SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign
May 28, 2026 | Maor Gabay
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
From WinRE to SYSTEM: Hunting CVE-2026-45585 Exploitation and the MiniPlasma Attack Chain
May 22, 2026 | Serhii Melnyk
Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has ...
Threat Analysis: Backdoored Electron Apps Evading Defenses
May 08, 2026 | Michael Morose
This Threat Analysis report is part of the “Purple Team Series” in which the ...
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
May 07, 2026 | Mahadev Joshi
LevelBlue’s Security Services issues Threat Analysis reports to inform on ...
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
April 23, 2026 | Serhii Melnyk, King Orande, Cris Tomboc, Sean Shirley
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team continues to observe a ...
Go With the Flow: Abusing OAuth Device Code Flow
April 20, 2026 | Jakub Wiewiorski
In early 2026, phishing attacks are still among the top contributors to the ...
Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead
April 13, 2026 | Jamie Mamroe
One of the fastest growing initial access techniques we are seeing right now is ...
Trojanized CPUID HWMonitor Installer Delivers Fileless .NET Payload via Obfuscated IPv6 Scriptlet
April 10, 2026 | Sean Shirley
Overview Recent reporting has identified a trojanized version of the CPUID ...
Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign
April 09, 2026 | King Orande and Cris Tomboc
The LevelBlue SpiderLabs team examined the latest version of ErrTraffic, which ...
Azure ServiceBus WebSockets as a C2 Channel
March 24, 2026 | Stuart White
In offensive security, the ability to blend seamlessly with legitimate traffic ...
Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure
March 23, 2026 | Sean Shirley
Recently LevelBlue SpiderLabs initiated an investigation into a multi-stage ...
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault
March 19, 2026 | Shabtay Barel, Serhii Melnyk, Rodel Mendrez
This report expands LevelBlue’s ongoing investigation into a multi-stage ...
KongTuke: A King Among Threat Groups
March 18, 2026
This blog is the latest in a series that delves into the deep research ...
Phishing with OAuth Redirect
February 18, 2026 | Federico Cedolini
The LevelBlue SpiderLabs team identified phishing emails in January 2026 that ...
Pwning Malware with Ninjas and Unicorns
February 16, 2026 | Cade Wriglesworth
During a DFIR engagement, LevelBlue was asked to assist with reverse ...
How ClickFix Opens the Door to Stealthy StealC Information Stealer
February 12, 2026 | Rodel Mendrez
This analysis examines a complete attack chain targeting Windows systems ...
Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign
February 11, 2026 | Bernard Bautista
In this investigation, we tracked a malware spam campaign that ultimately ...
Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis
February 10, 2026 | King Orande
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 3
February 05, 2026 | Alexander Sevtsov, Chen Aviani
In the first two parts of our LockBit 5.0 series, we provided a comprehensive ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 2
February 04, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
In the first part of our LockBit 5.0 series, where we analyzed 19 samples of ...
LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments
January 30, 2026 | SpiderLabs Researcher
The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1
January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
This three-part blog series presents an analysis of 19 samples of a ...
Threat Intelligence News from LevelBlue SpiderLabs January 2026
January 06, 2026
January 2026
Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors
June 24, 2025 | Nathaniel Morales
Dire Wolf is a newly emerged ransomware group first observed in May 2025 and ...
2025 Trustwave Risk Radar Report: Healthcare Sector: Key Risks and Defensive Measures
March 26, 2025
Rising Cyber Threats in Healthcare – Discover the latest cybersecurity risks ...
2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
October 29, 2024
As the holiday shopping season approaches, the 2024 Trustwave Risk Radar ...
Why Do Criminals Love Phishing-as-a-Service Platforms?
September 23, 2024 | Rodel Mendrez
Phishing-as-a-Service (PaaS) platforms have become the go-to tool for ...
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
September 13, 2024 | Jose Tozo
With the US election on the horizon, it’s a good time to explore the concept of ...