Threat Intelligence

Operation FlutterBridge: The FlutterShell macOS Backdoor

Threat Intelligence, Vulnerabilities /

Operation FlutterBridge: The FlutterShell macOS Backdoor 2026-06-18 at 17:00 By Maor Gabay Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, delivered under the publicly reported Operation FlutterBridge campaign, demonstrates a deliberate misuse of the Flutter framework for macOS malware delivery. Rather than re-documenting the campaign itself, this report treats the recovered FlutterShell artifacts as a […]

Operation FlutterBridge: The FlutterShell macOS Backdoor Read More »

The SOC’s visibility gap comes down to staffing

agentic AI, AI, cybersecurity, Don't miss, LLMs, News, SANS, security operations, SOC, survey, Threat Intelligence /

The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third

The SOC’s visibility gap comes down to staffing Read More »

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe

cyber news, cybersecurity, Threat Intelligence /

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe 2026-06-10 at 17:24 By Ashish Khaitan The FIFA World Cup 2026 kicks off on June 11, and the world’s biggest sporting event is drawing more than just fans — it is already attracting a wave of cybercriminals targeting

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe Read More »

Product showcase: Staying ahead of the threat horizon with Aunoo

AI, Don't miss, News, Product showcase, Threat Intelligence /

Product showcase: Staying ahead of the threat horizon with Aunoo 2026-06-10 at 09:55 By Help Net Security Aunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it

Product showcase: Staying ahead of the threat horizon with Aunoo Read More »

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities

alert, China, Five Eyes, Nation-State, Recruitment, Threat Intelligence /

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities 2026-06-05 at 15:49 By Ionut Arghire Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek. This

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities Read More »

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign

Emerging Threats, Threat Intelligence, Vulnerabilities /

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign 2026-05-28 at 17:00 By Maor Gabay We recently observed a multi-stage macOS intrusion campaign conducted by the North Korean state-sponsored threat group Sapphire Sleet (also tracked as BlueNoroff/UNC1069). This article is an excerpt from LevelBlue SpiderLabs Blog View Original Source

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign Read More »

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available

Malware & Threats, threat detection, Threat Intelligence /

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available 2026-05-26 at 14:02 By SecurityWeek News Register to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts. The post Watch on Demand: Threat Detection & Incident Response

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available Read More »

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain

Emerging Threats, Threat Intelligence, Vulnerabilities /

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain 2026-05-22 at 22:53 By Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has tracked a series of public zero-day disclosures targeting Microsoft Windows, attributed to an anonymous actor operating under the names Chaotic Eclipse and Nightmare Eclipse. The activity spans multiple areas of

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain Read More »

Virtual Event Today: Threat Detection & Incident Response Summit

Malware & Threats, threat detection, Threat Intelligence /

Virtual Event Today: Threat Detection & Incident Response Summit 2026-05-20 at 13:02 By SecurityWeek News The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detection & Incident Response Summit. Don’t miss this virtual event as we explore how to cut through alert

Virtual Event Today: Threat Detection & Incident Response Summit Read More »

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies

Announcement, Challenger in Gartner Magic Quadrant, Cyberthreat Intelligence, Cyberthreat Intelligence Technologies, Gartner Magic Quadrant, Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies, Threat Intelligence /

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies 2026-05-19 at 16:58 By Mihir Bagwe In a digital landscape that moves at the speed of AI, we feel recognition is more than just a market positioning—it is a validation of vision. We are proud to announce that Cyble has

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies Read More »

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies

Announcement, Challenger in Gartner Magic Quadrant, Cyberthreat Intelligence, Cyberthreat Intelligence Technologies, Gartner Magic Quadrant, Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies, Threat Intelligence /

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies 2026-05-19 at 12:47 By Mihir Bagwe In a digital landscape that moves at the speed of AI, we feel recognition is more than just a market positioning—it is a validation of vision. We are proud to announce that Cyble has

Cyble Named a Challenger in the Inaugural 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies Read More »

Why Australian Dark Web Data Is Now Being Sold in Bundles — and What It Means for Organizational Exposure in 2026

