Skip to content
Wednesday, July 8, 2026
  • Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue
  • Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls
  • ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure
  • UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
  • Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue
  • Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls
  • ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure
  • UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
Recent
  • Editorial cybersecurity illustration of Ubiquiti UniFi network appliances under defensive monitoring after critical vulnerability patches.

    Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue

    17 minutes ago
  • Editorial cybersecurity illustration showing malvertising delivering Vidar stealer and XMRig cryptominer payloads.

    Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls

    14 hours ago
  • Editorial cybersecurity illustration of ADFS federation signing keys, Machine DPAPI, and cloud identity trust paths.

    ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure

    19 hours ago
  • Editorial cybersecurity illustration of compromised edge routers forming a covert relay network for UAT-7810 ORB activity.

    UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure

    1 day ago
  • Editorial cyber threat intelligence illustration showing firewall credential theft feeding ransomware operations

    FortiBleed Shows Firewall Credentials Are Ransomware Fuel

    6 days ago
  • Editorial cybersecurity illustration of consumer devices forming a disrupted residential proxy botnet network

    NetNut and Popa Takedown Shows Residential Proxies Are Now Attack Infrastructure

    6 days ago
  • Editorial cybersecurity illustration of supply-chain credentials feeding ransomware deployment paths

    Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

    6 days ago
  • Abstract cybersecurity illustration of the Ousaban banking trojan targeting online banking sessions through phishing and hidden payload delivery.

    Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

    7 days ago
  • Editorial illustration of UPS monitoring infrastructure protected from command injection abuse.

    NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

    7 days ago
Editorial cybersecurity illustration of Ubiquiti UniFi network appliances under defensive monitoring after critical vulnerability patches.
  • Cyber Security Blog
  • General CTI
17 minutes ago

Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue

Ubiquiti patched critical UniFi Connect, Talk, Access, Protect, and UniFi OS flaws. Here is what SMBs and government contractors should patch, restrict, and review now.

Editorial cybersecurity illustration showing malvertising delivering Vidar stealer and XMRig cryptominer payloads.
  • Cyber Security Blog
  • General CTI
14 hours ago

Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls

Unit 42 reported a Vidar stealer and XMRig campaign using malvertising, fake cracked-software lures, misleading certificate metadata, oversized binaries, and commodity loader infrastructure. Here is what SMBs and government contractors should take away.

Editorial cybersecurity illustration of ADFS federation signing keys, Machine DPAPI, and cloud identity trust paths.
  • Cyber Security Blog
  • General CTI
19 hours ago

ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure

Mandiant shows how ADFS certificate drift and Machine DPAPI can expose active signing keys. Here is what SMBs and government contractors should do now.

Editorial cybersecurity illustration of compromised edge routers forming a covert relay network for UAT-7810 ORB activity.
  • Chinese Cyber Threat Intelligence
  • Cyber Security Blog
1 day ago

UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure

Cisco Talos reports UAT-7810 is expanding ORB relay infrastructure using compromised edge and embedded devices. Here is what SMBs and government contractors should do now.

FortiPortal CVE-2026-49938 Shows Network Configuration Data Is a High-Value Target
  • Cyber Security Blog
  • General CTI

FortiPortal CVE-2026-49938 Shows Network Configuration Data Is a High-Value Target

Exchange OWA Zero-Day Shows Why Email Servers Need Emergency Mitigation
  • Cyber Security Blog
  • General CTI

Exchange OWA Zero-Day Shows Why Email Servers Need Emergency Mitigation

Flash Report: LockBit Ends 2023 with Record Number of Attacks
  • General CTI
  • Global Cyber Threat Intelligence

Flash Report: LockBit Ends 2023 with Record Number of Attacks

Shai-Hulud Shows AI Package Scanners Need Prompt-Injection Boundaries
  • AI (General)
  • Cyber Security Blog

Shai-Hulud Shows AI Package Scanners Need Prompt-Injection Boundaries

Editorial cybersecurity illustration of Ubiquiti UniFi network appliances under defensive monitoring after critical vulnerability patches.
  • Cyber Security Blog
  • General CTI
  • Privacy & Security

Critical UniFi Flaws Put Network Control Planes Back in the Patch Queue

acint17 minutes ago04 mins

Ubiquiti patched critical UniFi Connect, Talk, Access, Protect, and UniFi OS flaws. Here is what SMBs and government contractors should patch, restrict, and review now.

Read More
Editorial cybersecurity illustration showing malvertising delivering Vidar stealer and XMRig cryptominer payloads.
  • Cyber Security Blog
  • General CTI
  • Malware

Vidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak Controls

acint14 hours ago03 mins

Unit 42 reported a Vidar stealer and XMRig campaign using malvertising, fake cracked-software lures, misleading certificate metadata, oversized binaries, and commodity loader infrastructure. Here is what SMBs and government contractors should take away.

Read More
Editorial cybersecurity illustration of ADFS federation signing keys, Machine DPAPI, and cloud identity trust paths.
  • Cyber Security Blog
  • General CTI
  • Privacy & Security

ADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity Infrastructure

acint19 hours ago04 mins

Mandiant shows how ADFS certificate drift and Machine DPAPI can expose active signing keys. Here is what SMBs and government contractors should do now.

