Still Circling: Blind Eagle's Toolkit Keeps Evolving
July 17, 2026 | Serhii Melnyk
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
ClickFix on macOS: Blockchain-Powered Infostealer Hidden Inside Compromised Websites
July 16, 2026 | Rodel Mendrez
You're browsing a legitimate small business website. Before the page loads, a ...
Mitigating New Vulnerabilities with owLSM
July 13, 2026
Following the successful launch of owLSM, our first open-source project with ...
Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor
July 09, 2026 | Nathaniel Morales
The LevelBlue Managed Threat Research team investigated a security alert in a ...
Open Sourcing Our Most Advanced Linux Security Engine: owLSM
July 09, 2026
We at LevelBlue company have decided to do something for the community, with ...
From Phishing to Persistence: A CrySome RAT Infection Chain Analysis
July 06, 2026 | Sean Shirley and Kyle Sopt
During a recent security alert, the LevelBlue MDR SOC successfully triaged and ...
AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign
July 02, 2026 | Fernando Martinez Sidera
Over the past two weeks, LevelBlue SpiderLabs has been tracking an active ...
An Analysis of ValleyRAT Infection Campaigns from Fake Installers, Japanese Malicious Emails
June 30, 2026 | Hajime Takai
Key points LevelBlue has identified two distinct attack vectors associated with ...
Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux
June 25, 2026 | Chen Aviani and Nikita Kazymirskyi
Remote access trojans (RATs) are legacy threats that continue to evolve ...
LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign
June 24, 2026 | Dawid Nesterowicz
In Norse mythology, Loki, the god of mischief, has powerful and deceptive ...
Operation FlutterBridge: The FlutterShell macOS Backdoor
June 18, 2026 | Maor Gabay
Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, ...
RoguePlanet and GreatXML: Detecting Local Privilege Escalation and BitLocker Security Boundary Abuse
June 17, 2026 | Serhii Melnyk
Following our previous research, LevelBlue SpiderLabs continued monitoring a ...
Reversing NVIDIA’s CVE-2026-24190: How a Kernel Flaw Put Enterprise AI Clusters and Workstations at Risk
June 15, 2026 | Alon Bancic
Executive Summary: Bypassing Boundaries in Enterprise AI Infrastructure The ...
The Device Code Phishing Tsunami: What We’re Seeing in the Wild
June 09, 2026 | John Kevin Adriano
With contributions from Cris Tomboc.
macOS ClickFix Social Engineering Campaigns
June 04, 2026 | Maor Gabay
Overview The "ClickFix" threat landscape has undergone a significant ...
ClickFix Is Now Hiring: From Job Platform Impersonation to Python-Based RAT Delivery
June 04, 2026 | King Orande and Cris Tomboc
The LevelBlue OpsIntel CTI team examined the latest version of the ClickFix ...
The Demon Arrives Later: A Havoc Stager Hides Behind Microsoft Defender DLP
June 03, 2026 | Jose Martin
In Brazil, Nota Fiscal eletrônica (NF-e) is the everyday name for an official ...
Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign
May 28, 2026 | Maor Gabay
We recently observed a multi-stage macOS intrusion campaign conducted by the ...
Two Approaches for Offensive Testing of AI Systems: Architecture-led AI Application Penetration Test and Threat-led AI Red Team Assessment
May 27, 2026 | Sarath Nair
Artificial intelligence (AI) is changing the shape of the application attack ...
From WinRE to SYSTEM: Hunting CVE-2026-45585 Exploitation and the MiniPlasma Attack Chain
May 22, 2026 | Serhii Melnyk
Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has ...
YellowKey and GreenPlasma: Two New Windows Zero-Days Unveiled
May 19, 2026 | James Ballantyne
Two novel Windows zero-day vulnerabilities dubbed YellowKey, which bypasses ...
A Closer Look at The Gentlemen’s Alleged Leak
May 18, 2026 | Arthur Erzberger
Executive Summary The Gentlemen is an active ransomware and extortion operation ...
Threat Analysis: Backdoored Electron Apps Evading Defenses
May 08, 2026 | Michael Morose
This Threat Analysis report is part of the “Purple Team Series” in which the ...
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
May 07, 2026 | Mahadev Joshi
LevelBlue’s Security Services issues Threat Analysis reports to inform on ...
LevelBlue TTP Briefing Q1 2026: Trust Abuse Exposes Weaknesses
May 05, 2026
Explore the latest trends, techniques, and procedures (TTPs) our incident ...
Inside Vect Ransomware-as-a-Service
April 30, 2026 | SpiderLabs Researcher
Vect ransomware, a new group that emerged in January 2026, has recently begun ...
Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE
April 29, 2026 | John Lopez
Internet of Things (IoT) systems in hospitality environments are often ...
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
April 23, 2026 | Serhii Melnyk, King Orande, Cris Tomboc, Sean Shirley
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team continues to observe a ...