New attack combines credential phishing and malware, Hunters International pivots to data extortion, and ransomware remains a top threat.

Web Application Firewalls (WAFs) play an important role in protecting websites and applications from common threats. But despite their growing adoption, WAFs are often surrounded by myths and misunderstandings that can lead to ineffective implementation or underutilization. In this blog, we debunk the most common myths about WAFs and reveal the truth behind what they can and cannot do.

With DHS ending MITRE’s CVE funding, the future of global vulnerability tracking is uncertain. Here’s what it means for security teams and what comes next.

The concept of responsible disclosure is a simple one. If you find a vulnerability, you let the affected organization or software vendor know before making the information public. This gives them time to patch the vulnerability before it can be exploited. It also helps maintain trust and fosters a collaborative environment between security researchers and companies. As a cybersecurity vendor, do we want our researchers to be credited when they discover vulnerabilities? Of course.

Over the past several days, the cybersecurity community has watched closely as uncertainty swirled around the future of the MITRE-run CVE (Common Vulnerabilities and Exposures) program following a letter to its board of directors that its federal funding could abruptly end. As of this blog posting, news outlets like Reuters are reporting that a last-minute extension has been granted, providing temporary relief.

84% of board directors acknowledge cyber risk as a business risk, according to Gartner’s 2024 Board of Directors Survey (subscription required). Yet, many CISOs still find it difficult to secure enough support and resources to drive cybersecurity initiatives forward. What CISOs need most to obtain sufficient backing from the board are tools that convey cybersecurity issues effectively.

For the second consecutive year, Trustwave has been named a Representative Vendor in the just-released 2025 Gartner Market Guide for Co-Managed Security Monitoring Services. "We believe that inclusion in this report is further validation that Trustwave's offerings continue to be aligned with the needs of the market. We feel honored to be recognized in this research out of the field of over 500 participants," says Jesse Emerson, SVP of Product Management & Solutions Engineering.

The insurance sector is in the middle of a cybersecurity storm. In 2024, Indusface analyzed over 495 million attacks targeting insurance websites and APIs. The findings were alarming: attackers are no longer spraying and praying; they’re precise, persistent, and increasingly automated. Here’s what the data showed: Insurance companies, which handle high volumes of personal and financial data, cannot afford security gaps.