The Demon Arrives Later: A Havoc Stager Hides Behind Microsoft Defender DLP 2026-06-03 True Jose Martin True Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign 2026-05-28 True Maor Gabay True From WinRE to SYSTEM: Hunting the YellowKey and MiniPlasma Attack Chain 2026-05-22 True True YellowKey and GreenPlasma: Two New Windows Zero-Days Unveiled 2026-05-19 True James Ballantyne True A Closer Look at The Gentlemen’s Alleged Leak 2026-05-18 True Arthur Erzberger True Threat Analysis: Backdoored Electron Apps Evading Defenses 2026-05-08 True Michael Morose True Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication 2026-05-07 True Mahadev Joshi True LevelBlue TTP Briefing Q1 2026: Trust Abuse Exposes Weaknesses 2026-05-05 True True Inside Vect Ransomware-as-a-Service 2026-04-30 True SpiderLabs Researcher True Hacking Hotels via Smart Stationary Bikes: How Unsecured Gym Equipment Can Lead to RCE 2026-04-29 True John Lopez True Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems 2026-04-23 True Serhii Melnyk, King Orande, Cris Tomboc, Sean Shirley True A Closer Look at the Novel and Stealthy KarstoRAT Malware 2026-04-21 True Chen Aviani True Go With the Flow: Abusing OAuth Device Code Flow 2026-04-20 True Jakub Wiewiorski True RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait 2026-04-17 True True Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead 2026-04-13 True Jamie Mamroe True Trojanized CPUID HWMonitor Installer Delivers Fileless .NET Payload via Obfuscated IPv6 Scriptlet 2026-04-10 True Sean Shirley True Axios NPM Package Supply Chain Compromise Leads to RAT Deployment 2026-04-09 True Mahadev Joshi and Sho Kishimoto True Err-Hiding and Seek: How ErrTraffic v3 Leverages EtherHiding in ClickFix Campaign 2026-04-09 True King Orande and Cris Tomboc True Major Supply Chain Compromise in the Popular axios npm Package 2026-04-03 True Karl Sigler True Using RF Power Levels to Defeat MAC Address Randomization Enabling Passive Device Tracking 2026-03-31 True Tom Neaves True Azure ServiceBus WebSockets as a C2 Channel 2026-03-24 True Stuart White True Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure 2026-03-23 True Sean Shirley True “Say My Name”: How MioLab is building MacOS Stealer Empire 2026-03-20 True Mark Tsipershtein and Evgeny Ananin True Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault 2026-03-19 True Shabtay Barel, Serhii Melnyk, Rodel Mendrez True KongTuke: A King Among Threat Groups 2026-03-18 True True How LevelBlue OTX and Cybereason XDR Detected a North Korea-Linked Remote IT Worker 2026-03-17 True Tue Luu True Epic Fury Update: Stryker Attack Highlights Handala's Shift from Espionage to Disruption 2026-03-12 True Arthur Erzberger True Weaponizing Safe Links: Abuse of Multi-Layered URL Rewriting in Phishing Attacks 2026-03-12 True John Kevin Adriano True Beware the ClickFix Trap: REMCOS RAT Hiding in “Helpful” PUAs 2026-03-09 True Hema Loganathan True CVE-2025-61915: Buffer Underflow Vulnerability Leads to Memory Corruption in CUPS 2026-03-05 True Ariel Silver True LevelBlue SpiderLabs Breaks Down the Role of Cyber Operations Taken in the Iran Crisis 2026-03-04 True Gal Romano True Operation Epic Fury: From Regional Escalation to Global Cyber Risk 2026-03-03 True LevelBlue SpiderLabs True Pwning Malware with Ninjas and Unicorns 2026-02-16 True Cade Wriglesworth True How ClickFix Opens the Door to Stealthy StealC Information Stealer 2026-02-12 True Rodel Mendrez True Stealerium Unmasked: Inside a Multi-Lure, Multi-Stage Stealer Campaign 2026-02-11 True Bernard Bautista True Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis 2026-02-10 True King Orande True 19 Shades of LockBit 5.0, Inside the Latest Cross-Platform Ransomware: Part 3 2026-02-05 True Alexander Sevtsov, Chen Aviani True 19 Shades of LockBit 5.0, Inside the Latest Cross-Platform Ransomware: Part 2 2026-02-04 True Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi True The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions 2026-02-03 True Mark Tsipershtein and Evgeny Ananin True LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments 2026-01-30 True SpiderLabs Researcher True 19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1 2026-01-30 True Mark Tsipershtein, Evgeny Ananin, Nikita Kazymirskyi True Scenario 3: SOC/SIEM Takes in and Summarizes Windows Events (Log Files) 2026-01-29 True Tom Neaves True The Hard Lessons Learned by Analyzing Education Sector Cyberattacks 2026-01-26 True True The Hard Lessons Learned by Analyzing Education Sector Cyberattacks 2026-01-26 True True CVE-2009-0556: The 2009 PowerPoint But that Refuses to Die 2026-01-23 True Messiah Dela Cruz True CVE-2009-0556: The 2009 PowerPoint But that Refuses to Die 2026-01-23 True Messiah Dela Cruz True Ni8mare on Automation Street: When Workflows Turn Into an Attack Path 2026-01-15 True Nikita Kazymirskyi True Ni8mare on Automation Street: When Workflows Turn Into an Attack Path 2026-01-15 True Nikita Kazymirskyi True BEC Email Trends: Attacks up 15% in 2025 2026-01-13 True Katrina Udquin True BEC Email Trends: Attacks up 15% in 2025 2026-01-13 True Katrina Udquin True 
