Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this year SpiderLabs observed an increase in mass scanning, credential brute forcing, and exploitation attempts originating from Proton66 ASN targeting organizations worldwide that we are discussing in a two-part series. In the first part of this blog series, we investigated the malicious traffic associated with Proton66, revealing the extent of the mass scanning and exploit activities run by the SuperBlack ransomware-associated threat actors such as Mora_001.

Security operations teams face increasing threats, staffing shortages, and gaps in automation and orchestration. These challenges lead to alert fatigue, slower investigations, and increased risk. Enter Splunk SOAR 6.4, designed to streamline and enhance your security operations.

The phrase “humans are the weakest link in the security chain” is an oversimplification and lazy thinking. Why? Let’s break it down. Have you ever seen an advertisement for a product that promises to make life easier and thought, “I need that?” Choosing the simplest path to a desired outcome is not just human nature; it’s a principle of the entire animal kingdom. From an evolutionary standpoint, conserving energy for the greatest reward has always been advantageous.

Right now, today, thousands of people are being tricked into going to their banks or credit unions to withdraw large sums of cash and will give or send it to a complete stranger, never to see it again. Many of the victims are in the prime of their lives, intelligent, and consider themselves to be of above-average ability in spotting scams and scammers.

Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands.

On April 9, 2025, Blue Shield of California sent shockwaves through the healthcare industry with a data breach notification revealing that protected health information (PHI) may have been shared with Google Ads for nearly three years due to a misconfigured Google Analytics setup. This incident, affecting an undisclosed number of members, underscores the critical risks of noncompliance with HIPAA rules for online tracking technologies.

If you’ve ever wondered how companies can protect their emails from being hijacked or used for malicious purposes, the answer you’re looking for is DMARC (Domain-based Message Authentication, Reporting, and Conformance). A DMARC record is an auxiliary security configuration that can be a difference-maker in the battle between legitimate senders and threat actors. It serves as a reliable mechanism to deal with rogue emails and stave off spoofing and other email-based threats.

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission's (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no longer just a good security practice but is now a legal obligation.

The rapid rise of AI-powered applications brings innovation, but also security blind spots. As AI systems become integral to our daily lives, their security must keep pace with their capabilities. This is the focus of our AI Security Testing Series, where we analyze popular AI applications for vulnerabilities that could put users at risk. In our last analysis, we tested Deepseek’s Android app and uncovered critical security flaws.

The weakest link in your infrastructure might just be your permissions. In Kubernetes, permissions exist to protect your cluster, but if you’re not careful, they can become your number one problem. How? A single misconfigured access role in a Kubernetes cluster can open the door to a full-scale security breach. Yes, your network policies and firewalls are in place, but when a bad actor can kubectl delete a namespace from inside your cluster, the real breach point is access control.