Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Deception for Zero day attacks has become a crucial strategy as these devastating exploits continue to surge rapidly. These attacks pose extreme danger because they target vulnerabilities unknown to software vendors or the public, which leaves systems defenseless without immediate patches. Attackers can exploit these vulnerabilities undetected for extended periods – from days to years. This creates a huge window for attacks before vendors can patch the problems.

SQL Injection represents the most common web application vulnerability, and justifiably so: it is the most dangerous. Attackers can inject SQL code into victims' sites and access databases, potentially allowing unauthorized access and data compromise or, worst case, full-blown compromise of the site. Shielding one's website against SQL injections would mean having to understand how SQL injections work and implement preventive measures against them.

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python packages - checker-SaGaF, stein lurks, and inner core - uploaded to PyPI.

In recent weeks, UK retail giants Marks & Spencer and the Co-op have faced serious cyber attacks that disrupted operations and compromised customer data. M&S had to suspend online orders, and both retailers experienced stock issues – all while hackers accessed personal information, though thankfully not payment details. The Co-op narrowly avoided a full-scale ransomware attack. These incidents weren’t isolated or opportunistic.

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. To help organizations in the hospitality sector address these risks, Trustwave SpiderLabs has released the 2025 Trustwave Risk Radar Report: Hospitality Sector.

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.