The Cat’s Out of the Bag: A ‘Meow Attack’ Data Corruption Campaign Simulation via MAD-CAT 2025-11-07 at 19:39 By Karl Biron In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack), which explored the notorious Meow attack campaign that had plagued unsecured databases since 2020. That article focused […]
React to this headline:
Dissecting and Understanding APT Threat Group Activity 2025-11-06 at 16:45 By Trustwave SpiderLabs CTI APT Groups Prioritize Espionage and Data Theft: Approximately two-thirds of all Trustwave SpiderLabs-tracked APT group activity is motivated by espionage, targeting government, defense, and telecom sectors primarily in the US, Ukraine, and Russia. Top Attacker Nations: China (41%), Iran (12.5%), and
React to this headline:
Dissecting and Understanding APT Threat Group Activity Read More »
SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks 2025-11-04 at 17:18 By The worldwide ransomware landscape saw a dramatic shift in attacks in October 2025, jumping 41% month over month, with the most prolific attacker, Qlin, more than doubling the number of attacks it launched, according to Trustwave, A LevelBlue Company, research.
React to this headline:
SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks Read More »
Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand 2025-11-04 at 16:27 By Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). This article is an excerpt from SpiderLabs Blog
React to this headline:
Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand Read More »
The Rise of Phantom Cyber Firms: How to Spot Them and What to Verify Before you Engage 2025-10-23 at 17:11 By Grant Hutchons It’s bad enough that organizations must worry about threat actors launching phishing attacks, injecting ransomware, or exploiting vulnerabilities; now, there is a new attack variant on the loose. Legal scammers. This article
React to this headline:
The Rise of Phantom Cyber Firms: How to Spot Them and What to Verify Before you Engage Read More »
SocGholish: Turning Application Updates into Vexing Infections 2025-10-16 at 17:45 By Cris Tomboc This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups and malware currently operating globally. This article is an excerpt from Trustwave Blog View
React to this headline:
SocGholish: Turning Application Updates into Vexing Infections Read More »
Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? 2025-10-04 at 01:35 By A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. This article is an excerpt from SpiderLabs Blog View Original Source React to
React to this headline:
Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0? Read More »
SpiderLabs Ransomware Tracker Update September 2025: Qilin, Akira Top Ransomware Attackers 2025-09-30 at 16:00 By The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This article is an excerpt from Trustwave
React to this headline:
From Folding to Folded: Hacking High Volume Mailer Machines 2025-09-30 at 16:00 By John Jackson The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and
React to this headline:
From Folding to Folded: Hacking High Volume Mailer Machines Read More »
REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities 2025-09-26 at 20:23 By Harold Zang REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:
React to this headline:
REDCap: Multiple Cross-Site Scripting (XSS) Vulnerabilities Read More »
LevelBlue Spotlight Report Finds Manufacturers Struggling with the Impact of AI and Supply Chain Risk 2025-09-24 at 16:22 By LevelBlue’s newly released 2025 Spotlight Report: Cyber Resilience and Business Impact in Manufacturing, uncovered the different ways this sector has increased its understanding of the role cybersecurity must play moving forward, including the need to adopt
React to this headline:
Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide 2025-09-17 at 16:00 By Cris Tomboc The threat group Storm-2603 is actively exploiting Microsoft SharePoint vulnerabilities to gain unauthorized access to critical infrastructure worldwide. Their attacks use a specialized toolkit and have a dual motive: espionage and financial gain through deploying ransomware. This highlights the urgent need
React to this headline:
Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide Read More »
Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses 2025-09-09 at 23:45 By Karl Sigler Trustwave’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration.
React to this headline:
Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses Read More »
A Tale of Two Ransomware-as-a-Service Threat Groups 2025-08-28 at 22:21 By Learn about INC and Lynx, two highly successful RaaS groups that share similar tactics and procedures, including a potential connection through shared code. Discover how these criminal groups try to justify their actions, one claiming to be a security service and the other pretending
React to this headline:
A Tale of Two Ransomware-as-a-Service Threat Groups Read More »
How Researchers Collect Indicators of Compromise 2025-08-14 at 23:06 By Messiah Dela Cruz As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. This article is an
React to this headline:
How Researchers Collect Indicators of Compromise Read More »
When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal 2025-08-13 at 21:40 By Nathaniel Morales and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will
React to this headline:
Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation 2025-08-08 at 19:08 By Serhii Melnyk, Cris Tomboc, King Orande The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share
React to this headline:
Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation Read More »
Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor 2025-08-05 at 17:20 By Trustwave SpiderLabs’ latest research details the advanced persistent threat (APT) campaigns conducted by Silver Fox group, a significant and evolving threat actor. The likely China-based threat group primarily targets Chinese-speaking organizations. Trustwave SpiderLabs examines the tools, techniques, and procedures (TTPs)
React to this headline:
Inside Silver Fox’s Den: Trustwave SpiderLabs Unmasks a Global Threat Actor Read More »
In-the-wild Exploitation of CVE-2025-53770 and CVE-2025-53771: Technical Details and Mitigation Strategies 2025-07-24 at 00:23 By Pauline Bolaños Two critical zero-day vulnerabilities in the Microsoft SharePoint Server environment, CVE-2025-53770 (9.8 CVSS score) and CVE-2025-53771 (6.5 CVSS score), are being actively exploited by threat actors to compromise vulnerable on-premises SharePoint servers. This article is an excerpt from
React to this headline:
Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” 2025-07-21 at 16:06 By Uncover how dark web “travel agencies” operate—from booking flights and hotels with stolen credentials to building customer-facing services that mimic legitimate platforms. Learn who uses dark web travel services and how unsuspecting consumers may get lured in through
React to this headline:
Travelling Through the Dark Web: Answering 6 Questions About Dark Web “Travel Agencies” Read More »