KongTuke: A King Among Threat Groups
March 18, 2026
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
Phishing with OAuth Redirect
February 18, 2026 | Federico Cedolini
The LevelBlue SpiderLabs team identified phishing emails in January 2026 that ...
Pwning Malware with Ninjas and Unicorns
February 16, 2026 | Cade Wriglesworth
During a DFIR engagement, LevelBlue was asked to assist with reverse ...
How ClickFix Opens the Door to Stealthy StealC Information Stealer
February 12, 2026 | Rodel Mendrez
This analysis examines a complete attack chain targeting Windows systems ...
Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign
February 11, 2026 | Bernard Bautista
In this investigation, we tracked a malware spam campaign that ultimately ...
Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis
February 10, 2026 | King Orande
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 3
February 05, 2026 | Alexander Sevtsov, Chen Aviani
In the first two parts of our LockBit 5.0 series, we provided a comprehensive ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 2
February 04, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
In the first part of our LockBit 5.0 series, where we analyzed 19 samples of ...
LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments
January 30, 2026 | SpiderLabs Researcher
The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1
January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
This three-part blog series presents an analysis of 19 samples of a ...
Threat Intelligence News from LevelBlue SpiderLabs January 2026
January 06, 2026
January 2026
Why Do Criminals Love Phishing-as-a-Service Platforms?
September 23, 2024 | Rodel Mendrez
Phishing-as-a-Service (PaaS) platforms have become the go-to tool for ...
Hypervisor Development in Rust for Security Researchers (Part 1)
September 06, 2024
In the ever-evolving field of information security, curiosity and continuous ...
AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
January 05, 2024 | Fernando Martinez
Executive summary LevlBlue Labs has identified a campaign to deliver AsyncRAT ...
Detecting “Effluence”, An Unauthenticated Confluence Web Shell
November 09, 2023 | Zachary Reichert
Discovering Effluence, a unique web shell accessible on every page of an ...
Mac systems turned into proxy exit nodes by AdLoad
August 10, 2023 | Fernando Martinez
AdLoad malware is still infecting Mac systems years after its first appearance ...
PRISM attacks fly under the radar
August 23, 2021 | Fernando Dominguez
LevelBlue SpiderLabs has recently discovered a cluster of Linux ELF executables ...
Automated Padding Oracle Attacks With PadBuster
September 14, 2010 | Brian Holyfield
An automated script for performing Padding Oracle attacks.