Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Layer 7 DDoS Attacks: How Hackers Target the Application Layer

Layer 7 DDoS attacks—also known as application-layer attacks—target the part of your application that users interact with, like login pages, search boxes, and APIs. Unlike traditional volumetric DDoS attacks, these are stealthy, harder to detect, and can take down your app using fewer requests.

What is NoSQL Injection? | Examples & How to Prevent It

NoSQL Injection is a serious web security flaw that targets NoSQL databases like MongoDB. In this video, you’ll learn: What NoSQL injection is How attackers exploit unsanitized inputs Real-world NoSQL injection examples Best practices to prevent these attacks Secure your applications with proper input validation and safe query building techniques.

Attackers Abuse TikTok and Instagram APIs

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python packages - checker-SaGaF, stein lurks, and inner core - uploaded to PyPI.

M&S and Co-op Cyber Attacks: A Wake-Up Call for Every Business

In recent weeks, UK retail giants Marks & Spencer and the Co-op have faced serious cyber attacks that disrupted operations and compromised customer data. M&S had to suspend online orders, and both retailers experienced stock issues – all while hackers accessed personal information, though thankfully not payment details. The Co-op narrowly avoided a full-scale ransomware attack. These incidents weren’t isolated or opportunistic.

Hospitality Under Attack: New Trustwave Report Highlights Cybersecurity Challenges in 2025

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. To help organizations in the hospitality sector address these risks, Trustwave SpiderLabs has released the 2025 Trustwave Risk Radar Report: Hospitality Sector.

Key Takeaways from the IBM X-Force 2025 Threat Intelligence Index

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This approach certainly streamlines single sign-on (SSO) for end users, but it also places enormous trust in a single set of signing keys. If those private keys are compromised, attackers can create tokens that appear valid to any service that relies on them.

DDoS Protection: Insurance Policy or Proactive Defense?

Historically, smaller organizations or those outside highly targeted industries for distributed-denial-of-service (DDoS) attacks have thought of DDoS protection more akin to an insurance policy than proactive cyber defense, i.e. we’ll put some reactive processes in place “in case we get hit,” but not much more.

What Is Scattered Spider? Inside the Rise of Identity-Based Attacks

If you’ve been following major cybersecurity incidents over the past couple of years, chances are you’ve come across the name Scattered Spider. From massive casino breaches to healthcare system outages, this threat actor has become a name that CISOs don’t take lightly. But what is Scattered Spider, really? And why is this group of cybercriminals getting so much attention? Scattered Spider is a financially motivated group that came into focus around 2022.