Security Research

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk

Artificial Intelligence, Emerging Threats, Reports, Security Research, Vulnerabilities /

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk 2025-09-24 at 16:22 By LevelBlue’s newly released 2025 Spotlight Report: Cyber Resilience and Business Impact in Manufacturing, uncovered the different ways this sector has increased its understanding of the role cybersecurity must play moving forward, including the need to adopt […]

React to this headline:

Loading spinner

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk Read More »

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide

Emerging Threats, Security Research, Vulnerabilities /

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide 2025-09-17 at 16:00 By Cris Tomboc The threat group Storm-2603 is actively exploiting Microsoft SharePoint vulnerabilities to gain unauthorized access to critical infrastructure worldwide. Their attacks use a specialized toolkit and have a dual motive: espionage and financial gain through deploying ransomware. This highlights the urgent need

React to this headline:

Loading spinner

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide Read More »

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses

Emerging Threats, News, Security Research /

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses 2025-09-09 at 23:45 By Karl Sigler Trustwave’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration.

React to this headline:

Loading spinner

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses Read More »

A Tale of Two Ransomware-as-a-Service Threat Groups

data breach, Security Research /

A Tale of Two Ransomware-as-a-Service Threat Groups 2025-08-28 at 22:21 By Learn about INC and Lynx, two highly successful RaaS groups that share similar tactics and procedures, including a potential connection through shared code. Discover how these criminal groups try to justify their actions, one claiming to be a security service and the other pretending

React to this headline:

Loading spinner

A Tale of Two Ransomware-as-a-Service Threat Groups Read More »

How Researchers Collect Indicators of Compromise

Emerging Threats, Security Research, threat hunting, Tips & Tricks /

How Researchers Collect Indicators of Compromise 2025-08-14 at 23:06 By Messiah Dela Cruz As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. This article is an

React to this headline:

Loading spinner

How Researchers Collect Indicators of Compromise Read More »

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal

Emerging Threats, Security Research, threat hunting, Vulnerabilities /

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal 2025-08-13 at 21:40 By Nathaniel Morales and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will

React to this headline:

Loading spinner

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal Read More »

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation

Emerging Threats, Microsoft Security, Security Research, Vulnerabilities /

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation 2025-08-08 at 19:08 By Serhii Melnyk, Cris Tomboc, King Orande The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share

React to this headline:

Loading spinner

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation Read More »

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor

Emerging Threats, Security Research, Vulnerabilities /

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor 2025-08-05 at 17:20 By Trustwave SpiderLabs’ latest research details the advanced persistent threat (APT) campaigns conducted by Silver Fox group, a significant and evolving threat actor. The likely China-based threat group primarily targets Chinese-speaking organizations. Trustwave SpiderLabs examines the tools, techniques, and procedures (TTPs)

React to this headline:

Loading spinner

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor Read More »

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies

News, Security Research, Trustwave Rapid Response /

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies 2025-07-24 at 00:23 By Pauline Bolaños Two critical zero-day vulnerabilities in the Microsoft SharePoint Server environment, CVE-2025-53770 (9.8 CVSS score) and CVE-2025-53771 (6.5 CVSS score), are being actively exploited by threat actors to compromise vulnerable on-premises SharePoint servers. This article is an excerpt from

React to this headline:

Loading spinner

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies Read More »

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies”

data breach, Emerging Threats, Security Research, Vulnerabilities /

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” 2025-07-21 at 16:06 By Uncover how dark web “travel agencies” operate—from booking flights and hotels with stolen credentials to building customer-facing services that mimic legitimate platforms. Learn who uses dark web travel services and how unsuspecting consumers may get lured in through

React to this headline:

Loading spinner

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” Read More »

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies

data breach, Emerging Threats, Security Research /

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies 2025-07-21 at 16:06 By Nikita Kazymirskyi Dark web travel agencies remain a persistent niche in the cybercrime ecosystem. SpiderLabs reviewed the operation of four dark web travel agencies. Dark web travel agencies were not spotted targeting specific hotel chains or airlines; instead, they

React to this headline:

Loading spinner

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies Read More »

