-
The State of Magecart: A Persistent Threat to E-Commerce Security
Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. Go to Source
-
Looking at the Attack Surfaces of the Sony XAV-AX8500
For the upcoming Pwn2Own Automotive contest a total of 4 head units have been selected. One of these is the single DIN Sony XAV-AX8500 that offers a variety of functionality such as wired and wireless Android Auto and Apple CarPlay as well as USB media playback and more. This blog post presents internal photos of…
-
Seven Trends to Watch for in 2025
*No generative AI was used by the author Rapid Rate of Change Still Powering Technology Here we are a quarter of the way through the 21st century and the rate of change in technology shows no signs of slowing. And, while we are not quite the jet-setting hipsters that cartoons of the 1960’s predicted, we…
-
Zero-Day Vulnerability in Ivanti VPN
It’s being actively exploited. It’s being actively exploited. Go to Source
-
Critical Vulnerability Uncovered: CVE-2025-0282 Puts Ivanti Systems at Risk
Ivanti has disclosed a critical vulnerability identified as CVE-2025-0282, affecting several of its products, including Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. With a CVSS Score of 9.0, this stack-based buffer overflow vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the target device, posing significant security risks to affected systems.…
-
ZDI Threat Hunting 2024: Highlights, Trends, & Challenges
Reflecting on 2024, it has been an eventful year for the Zero Day Initiative Threat Hunting team. Throughout the year, we identified numerous threat actor campaigns exploiting zero-day vulnerabilities, uncovered additional variants of these vulnerabilities, and discovered even more vulnerabilities through our in-the-wild research. In this blog, we will highlight some of the key achievements…
-
Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here
As 2024 has wrapped up, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Go to Source
-
Google’s Willow Quantum Chip and Its Potential Threat to Current Encryption Standards
Introduction: Google’s recent announcement of their Willow quantum processor marks a significant advancement in quantum computing technology while raising questions about the security and sustainability of current encryption methods. As quantum computers grow more powerful, cybersecurity experts grow increasingly concerned about their potential to break widely used encryption standards that protect sensitive data worldwide. Quantum…
-
US Treasury Department Sanctions Chinese Company Over Cyberattacks
From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere. From the Washington Post: The sanctions target Beijing Integrity Technology…
-
HHS Proposes Critical HIPAA Security Rule Updates to Combat Rising Cybersecurity Threats in Healthcare
The Health and Human Services Office of Civil Rights (OCR) has launched an effort to improve cybersecurity measures for a wide variety of healthcare organizations. Go to Source