Cyber Threat Intelligence
Daily threat reporting, custom software, and remote tech help from a veteran-owned (SDVOSB) studio.
Updated most weekdays
Our Software
Explore all software →This Week in Threats
Latest Threat Intelligence
Nation-State Tracking
Intelligence by Region
Russian Threat Intelligence
View all Russian intel →Water Systems Are Becoming Nation-State Pressure Points
Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.
Turla’s STOCKSTAY Backdoor Shows Why Espionage Defense Needs Egress Visibility
GTIG’s STOCKSTAY research shows how Turla blends modular .NET malware, WebSocket C2, and diplomatic targeting. Here are the defensive lessons for SMBs and government contractors.
Kazuar Shows Russian Espionage Malware Is Engineering for Resilience
Microsoft reports that Kazuar, attributed to Russian state actor Secret Blizzard, has evolved into a modular P2P botnet. Here is what SMBs and government contractors should take from it defensively.
Chinese Threat Intelligence
View all Chinese intel →Pakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic Targets
SentinelLabs reporting on rival espionage activity against Pakistani law enforcement is a reminder that public-sector portals, case systems, and citizen-data apps are strategic intelligence targets — even when they are not classified systems.
UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure
Cisco Talos reports UAT-7810 is expanding ORB relay infrastructure using compromised edge and embedded devices. Here is what SMBs and government contractors should do now.
Water Systems Are Becoming Nation-State Pressure Points
Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.
North Korean Threat Intelligence
View all North Korean intel →Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets
Microsoft linked the Mastra AI npm package compromise to North Korean actor Sapphire Sleet. Here is what SMBs and government contractors should do about AI framework supply-chain risk.
Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk
Trend Micro reports North Korea-aligned Void Dokkaebi has moved InvisibleFerret into Cython-compiled Python extension modules. For SMBs and government contractors, the real risk is developer endpoint access to CI/CD, cloud, and production secrets.
DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks
North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing t
Iranian Threat Intelligence
View all Iranian intel →Water Systems Are Becoming Nation-State Pressure Points
Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.
MuddyWater’s Chaos Masquerade Shows Ransomware Response Needs Attribution Discipline
Iran-linked MuddyWater activity shows why ransomware response needs to examine identity compromise, remote access, and adversary objectives instead of trusting the ransom note at face value.
Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation
Handala’s California Water Service claim is a reminder that critical-infrastructure defense starts with proving separation between billing systems, telemetry platforms, and operational technology.
Browse by category
Beyond the feed
Bulwark Black also builds
All services →Websites & Web Apps
Fast, clean marketing sites and custom web apps built for your business, not a template you have to fight. Designed, built, and deployed by the person who will maintain it.
Custom iOS Apps
Native iPhone and iPad apps built for businesses and published to the App Store. From a focused single-purpose tool to a full product, designed, developed, and shipped end to end.
AI & Automation
Practical AI setup and quiet automation that saves you real hours. We pick the right tools, wire them into how you actually work, and skip the hype when it does not fit.
Small-Business IT + Cybersecurity
Right-sized IT support and security fundamentals for small teams, delivered remotely. Backups that actually restore, hardened accounts, and someone honest to call.
You may have missed
Bing SEO Poisoning Shows IT Admin Downloads Are Ransomware Initial Access
A DFIR Report case study shows how a fake ManageEngine OpManager download led from BumbleBee and AdaptixC2 to Akira ransomware. The defensive lesson: admin software downloads need control, verification, and monitoring.
Water Systems Are Becoming Nation-State Pressure Points
Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.
Fluentd Vulnerabilities Show Logging Pipelines Need Production-Grade Segmentation
Multiple Fluentd vulnerabilities show why log collectors need segmentation, least privilege, and hostile-input assumptions—not just patching.
Shai Hulud Shows CI/CD Identity Is Production Cloud Identity
Fortinet’s Shai Hulud case study shows how poisoned CI/CD dependencies can become cloud identity compromise, IAM escalation, and Redshift data theft. Here is what SMBs and government contractors should harden now.
Newsletter
The Bulwark Brief.
Cyber threat intel, AI, and tech worth your attention, what we're tracking that day, with a "why it matters" line on every item. Most weekdays. No fluff.