Sha1-Hulud: The Second Coming of The New npm GitHub Worm
December 03, 2025 | Karl Sigler
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from Trustwave, A LevelBlue Company.
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
November 19, 2025 | Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi
Trustwave SpiderLabs researchers have recently identified a banking Trojan we ...
Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287
November 14, 2025 | Fernando Martinez
LevelBlue Labs is tracking a severe vulnerability in Windows Server Update ...
The Cat's Out of the Bag: A 'Meow Attack' Data Corruption Campaign Simulation via MAD-CAT
November 07, 2025 | Karl Biron
In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of ...
Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand
November 04, 2025 | Serhii Melnyk
Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the emergence ...
Bolstering Cybersecurity Resilience in the Public Sector
October 29, 2025
With digital transformation continuing unabated, the prevalence of legacy ...
Public Sector Ransomware Attacks Relentlessly Continue
October 22, 2025
In 2025, 36 years after the first ransomware attack was recorded, actors ...
The F5 BIG-IP Source Code Breach
October 17, 2025 | Karl Sigler
On August 9, F5 discovered that multiple systems were compromised by what it is ...
Data in the Dark: The Public Sector on the Dark Web
October 15, 2025
The dark web serves as a refuge for threat actors to gather intel, trade ...
Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?
October 03, 2025
A vulnerability on a popular source-code editor has been recently released ...
From Folding to Folded: Hacking High Volume Mailer Machines
September 30, 2025 | John Jackson
The Quadient DS-700iQ is a high-volume folder-inserter machine designed for ...
REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities
September 26, 2025 | Harold Zang
REDCap, developed by Vanderbilt University, is a secure platform designed for ...
Unraveling Phishing Campaigns Flagged by Trustwave’s URL Scanner
August 28, 2025 | Karla Agregado
In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant ...
When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal
August 13, 2025 | Nathaniel Morales and Nikita Kazymirskyi
Trustwave SpiderLabs researchers have recently identified an EncryptHub ...
Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation
August 08, 2025 | Serhii Melnyk, Cris Tomboc and King Orande
The Trustwave SpiderLabs CTI team began correlating telemetry from multiple ...
Understanding DocumentDB’s Network Security Trade-Offs: The VPC Challenge
August 05, 2025 | Selam Gebreananeya
AWS DocumentDB by default is securely isolated within a VPC, unreachable from ...
Back Up With Care, But Neglecting Patches can Leave You in Despair!
July 31, 2025 | Rox Harvey Rosales
CVE-2024-7348, which was discovered by Noah Misch, is a race condition ...
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
July 18, 2025 | Serhii Melnyk
Malicious APKs (Android Package Kit files) continue to serve as one of the most ...
The Breach Beyond the Runway: Cybercriminals Targeted Qantas Through a Trusted Partner
July 04, 2025 | Nikita Kazymirskyi
On July 3, 2025, Qantas confirmed in an update statement that a cyber incident ...
Trustwave SpiderLabs’ 2025 Risk Radar Report: Technology Sector
June 25, 2025
Explore key insights from Trustwave SpiderLabs' latest report on securing tech ...
The Attack Vector: Database Triggers as Persistence Mechanisms
June 24, 2025 | Jose Tozo
Organizations often assume that restoring a backup to a patched environment ...
The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone
June 18, 2025 | Arthur Erzberger
The Israel-Iran conflict is barely a week old, but the security repercussions ...
PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations
May 28, 2025 | Cris Tomboc and King Orande
Phishing-as-a-Service (PhaaS) platforms have significantly reshaped the ...
The Blind Spots of Multi-Agent Systems: Why AI Collaboration Needs Caution
May 23, 2025 | Muhammad Ahmad
Multi-agent systems (MAS) are reshaping industries from IT services to ...
Storm-0558 and the Dangers of Cross-Tenant Token Forgery
May 21, 2025 | Damian Archer
Modern cloud ecosystems often place a single identity provider in charge of ...
Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development
May 16, 2025 | Damian Archer
Dependency management is one of the biggest challenges in modern software ...
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities
May 06, 2025 | Karl Biron
Let’s explore the critical role of Modbus in energy and manufacturing systems, ...
A Deep-Rooted Infestation: How the ILOVEYOU Bug Continues its Legacy in Modern Worms
May 02, 2025 | Pauline Bolaños
A quarter century ago, a former computer science student from the Philippines ...