Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain Attacks: What You Should Know

Supply-chain attacks may not grab the headlines in the same way as ransomware or data breaches, but these horrific, sneaky cyberattacks are just as dangerous for your business. Here are five things you need to know about supply chain attacks, including what they are, why they happen, and how to prevent them.

Babuk2 Bjorka: The Evolution of Ransomware for 'Data Commoditization'

An investigation that started with a tip from one of our threat intel sources about the revival of the Babuk (figure 1) threat group has led Trustwave SpiderLabs to uncover what appears to be a paradigm shift in the ransomware landscape. Figure 1. SpiderLabs telemetry (January 2025 events). Figure 1A. February to March events. Figure 1B. SpiderLabs telemetry (March 2025 events).

Top 10 Cybersecurity Threats WAFs Prevent

A Web Application Firewall (WAF) is your first line of defense against internet traffic that can be both legitimate and malicious. It helps protect your web applications, websites, and servers from various cyber-attacks by filtering out harmful traffic. WAF (WAAP) is essential for web security as it quickly identifies and addresses vulnerabilities in applications and servers.

4-Time Technology Excellence Leader in the SPARK Matrix

The cybersecurity market continues to become more crowded, making it increasingly difficult for organizations to separate hype from reality and find security solutions that truly meet their needs. Messages sound the same. Demos look impressive, but how much is vision? And when the rubber meets the road, it’s hard to know what to expect in terms of the deployment, user experience, and impact to the business.

Why WMS Is Now the Heart of a Smart Warehouse: The Tech Advantage in Logistics

Imagine running a warehouse where every order lands on time, inventory updates in real time, and picking errors are nearly extinct. Sounds futuristic? Not anymore. In today's high-speed logistics landscape, Warehouse Management Systems (WMS) have become more than just software-they're the nerve center of efficient, tech-driven operations. And if your warehouse isn't running on WMS yet, you're already behind.

The Secrets of Test Coverage in Software Development

Test coverage is a fundamental aspect of creating reliable and high-performing software. When applied effectively, it provides a clear measurement of what parts of your codebase are being tested, identifying gaps that could allow subtle bugs to creep into production. Whether you're constructing a small application or managing a complex digital ecosystem, test coverage ensures that software performs as intended and gains users' trust.

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication (BOLA) and broken function-level authentication (BFLA), remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. It will also discuss potential approaches for improving API security posture.

Federal Desktop Core Configuration (FDCC/USGCB) Compliance

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista. FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under lingering FDCC compliance obligations.

CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.