REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities
September 26, 2025 | Harold Zang
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave, A LevelBlue Company.
Understanding DocumentDB’s Network Security Trade-Offs: The VPC Challenge
August 05, 2025 | Selam Gebreananeya
AWS DocumentDB by default is securely isolated within a VPC, unreachable from ...
Back Up With Care, But Neglecting Patches can Leave You in Despair!
July 31, 2025 | Rox Harvey Rosales
CVE-2024-7348, which was discovered by Noah Misch, is a race condition ...
Using SQLmap to Dig for Sensitive Data in SQL Databases
July 22, 2025 | Karl Biron
In our latest report Data Pirates' Toolkit (Leveraging SQLmap for Unearthing ...
The Breach Beyond the Runway: Cybercriminals Targeted Qantas Through a Trusted Partner
July 04, 2025 | Nikita Kazymirskyi
On July 3, 2025, Qantas confirmed in an update statement that a cyber incident ...
The Attack Vector: Database Triggers as Persistence Mechanisms
June 24, 2025 | Jose Tozo
Organizations often assume that restoring a backup to a patched environment ...
2025 Trustwave Risk Radar Report: Healthcare Sector: Key Risks and Defensive Measures
March 26, 2025
Rising Cyber Threats in Healthcare – Discover the latest cybersecurity risks ...
Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2
March 20, 2025 | Karl Biron
In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your ...
Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1
March 19, 2025 | Karl Biron
Picture this: an always-awake, never-tired, high-speed librarian that instantly ...
The Russia-Ukraine Cyber War Part 4: Development in Group Attributions for Russian State Actors
March 07, 2025 | Pawel Knapczyk and Nikita Kazymirskyi
This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital ...
A Deep Dive into Strela Stealer and how it Targets European Countries
March 06, 2025 | Dawid Nesterowicz
Infostealers have dominated the malware landscape due to the ease of threat ...
The Russia-Ukraine Cyber War Part 1: Three Years of Cyber Warfare
February 20, 2025 | Pawel Knapczyk and Nikita Kazymirskyi
As the third anniversary of the start of the Russia-Ukraine war approaches, ...
Cracking the Giant: How ODAT Challenges Oracle, the King of Databases
January 27, 2025 | Karl Biron
In the past decade, Oracle Database (Oracle DB) has reigned supreme in the ...
The New Face of Ransomware: Key Players and Emerging Tactics of 2024
January 21, 2025 | Serhii Melnyk
As we step into 2025, the high-impact, financially motivated ransomware ...
The Database Slayer: Deep Dive and Simulation of the Xbash Malware
January 14, 2025 | Karl Biron
In the world of malware, common ransomware schemes aim to take the data within ...
The State of Magecart: A Persistent Threat to E-Commerce Security
January 09, 2025 | Rodel Mendrez
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward ...
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
November 26, 2024 | Diana Solomon and John Kevin Adriano
Trustwave SpiderLabs has been actively monitoring the rise of ...
Lessons from a Honeypot with US Citizens’ Data
November 13, 2024 | Radoslaw Zdonczyk and Nikita Kazymirskyi
Prior to last week’s US Presidential Election, the Trustwave SpiderLabs team ...
Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
October 17, 2024 | Karl Biron
Introduction In the perpetually evolving field of cybersecurity, new threats ...
Your Money or Your Data: Ransomware Readiness Planning
September 02, 2024 | David Broggy
Today’s blog installment brings us to the end of our 30-week journey that ...
Exposed and Encrypted: Inside a Mallox Ransomware Attack
August 27, 2024 | Bernard Bautista
Recently, a client enlisted the support of Trustwave to investigate an ...
Deep Dive and Simulation of a MariaDB RCE Attack: CVE-2021-27928
August 16, 2024 | Karl Biron
In early 2021, a new vulnerability, identified as CVE-2021-27928, was ...
Network Isolation for DynamoDB with VPC Endpoint
July 09, 2024 | Selam Gebreananeya
DynamoDB is a fully managed NoSQL database service offered by Amazon Web ...
The Sentinel’s Watch: Building a Security Reporting Framework
June 10, 2024 | David Broggy
Imagine being on shift as the guard of a fortress. Your job is to identify ...
Protecting Zion: InfoSec Encryption Concepts and Tips
April 29, 2024 | David Broggy
This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 ...
The Secret Cipher: Modern Data Loss Prevention Solutions
April 15, 2024 | David Broggy
This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 ...