|
By Karl Sigler
Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be used by JavaScript developers for access to millions of packages. This campaign trojans unsecured npm packages with malicious code that is automatically executed when developers using that package update to the trojaned version.
|
By Trustwave
Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.
|
By Sandun Bambarandage
The merits of deploying offensive testing to strengthen an organization’s security posture are well-understood by today’s security leadership. Much to the relief of defenders, obtaining approval for an offensive security exercise has never been easier. However, the process of selecting the most appropriate offensive testing solution requires untangling overlapping definitions and vaguely defined terminology that leaves security teams more confused than when they started.
|
By Trustwave
Black Friday is only days away, and despite many stores sneaking holiday decorations onto their shelves since mid-September, it marks the official start of the December shopping frenzy. The coming days will not only bring a massive surge in sales, but also an equally large spike in cyber threats. For retailers of all sizes, this peak season is prime time for cybercriminals to exploit vulnerabilities.
This article is part of a monthly LevelBlue series that explores the evolving world of AI governance, trust, and responsibility. Each month, we look at how organizations can use artificial intelligence safely, thoughtfully, and with lasting impact. Artificial intelligence has moved from being an experiment to becoming an expectation. It now shapes how decisions are made, how customers are supported, and how innovation happens. As AI grows in influence, so does the need to manage it wisely.
Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.
|
By Jason Shepherd
Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes that not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.
|
By Jason Shepherd
Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes that not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.
Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287
|
By Fernando Martinez
LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being exploited by threat actors to compromise vulnerable Windows Server users.
In eight short minutes on October 25, 2025, a group of thieves captured the world’s attention and imagination, perpetuating a daring heist in broad daylight and escaping with approximately €88 million worth of prized artwork from the planet’s most visited museum: The Louvre. Within the security community, the first successful robbery from the iconic Parisian landmark since 1998 was a bombshell story.
|
By Trustwave
Professional services firms, including legal service entities, are prime targets for cyberattacks due to the wealth of sensitive data they hold. This treasure trove includes intellectual property, financial information, legal documents, and personal client details. A cyberattack can severely damage a firm's reputation, as clients entrust them with keeping their data confidential and secure. As a result, robust cybersecurity is a critical priority for these information-rich firms.
|
By Trustwave
Filmed at CISO Sydney 2024 by AZK Media, this exclusive conversation with Amelia Gowa, Trustwave’s NSW State Director, explores the key cybersecurity challenges facing organizations today. In this interview, Amelia shares her insights on: The evolving threat landscape in 2025 How AI, IoT, and cloud are reshaping cybersecurity risks The impact of third-party dependencies and shadow IT Why a proactive, intelligence-led security strategy is essential.
|
By Trustwave
Trustwave is officially the first pure-play MDR provider to attain FedRAMP authorization! This milestone isn’t just a win for us, it’s a game-changer for federal and commercial organizations. With a continuously vetted security operations platform, parity across global regions, and a commitment to next-gen cloud security, we're setting the bar higher than ever. Hear from Trustwave Government Solutions President, Bill Rucker, on what this means for security, compliance, and the future of managed detection and response.
|
By Trustwave
How do you know that your organization is not breached at this very moment? Many threats are designed to lurk in the shadows, going undetected before causing damage and extracting confidential data from unassuming organizations. And a traditional threat hunt searching for known Indicators of Compromise (IoCs) doesn’t always detect the threats designed to evade.
|
By Trustwave
An exclusive look inside Trustwave Spiderlabs, where our commitment to excellence in financial and technical services shines through every test we conduct. Join Damian Archer, Vice President of Trustwave Spiderlabs, as he unveils the secrets to substantial cost savings while maintaining the highest quality standards.
|
By Trustwave
Don’t let complexity and cyber threats get in the way of moving your business forward. Trustwave Managed Detection and Response (MDR) is an industry-leading rapid threat detection and response service. We monitor, investigate, and respond to active threats to your business 24x7. Augment your team today with cyber experts for superior protection against the most sophisticated threats.
|
By Trustwave
Trustwave Managed Detection and Response services integrate with Microsoft Defender for Endpoint to take containment, eradication, and recovery actions directly on the endpoint, delivering a streamlined experience for the end users. For further information on how to truly integrate your cyber defense team with industry-leading services and technologies, watch our overview of how Trustwave partners with Microsoft.
|
By Trustwave
Scale your organization’s cyber defense program by harnessing the power of industry-leading Trustwave Managed Detection and Response services by leveraging industry-leading Microsoft Sentinel. In this brief video overview, we cover: View the video for further insight into the partnership of Trustwave and Microsoft.
|
By Trustwave
As organizations turn away from legacy branch routers in favor of secure SD-WAN solutions, Trustwave has the security solutions to help.
|
By Trustwave
In today’s threat environment, the reality is that most organizations will inevitably experience a breach. At Trustwave, our job is detecting, containing and eradicating those threats with Managed Threat Detection and Response (MTDR) services. Find out how we provide you with the security outcomes you need, so that you can stay focused on doing what you do best… keeping your organization running.
