Vulnerabilities

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80%

Emerging Threats, Reports, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% 2025-01-22 at 16:15 By The energy sector is a cornerstone of national security, ensuring the delivery of critical infrastructure services and supporting transportation systems. Recognizing the importance of protecting this vital industry, Trustwave SpiderLabs has released the comprehensive 2025 Trustwave Risk Radar Report: Energy […]

React to this headline:

Loading spinner

Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% Read More »

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector

Emerging Threats, Reports, Threat Intelligence, Vulnerabilities /

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector 2025-01-22 at 16:15 By The energy sector plays a crucial role in national security by ensuring the delivery of essential infrastructure services and supporting transportation systems. Acknowledging the need to safeguard this vital industry, Trustwave SpiderLabs has published the highly detailed 2025 Trustwave Risk Radar

React to this headline:

Loading spinner

Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector Read More »

The New Face of Ransomware: Key Players and Emerging Tactics of 2024

Database Protection, Emerging Threats, Vulnerabilities /

The New Face of Ransomware: Key Players and Emerging Tactics of 2024 2025-01-21 at 16:03 By Serhii Melnyk As we step into 2025, the high-impact, financially motivated ransomware landscape continues to evolve, shaped by a combination of law enforcement actions, shifting affiliate dynamics, advancements in defensive approaches, and broader economic and geopolitical influences. This article

React to this headline:

Loading spinner

The New Face of Ransomware: Key Players and Emerging Tactics of 2024 Read More »

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products

JoCERT, Vulnerabilities, vulnerability /

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products 2025-01-21 at 15:32 By daksh sharma Overview JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Aruba’s 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE-2024-54006 and CVE-2024-54007, allow authenticated attackers with administrative privileges to execute arbitrary commands on

React to this headline:

Loading spinner

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products Read More »

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises

Artificial Intelligence, Emerging Threats, Vulnerabilities /

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises 2025-01-15 at 23:19 By The increasing adoption of generative artificial intelligence platforms by threat actors, cyber defenders, and the average organization will present enterprises with an unprecedented number of cybersecurity issues in the coming years, according to a new Gartner®

React to this headline:

Loading spinner

How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises Read More »

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day

Security Research, Vulnerabilities /

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day 2025-01-14 at 21:07 By In late November and December 2024, Artic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. This article is an excerpt from SpiderLabs

React to this headline:

Loading spinner

CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day Read More »

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing

penetration testing, Tips & Tricks, Vulnerabilities /

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing 2025-01-10 at 16:11 By Grayson Lenik Organizations today face a rapidly evolving threat landscape, and as they plan their cybersecurity strategy and budgets, many may struggle with a key question: If I’m conducting regular vulnerability scans, and patching the vulnerabilities I identify, do I

React to this headline:

Loading spinner

Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing Read More »

The State of Magecart: A Persistent Threat to E-Commerce Security

Database Protection, Emerging Threats, Vulnerabilities /

The State of Magecart: A Persistent Threat to E-Commerce Security 2025-01-09 at 16:04 By Phil Hay, Rodel Mendrez Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

The State of Magecart: A Persistent Threat to E-Commerce Security Read More »

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here

Artificial Intelligence, Emerging Threats, Vulnerabilities /

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here 2025-01-07 at 21:48 By Craig Searle As 2024 has wrapped up, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. This article is an excerpt from Trustwave

React to this headline:

Loading spinner

Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here Read More »

Why Companies Need to Extend Penetration Testing to OT Environments

penetration testing, Vulnerabilities /

Why Companies Need to Extend Penetration Testing to OT Environments 2025-01-02 at 20:08 By Allen Numerick As companies continue to integrate their operational technology (OT) and IT environments, they’re coming to grips with the fact that this move opens them up to new avenues for cyber threats. This article is an excerpt from Trustwave Blog

React to this headline:

Loading spinner

Why Companies Need to Extend Penetration Testing to OT Environments Read More »

Analyzing Salt Typhoon: Telecom Attacker

data breach, Emerging Threats, Microsoft Security, Vulnerabilities /

Analyzing Salt Typhoon: Telecom Attacker 2024-12-12 at 23:34 By Unveiling Salt Typhoon: A New Wave in Cyber EspionageDiscover how this advanced Chinese-speaking threat actor targets telecom giants, using sophisticated tools like SparrowDoor and Demodex to breach and exfiltrate sensitive data. The Who, What, and Why of Salt Typhoon’s AttacksGain insights into Salt Typhoon’s history, tactics,

React to this headline:

Loading spinner

Analyzing Salt Typhoon: Telecom Attacker Read More »

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages

Artificial Intelligence, email security, Emerging Threats, Vulnerabilities /

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages 2024-12-10 at 16:19 By The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. This article is an excerpt from Trustwave Blog

React to this headline:

Loading spinner

‘Tis the Season for Artificial Intelligence-Generated Fraud Messages Read More »

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs

Artificial Intelligence, Emerging Threats, Vulnerabilities /

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs 2024-12-10 at 16:19 By Tom Neaves It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway’s Founder’s Building in Egham, Surrey (UK) while

React to this headline:

Loading spinner

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs Read More »

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Emerging Threats, News, Security Research, Vulnerabilities /

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution 2024-11-27 at 18:50 By Pauline Bolaños On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution Read More »

Why a Zero Trust Architecture Must Include Database Security

data breach, Database Protection, Vulnerabilities /

Why a Zero Trust Architecture Must Include Database Security 2024-11-27 at 16:03 By Whether the means of a cyber-attack are phishing, ransomware, advanced persistent threat, malware, or some combination, the target is ultimately the same: your data. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Why a Zero Trust Architecture Must Include Database Security Read More »

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns

email security, Emerging Threats, Security Research, Vulnerabilities /

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns 2024-11-27 at 16:03 By Diana Solomon and John Kevin Adriano Welcome to the second part of our investigation into the Rockstar kit, please check out part one here. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns Read More »

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

Database Protection, email security, Emerging Threats, Security Research, Vulnerabilities /

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) 2024-11-26 at 18:33 By Diana Solomon and John Kevin Adriano Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. This article is an excerpt from SpiderLabs Blog View Original Source React to this headline:

React to this headline:

Loading spinner

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) Read More »

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies

DFIR, Emerging Threats, Managed Detection and Response, Managed Security Services, Vulnerabilities /

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies 2024-11-26 at 16:03 By Kory Daniels Resilience strategies are failing. Despite their known importance, why is it so difficult to implement them effectively? This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

Loading spinner

A House of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies Read More »

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems

CISA, Vulnerabilities, vulnerability /

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems 2024-11-26 at 13:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS). These advisories cover a range of products, from web-based control servers to automated

React to this headline:

Loading spinner

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems Read More »

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime

Database Protection, Emerging Threats, Vulnerabilities /

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime 2024-11-25 at 16:03 By Finding the exact price of any product is now easier than ever. A quick check with your favorite online retailer will show that a GE Profile Dryer goes for $989, a 10-pack of Play-Doh can be had for

React to this headline:

Loading spinner

How Prices are Set on the Dark Web: Exploring the Economics of Cybercrime Read More »

Scroll to Top