Proton66 Part 1: Mass Scanning and Exploit Campaigns
Trustwave SpiderLabs continuously tracks a range of malicious activities originating from Proton66 ...
Read MoreStay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.
Tycoon2FA New Evasion Technique for 2025
The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past ...
Read MoreBabuk2 Bjorka: The Evolution of Ransomware for ‘Data Commoditization’
An investigation that started with a tip from one of our threat intel sources about the revival of ...
Read MoreFort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1
Picture this: an always-awake, never-tired, high-speed librarian that instantly finds the exact ...
Read MoreA Deep Dive into Strela Stealer and how it Targets European Countries
Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, ...
Read MoreThe Rise of Email Marketing Platforms for Business Email Compromise Attacks
In a statistical report published in September 2024 by the Federal Bureau of Investigation (FBI), ...
Read MoreBeyond the Chatbot: Meta Phishing with Fake Live Support
In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger ...
Read MoreTrustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector
The energy sector plays a crucial role in national security by ensuring the delivery of essential ...
Read MoreThe New Face of Ransomware: Key Players and Emerging Tactics of 2024
As we step into 2025, the high-impact, financially motivated ransomware landscape continues to ...
Read MoreThe Database Slayer: Deep Dive and Simulation of the Xbash Malware
In the world of malware, common ransomware schemes aim to take the data within databases ...
Read MoreThe State of Magecart: A Persistent Threat to E-Commerce Security
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is ...
Read MoreEmail Bombing: Why You Need to be Concerned
Over the last few months, the topic of email bombing has been brought to our attention multiple ...
Read MoreWhen User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top ...
Read MoreCVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip.
Read MoreRockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
Welcome to the second part of our investigation into the Rockstar kit, please check out part one ...
Read MoreRockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) ...
Read MoreHooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
Introduction Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that ...
Read MoreHow Threat Actors Conduct Election Interference Operations: An Overview
The major headlines that arose from the three most recent US presidential election cycles ...
Read MoreFeline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
Introduction In the perpetually evolving field of cybersecurity, new threats materialize daily. ...
Read MorePronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its ...
Read MoreWhat We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177
On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four ...
Read MoreHTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content
HTML smuggling techniques have been around for quite some time. A previous Trustwave SpiderLabs’ ...
Read MoreWhy Do Criminals Love Phishing-as-a-Service Platforms?
Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch ...
Read MoreSpam With A Political Twist: Fraudsters Are Exploiting The Election Season
The US election is less than 70 days away and threat actors are busy crafting malicious spam that ...
Read MoreDistributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
With the US election on the horizon, it’s a good time to explore the concept of social media ...
Read MoreExposed and Encrypted: Inside a Mallox Ransomware Attack
Recently, a client enlisted the support of Trustwave to investigate an unauthorized access incident ...
Read MoreSearch & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows ...
Read More