|
By Trustwave
It is no secret that many organizations can do better with their security programs. Zero Trust allows for an evolution of an organization's strategy. It also forces organizations to rethink their approach to securing data to meet the requirements of data privacy regulations and expectations from their customers and business partners. Risk-minded organizations take the Zero Trust mindset and adopt it as best they can to fit their current and future state infrastructure.
|
By Trustwave
In today's hyper-connected world, cyberattack risks have never been more pronounced. Threat actors continue to develop malicious, ingenious tricks and techniques to stay one step ahead of security systems and response specialists. As a result, a more focused and proactive approach to detecting, investigating, and responding to threats is required. In this guide, we break down the comparison between Managed Detection and Response (MDR) and Managed Security Services (MSS) and how to determine what to look for in providers.
|
By Trustwave
Cybercrime continues to rise, and Financial Services organizations are often a prime target due to their valuable data. While no strangers to maintaining strong security strategies, it can be exhausting staying one step ahead of the threats.
|
By Trustwave
Relational databases and big data stores are a prime target for attackers due to the amount of sensitive information residing within, such as customer information, intellectual property and proprietary secrets. For more than 20 years, the database security experts at Trustwave have helped organizations design, implement and maintain database security programs to meet their specific business, security and compliance objectives.
|
By Trustwave
Government agencies are faced with the complexity of what needs to be done to meet the Executive Order 14028 requirements. This whitepaper provides guidance on how to comply with the Executive Order and how it applies to securing critical databases.
|
By Trustwave
Wondering what the underground world of cybercrime looks like following after a year of unprecedented events? Bad actors capitalize on these events - from political unrest and economic instability to changing workforce dynamics and ongoing public health concerns - putting organizations of all sizes and across all industries at increased risk. Learning more about these new and innovative exploits, which take advantage of unprecedented global circumstances, allows you to make more informed decisions regarding your security posture.
|
By Trustwave
If your organization is using or plans to move to Microsoft 365, learn what to expect from an email security, data protection and management perspective. Read our latest whitepaper In, Out and Around: 360° Security for Microsoft 365 for insights into protecting Microsoft 365 email in these key areas.
|
By Trustwave
The ever-shifting threat landscape coupled with the increased risk and loss of confidential information through previous breaches, defending protected controlled unclassified information within the DIB supply chain is increasingly difficult. The Department of Defense (DoD) determined that its supply chain faced an unacceptable amount of risk, resulting in the transition from self-certification to the creation of the CMMC (Cybersecurity Maturity Model Certification), which requires third-party assessments and certification of compliance.
- December 2025 (2)
- November 2025 (12)
- October 2025 (20)
- September 2025 (19)
- August 2025 (22)
- July 2025 (27)
- June 2025 (22)
- May 2025 (25)
- April 2025 (26)
- March 2025 (25)
- February 2025 (20)
- January 2025 (19)
- December 2024 (18)
- November 2024 (20)
- October 2024 (21)
- September 2024 (22)
- August 2024 (21)
- July 2024 (25)
- June 2024 (24)
- May 2024 (19)
- April 2024 (28)
- March 2024 (25)
- February 2024 (15)
- January 2024 (20)
- December 2023 (12)
- November 2023 (13)
- October 2023 (16)
- September 2023 (17)
- August 2023 (25)
- July 2023 (15)
- June 2023 (20)
- May 2023 (17)
- April 2023 (17)
- March 2023 (17)
- February 2023 (12)
- January 2023 (8)
- December 2022 (15)
- November 2022 (14)
- October 2022 (13)
- September 2022 (9)
- August 2022 (13)
- July 2022 (9)
- June 2022 (14)
- May 2022 (12)
- April 2022 (8)
- March 2022 (14)
- February 2022 (11)
- January 2022 (15)
- December 2021 (14)
- November 2021 (8)
- October 2021 (5)
- September 2021 (2)
- August 2021 (2)
- July 2021 (2)
- January 2021 (1)
- October 2020 (1)
- July 2020 (5)
- June 2020 (2)
- May 2020 (3)
Trustwave is recognized as a global security leader in managed security services (MSS) and managed detection and response (MDR). With more than 2,000 world-class security professionals operating on behalf of clients across 96 countries, Trustwave helps organizations across the globe detect and respond to threats 24x7 in the hybrid multi-cloud world.
The elite Trustwave SpiderLabs team provides award-winning threat research and intelligence, which is infused into Trustwave services and products to fortify cyber resilience in the age of advanced threats.
Recognized as a Leader in Stopping Threats:
- Detection and Response: Helping clients design and advance their cyberthreat operations , adding 24x7 monitoring capacity, threat hunting and rapid response.
- Threat Protection: Services and solutions to help organizations protect data, assets and users.
- Continuous Testing: Helping clients reduce risks in their ever-evolving attack surface to better discover, manage and remediate vulnerabilities.
Cyber resilience for the hybrid, multi-cloud world.