HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content
September 24, 2024 | Mike Casayuran
HTML smuggling techniques have been around for quite some time. A previous ...
Spam With A Political Twist: Fraudsters Are Exploiting The Election Season
September 17, 2024 | Katrina Udquin
The US election is less than 70 days away and threat actors are busy crafting ...
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
September 13, 2024 | Jose Tozo
With the US election on the horizon, it’s a good time to explore the concept of ...
Exploring an Experimental Windows Kernel Rootkit in Rust
September 09, 2024 | memN0ps
Around two years ago, memN0ps took the initiative to create one of the first ...
Hypervisor Development in Rust for Security Researchers (Part 1)
September 06, 2024 | memN0ps
In the ever-evolving field of information security, curiosity and continuous ...
Deep Dive and Simulation of a MariaDB RCE Attack: CVE-2021-27928
August 16, 2024 | Karl Biron
In early 2021, a new vulnerability, identified as CVE-2021-27928, was ...
Trustwave Rapid Response: Mitigate Windows TCP/IP RCE Vulnerability (CVE-2024-38063)
August 15, 2024
Microsoft has disclosed a critical (CVSS 9.8) TCP/IP remote code execution ...
Multiple Cross-Site Scripting (XSS) Vulnerabilities in REDCap (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396)
July 30, 2024 | Hamza Hussain
Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) ...
Cloudy with a Chance of Hackers: Protecting Critical Cloud Workloads
July 22, 2024 | David Broggy
If you've been following along with David's posts, you'll have noticed a ...
Network Isolation for DynamoDB with VPC Endpoint
July 09, 2024 | Selam Gebreananeya
DynamoDB is a fully managed NoSQL database service offered by Amazon Web ...
Atlas Oil: The Consequences of a Ransomware Attack
June 25, 2024 | Arthur Erzberger
Overview Atlas Oil, a major player in the oil and fuel distribution industry, ...
Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
June 05, 2024 | Rodel Mendrez
During a recent client investigation, Trustwave SpiderLabs found a malicious ...
Cyber Exterminators: Monitoring the Shop Floor with OT Security
June 03, 2024 | David Broggy
Pressure is increasing on manufacturers to monitor their shop floors for ...
Fake Dialog Boxes to Make Malware More Convincing
April 17, 2024 | Ram Prakash
Let’s explore how SpiderLabs created and incorporated user prompts, ...
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway
April 12, 2024
UPDATE: Palo Alto Networks confirmed on Tuesday (4/16) that disabling device ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
Missing Critical Vulnerabilities Through Narrow Scoping
September 16, 2021 | John Anderson
The typical process when scoping a penetration test is to get a list of targets ...