SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies
July 21, 2025 | Nikita Kazymirskyi
Dark web travel agencies remain a persistent niche in the cybercrime ecosystem. ...
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
July 18, 2025 | Serhii Melnyk
Malicious APKs (Android Package Kit files) continue to serve as one of the most ...
KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles
July 16, 2025 | Nathaniel Morales and John Basmayor
KAWA4096, a ransomware whose name includes "Kawa", the Japanese word for ...
The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone
June 18, 2025 | Arthur Erzberger
The Israel-Iran conflict is barely a week old, but the security repercussions ...
PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations
May 28, 2025 | Cris Tomboc and King Orande
Phishing-as-a-Service (PhaaS) platforms have significantly reshaped the ...
The Blind Spots of Multi-Agent Systems: Why AI Collaboration Needs Caution
May 23, 2025 | Muhammad Ahmad
Multi-agent systems (MAS) are reshaping industries from IT services to ...
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities
May 06, 2025 | Karl Biron
Let’s explore the critical role of Modbus in energy and manufacturing systems, ...
Bring Your Own Installer: Bypassing EDR Through Agent Version Change Interruption
May 05, 2025 | John Ailes and Tim Mashni
Bring Your Own Installer is a technique which can be used by threat actors to ...
Yet Another NodeJS Backdoor (YaNB): A Modern Challenge
April 29, 2025 | Reegun Jayapaul
During an Advanced Continual Threat Hunt (ACTH) investigation conducted in ...
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
April 17, 2025 | Pawel Knapczyk, Dawid Nesterowicz
Earlier this year SpiderLabs observed an increase in mass scanning, credential ...
Proton66 Part 1: Mass Scanning and Exploit Campaigns
April 14, 2025 | Pawel Knapczyk, Dawid Nesterowicz
Trustwave SpiderLabs continuously tracks a range of malicious activities ...
Tycoon2FA New Evasion Technique for 2025
April 10, 2025 | Rodel Mendrez
The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at ...
Babuk2 Bjorka: The Evolution of Ransomware for ‘Data Commoditization’
April 01, 2025 | John Basmayor
An investigation that started with a tip from one of our threat intel sources ...
Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 1
March 19, 2025 | Karl Biron
Picture this: an always-awake, never-tired, high-speed librarian that instantly ...
DNSForge – Relaying with Force
March 12, 2025 | Apurva Goenka
Introducing a new attack mode for greater flexibility and customization.
A Deep Dive into Strela Stealer and how it Targets European Countries
March 06, 2025 | Dawid Nesterowicz
Infostealers have dominated the malware landscape due to the ease of threat ...
The Rise of Email Marketing Platforms for Business Email Compromise Attacks
February 18, 2025 | Maria Katrina Udquin
In a statistical report published in September 2024 by the Federal Bureau of ...
Beyond the Chatbot: Meta Phishing with Fake Live Support
February 04, 2025 | Mike Casayuran and John Kevin Adriano
In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals ...
Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector
January 22, 2025
The energy sector plays a crucial role in national security by ensuring the ...
The New Face of Ransomware: Key Players and Emerging Tactics of 2024
January 21, 2025 | Serhii Melnyk
As we step into 2025, the high-impact, financially motivated ransomware ...
The Database Slayer: Deep Dive and Simulation of the Xbash Malware
January 14, 2025 | Karl Biron
In the world of malware, common ransomware schemes aim to take the data within ...
The State of Magecart: A Persistent Threat to E-Commerce Security
January 09, 2025 | Rodel Mendrez
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward ...
Email Bombing: Why You Need to be Concerned
December 18, 2024 | Phil Hay
Over the last few months, the topic of email bombing has been brought to our ...
When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
December 10, 2024 | Tom Neaves
It was a cold and wet Thursday morning, sometime in early 2006. There I was ...
Emerging Risks in Third-Party AI Solutions and How to Help Address Them
December 04, 2024 | Scott Swanson and Kris Kimmerle
As the cyber threat landscape changes due the introduction of new threat ...
Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns
November 27, 2024 | Diana Solomon and John Kevin Adriano
Welcome to the second part of our investigation into the Rockstar kit, please ...
CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
November 27, 2024 | Pauline Bolaños
On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a ...
Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)
November 26, 2024 | Diana Solomon and John Kevin Adriano
Trustwave SpiderLabs has been actively monitoring the rise of ...