Threat Intelligence

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor 2026-07-10 at 23:49 By Nathaniel Morales The LevelBlue Managed Threat Research team investigated a security alert in a customer environment involving a malicious ZIP file containing a Windows shortcut (.lnk) used for initial execution. When triggered, the LNK file executes a […]

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor Read More »

Turning software supply chain security into a daily habit

Turning software supply chain security into a daily habit 2026-07-10 at 08:30 By Help Net Security In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every

Turning software supply chain security into a daily habit Read More »

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor 2026-07-09 at 16:52 By Nathaniel Morales The LevelBlue Managed Threat Research team investigated a security alert in a customer environment involving a malicious ZIP file containing a Windows shortcut (.lnk) used for initial execution. When triggered, the LNK file executes a

Hiding in the Chain: Multi-Stage LNK Attack Leveraging TON Blockchain to Deliver Node.JS Backdoor Read More »

From Phishing to Persistence: A CrySome RAT Infection Chain Analysis

From Phishing to Persistence: A CrySome RAT Infection Chain Analysis 2026-07-06 at 17:00 By Sean Shirley and Kyle Sopt During a recent security alert, the LevelBlue MDR SOC successfully triaged and contained a structured, multi-stage infection chain designed to deliver the CrySome remote access trojan (RAT). The incident was subsequently analyzed in depth by LevelBlue’s

From Phishing to Persistence: A CrySome RAT Infection Chain Analysis Read More »

Mid-Year Threat Trends: What H1 2026 Signals for the Rest of the Year

Mid-Year Threat Trends: What H1 2026 Signals for the Rest of the Year 2026-07-06 at 15:59 By Ashish Khaitan The first half of 2026 has given security teams little room to breathe. Ransomware operators kept up a punishing pace. If that wasn’t enough, access brokers turned network intrusions into a marketplace, and nation-state activity blurred further into hacktivism

Mid-Year Threat Trends: What H1 2026 Signals for the Rest of the Year Read More »

Non-interactive SSH attacks dominate after login

Non-interactive SSH attacks dominate after login 2026-07-03 at 08:30 By Sinisa Markovic Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes

Non-interactive SSH attacks dominate after login Read More »

Organizations struggle to prioritize known cyber risks

Organizations struggle to prioritize known cyber risks 2026-07-03 at 07:30 By Anamarija Pogorelec Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context

Organizations struggle to prioritize known cyber risks Read More »

AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign

AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign 2026-07-02 at 17:00 By LevelBlue SpiderLabs Over the past two weeks, LevelBlue SpiderLabs has been tracking an active phishing campaign distributing malicious spreadsheet attachments. What initially appeared to be a limited phishing attempt quickly evolved into a widespread campaign impacting multiple organizations across various industries, including manufacturing,

AsyncRAT and Remcos Delivered in Multi-Stage Phishing Campaign Read More »

An Analysis of ValleyRAT Infection Campaigns from Fake Installers, Japanese Malicious Emails

An Analysis of ValleyRAT Infection Campaigns from Fake Installers, Japanese Malicious Emails 2026-06-30 at 17:04 By Hajime Takai Key points LevelBlue has identified two distinct attack vectors associated with ValleyRAT: campaigns leveraging fake installers and campaigns initiated through malicious emails. The malicious email-based attack campaign analyzed in this report appears to target both Chinese and

An Analysis of ValleyRAT Infection Campaigns from Fake Installers, Japanese Malicious Emails Read More »

Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux

Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux 2026-06-25 at 17:00 By Remote access trojans (RATs) are legacy threats that continue to evolve alongside an expanding and ever-changing threat landscape. Following our recently published articles about novel and notable RATs, including KarstoRAT, the latest version of ClickFix, and ClickFix’s macOS variant, we analyzed QuimaRAT, a

Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux Read More »

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign 2026-06-24 at 16:43 By Dawid Nesterowicz In Norse mythology, Loki, the god of mischief, has powerful and deceptive transformation abilities. True to its namesake, the malware LokiBot has appeared in numerous variants and payload formats since its discovery more than a decade ago. In

LokiBot After a Decade: An Analysis of a Recent LokiBot Campaign Read More »

Operation FlutterBridge: The FlutterShell macOS Backdoor

Operation FlutterBridge: The FlutterShell macOS Backdoor 2026-06-18 at 17:00 By Maor Gabay Identified through macOS endpoint monitoring, the CL-CRI-1089 cluster, delivered under the publicly reported Operation FlutterBridge campaign, demonstrates a deliberate misuse of the Flutter framework for macOS malware delivery. Rather than re-documenting the campaign itself, this report treats the recovered FlutterShell artifacts as a

Operation FlutterBridge: The FlutterShell macOS Backdoor Read More »

The SOC’s visibility gap comes down to staffing

The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third

The SOC’s visibility gap comes down to staffing Read More »

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe 2026-06-10 at 17:24 By Ashish Khaitan The FIFA World Cup 2026 kicks off on June 11, and the world’s biggest sporting event is drawing more than just fans — it is already attracting a wave of cybercriminals targeting

FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe Read More »

Product showcase: Staying ahead of the threat horizon with Aunoo

Product showcase: Staying ahead of the threat horizon with Aunoo 2026-06-10 at 09:55 By Help Net Security Aunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it

Product showcase: Staying ahead of the threat horizon with Aunoo Read More »

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities 2026-06-05 at 15:49 By Ionut Arghire Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek. This

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities Read More »

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign 2026-05-28 at 17:00 By Maor Gabay We recently observed a multi-stage macOS intrusion campaign conducted by the North Korean state-sponsored threat group Sapphire Sleet (also tracked as BlueNoroff/UNC1069). This article is an excerpt from LevelBlue SpiderLabs Blog View Original Source

Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign Read More »

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available 2026-05-26 at 14:02 By SecurityWeek News Register to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts. The post Watch on Demand: Threat Detection & Incident Response

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available Read More »

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain 2026-05-22 at 22:53 By Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has tracked a series of public zero-day disclosures targeting Microsoft Windows, attributed to an anonymous actor operating under the names Chaotic Eclipse and Nightmare Eclipse. The activity spans multiple areas of

From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain Read More »

Virtual Event Today: Threat Detection & Incident Response Summit

Virtual Event Today: Threat Detection & Incident Response Summit 2026-05-20 at 13:02 By SecurityWeek News The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detection & Incident Response Summit. Don’t miss this virtual event as we explore how to cut through alert

Virtual Event Today: Threat Detection & Incident Response Summit Read More »

Scroll to Top