Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An independent cybersecurity researcher claims to have uncovered a breach of an unnamed database containing 184 million records, with exposed information including emails, passwords, and login links. The kicker is that the database was all in plain text and required no password to access. Let’s count how many basic account hygiene rules this breaks—all of them. Yes, more snarkiness, but this type of ineptitude must be called out.

The cybersecurity threat landscape is constantly evolving, and Trustwave SpiderLabs has noted one of the fastest-growing threats is Phishing-as-a-Service (PhaaS). PhaaS platforms have become the go-to tool for cybercriminals to launch sophisticated phishing campaigns targeting the general public and businesses. Much like legitimate software-as-a-service platforms, PhaaS offers cybercriminals subscription-based access to powerful phishing tools—without requiring advanced technical skills.

This blog is the third part of our series on Microsoft Secure Score. Please read Part 1 and Part 2. As cyber risk escalates in complexity, the role of CIOs and CISOs has evolved far beyond IT governance. Today's security leaders are expected to deliver tangible risk reduction outcomes, maintain regulatory compliance, and support business continuity, often with constrained resources and growing accountability.

The differences between the US, the UK, and Europe are often minor but important regionally. Sometimes, we use different words to describe the same thing: French fries (US) vs. chips (UK) vs. pommes frites (France) are all fried potatoes. Sometimes, the same word can have different meanings, such as "football" and "football". Oddly, the same point holds true for Red Team testing.

The hospitality industry’s cybersecurity posture is approaching an inflection point. Businesses are increasingly having to balance cost pressures in a challenging economic environment, while balancing technological innovation with escalating threats. Australia’s regulatory reforms, including heightened penalties and critical infrastructure protections, provide a framework for resilience; yet enforcement gaps will remain.

As more details of the April ransomware attack on UK retailer Marks and Spencer are made public, we are directly witnessing the cascading repercussions that organizations face when victimized by a well-thought-out and properly executed attack. In the specific case of M&S, the UK retailer is dealing with a supply chain attack, as M&S CEO Stewart Machin confirmed in a published report.

The industry analyst firm Gartner has named Trustwave a Representative Vendor in its latest publication, 2025 Gartner Market Guide for Third-Party Risk Management Technology Solutions. Trustwave believes the report is a guide for organizations considering third-party risk management (TPRM) technology solutions from vendors that will best suit their needs.

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a large-scale phishing campaign distributed via email, attributed to "Storm-1575". Storm-1575 is known for developing and distributing a PhaaS platform with adversary-in-the-middle (AiTM) capabilities, known as "Dadsec". The team’s recent investigations have revealed that the infrastructure used by Dadsec is also connected to a new campaign leveraging the "Tycoon2FA" Phishing-as-a-Service (PhaaS) platform.

It's almost a tradition in cybersecurity circles to say the Board of Directors' ignorance or indifference on the topic is one of the biggest impediments an organization must overcome to have better security. But is this still the case?

Trustwave SpiderLabs’ just released Deep Dive: How Threat Actors Turn Vulnerabilities into Big Business offers an amazing look at how threat actors use information from hospitality victims to conduct a myriad of fraudulent activities.