Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute-force and spearphishing techniques. Threat actors initially attempted to brute-force multiple user accounts. After those efforts were unsuccessful, they pivoted to spearphishing by sending spoofed emails that appeared to originate from internal users. These emails used the subject line “Reminder-Your-to-do-list” and contained a malicious.HTM attachment.

CVE-2024-58248: Race condition vulnerability leaves nopCommerce at risk of single-packet attacks

I recently discovered an interesting race condition vulnerability in the eCommerce software nopCommerce, during a manual pen test as part of the SWAT service (SWAT is Outpost24’s Pen Testing as a Service solution). This vulnerability (CVE-2024-58248) involves nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack.

Third-Party Breaches: Why You Should be Prioritizing Supply Chain Cyber Risk Today

Look at any collection of top 10 organizational security concerns from recent years, and “third-party breaches” are consistently high on the list. These attacks have caused financial and reputational damage to every sector, from banks to healthcare systems to retail to governments. And the problem is growing. Recent statistics highlight just how severe the issue has become.

Minimizing False Positives: Enhancing Security Efficiency

Organizations waste enormous amounts of time chasing down security alerts that turn out to be nothing. Recent research from May 2025 shows that 70% of a security team's time is spent investigating alerts that are false positives, wasting massive amounts of time in the investigation rather than working on proactive security measures to improve organizational security posture.

Prescription for Protection: Healthcare Industry Observations from CrowdStrike Investigations

The healthcare sector continues to be a prime target for cyber adversaries, with threat actors constantly evolving their tactics to exploit vulnerabilities. Over the past year, CrowdStrike Services responded to a growing number of financially motivated attacks aimed at encrypting data and extorting victims across the healthcare ecosystem.

Machine Identity Management: How to Discover, Manage, and Secure

Machine identities have quietly become the backbone of digital infrastructure, outnumbering human users in most enterprise environments. While they don’t forget passwords or call tech support, they do introduce a unique set of security and operational risks. Unlike human users, machine identities (like service accounts, API keys, bots, and microservices) often operate with highly permissive access rights and weak or nonexistent authorization policies.

Trustwave's Next Chapter: Joining Forces with LevelBlue to Create the World's Biggest MSSP

As CEO of Trustwave, I’m excited to share a pivotal development in our journey to deliver world-class cybersecurity to our clients: Trustwave has signed a definitive agreement to be acquired by LevelBlue, a global leader in AI-driven managed security services. This marks a significant milestone not only for our company but for the entire cybersecurity industry, as it brings together two recognized innovators to create the world’s largest pure-play Managed Security Services Provider (MSSP).

The Evolution of Data Loss Prevention: From Perimeter to Insider Risk

Data loss prevention, or DLP as most of us know it, began as a strategy to control how information was stored and moved within organizations. Ultimately the goal was to prevent data from leaving. The premise was simple – identify where sensitive data was stored, define what could or couldn’t happen to it, and enforce those rules through network and endpoint controls. These early DLP tools relied heavily on static content inspection and then blocking or alerting based on pre-configured rules.