Phishing with OAuth Redirect
February 18, 2026 | Federico Cedolini
Stay Informed
Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.
Pwning Malware with Ninjas and Unicorns
February 16, 2026 | Cade Wriglesworth
During a DFIR engagement, LevelBlue was asked to assist with reverse ...
How ClickFix Opens the Door to Stealthy StealC Information Stealer
February 12, 2026 | Rodel Mendrez
This analysis examines a complete attack chain targeting Windows systems ...
Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign
February 11, 2026 | Bernard Bautista
In this investigation, we tracked a malware spam campaign that ultimately ...
Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis
February 10, 2026 | King Orande
LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 3
February 05, 2026 | Alexander Sevtsov, Chen Aviani
In the first two parts of our LockBit 5.0 series, we provided a comprehensive ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 2
February 04, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
In the first part of our LockBit 5.0 series, where we analyzed 19 samples of ...
LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments
January 30, 2026 | SpiderLabs Researcher
The prolific LockBit ransomware-as-a-service (RaaS) group shows its dedication ...
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware’s Newest Leaked Samples: Part 1
January 30, 2026 | Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi
This three-part blog series presents an analysis of 19 samples of a ...
Threat Intelligence News from LevelBlue SpiderLabs January 2026
January 06, 2026
January 2026
Why Do Criminals Love Phishing-as-a-Service Platforms?
September 23, 2024 | Rodel Mendrez
Phishing-as-a-Service (PaaS) platforms have become the go-to tool for ...
Hypervisor Development in Rust for Security Researchers (Part 1)
September 06, 2024
In the ever-evolving field of information security, curiosity and continuous ...
AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
January 05, 2024 | Fernando Martinez
Executive summary LevlBlue Labs has identified a campaign to deliver AsyncRAT ...
Mac systems turned into proxy exit nodes by AdLoad
August 10, 2023 | Fernando Martinez
AdLoad malware is still infecting Mac systems years after its first appearance ...
PRISM attacks fly under the radar
August 23, 2021 | Fernando Dominguez
LevelBlue SpiderLabs has recently discovered a cluster of Linux ELF executables ...
Automated Padding Oracle Attacks With PadBuster
September 14, 2010 | Brian Holyfield
An automated script for performing Padding Oracle attacks.