Phishing with OAuth Redirect

February 18, 2026 | Federico Cedolini

Hunter
Read More

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.

Pwning Malware with Ninjas and Unicorns

February 16, 2026 | Cade Wriglesworth

During a DFIR engagement, LevelBlue was asked to assist with reverse ...

Read More

How ClickFix Opens the Door to Stealthy StealC Information Stealer

February 12, 2026 | Rodel Mendrez

This analysis examines a complete attack chain targeting Windows systems ...

Read More

Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign

February 11, 2026 | Bernard Bautista

In this investigation, we tracked a malware spam campaign that ultimately ...

Read More

Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis

February 10, 2026 | King Orande

LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 3

February 05, 2026 | Alexander Sevtsov, Chen Aviani

In the first two parts of our LockBit 5.0 series, we provided a comprehensive ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 2

February 04, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi

In the first part of our LockBit 5.0 series, where we analyzed 19 samples of ...

Read More

The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions

February 03, 2026 | Mark Tsipershtein and Evgeny Ananin

The Cybereason, A LevelBlue Company, Threat Intelligence Team conducted an ...

Read More

LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments

January 30, 2026 | SpiderLabs Researcher

The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1

January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi

This three-part blog series presents an analysis of 19 samples of a ...

Read More

Scenario 3: SOC/SIEM Takes in and Summarizes Windows Events (Log Files)

January 29, 2026 | Tom Neaves

In September last year I penned this blog Rogue AI Agents In Your SOCs and ...

Read More

The Hard Lessons Learned by Analyzing Education Sector Cyberattacks

January 26, 2026

In the last quarter of 2025, LevelBlue SpiderLabs used telemetry from the ...

Read More

CVE-2009-0556: The 2009 PowerPoint Bug that Refuses to Die

January 23, 2026 | Messiah Dela Cruz

In 2009, LevelBlue Vice President of Security Research Ziv Mador and Cristian ...

Read More

Ni8mare on Automation Street: When Workflows Turn Into an Attack Path

January 15, 2026 | Nikita Kazymirskyi

CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n ...

Read More

Preparing for the AI Job Market: A Security Professional's Roadmap

January 14, 2026 | David Broggy

Every now and then, LevelBlue SpiderLabs diverts a bit from its normal course ...

Read More

BEC Email Trends: Attacks up 15% in 2025

January 13, 2026 | Katrina Udquin

Business Email Compromise (BEC) is a sophisticated form of phishing attack in ...

Read More

Threat Intelligence News from LevelBlue SpiderLabs January 2026

January 06, 2026

January 2026

Read More

A 2025 Threat Trends Analysis

December 22, 2025 | Andrea Martinez and Peter Connolly

As 2025 winds down and cruises into the holiday season, it’s a good time to ...

Read More

Holiday Fraud 2025: Gift Card Schemes Exploiting Seasonal Shopping

December 19, 2025 | Serhii Melnyk

Children with a vision of a huge payout from Santa Claus are not the only ones ...

Read More

LevelBlue SpiderLabs: SQL Injection in Orkes Conductor: CVE-2025-66387

December 18, 2025 | Tim Stamopoulos

LevelBlue SpiderLabs has discovered a vulnerability in the Orkes Conductor ...

Read More

A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape

December 12, 2025

Key Findings:

Read More

Threat Intelligence News from LevelBlue SpiderLabs December 2025

December 12, 2025

LevelBlue SpiderLabs is the threat intelligence unit of LevelBlue and includes ...

Read More

Sha1-Hulud: The Second Coming of The New npm GitHub Worm

December 03, 2025 | Karl Sigler

Sha1-Hulud is back with a new evolution of its supply-chain attack that targets ...

Read More

Handala's Latest Publication Targets Israeli High-Tech Specialists

November 26, 2025 | Arthur Erzberger

The Handala hacker group has recently published a list of Israeli high-tech and ...

Read More

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp

November 19, 2025 | Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi

LevelBlue SpiderLabs researchers have recently identified a banking Trojan we ...

Read More

Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287

November 14, 2025 | Fernando Martinez

LevelBlue Labs is tracking a severe vulnerability in Windows Server Update ...

Read More

SharpParty: Process Injection in C#

November 11, 2025 | Will Rabb

This article also appears on the Stroz Friedberg, A LevelBlue Company, blog ...

Read More

The Cat's Out of the Bag: A 'Meow Attack' Data Corruption Campaign Simulation via MAD-CAT

November 07, 2025 | Karl Biron

In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of ...

Read More