (SSD), I ...

July 26, 2019 | Rodel Mendrez

Over five years ago, we published a blog detailing how a webshell’s backdoor ...

July 25, 2019 | Manuel Nader

Context In Mexico, it’s possible to receive your monthly bank statement via ...

July 18, 2019 | Olga Barinova

Are you familiar with an HQL injection exploitation? Chances are you’re not. ...

July 11, 2019 | Adrian Pruteanu

If you've traveled at all within North America, you've likely at some point ...

July 09, 2019 | Diana Lopera

Sextortion has been a widely used theme in spam campaigns since Q1 of 2018. ...

July 09, 2019 | Karl Sigler

Patch Tuesday for July is here and after the massive release in June, the 77 ...

July 08, 2019 | Charles Hamilton

Red Teamers like to hunt for new methods of code execution through “legitimate” ...

June 24, 2019 | Stephan Borosh

Introduction Steve Borosh is a Principal Security Consultant for Trustwave and ...

June 11, 2019 | Karl Sigler

For June's Patch Tuesday, Microsoft is releasing four advisories and patches ...

May 14, 2019 | Karl Sigler

May's Patch Tuesday is here and brings with it patches for 79 CVEs. Twenty-two ...

April 25, 2019

Today we released our 2019 Global Security Report. The report is based on the ...

April 22, 2019 | Dr. Fahim Abbasi

In our previous blog we highlighted how a group of scammers were targeting ...

April 22, 2019 | Anat Davidi

What's worse than annoying ads on a website? Crypto Miner on a website!

April 22, 2019 | Dr. Fahim Abbasi

Scam Overview Her Majesty's Revenue & Customs (HMRC) is the UK department ...

April 11, 2019 | Nicholas Ramos

Back in August 2017, Trustwave Spiderlabs reported a spam campaign that ...

April 09, 2019 | Jacob Wilkin

EDIT (9.April.2019): We have applied for a retraction of CVE-2019-9193 ...

April 09, 2019 | Karl Sigler

Along with "Spring Showers" up here in the Northern Hemisphere, April also ...

April 08, 2019 | Dr. Fahim Abbasi

We witnessed a widespread phishing campaign targeting O2 customers, that ...

April 05, 2019 | Phil Hay, Rodel Mendrez

Contributing authors: Phil Hay, Rodel Mendrez

April 04, 2019 | Diana Lopera

Another round of sextortion scam emails with a pdf attachment were pushed out ...

March 21, 2019 | Jacob Wilkin

Just a short post from me today, bringing you a pretty simple Cross-Site ...

March 13, 2019 | Dr. Fahim Abbasi

Con men have been exploiting human psychology since the dawn of time. Equipped ...

March 12, 2019 | Karl Sigler

This month's Patch Tuesday brings with it four advisories and patches for 64 ...

March 07, 2019 | Homer Pacag

Sextortion is a form of sex-themed exploitation via email where victims are ...

March 05, 2019 | SpiderLabs Researcher

A few days ago we encountered a breach on a Pakistani government site which was ...

March 04, 2019 | Bryant Smith

WebSockets allow a single TCP connection to have full duplexing communications. ...