Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. To help organizations in the hospitality sector address these risks, Trustwave SpiderLabs has released the 2025 Trustwave Risk Radar Report: Hospitality Sector.

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.

Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This approach certainly streamlines single sign-on (SSO) for end users, but it also places enormous trust in a single set of signing keys. If those private keys are compromised, attackers can create tokens that appear valid to any service that relies on them.

Historically, smaller organizations or those outside highly targeted industries for distributed-denial-of-service (DDoS) attacks have thought of DDoS protection more akin to an insurance policy than proactive cyber defense, i.e. we’ll put some reactive processes in place “in case we get hit,” but not much more.

If you’ve been following major cybersecurity incidents over the past couple of years, chances are you’ve come across the name Scattered Spider. From massive casino breaches to healthcare system outages, this threat actor has become a name that CISOs don’t take lightly. But what is Scattered Spider, really? And why is this group of cybercriminals getting so much attention? Scattered Spider is a financially motivated group that came into focus around 2022.

Identity-based attacks have become the predominant vector for sophisticated threat actors targeting enterprise networks, particularly those using Microsoft Active Directory. Active Directory (AD), which serves as the authentication and authorization framework in over 90% of organizations, represents a critical attack surface that, when compromised, provides adversaries with extensive capabilities for lateral movement, privilege escalation, and data exfiltration.

Dependency management is one of the biggest challenges in modern software development. Large projects often rely on dozens or even hundreds of libraries. Each one can introduce new vulnerabilities or even malicious code. Attackers sometimes upload fake packages to popular open-source repositories, hoping that build systems will download these packages automatically. This problem is made worse by transitive dependencies, where a single library might include several other libraries under the hood.

Our security monitoring systems recently flagged a suspicious npm package, os-info-checker-es6, which represents a sophisticated and evolving threat within the npm ecosystem. What initially appeared as a simple OS information utility quickly unraveled into a sophisticated multi-stage malware attack. This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final payload.