In the first part of our LockBit 5.0 series, where we analyzed 19 samples of the latest version of this cross-platform ransomware, we provided a comprehensive technical analysis of its ESXi variant. This report, which is the second part of a three-part series, focuses on our analysis of the Linux x64 variant of LockBit 5.0.

This three-part blog series presents an analysis of 19 samples of a cross-platform LockBit 5.0 ransomware payload affecting Windows, Linux (LINUX Locker v1.06/v1.08), and ESXi (LINUX ESXi Locker v1.07) environments, highlighting how the ransomware operates, encrypts data, and interacts with targeted systems. By reverse engineering multiple samples, we identified shared components across platforms as well as operating system–specific behaviors that allow the malware to function efficiently in different environments.

CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n that can enable unauthenticated instance takeover, leading to remote code execution (RCE) when public webhook or form endpoints are exposed. Because n8n commonly stores and brokers API tokens, OAuth credentials, database access, and cloud keys, a compromise can quickly become a pivot into wider enterprise infrastructure. This issue lands amid a cluster of other critical n8n disclosures (including RCE and sandbox-bypass paths), increasing overall risk. The most effective response is to apply the latest updates immediately.

CVE-2026-21858 (Ni8mare) is a maximum-severity vulnerability in self-hosted n8n that can enable unauthenticated instance takeover, leading to remote code execution (RCE) when public webhook or form endpoints are exposed. Because n8n commonly stores and brokers API tokens, OAuth credentials, database access, and cloud keys, a compromise can quickly become a pivot into wider enterprise infrastructure. This issue lands amid a cluster of other critical n8n disclosures (including RCE and sandbox-bypass paths), increasing overall risk. The most effective response is to apply the latest updates immediately.

LevelBlue SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.