Security Research

SocGholish: Turning Application Updates into Vexing Infections

Emerging Threats, Security Research, Vulnerabilities /

SocGholish: Turning Application Updates into Vexing Infections 2025-10-16 at 17:45 By Cris Tomboc This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups and malware currently operating globally. This article is an excerpt from Trustwave Blog View […]

React to this headline:

Loading spinner

SocGholish: Turning Application Updates into Vexing Infections Read More »

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

Security Research, Threat Intelligence, Vulnerabilities /

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? 2025-10-04 at 01:35 By A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. This article is an excerpt from SpiderLabs Blog View Original Source React to

React to this headline:

Loading spinner

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? Read More »

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers

data breach, DFIR, News, Security Research, Vulnerabilities /

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers 2025-09-30 at 16:00 By The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers Read More »

From Folding to Folded: Hacking High Volume Mailer Machines

Managed Security Services, Security Research, Threat Intelligence, Vulnerabilities /

From Folding to Folded: Hacking High Volume Mailer Machines 2025-09-30 at 16:00 By John Jackson The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and

React to this headline:

Loading spinner

From Folding to Folded: Hacking High Volume Mailer Machines Read More »

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities

Database Protection, Security Research, Vulnerabilities /

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities 2025-09-26 at 20:23 By Harold Zang REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities Read More »

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk

Artificial Intelligence, Emerging Threats, Reports, Security Research, Vulnerabilities /

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk 2025-09-24 at 16:22 By LevelBlue’s newly released 2025 Spotlight Report: Cyber Resilience and Business Impact in Manufacturing, uncovered the different ways this sector has increased its understanding of the role cybersecurity must play moving forward, including the need to adopt

React to this headline:

Loading spinner

LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk Read More »

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide

Emerging Threats, Security Research, Vulnerabilities /

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide 2025-09-17 at 16:00 By Cris Tomboc The threat group Storm-2603 is actively exploiting Microsoft SharePoint vulnerabilities to gain unauthorized access to critical infrastructure worldwide. Their attacks use a specialized toolkit and have a dual motive: espionage and financial gain through deploying ransomware. This highlights the urgent need

React to this headline:

Loading spinner

Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide Read More »

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses

Emerging Threats, News, Security Research /

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses 2025-09-09 at 23:45 By Karl Sigler Trustwave’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration.

React to this headline:

Loading spinner

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses Read More »

A Tale of Two Ransomware-as-a-Service Threat Groups

data breach, Security Research /

A Tale of Two Ransomware-as-a-Service Threat Groups 2025-08-28 at 22:21 By Learn about INC and Lynx, two highly successful RaaS groups that share similar tactics and procedures, including a potential connection through shared code. Discover how these criminal groups try to justify their actions, one claiming to be a security service and the other pretending

React to this headline:

Loading spinner

A Tale of Two Ransomware-as-a-Service Threat Groups Read More »

How Researchers Collect Indicators of Compromise

Emerging Threats, Security Research, threat hunting, Tips & Tricks /

How Researchers Collect Indicators of Compromise 2025-08-14 at 23:06 By Messiah Dela Cruz As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. This article is an

React to this headline:

Loading spinner

How Researchers Collect Indicators of Compromise Read More »

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal

Emerging Threats, Security Research, threat hunting, Vulnerabilities /

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal 2025-08-13 at 21:40 By Nathaniel Morales and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will

React to this headline:

Loading spinner

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal Read More »

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation

Emerging Threats, Microsoft Security, Security Research, Vulnerabilities /

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation 2025-08-08 at 19:08 By Serhii Melnyk, Cris Tomboc, King Orande The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share

React to this headline:

Loading spinner

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation Read More »

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor

Emerging Threats, Security Research, Vulnerabilities /

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor 2025-08-05 at 17:20 By Trustwave SpiderLabs’ latest research details the advanced persistent threat (APT) campaigns conducted by Silver Fox group, a significant and evolving threat actor. The likely China-based threat group primarily targets Chinese-speaking organizations. Trustwave SpiderLabs examines the tools, techniques, and procedures (TTPs)

React to this headline:

Loading spinner

Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor Read More »

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies

News, Security Research, Trustwave Rapid Response /

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies 2025-07-24 at 00:23 By Pauline Bolaños Two critical zero-day vulnerabilities in the Microsoft SharePoint Server environment, CVE-2025-53770 (9.8 CVSS score) and CVE-2025-53771 (6.5 CVSS score), are being actively exploited by threat actors to compromise vulnerable on-premises SharePoint servers. This article is an excerpt from

React to this headline:

Loading spinner

In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies Read More »

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies”

data breach, Emerging Threats, Security Research, Vulnerabilities /

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” 2025-07-21 at 16:06 By Uncover how dark web “travel agencies” operate—from booking flights and hotels with stolen credentials to building customer-facing services that mimic legitimate platforms. Learn who uses dark web travel services and how unsuspecting consumers may get lured in through

React to this headline:

Loading spinner

Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” Read More »

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies

data breach, Emerging Threats, Security Research /

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies 2025-07-21 at 16:06 By Nikita Kazymirskyi Dark web travel agencies remain a persistent niche in the cybercrime ecosystem. SpiderLabs reviewed the operation of four dark web travel agencies. Dark web travel agencies were not spotted targeting specific hotel chains or airlines; instead, they

React to this headline:

Loading spinner

No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies Read More »

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft

Emerging Threats, Security Research, Vulnerabilities /

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft 2025-07-18 at 16:06 By Serhii Melnyk Malicious APKs (Android Package Kit files) continue to serve as one of the most persistent and adaptable delivery mechanisms in mobile threat campaigns. Threat actors routinely exploit social engineering and off-market distribution to bypass conventional security controls and capitalize

React to this headline:

Loading spinner

Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft Read More »

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025

Database Protection, Reports, Security Research, Threat Intelligence /

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025 2025-07-02 at 16:01 By The 2025 Trustwave Technology Risk Radar Report highlights ransomware as a major and persistent threat within the technology sector that shows no signs of abating as new ransomware-focused threat groups are constantly appearing. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

Ransomware Threat Still Rising: Key Trends in the Technology Sector in 2025 Read More »

Tracing Blind Eagle to Proton66

News, Security Research, Threat Intelligence /

Tracing Blind Eagle to Proton66 2025-06-27 at 16:19 By Serhii Melnyk Trustwave SpiderLabs has assessed with high confidence that the threat group Blind Eagle, aka APT-C-36, is associated with the Russian bulletproof hosting service provider Proton66. Blind Eagle is a threat actor actively targeting organizations across Latin America, with a notable focus on Colombian financial institutions.

React to this headline:

Loading spinner

Tracing Blind Eagle to Proton66 Read More »

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race

Artificial Intelligence, Reports, Security Research, Threat Intelligence /

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race 2025-06-26 at 16:01 By While all manner of legitimate organizations are attempting to understand how to best and safely use artificial intelligence to improve productivity, the Trustwave SpiderLabs’ Technology Deep Dive: AI Cyber Arms Race takes a forward-looking view at how adversaries are gaining experience and capability in

React to this headline:

Loading spinner

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race Read More »

Scroll to Top