Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Delivering safe and reliable power around the clock is a huge challenge. A task made even more difficult by the sharp rise in cyberattacks on the energy and utilities sector. Recent research from Trustwave SpiderLabs found that cyber threats against the sector have surged by 80% year-over-year, costing organizations nearly half a million dollars more per breach than the cross-industry average of $4.8 million.

In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags.” The phrase has roots in fraud and insurance, popularized by the FTC as part of the 2003 Red Flags Rule under the Fair and Accurate Credit Transactions Act requiring credit issuers to build programs that detect identity theft via warning signs of fraud.

Security leaders are well acquainted with Shadow IT; the unsanctioned apps, services, and even devices employees adopt to bypass bureaucracy and accelerate productivity. Think rogue cloud storage, messaging platforms, or unapproved SaaS tools. These all often slip past governance until they trigger a breach, compliance issue, or operational failure. Now, a more complex threat is emerging - Shadow AI.

LevelBlue’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. LevelBlue, and its affiliated entities, do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients. Should new information arise that alters this assessment, we will provide an update directly.

Fileless malware continues to evade modern defenses due to its stealthy nature and reliance on legitimate system tools for execution. This approach bypasses traditional disk-based detection by operating in memory, making these threats harder to detect, analyze, and eradicate. A recent incident culminated in the deployment of AsyncRAT, a powerful Remote Access Trojan (RAT), through a multi-stage fileless loader. In this blog, we share some of the key takeaways from this investigation.

The old phrase “we’re only human, after all” is what cyber-adversaries are relying upon to gain access to intellectual property, data, and credentials. Adversaries prey on the humanity in us to read an unsolicited email, act out of a sense of urgency, or succumb to their scare tactics. We are bombarded with social engineering scams daily. Why do some of us fall victim while others see through veiled attempts at getting us to relinquish something of value?

Co-author: special thanks to Nikki Stanziale for their invaluable contributions to the research, insights, and development of this blog. While not listed as a primary author, their expertise and collaboration were instrumental in shaping the final content. Executive Summary Cybersecurity experts often say that humans are the weakest and most easily exploited attack vector.

“How could they see anything but the shadows if they were never allowed to move their heads?” — Plato, The Republic, Book VII.

Web Application and API Protection (WAAP) solutions have become increasingly vital in today’s cybersecurity strategies, providing essential defenses against attacks targeting web applications and APIs. It’s no surprise that APIs are growing in popularity, with 80% of companies reporting that more than half of their applications depend on APIs—a figure projected to reach 88% within the next 24 months (ESG Research, 2025).

Today marks an exciting day for LevelBlue and for the broader cybersecurity industry. I’m pleased to announce that LevelBlue has completed its acquisition of Trustwave, a global leader in cybersecurity and managed detection and response (MDR). This is more than a business transaction; it’s a strategic leap forward in our mission to redefine what it means to be a trusted cybersecurity partner in an increasingly complex, high-stakes world.