Skip to content
Thursday, July 2, 2026
  • Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel
  • Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes
  • NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue
  • ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
  • Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel
  • Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes
  • NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue
  • ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
Recent
  • Editorial cybersecurity illustration of supply-chain credentials feeding ransomware deployment paths

    Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

    39 minutes ago
  • Abstract cybersecurity illustration of the Ousaban banking trojan targeting online banking sessions through phishing and hidden payload delivery.

    Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

    15 hours ago
  • Editorial illustration of UPS monitoring infrastructure protected from command injection abuse.

    NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

    20 hours ago
  • Editorial cybersecurity illustration of Microsoft 365 token phishing and BEC control-plane defense

    ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

    1 day ago
  • Editorial cybersecurity illustration of a Citrix NetScaler edge appliance leaking memory fragments during SAML authentication

    CitrixBleed Keeps Returning: NetScaler SAML IdP Memory Leaks Need Edge-Control Discipline

    2 days ago
  • Editorial cybersecurity illustration of SimpleHelp RMM exploitation, forged identity access, and credential exfiltration risk.

    SimpleHelp Exploitation Shows RMM Is a Credential Control Plane

    2 days ago
  • Editorial cybersecurity illustration of a smartphone leaking AI API keys into cloud services while an authenticated gateway blocks abuse.

    Leaky iOS AI Apps Show Mobile AI Needs Real API Gateways

    2 days ago
  • Editorial cybersecurity illustration of SEO poisoning leading to BumbleBee malware, AdaptixC2 command and control, and Akira ransomware impact.

    Bing SEO Poisoning Shows IT Admin Downloads Are Ransomware Initial Access

    3 days ago
  • Editorial cybersecurity illustration of municipal water systems, exposed OT interfaces, and segmented network defense.

    Water Systems Are Becoming Nation-State Pressure Points

    3 days ago
  • Editorial cybersecurity illustration of a segmented logging pipeline and Fluentd collector defense

    Fluentd Vulnerabilities Show Logging Pipelines Need Production-Grade Segmentation

    3 days ago
Editorial cybersecurity illustration of supply-chain credentials feeding ransomware deployment paths
  • Cyber Security Blog
  • General CTI
39 minutes ago

Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

Sophos CTU reports that Vect and TeamPCP have linked ransomware deployment with supply-chain credential theft. Here is what SMBs and government contractors should harden now.

Abstract cybersecurity illustration of the Ousaban banking trojan targeting online banking sessions through phishing and hidden payload delivery.
  • Cyber Security Blog
  • General CTI
15 hours ago

Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

Ousaban’s Spain and Portugal campaign shows how banking trojans use geofencing, phishing PDFs, steganography, and daily-changing C2 to evade sandbox-heavy defenses.

Editorial illustration of UPS monitoring infrastructure protected from command injection abuse.
  • Cyber Security Blog
  • General CTI
20 hours ago

NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.

Editorial cybersecurity illustration of Microsoft 365 token phishing and BEC control-plane defense
  • Cyber Security Blog
  • General CTI
1 day ago

ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaboration data as tier-zero assets.

    Starkiller: New Commercial-Grade Phishing Kit Bypasses MFA with Live Site Proxying

    Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation
    • Cyber Security Blog
    • General CTI

    Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation

    Agentic AI Failure Modes Show Why AI Tools Need Supply-Chain Controls
    • AI (General)
    • Cyber Security Blog

    Agentic AI Failure Modes Show Why AI Tools Need Supply-Chain Controls

    Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale
    • AI (General)
    • General CTI

    Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale

    Editorial cybersecurity illustration of supply-chain credentials feeding ransomware deployment paths
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

    acint39 minutes ago03 mins

    Sophos CTU reports that Vect and TeamPCP have linked ransomware deployment with supply-chain credential theft. Here is what SMBs and government contractors should harden now.

    Read More
    Abstract cybersecurity illustration of the Ousaban banking trojan targeting online banking sessions through phishing and hidden payload delivery.
    • Cyber Security Blog
    • General CTI
    • Malware
    • Malware Monsters
    • Privacy & Security

    Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

    acint15 hours ago04 mins

    Ousaban’s Spain and Portugal campaign shows how banking trojans use geofencing, phishing PDFs, steganography, and daily-changing C2 to evade sandbox-heavy defenses.

    Read More
    Editorial illustration of UPS monitoring infrastructure protected from command injection abuse.
    • Cyber Security Blog
    • General CTI
    • Operational Technology (OT)
    • Privacy & Security

    NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

    acint20 hours ago04 mins

    CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.

    Read More
    Editorial cybersecurity illustration of Microsoft 365 token phishing and BEC control-plane defense
    • Cyber Security Blog
    • General CTI
    • Privacy & Security
    • Social Engineering

    ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

    acint1 day ago04 mins

    Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaboration data as tier-zero assets.

