Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.

Oct 16, 2025 How AI is Transforming Application Security Testing Read More Natalie Tischler Oct 14, 2025 Veracode Named a Leader in Gartner Magic Quadrant for AST for 11th Consecutive Time Read More Joe Ariganello Oct 9, 2025 The Business Case for Investing in AppSec Tools Read More Natalie Tischler.

This blog discusses PhishinGit, a phishing campaign uncovered by CYJAX that abuses GitHub.io pages to distribute malware disguised as Adobe downloads. It explains how threat actors used Browser-in-the-Browser (BitB) techniques, Dropbox-hosted payloads, and anti-analysis JavaScript to evade detection. The blog also explores the attack chain, observed mitigations, MITRE ATT&CK mapping, and indicators of compromise (IOCs) to help organisations identify and defend against similar threats.

The statistics in our Ransomware Report are sobering: ransomware attacks occur roughly every 11 seconds, with 85% of organizations suffering at least one attack within a 12-month period. For IT professionals managing critical infrastructure, the question isn’t if you’ll face a cyber incident—it’s when. The numbers are staggering: cybercrime damages are projected to reach $23 trillion annually by 2027.

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups and malware currently operating globally.

XWorm malware reemerges with ransomware, Microsoft disrupts multiple threats targeting Teams, and Storm-1175 exploits a critical GoAnywhere MFT vulnerability.