Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be used by JavaScript developers for access to millions of packages. This campaign trojans unsecured npm packages with malicious code that is automatically executed when developers using that package update to the trojaned version.

Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.

The merits of deploying offensive testing to strengthen an organization’s security posture are well-understood by today’s security leadership. Much to the relief of defenders, obtaining approval for an offensive security exercise has never been easier. However, the process of selecting the most appropriate offensive testing solution requires untangling overlapping definitions and vaguely defined terminology that leaves security teams more confused than when they started.

Black Friday is only days away, and despite many stores sneaking holiday decorations onto their shelves since mid-September, it marks the official start of the December shopping frenzy. The coming days will not only bring a massive surge in sales, but also an equally large spike in cyber threats. For retailers of all sizes, this peak season is prime time for cybercriminals to exploit vulnerabilities.

This article is part of a monthly LevelBlue series that explores the evolving world of AI governance, trust, and responsibility. Each month, we look at how organizations can use artificial intelligence safely, thoughtfully, and with lasting impact. Artificial intelligence has moved from being an experiment to becoming an expectation. It now shapes how decisions are made, how customers are supported, and how innovation happens. As AI grows in influence, so does the need to manage it wisely.

Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes that not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.

Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes that not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.

LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being exploited by threat actors to compromise vulnerable Windows Server users.

In eight short minutes on October 25, 2025, a group of thieves captured the world’s attention and imagination, perpetuating a daring heist in broad daylight and escaping with approximately €88 million worth of prized artwork from the planet’s most visited museum: The Louvre. Within the security community, the first successful robbery from the iconic Parisian landmark since 1998 was a bombshell story.