ANZ, Australia, darkweb, data breach, Ransomware, Threat Intelligence /

Why Australian Dark Web Data Is Now Being Sold in Bundles — and What It Means for Organizational Exposure in 2026 2026-05-14 at 12:48 By Ashish Khaitan In 2026, opportunistic assaults and isolated breaches will no longer characterize Australia’s cyber risk environment. Industrialized data theft, in which stolen data is packaged, repackaged, and marketed on

Why Australian Dark Web Data Is Now Being Sold in Bundles — and What It Means for Organizational Exposure in 2026 Read More »

Threat Analysis: Backdoored Electron Apps Evading Defenses

Emerging Threats, penetration testing, Threat Intelligence /

Threat Analysis: Backdoored Electron Apps Evading Defenses 2026-05-08 at 18:03 By Michael Morose This Threat Analysis report is part of the “Purple Team Series” in which the LevelBlue Global Security Operations Center (GSOC) provides a technical overview of some of the methods that threat actors are using to compromise their victims. This article is an

Threat Analysis: Backdoored Electron Apps Evading Defenses Read More »

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication

Emerging Threats, Threat Intelligence /

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication 2026-05-07 at 17:34 By Mahadev Joshi LevelBlue’s Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. This article is an excerpt from LevelBlue SpiderLabs Blog View

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication Read More »

AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours

cybercrime, Threat Intelligence /

AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours 2026-04-30 at 22:46 By Kevin Townsend Industrialized cybercrime delivers attacks with greater scale, speed and success. Defenders must match this with use of AI and automation. The post AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours appeared first on SecurityWeek. This article is an excerpt

AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours Read More »

How Cyble Blaze AI Turns Billions of Threat Signals into Actionable Intelligence

AI in Cybersecurity, cyber news, Threat Intelligence /

How Cyble Blaze AI Turns Billions of Threat Signals into Actionable Intelligence 2026-04-29 at 16:13 By Ashish Khaitan Modern cyberattacks no longer follow predictable patterns or slow timelines. They unfold at machine speed, often moving from initial access to data exfiltration in minutes. In this environment, security teams face a paradox: they are surrounded by vast amounts

How Cyble Blaze AI Turns Billions of Threat Signals into Actionable Intelligence Read More »

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us

ANZ, cyber news, Ransomware, Ransomware Insights, Threat Actor, Threat Intelligence /

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us 2026-04-28 at 14:02 By Ashish Khaitan The conversation around ANZ ransomware threats has shifted noticeably over the past year. What once looked like sporadic, high-profile incidents has evolved into a sustained and structured campaign against organizations across Australia and New Zealand. Signals emerging from underground forums

ANZ Organizations Are in the Ransomware Crosshairs— What the Dark Web Is Telling Us Read More »

Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems

Emerging Threats, Threat Intelligence /

Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems 2026-04-23 at 17:11 By Serhii Melnyk, King Orande, Cris Tomboc, Sean Shirley LevelBlue SpiderLabs’ Cyber Threat Intelligence Team continues to observe a progressive convergence between traditional cybercrime activity and attacks targeting cryptocurrency users. This article is an excerpt from LevelBlue SpiderLabs Blog View

Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems Read More »

Why AI Cybersecurity Is No Longer Optional for Australian Organizations: Moving from Reactive to Predictive Defense

AI in Cybersecurity, ANZ, cyber news, Threat Intelligence /

Why AI Cybersecurity Is No Longer Optional for Australian Organizations: Moving from Reactive to Predictive Defense 2026-04-23 at 16:07 By Ashish Khaitan Cybersecurity is no longer a luxury or an afterthought for Australian organizations; it is a necessity. The scale and complexity of cyberattacks have reached unprecedented levels, and businesses, government bodies, and critical infrastructure

Why AI Cybersecurity Is No Longer Optional for Australian Organizations: Moving from Reactive to Predictive Defense Read More »

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets

cyber news, Dark Web Monitoring, darkweb, Threat Intelligence /

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets 2026-04-22 at 13:48 By Ashish Khaitan The underground economy of stolen credentials has matured into a structured, high-volume marketplace, and Indian enterprises are at the center. What makes this trend notable is not just the scale of cyber incidents in India, but the

Why Indian Enterprises Are a Prime Target for Dark Web Credential Markets Read More »

Scroll to Top