Read More
Editorial cybersecurity illustration of compromised edge routers forming a covert relay network for UAT-7810 ORB activity.
  • Chinese Cyber Threat Intelligence
  • Cyber Security Blog
  • General CTI
  • Malware
  • Privacy & Security

UAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay Infrastructure

acint1 day ago04 mins

Cisco Talos reports UAT-7810 is expanding ORB relay infrastructure using compromised edge and embedded devices. Here is what SMBs and government contractors should do now.

Read More
Editorial cyber threat intelligence illustration showing firewall credential theft feeding ransomware operations
  • Cyber Security Blog
  • General CTI
  • Malware
  • Privacy & Security

FortiBleed Shows Firewall Credentials Are Ransomware Fuel

acint6 days ago04 mins

SOCRadar linked the FortiBleed FortiGate credential-harvesting campaign to INC and Lynx ransomware operations. Here is what SMBs and government contractors should do next.

Read More
Editorial cybersecurity illustration of consumer devices forming a disrupted residential proxy botnet network
  • Cyber Security Blog
  • General CTI
  • Malware
  • Privacy & Security

NetNut and Popa Takedown Shows Residential Proxies Are Now Attack Infrastructure

acint6 days ago04 mins

The FBI and industry partners disrupted NetNut and the Popa botnet. Here is why residential proxy abuse matters for SMBs, government contractors, and defenders.

Read More
Editorial cybersecurity illustration of supply-chain credentials feeding ransomware deployment paths
  • Cyber Security Blog
  • General CTI
  • Malware
  • Privacy & Security

Vect and TeamPCP Show Supply-Chain Credentials Are Ransomware Fuel

acint6 days ago03 mins

Sophos CTU reports that Vect and TeamPCP have linked ransomware deployment with supply-chain credential theft. Here is what SMBs and government contractors should harden now.

Read More
Abstract cybersecurity illustration of the Ousaban banking trojan targeting online banking sessions through phishing and hidden payload delivery.
  • Cyber Security Blog
  • General CTI
  • Malware
  • Malware Monsters
  • Privacy & Security

Ousaban Shows Banking Trojans Are Learning to Hide From Sandboxes

acint7 days ago04 mins

Ousaban’s Spain and Portugal campaign shows how banking trojans use geofencing, phishing PDFs, steganography, and daily-changing C2 to evade sandbox-heavy defenses.

Read More
Editorial illustration of UPS monitoring infrastructure protected from command injection abuse.
  • Cyber Security Blog
  • General CTI
  • Operational Technology (OT)
  • Privacy & Security

NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

acint7 days ago04 mins

CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.

Read More
Editorial cybersecurity illustration of Microsoft 365 token phishing and BEC control-plane defense
  • Cyber Security Blog
  • General CTI
  • Privacy & Security
  • Social Engineering

ARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

acint1 week ago04 mins

Cisco Talos uncovered ARToken, an EvilTokens-linked phishing-as-a-service panel built around Microsoft 365 token theft, device-code phishing, mailbox access, SharePoint operations, and BEC automation. The practical lesson: treat identity tokens, inbox rules, and cloud collaboration data as tier-zero assets.

Read More
  • 1
  • 2
  • 3
  • …
  • 39

File Search

2
ThumbNameSizeDate
Thumb IOCs_YARA_TTPs_Posted_Articles/ IOCs_YARA_TTPs_Posted_Articles

IOCs_YARA_TTPs_Posted_Articles

Open 99.71 KB 2024-01-12 January 12, 2024 2024-03-22 March 22, 2024
21 Items
99.71 KB
March 22, 2024

0

5f6594a30e

You May Have Missed

Editorial cybersecurity illustration of Operation Escaneo targeting Latin American edge infrastructure and critical networks.
  • Cyber Security Blog
  • General CTI

Operation Escaneo Shows Latin America’s Edge Devices Are Prime Intrusion Targets

acint 3 weeks ago
  • Iranian Cyber Threat Intelligence
  • Operational Technology (OT)

Iranian Threat Actors Target Hikvision and Dahua IP Cameras for Kinetic Strike Coordination

acint 4 months ago
  • Detection

Detection 101: Top Detections for Email Phishing and BEC

bulwarkblack 2 years ago2 years ago

    DockerDash: Critical AI Assistant Flaw Enabled Code Execution via Malicious Image Metadata

    acint 5 months ago
    Cybersecurity illustration of ASP.NET ViewState deserialization and shared machine key risk in a web application environment.
    • Cyber Security Blog
    • General CTI

    KnowledgeDeliver RCE Shows Shared Machine Keys Are Shared Blast Radius

    acint 1 month ago
    • General CTI

    9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

    acint 4 months ago
    • General CTI
    • Offensive Devices / Tactics

    THIS WEEK IN SECURITY: LOOP DOS, FLIPPER RESPONDS, AND MORE!

    bulwarkblack 2 years ago2 years ago
    • General CTI

    CVE-2026-3564: Critical ScreenConnect Flaw Enables Session Hijacking Through ASP.NET Machine Key Abuse

    acint 4 months ago
    2026 Powered By BlazeThemes.