Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Payment Card Industry Data Security Standard (PCI DSS) has long been recognized as the gold standard for payment security, establishing rigorous protocols for organizations that handle credit and debit card data. Designed to bolster defenses and minimize the risk of costly data breaches, PCI DSS is now poised for a major evolution. With the introduction of PCI DSS 4.0, new compliance requirements will become mandatory starting March 31, 2025.

In a statistical report published in September 2024 by the Federal Bureau of Investigation (FBI), it was revealed that more than US$55 billion was lost to business email compromise (BEC) attacks between October 2013 and December 2023. This profitability drives attackers to further their techniques and adapt to security filters. BEC is a highly sophisticated and researched scam that aims to bait a specific type of employee or department in a company.

The Financial Industry Regulatory Authority (FINRA) recently released the 2025 FINRA Annual Regulatory Oversight Report, which observed an increase in the variety, frequency, and sophistication of insider threats by threat groups.

As bad actors use artificial intelligence to step up their phishing game, mounting an effective defense means using a secure email gateway that likewise employs AI to detect even the most cleverly crafted phishing emails and the fraudulent websites to which the emails attempt to direct recipients. The concern is not just with generative AI (GenAI) tools like ChatGPT, which has some (rather limited) guardrails to prevent nefarious use.

When remote work became mandatory in the wake of the 2020 COVID pandemic, organizations had to quickly dispatch staffers to their homes with all the equipment, and services, they would need to do their jobs. However, as organizations ranging from the US government to JP Morgan Chase to Amazon, have all put out a call for their workers to return to the office, security issues will again become paramount.

For the sixth consecutive year, the leading channel publication CRN named Trustwave to its 2025 Managed Service Provider (MSP) 500 list in its Security 100 category. The Trustwave Global Channel Partner Program earned this honor by providing one of the industry's most extensive collections of security products and services. These offerings cater to enterprise requirements in threat detection and response, as well as vulnerability and risk management.

The recent UK Home Office proposal designed to hinder and disrupt ransomware operations through several proposed measures, including a targeted ban on ransomware payments, has again brought this question into the public square. The question of whether to pay a ransom demand is a decades-long argument with ardent opinions on both sides.

While Chief Information Security Officers (CISOs) know how crucial a consistent enterprise penetration testing program is to their cybersecurity program, convincing their fellow leaders and board members to invest in pen testing amid other budget demands can be challenging. The key is to speak to these leaders in terms they readily understand, focusing largely on risk.

Two newcomers have made their way onto the ransomware threat group stage, becoming the biggest threat to the energy and utilities sector in 2025. According to the most recent data from Trustwave SpiderLabs’ Energy and Utilities Sector Deep Dive: Ransomware Threat Groups, Hunters International and Qilin (pronounced Chee Lin) displaced LockBit as the most active group attacking these sectors.

In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger chatbots to execute social engineering attacks, deceiving users into falling victim to scams and phishing schemes. These attacks often rely on the perceived legitimacy of automated systems to manipulate users into sharing sensitive information.