Phishing with OAuth Redirect

February 18, 2026 | Federico Cedolini

Hunter
Read More

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.

Pwning Malware with Ninjas and Unicorns

February 16, 2026 | Cade Wriglesworth

During a DFIR engagement, LevelBlue was asked to assist with reverse ...

Read More

How ClickFix Opens the Door to Stealthy StealC Information Stealer

February 12, 2026 | Rodel Mendrez

This analysis examines a complete attack chain targeting Windows systems ...

Read More

Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign

February 11, 2026 | Bernard Bautista

In this investigation, we tracked a malware spam campaign that ultimately ...

Read More

Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis

February 10, 2026 | King Orande

LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 3

February 05, 2026 | Alexander Sevtsov, Chen Aviani

In the first two parts of our LockBit 5.0 series, we provided a comprehensive ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 2

February 04, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi

In the first part of our LockBit 5.0 series, where we analyzed 19 samples of ...

Read More

LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments

January 30, 2026 | SpiderLabs Researcher

The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...

Read More

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1

January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi

This three-part blog series presents an analysis of 19 samples of a ...

Read More

Threat Intelligence News from LevelBlue SpiderLabs January 2026

January 06, 2026

January 2026

Read More

Why Do Criminals Love Phishing-as-a-Service Platforms?

September 23, 2024 | Rodel Mendrez

Phishing-as-a-Service (PaaS) platforms have become the go-to tool for ...

Read More

Hypervisor Development in Rust for Security Researchers (Part 1)

September 06, 2024

In the ever-evolving field of information security, curiosity and continuous ...

Read More

AsyncRAT loader: Obfuscation, DGAs, decoys and Govno

January 05, 2024 | Fernando Martinez

Executive summary LevlBlue Labs has identified a campaign to deliver AsyncRAT ...

Read More

Mac systems turned into proxy exit nodes by AdLoad

August 10, 2023 | Fernando Martinez

AdLoad malware is still infecting Mac systems years after its first appearance ...

Read More

PRISM attacks fly under the radar

August 23, 2021 | Fernando Dominguez

LevelBlue SpiderLabs has recently discovered a cluster of Linux ELF executables ...

Read More

Automated Padding Oracle Attacks With PadBuster

September 14, 2010 | Brian Holyfield

An automated script for performing Padding Oracle attacks.

Read More