A Cyber Threat Travelogue: Trustwave SpiderLabs Highlights Hospitality Sector Cybersecurity Challenges in 2025

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. In the 2025 Trustwave Risk Radar Report: Hospitality Sector report,…

Read More

M&S Hackers Allegedly Utilize Employee Logins from Third-Party Consulting Firm

Context Public reporting has emerged that claims ransomware group Scattered Spider gained initial access to Marks & Spencer’s (M&S) systems by compromising the login credentials of two employees from their third-party partner, Tata Consultancy Services (TCS). Cyber News reports that a source reportedly told news agencies “that at least two Tata Consultancy Services employees’ M&S logins were used…

Read More

Stolen Logins, Lost Trust: The Hidden Supply Chain Behind Account Takeovers in Retail & Hospitality

You log in to your loyalty account to cash in a year’s worth of points—only to find them wiped clean. No redemptions in your history, no trace of your perks. This isn’t a UX glitch—it’s account takeover (ATO), and it’s not personal. The cybercrime ecosystem isn’t just a place where criminals discuss how to profit…

Read More

Retail & Hospitality ISAC Announces 2025 Award Winners

VIENNA, VA (April 14, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced its 2025 award winners during the annual membership meeting held on 9 April in St. Louis, Missouri. The awards recognize outstanding companies and individuals who have displayed extraordinary dedication to RH-ISAC’s mission to build a collaborative sharing community…

Read More

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Context Ivanti has disclosed a critical vulnerability, CVE-2025-22457 (CVSS 9.0), affecting multiple product lines including Connect Secure, Policy Secure, and ZTA Gateways. The flaw, a stack-based buffer overflow, allows unauthenticated remote attackers to execute arbitrary code, and has been actively exploited in the wild. Google’s Mandiant team identified threat activity tied to UNC5221, a China-nexus group, which…

Read More