Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

During an Advanced Continual Threat Hunt (ACTH) investigation conducted in early March 2025, Trustwave SpiderLabs identified a notable resurgence in malicious campaigns exploiting deceptive CAPTCHA verifications. These campaigns trick users into executing NodeJS-based backdoors, subsequently deploying sophisticated NodeJS Remote Access Trojans (RATs) similar to traditional PE structured legacy RATs.

Neglecting regulatory compliance obligations, whether intentional or not, is not just a procedural error but a direct invitation for significant financial penalties, operational disruption, and, in the case of a healthcare organization, creating a potentially life-threatening situation. These consequences were recently illustrated by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR).

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.

While it’s well-known that email represents a significant source of cybersecurity threats, it’s not just the text included in emails that’s worrisome; images can be malicious as well. What’s more, images in emails may also present a threat of a different kind, including data leaks and content that’s not suitable for the workplace.

SC Media and SC Media Europe have each named Trustwave's Managed Detection and Response (MDR) solution as a finalist for the publication's Best Managed Security Service awards. The 2025 SC Awards were judged across 33 specialty categories by a distinguished panel of cybersecurity professionals, industry leaders, and CyberRisk Alliance CISO community members.

How Trustwave’s FedRAMP Authorization Removes the Burden of CMMC Federal Compliance from Clients Navigating the labyrinth that is the US federal procurement system, particularly for Defense Industrial Base (DIB) companies, can be difficult. Particularly when these organizations should meet specific cybersecurity compliance standards like Cybersecurity Maturity Model Certification (CMMC).

While retail cybersecurity concerns only gain attention as the holiday shopping season approaches, the reality is retail is a 24/7/365 operation and so are its associated security issues. Recently, we sat down with Craig Searle, Director, Consulting & Professional Services in Pacific at Trustwave, to discuss the security moves retailers need to have in place. Question: Let's start off in your neighborhood and explore the Australian retail space for a moment. Is there anything unique to this region?

I think you’ll agree with me that growth in the AI landscape is pretty full-on at the moment. I go to sleep and wake up only to find more models have been released, each one outdoing the last one by several orders of magnitude, like some kind of Steve Jobs’ presentation on the latest product release, but on a daily loop. With these rapid developments, security must keep up or it will be left behind.

The phrase “humans are the weakest link in the security chain” is an oversimplification and lazy thinking. Why? Let’s break it down. Have you ever seen an advertisement for a product that promises to make life easier and thought, “I need that?” Choosing the simplest path to a desired outcome is not just human nature; it’s a principle of the entire animal kingdom. From an evolutionary standpoint, conserving energy for the greatest reward has always been advantageous.

Earlier this year SpiderLabs observed an increase in mass scanning, credential brute forcing, and exploitation attempts originating from Proton66 ASN targeting organizations worldwide that we are discussing in a two-part series. In the first part of this blog series, we investigated the malicious traffic associated with Proton66, revealing the extent of the mass scanning and exploit activities run by the SuperBlack ransomware-associated threat actors such as Mora_001.