Weaponizing Safe Links: Abuse of Multi-Layered URL Rewriting in Phishing Attacks

March 12, 2026 | John Kevin Adriano

Hunter
Read More

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.

Beware the ClickFix Trap: REMCOS RAT Hiding in “Helpful” PUAs

March 09, 2026 | Hema Loganathan

Cybereason GSOC has observed a notable increase in infections involving REMCOS ...

Read More

LevelBlue SpiderLabs Breaks Down the Role of Cyber Operations Taken in the Iran Crisis

March 04, 2026 | Gal Romano

As combat operations that began on February 28 with joint US-Israeli strikes on ...

Read More

Operation Epic Fury: From Regional Escalation to Global Cyber Risk

March 03, 2026 | LevelBlue SpiderLabs

In light of escalating geopolitical tensions involving the United States, ...

Read More

From Shadow IT to GhostOps: The Rise of Unauthorized AI Agents in the Enterprise

February 24, 2026 | Grant Hutchons

If you have worked in enterprise IT for long enough, you have lived through the ...

Read More

How ClickFix Opens the Door to Stealthy StealC Information Stealer

February 12, 2026 | Rodel Mendrez

This analysis examines a complete attack chain targeting Windows systems ...

Read More

Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign

February 11, 2026 | Bernard Bautista

In this investigation, we tracked a malware spam campaign that ultimately ...

Read More

Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis

February 10, 2026 | King Orande

LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...

Read More

LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments

January 30, 2026 | SpiderLabs Researcher

The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1

January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi

This three-part blog series presents an analysis of 19 samples of a ...

Read More

Scenario 3: SOC/SIEM Takes in and Summarizes Windows Events (Log Files)

January 29, 2026 | Tom Neaves

In September last year I penned this blog Rogue AI Agents In Your SOCs and ...

Read More

CVE-2009-0556: The 2009 PowerPoint Bug that Refuses to Die

January 23, 2026 | Messiah Dela Cruz

In 2009, LevelBlue Vice President of Security Research Ziv Mador and Cristian ...

Read More

BEC Email Trends: Attacks up 15% in 2025

January 13, 2026 | Katrina Udquin

Business Email Compromise (BEC) is a sophisticated form of phishing attack in ...

Read More

Holiday Fraud 2025: Gift Card Schemes Exploiting Seasonal Shopping

December 19, 2025 | Serhii Melnyk

Children with a vision of a huge payout from Santa Claus are not the only ones ...

Read More

A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape

December 12, 2025

Key Findings:

Read More

Sha1-Hulud: The Second Coming of The New npm GitHub Worm

December 03, 2025 | Karl Sigler

Sha1-Hulud is back with a new evolution of its supply-chain attack that targets ...

Read More

Handala's Latest Publication Targets Israeli High-Tech Specialists

November 26, 2025 | Arthur Erzberger

The Handala hacker group has recently published a list of Israeli high-tech and ...

Read More

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp

November 19, 2025 | Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi

LevelBlue SpiderLabs researchers have recently identified a banking Trojan we ...

Read More

Microsoft Issues Emergency Patch for Windows Server Update Services RCE Vulnerability CVE-2025-59287

November 14, 2025 | Fernando Martinez

LevelBlue Labs is tracking a severe vulnerability in Windows Server Update ...

Read More

The Cat's Out of the Bag: A 'Meow Attack' Data Corruption Campaign Simulation via MAD-CAT

November 07, 2025 | Karl Biron

In 2024, I published Feline Hackers Among Us? (A Deep Dive and Simulation of ...

Read More

Bolstering Cybersecurity Resilience in the Public Sector

October 29, 2025

With digital transformation continuing unabated, the prevalence of legacy ...

Read More

The F5 BIG-IP Source Code Breach

October 17, 2025 | Karl Sigler

On August 9, F5 discovered that multiple systems were compromised by what it is ...

Read More

US Secret Service Blocks Massive Telecom Attack in New York

September 24, 2025 | Karl Sigler

The Secret Service’s takedown in New York shines a light on a type of threat ...

Read More

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses

September 09, 2025 | Karl Sigler

Trustwave's Security & Compliance Team is aware of the Salesloft ...

Read More

Rogue AI Agents In Your SOCs and SIEMs – Indirect Prompt Injection via Log Files

September 05, 2025 | Tom Neaves

AI agents (utilizing LLMs and RAG) are being used within SOCs and SIEMS to both ...

Read More

How Researchers Collect Indicators of Compromise

August 14, 2025 | Messiah Dela Cruz

As security researchers, we actively monitor the latest CVEs and their publicly ...

Read More

When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal

August 13, 2025 | Nathaniel Morales and Nikita Kazymirskyi

Trustwave SpiderLabs researchers have recently identified an EncryptHub ...

Read More

Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation

August 08, 2025 | Serhii Melnyk, Cris Tomboc and King Orande

The Trustwave SpiderLabs CTI team began correlating telemetry from multiple ...

Read More