Parsing ESXi Logs for Incident Response with QELP
February 10, 2025 | Phalgun Kulkarni
Threat actors frequently target ESXi servers to disrupt business environments ...
Beyond the Chatbot: Meta Phishing with Fake Live Support
February 04, 2025 | Mike Casayuran and John Kevin Adriano
In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals ...
Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector
January 22, 2025 | Admin
The energy sector plays a crucial role in national security by ensuring the ...
The New Face of Ransomware: Key Players and Emerging Tactics of 2024
January 21, 2025 | Serhii Melnyk
As we step into 2025, the high-impact, financially motivated ransomware ...
CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day
January 14, 2025 | Admin
In late November and December 2024, Arctic Wolf observed evidence of a mass ...
The Database Slayer: Deep Dive and Simulation of the Xbash Malware
January 14, 2025 | Karl Biron
In the world of malware, common ransomware schemes aim to take the data within ...
The State of Magecart: A Persistent Threat to E-Commerce Security
January 09, 2025 | Rodel Mendrez
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward ...
Parsing Jenkins Configuration Files for Forensics and Fun
December 12, 2024 | Julia Paluch
A new parsing tool for Jenkins® configuration files from Stroz Friedberg ...
When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
December 10, 2024 | Tom Neaves
It was a cold and wet Thursday morning, sometime in early 2006. There I was ...
Emerging Risks in Third-Party AI Solutions and How to Help Address Them
December 04, 2024 | Scott Swanson
As the cyber threat landscape changes due the introduction of new threat ...
Unveiling the Dark Side: Common Attacks and Vulnerabilities in Industrial Control Systems
December 04, 2024 | Zsolt Olah
Introduction to Industrial Cybersecurity. Industrial control systems are ...
Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
November 27, 2024 | Diana Solomon and John Kevin Adriano
Welcome to the second part of our investigation into the Rockstar kit, please ...
CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
November 27, 2024 | Pauline Bolaños
On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a ...
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
November 26, 2024 | Diana Solomon and John Kevin Adriano
Trustwave SpiderLabs has been actively monitoring the rise of ...
Optimizing Your Cyber Resilience Strategy Through CISO and CRO Connectivity
November 11, 2024 | Scott Swanson
Combining forces between the Chief Information Security Officer and the Chief ...
Ngioweb Remains Active 7 Years Later
November 01, 2024 | Fernando Martinez
Executive Summary Seven years after its first appearance, the proxy server ...
2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
October 29, 2024 | Admin
As the holiday shopping season approaches, the 2024 Trustwave Risk Radar ...
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
October 21, 2024 | Katrina Udquin
Introduction Previously, Trustwave SpiderLabs covered a massive fake order spam ...
Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack)
October 17, 2024 | Karl Biron
Introduction In the perpetually evolving field of cybersecurity, new threats ...
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader
October 08, 2024 | Cris Tomboc and King Orande
Trustwave's Threat Intelligence team has discovered a new malware dubbed ...
What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177
September 30, 2024 | Admin
On September 26, 2024, security researcher Simone Margaritellidisclosed the ...
Shedding Light on Election Deepfakes
September 25, 2024 | Pauline Bolaños
Contrary to popular belief, deepfakes — AI-crafted audio files, images, or ...
HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content
September 24, 2024 | Mike Casayuran
HTML smuggling techniques have been around for quite some time. A previous ...
HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content
September 24, 2024 | Mike Casayuran
HTML smuggling techniques have been around for quite some time. A previous ...
Spam With A Political Twist: Fraudsters Are Exploiting The Election Season
September 17, 2024 | Katrina Udquin
The US election is less than 70 days away and threat actors are busy crafting ...
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
September 13, 2024 | Jose Tozo
With the US election on the horizon, it’s a good time to explore the concept of ...
Trustwave SpiderLabs Research: 20% of Ransomware Attacks in Financial Services Target Banking Institutions
September 10, 2024 | Admin
The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the ...
Your Money or Your Data: Ransomware Readiness Planning
September 02, 2024 | David Broggy
Today’s blog installment brings us to the end of our 30-week journey that ...