    Read More
    Editorial cybersecurity illustration of a Citrix NetScaler edge appliance leaking memory fragments during SAML authentication
    • Cyber Security Blog
    • General CTI
    • Privacy & Security

    CitrixBleed Keeps Returning: NetScaler SAML IdP Memory Leaks Need Edge-Control Discipline

    acint2 days ago04 mins

    Citrix patched CVE-2026-8451, a NetScaler SAML IdP memory overread in the CitrixBleed family. Here is what SMBs and government contractors should do now.

    Read More
    Editorial cybersecurity illustration of SimpleHelp RMM exploitation, forged identity access, and credential exfiltration risk.
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    SimpleHelp Exploitation Shows RMM Is a Credential Control Plane

    acint2 days ago03 mins

    Active exploitation of SimpleHelp CVE-2026-48558 shows why RMM platforms must be treated as privileged credential control planes, not routine support tools.

    Read More
    Editorial cybersecurity illustration of a smartphone leaking AI API keys into cloud services while an authenticated gateway blocks abuse.
    • AI (General)
    • Cyber Security Blog
    • General CTI
    • Privacy & Security

    Leaky iOS AI Apps Show Mobile AI Needs Real API Gateways

    acint2 days ago03 mins

    A study of iOS AI chatbot apps found widespread exposure of API keys, open AI proxy access, and replayable tokens. The fix is not another client-side secret workaround; it is real backend authentication, scoped tokens, monitoring, and key isolation.

    Read More
    Editorial cybersecurity illustration of SEO poisoning leading to BumbleBee malware, AdaptixC2 command and control, and Akira ransomware impact.
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    Bing SEO Poisoning Shows IT Admin Downloads Are Ransomware Initial Access

    acint3 days ago04 mins

    A DFIR Report case study shows how a fake ManageEngine OpManager download led from BumbleBee and AdaptixC2 to Akira ransomware. The defensive lesson: admin software downloads need control, verification, and monitoring.

    Read More
    Editorial cybersecurity illustration of municipal water systems, exposed OT interfaces, and segmented network defense.
    • Chinese Cyber Threat Intelligence
    • General CTI
    • Iranian Cyber Threat Intelligence
    • Operational Technology (OT)
    • Russian Cyber Threat Intelligence

    Water Systems Are Becoming Nation-State Pressure Points

    acint3 days ago03 mins

    Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.

    Read More
    Editorial cybersecurity illustration of a segmented logging pipeline and Fluentd collector defense
    • Cyber Security Blog
    • General CTI
    • Privacy & Security

    Fluentd Vulnerabilities Show Logging Pipelines Need Production-Grade Segmentation

    acint3 days ago03 mins

    Multiple Fluentd vulnerabilities show why log collectors need segmentation, least privilege, and hostile-input assumptions—not just patching.

    Read More
    • 1
    • 2
    • 3
    • …
    • 39

    File Search

    2
    ThumbNameSizeDate
    Thumb IOCs_YARA_TTPs_Posted_Articles/ IOCs_YARA_TTPs_Posted_Articles

    IOCs_YARA_TTPs_Posted_Articles

    Open 99.71 KB 2024-01-12 January 12, 2024 2024-03-22 March 22, 2024
    21 Items
    99.71 KB
    March 22, 2024

    0

    356171591c

    You May Have Missed

    • Iranian Cyber Threat Intelligence
    • Operational Technology (OT)

    Iranian Threat Actors Target Hikvision and Dahua IP Cameras for Kinetic Strike Coordination

    acint 4 months ago
    • General CTI
    • Global Cyber Threat Intelligence

    Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the GlobeTurkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

    bulwarkblack 2 years ago2 years ago
    Editorial cybersecurity illustration of an npm supply-chain compromise moving through CI/CD pipelines and cloud credentials.
    • Cyber Security Blog
    • General CTI

    Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

    acint 4 weeks ago
    • Malware

    GlassWorm Supply Chain Campaign Hijacks 72 Open VSX Extensions to Target Developers

    acint 4 months ago
    • Chinese Cyber Threat Intelligence

    Google and Mandiant Disrupt GRIDTIDE: Chinese APT Espionage Campaign Compromises 53 Victims in 42 Countries

    acint 4 months ago
    • General CTI

    Critical Unstructured.io Vulnerability CVE-2025-64712 Threatens AI Pipelines at Amazon, Google, and Fortune 1000 Enterprises

    acint 5 months ago
    • Malware

    XWorm RAT Campaign Exploits CVE-2018-0802 in Multi-Language Phishing Attacks Using Fileless Injection

    acint 5 months ago
    • General CTI

    SAP NetWeaver Critical Zero-Day (CVE-2025-31324) Under Active Exploitation by Initial Access Brokers

    acint 4 months ago
    2026 Powered By BlazeThemes.