Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

A Year of Recognition: Trustwave's 2024 Industry Analyst Highlights

As we reflect on the past year, we're incredibly proud to share that Trustwave has been recognized by some of the most respected industry analyst firms. These accolades, spanning a variety of security services and global regions, solidify our position as a global leader in cybersecurity.

Phishing, BEC, and Beyond: How Trustwave MailMarshal Enhances Your Email Security Posture

Fact: An organization of any size has employees that receive email. Fact: Threat actors, with the help of apps like ChatGPT, are becoming more efficient at creating compelling phishing emails. Fact: The law of averages mandates an attack will succeed when a staffer is fooled and opens a malicious email or clicks on the wrong link. Fact: A robust email security strategy, which includes a Secure Email Gateway, is a must to protect against email-borne attacks.

Trustwave's 2025 Cybersecurity Predictions: AI-Powered Attacks, Critical Infrastructure Risks, and Regulatory Challenges

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Here is the latest installment. As we look ahead to 2025, the landscape of cyber threats continues to evolve, presenting new challenges for cybersecurity professionals.

Computer Users Once Again Insist '123456' and 'password' are the Pinnacle of Cybersecurity

... At least according to a recent report posted by the password manager firm NordPass. NordPasses 2024's Top 200 Most Commonly Used Passwords list reflects the sad truth that many people don't take password security seriously and believe codes like "123456" are acceptable. Then some figure, "Hey, the bad guys will never figure it out if I add a couple more digits", and use "123456789". Finally, we have those who seemingly just gave up all hope and used "password".

Analyzing Salt Typhoon: Telecom Attacker

Salt Typhoon is a Chinese-speaking threat actor that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have tied to a series of attacks that breached and exfiltrated data from several of the world's most prominent telecommunications companies. Trustwave SpiderLabs has created a deep analysis of the threat group Salt Typhoon, detailing the group's history, techniques, tactics, and procedures (TTP), and preferred targets.

Trustwave's 2025 Cybersecurity Predictions: The Rise of Generative AI Data Breaches, Quantum Computing, and Cyber Warfare

As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges. Here are some key predictions that I believe will take place or start to happen in the coming year.

'Tis the Season for Artificial Intelligence-Generated Fraud Messages

The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. The FBI noted that publicly available tools assist criminals with content creation and can correct human errors that might otherwise serve as warning signs of fraud.

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs

It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway's Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. The first rule of software security back then was never to trust user inputs.

Trustwave Named a Major Player in IDC MarketScape: Worldwide Cloud Security Services in the AI Era 2024-2025 Vendor Assessment

IDC has positioned Trustwave as a Major Player in the just released IDC MarketScape Worldwide Cloud Security Services in the AI Era 2024–2025 Vendor Assessment (IDC, November 2024) for its comprehensive set of offensive and defensive cloud security services. IDC said organizations should consider Trustwave when “Enterprises with varying levels of security maturity that require customized hybrid approach and depth of offensive and defensive security capabilities should consider Trustwave.