Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

LevelBlue’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. LevelBlue, and its affiliated entities, do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients. Should new information arise that alters this assessment, we will provide an update directly.

Fileless malware continues to evade modern defenses due to its stealthy nature and reliance on legitimate system tools for execution. This approach bypasses traditional disk-based detection by operating in memory, making these threats harder to detect, analyze, and eradicate. A recent incident culminated in the deployment of AsyncRAT, a powerful Remote Access Trojan (RAT), through a multi-stage fileless loader. In this blog, we share some of the key takeaways from this investigation.

The old phrase “we’re only human, after all” is what cyber-adversaries are relying upon to gain access to intellectual property, data, and credentials. Adversaries prey on the humanity in us to read an unsolicited email, act out of a sense of urgency, or succumb to their scare tactics. We are bombarded with social engineering scams daily. Why do some of us fall victim while others see through veiled attempts at getting us to relinquish something of value?

Co-author: special thanks to Nikki Stanziale for their invaluable contributions to the research, insights, and development of this blog. While not listed as a primary author, their expertise and collaboration were instrumental in shaping the final content. Executive Summary Cybersecurity experts often say that humans are the weakest and most easily exploited attack vector.

“How could they see anything but the shadows if they were never allowed to move their heads?” — Plato, The Republic, Book VII.

Web Application and API Protection (WAAP) solutions have become increasingly vital in today’s cybersecurity strategies, providing essential defenses against attacks targeting web applications and APIs. It’s no surprise that APIs are growing in popularity, with 80% of companies reporting that more than half of their applications depend on APIs—a figure projected to reach 88% within the next 24 months (ESG Research, 2025).

Today marks an exciting day for LevelBlue and for the broader cybersecurity industry. I’m pleased to announce that LevelBlue has completed its acquisition of Trustwave, a global leader in cybersecurity and managed detection and response (MDR). This is more than a business transaction; it’s a strategic leap forward in our mission to redefine what it means to be a trusted cybersecurity partner in an increasingly complex, high-stakes world.

APIs operate throughout the digital world to support mobile applications, enable cloud capabilities, power GenAI tools, and conduct invisible operations during every digital interaction. As the growth of API usage accelerates, Akamai’s 2024 API Security Impact Report shows that organizations find it difficult to align their security efforts with the expanding risk domain.

In 2024, the average cost of an insider threat incident reached $17.4 million. When you consider that these types of incidents happen daily, it becomes clear that we’re facing a frequent and expensive danger. So, what is an insider threat? Today, it means much more than a data leak; it’s a strategic vulnerability that can disrupt business continuity.

To keep pace with rapidly evolving threats and the decreasing breakout times of attackers, the LevelBlue security operations team leverages multiple tools and key partnerships to shorten the time between detection and response. Below are some examples of the tools used by our SOC and some of the circumstances in which each tool would be used.