Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Cyber Threat Intelligence

Daily threat reporting, custom software, and remote tech help from a veteran-owned (SDVOSB) studio.

Updated most weekdays

Our Software

Software we build and run

Explore all software →
Contractor Codex SaaS · Web app

Quote. Contract. Bill. Get Paid.

Send a quote in 60 seconds, get it signed online, and auto-invoice every stage of the job.

SAMscout AI SaaS · Web app

The federal proposal team you can afford.

Turn a SAM.gov opportunity into a reviewable, Shipley-grade proposal draft in minutes.

The Feed

Latest Threat Intelligence

Cyber Security Blog
Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue
Cyber Security Blog·

Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue

Ubiquiti patched critical UniFi Connect, Talk, Access, Protect, and UniFi OS flaws. Here is what SMBs and government contractors should patch, restrict, and review now.

Cyber Security Blog
Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls
Cyber Security Blog·

Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls

Unit 42 reported a Vidar stealer and XMRig campaign using malvertising, fake cracked-software lures, misleading certificate metadata, oversized binaries, and commodity loader infrastructure. Here is what SMBs and government contractors should take away.

Cyber Security Blog
ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure
Cyber Security Blog·

ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure

Mandiant shows how ADFS certificate drift and Machine DPAPI can expose active signing keys. Here is what SMBs and government contractors should do now.

Chinese Cyber Threat Intelligence
UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure
Chinese Cyber Threat Intelligence·

UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure

Cisco Talos reports UAT-7810 is expanding ORB relay infrastructure using compromised edge and embedded devices. Here is what SMBs and government contractors should do now.

Cyber Security Blog
FortiBleed Shows Firewall Credentials Are Ransomware Fuel
Cyber Security Blog·

FortiBleed Shows Firewall Credentials Are Ransomware Fuel

SOCRadar linked the FortiBleed FortiGate credential-harvesting campaign to INC and Lynx ransomware operations. Here is what SMBs and government contractors should do next.

Cyber Security Blog
NetNut and Popa Takedown Shows Residential Proxies Are Now Attack Infrastructure
Cyber Security Blog·

NetNut and Popa Takedown Shows Residential Proxies Are Now Attack Infrastructure

The FBI and industry partners disrupted NetNut and the Popa botnet. Here is why residential proxy abuse matters for SMBs, government contractors, and defenders.

Cyber Security Blog
Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel
Cyber Security Blog·

Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

Sophos CTU reports that Vect and TeamPCP have linked ransomware deployment with supply-chain credential theft. Here is what SMBs and government contractors should harden now.

Cyber Security Blog
Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes
Cyber Security Blog·

Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

Ousaban’s Spain and Portugal campaign shows how banking trojans use geofencing, phishing PDFs, steganography, and daily-changing C2 to evade sandbox-heavy defenses.

Cyber Security Blog
NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue
Cyber Security Blog·

NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.

Nation-State Tracking

Intelligence by Region

Russian Threat Intelligence

View all Russian intel →

Chinese Threat Intelligence

View all Chinese intel →

North Korean Threat Intelligence

View all North Korean intel →

Iranian Threat Intelligence

View all Iranian intel →

Newsletter

The Bulwark Brief.

Cyber threat intel, AI, and tech worth your attention, what we're tracking that day, with a "why it matters" line on every item. Most weekdays. No fluff.