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft

Emerging Threats, Security Research, Vulnerabilities /

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft 2025-07-18 at 16:06 By Serhii Melnyk Malicious APKs (Android Package Kit files) continue to serve as one of the most persistent and adaptable delivery mechanisms in mobile threat campaigns. Threat actors routinely exploit social engineering and off-market distribution to bypass conventional security controls and capitalize

React to this headline:

Loading spinner

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft Read More »

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025

Database Protection, Reports, Security Research, Threat Intelligence /

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025 2025-07-02 at 16:01 By The 2025 Trustwave Technology Risk Radar Report highlights ransomware as a major and persistent threat within the technology sector that shows no signs of abating as new ransomware-focused threat groups are constantly appearing. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025 Read More »

Tracing Blind Eagle to Proton66

News, Security Research, Threat Intelligence /

Tracing Blind Eagle to Proton66 2025-06-27 at 16:19 By Serhii Melnyk Trustwave SpiderLabs has assessed with high confidence that the threat group Blind Eagle, aka APT-C-36, is associated with the Russian bulletproof hosting service provider Proton66. Blind Eagle is a threat actor actively targeting organizations across Latin America, with a notable focus on Colombian financial institutions.

React to this headline:

Loading spinner

Tracing Blind Eagle to Proton66 Read More »

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race

Artificial Intelligence, Reports, Security Research, Threat Intelligence /

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race 2025-06-26 at 16:01 By While all manner of legitimate organizations are attempting to understand how to best and safely use artificial intelligence to improve productivity, the Trustwave SpiderLabs’ Technology Deep Dive: AI Cyber Arms Race takes a forward-looking view at how adversaries are gaining experience and capability in

React to this headline:

Loading spinner

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race Read More »

Tech Under Siege: Unpacking Cyber Threats in Trustwave’s 2025 Risk Report

Artificial Intelligence, data breach, Security Research, Threat Intelligence, Vulnerabilities /

Tech Under Siege: Unpacking Cyber Threats in Trustwave’s 2025 Risk Report 2025-06-25 at 16:40 By Dive into Trustwave SpiderLabs’ newest report for crucial insights on protecting tech companies from today’s changing cyber threats. Uncover the impact of ransomware attacks on tech firms and identify the most active threat actors of 2025. Learn about the best

React to this headline:

Loading spinner

Tech Under Siege: Unpacking Cyber Threats in Trustwave’s 2025 Risk Report Read More »

Trustwave SpiderLabs’ 2025 Risk Radar Report: Technology Sector

Artificial Intelligence, data breach, Security Research, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs’ 2025 Risk Radar Report: Technology Sector 2025-06-25 at 16:02 By Explore key insights from Trustwave SpiderLabs’ latest report on securing tech firms against evolving cyber threats. Discover how ransomware attacks are impacting technology companies and learn about the most prolific threat actors in 2025.  Find out the best practices and mitigation strategies technology

React to this headline:

Loading spinner

Trustwave SpiderLabs’ 2025 Risk Radar Report: Technology Sector Read More »

Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors

DFIR, Managed Detection and Response, Managed Security Services, Security Research, Threat Intelligence /

Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors 2025-06-25 at 01:04 By Nathaniel Morales Dire Wolf is a newly emerged ransomware group first observed in May 2025 and Trustwave SpiderLabs recently uncovered a Dire Wolf ransomware sample that revealed for the first time key details about how the ransomware operates. This article is an

React to this headline:

Loading spinner

Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors Read More »

The Attack Vector: Database Triggers as Persistence Mechanisms

Database Protection, Security Research, Vulnerabilities /

The Attack Vector: Database Triggers as Persistence Mechanisms 2025-06-24 at 16:15 By Organizations often assume that restoring a backup to a patched environment eliminates threats. However, backups encapsulate both data and schema objects, including triggers. A compromised backup, often taken after an initial breach, may contain hidden triggers that reactivate the attacker’s access upon restore.

React to this headline:

Loading spinner

The Attack Vector: Database Triggers as Persistence Mechanisms Read More »

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone

Emerging Threats, News, Perspectives, Reports, Security Research, Vulnerabilities /

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone 2025-06-18 at 22:47 By The Israel-Iran conflict is barely a week old, but the security repercussions for the two combatants and the wider global community can already be seen as the cyberwarfare portion of the conflict is already spilling over

React to this headline:

Loading spinner

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone Read More »

Scroll to Top