Go With the Flow: Abusing OAuth Device Code Flow 2026-04-20 at 17:03 By Jakub Wiewiorski In early 2026, phishing attacks are still among the top contributors to the true positive detections in security operation centers (SOCs). Adversaries constantly come up with new ways of luring users into traps, concealing their actual intents and stacking anti-detection […]
Go With the Flow: Abusing OAuth Device Code Flow Read More »
Threat Landscape March 2026: Ransomware Dominance, Access Brokers, Data Leaks, and Critical Exploitation Trends 2026-04-20 at 14:37 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its monthly threat landscape analysis observed a highly active threat environment throughout March 2026, shaped by large-scale ransomware campaigns, persistent data breach activity, growing initial access brokerage markets,
How to spot a North Korean fake in a job interview 2026-04-20 at 08:17 By Help Net Security North Korean operatives are getting hired at companies by passing job interviews using fake identities and AI tools. In this Help Net Security video, Adrian Cheek, a senior cybercrime researcher at Flare, outlines several ways organizations can
How to spot a North Korean fake in a job interview Read More »
Four Nationally Significant Cyberattacks Every Week — Is the UK Ready? 2026-04-17 at 17:52 By Ashish Khaitan The tempo of UK cyberattacks has shifted from sporadic disruption to something far more systemic. When incidents reach a frequency of four national events each week, the issue stops being purely technical and becomes structural. It raises a more uncomfortable
Four Nationally Significant Cyberattacks Every Week — Is the UK Ready? Read More »
The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure 2026-04-16 at 15:04 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its weekly vulnerability report tracked 1,431 bugs last week. Of these, over 270 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating exploitation timelines and increasing real-world attack likelihood.
The Week in Vulnerabilities: Azure AI, Spring AI, Fortinet, and Critical ICS Exposure Read More »
How Cyble Blaze AI Delivers 360° Threat Visibility Across Dark Web and Enterprise Systems 2026-04-15 at 16:17 By Ashish Khaitan Modern cybersecurity no longer suffers from a lack of data; it suffers too much of it, scattered across systems that rarely speak the same language. Security teams today must monitor endpoints, cloud workloads, SaaS applications, and an ever-expanding universe
Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead 2026-04-13 at 17:31 By Jamie Mamroe One of the fastest growing initial access techniques we are seeing right now is Okta vishing: voice-based social engineering designed to compromise the identity provider rather than the inbox. This article is an excerpt from LevelBlue SpiderLabs Blog View
Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead Read More »
Trojanized CPUID HWMonitor Installer Delivers Fileless .NET Payload via Obfuscated IPv6 Scriptlet 2026-04-11 at 02:20 By Sean Shirley Overview Recent reporting has identified a trojanized version of the CPUID HWMonitor installer being used to deliver a multi-stage, fileless malware chain leveraging trusted Windows binaries. Upon execution, the installer initiates a sequence involving PowerShell, MSBuild, and
Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign 2026-04-09 at 16:17 By King Orande and Cris Tomboc TLP: AMBER+STRICT The LevelBlue SpiderLabs team examined the latest version of ErrTraffic, which emerged in early 2026. In a recently observed campaign, the team found that ErrTraffic primarily targets WordPress websites by deploying a PHP backdoor script
Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign Read More »
Dual-Brain Architecture: The Cybersecurity AI Innovation That Changes Everything 2026-04-08 at 15:45 By Ashish Khaitan Cybersecurity has always been a race, but it is no longer a fair one. Attackers now operate at machine speed, orchestrating campaigns that evolve in seconds, while many defense teams still rely on workflows measured in hours or days. This widening gap
Dual-Brain Architecture: The Cybersecurity AI Innovation That Changes Everything Read More »
What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and
What managing partners should ask AI vendors before signing any contract Read More »
Mobile Attack Surface Expands as Enterprises Lose Control 2026-04-03 at 14:30 By Kevin Townsend Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk. The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek. This article is an
Mobile Attack Surface Expands as Enterprises Lose Control Read More »
How Cyble Blaze AI Predicts Cyber Threats 6 Months in Advance Using Agentic Intelligence 2026-04-01 at 18:56 By Ashish Khaitan Modern cybersecurity has a timing problem. Attackers move at machine speed, while many defenses still depend on human-led investigation cycles. This mismatch leaves a dangerous window where threats can spread before they are even understood.
How Cyble Blaze AI Predicts Cyber Threats 6 Months in Advance Using Agentic Intelligence Read More »
The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break 2026-03-26 at 12:32 By Ashish Khaitan Let’s talk about the sector that keeps our lights on, water running, and industries humming—and why it’s become ransomware’s favorite target. In 2025, the global energy and utilities sector faced 187 confirmed ransomware attacks. Not attempts. Confirmed, successful intrusions where attackers locked systems, stole
AI SOC vendors are selling a future that production deployments haven’t reached yet 2026-03-26 at 12:32 By Mirko Zorz Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in analyst workload, and an accelerating path toward humanless operations. Practitioners buying and deploying those
AI SOC vendors are selling a future that production deployments haven’t reached yet Read More »
Azure ServiceBus WebSockets as a C2 Channel 2026-03-24 at 17:30 By Stuart White In offensive security, the ability to blend seamlessly with legitimate traffic is vital to avoid detection. Establishing command-and-control (C2) communications can be challenging in environments fortified with security measures like perimeter firewalls and web proxies. This article is an excerpt from LevelBlue
Azure ServiceBus WebSockets as a C2 Channel Read More »
India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026 2026-03-24 at 12:32 By Ashish Khaitan The India cyber threat landscape 2026 is no longer defined by isolated incidents or opportunistic attacks. It has become a dynamic, constantly shifting battleground shaped by geopolitical tensions, rapid digitization, and highly advanced hackers. What once looked like sporadic cybercrime
Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure 2026-03-24 at 03:28 By Sean Shirley Recently LevelBlue SpiderLabs initiated an investigation into a multi-stage malware delivery campaign initially identified from LevelBlue’s MDR SOC through a SentinelOne detection of a suspicious Visual Basic Script (VBS) file. This article is an excerpt from LevelBlue SpiderLabs Blog
Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure Read More »
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault 2026-03-19 at 22:28 By Shabtay Barel, Serhii Melnyk, Rodel Mendrez This report expands LevelBlue’s ongoing investigation into a multi-stage fileless malware campaign in which a network of compromised legitimate websites redirects victims to fake CAPTCHA verification pages delivering credential-stealing payloads through a ClickFix social engineering mechanism. This
Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault Read More »
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury 2026-03-19 at 18:19 By Kevin Townsend Analysis reveals a six-month buildup of Iran-linked cyber infrastructure, including US-based shell companies, designed to weather kinetic strikes and ensure the resilience of its global hacking operations. The post Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Read More »