SpiderLabs Blog
Explore the latest threats, critical vulnerability disclosures, cutting-edge research, and intelligence from our elite global threat experts.
Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE
April 29, 2026 | John Lopez
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
Go With the Flow: Abusing OAuth Device Code Flow
April 20, 2026 | Jakub Wiewiorski
In early 2026, phishing attacks are still among the top contributors to the ...
RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait
April 17, 2026
A newly disclosed zero-day vulnerability, dubbed RedSun, is raising fresh ...
Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead
April 13, 2026 | Jamie Mamroe
One of the fastest growing initial access techniques we are seeing right now is ...
Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign
April 09, 2026 | King Orande and Cris Tomboc
The LevelBlue SpiderLabs team examined the latest version of ErrTraffic, which ...
Major Supply Chain Compromise in the Popular axios npm Package
April 03, 2026 | Karl Sigler
On March 30, 2026, two malicious versions of the widely used axios HTTP client ...
Using RF Power Levels to Defeat MAC Address Randomization Enabling Passive Device Tracking
March 31, 2026 | Tom Neaves
I came up with a theory (based on science) that it may be possible to passively ...
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault
March 19, 2026 | Shabtay Barel, Serhii Melnyk, Rodel Mendrez
This report expands LevelBlue’s ongoing investigation into a multi-stage ...
Discover and Exploit: Memory Corruption in CUPS (CVE-2025-61915)
March 05, 2026 | Ariel Silver
CVE-2025-61915 is a stack based out-of-bound write bug in CUPS. An unauthorized ...
From Shadow IT to GhostOps: The Rise of Unauthorized AI Agents in the Enterprise
February 24, 2026 | Grant Hutchons
If you have worked in enterprise IT for long enough, you have lived through the ...
How ClickFix Opens the Door to Stealthy StealC Information Stealer
February 12, 2026 | Rodel Mendrez
This analysis examines a complete attack chain targeting Windows systems ...
Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis
February 10, 2026 | King Orande
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...
LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments
January 30, 2026 | SpiderLabs Researcher
The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1
January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
This three-part blog series presents an analysis of 19 samples of a ...
The Hard Lessons Learned by Analyzing Education Sector Cyberattacks
January 26, 2026
In the last quarter of 2025, LevelBlue SpiderLabs used telemetry from the ...
CVE-2009-0556: The 2009 PowerPoint Bug that Refuses to Die
January 23, 2026 | Messiah Dela Cruz
In 2009, LevelBlue Vice President of Security Research Ziv Mador and Cristian ...
Ni8mare on Automation Street: When Workflows Turn Into an Attack Path
January 15, 2026 | Nikita Kazymirskyi
CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n ...
A 2025 Threat Trends Analysis
December 22, 2025 | Andrea Martinez and Peter Connolly
As 2025 winds down and cruises into the holiday season, it’s a good time to ...
Holiday Fraud 2025: Gift Card Schemes Exploiting Seasonal Shopping
December 19, 2025 | Serhii Melnyk
Children with a vision of a huge payout from Santa Claus are not the only ones ...
A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape
December 12, 2025
Key Findings:
Threat Intelligence News from LevelBlue SpiderLabs December 2025
December 12, 2025
LevelBlue SpiderLabs is the threat intelligence unit of LevelBlue and includes ...
Sha1-Hulud: The Second Coming of The New npm GitHub Worm
December 03, 2025 | Karl Sigler
Sha1-Hulud is back with a new evolution of its supply-chain attack that targets ...
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
November 19, 2025 | Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi
LevelBlue SpiderLabs researchers have recently identified a banking Trojan we ...
Bolstering Cybersecurity Resilience in the Public Sector
October 29, 2025
With digital transformation continuing unabated, the prevalence of legacy ...
Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?
October 03, 2025
A vulnerability on a popular source-code editor has been recently released ...
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities
May 06, 2025 | Karl Biron
Let’s explore the critical role of Modbus in energy and manufacturing systems, ...
Bring Your Own Installer: Bypassing EDR Through Agent Version Change Interruption
May 05, 2025 | John Ailes and Tim Mashni
Bring Your Own Installer is a technique which can be used by threat actors to ...
Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster – Part 2
March 20, 2025 | Karl Biron
In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your ...