acint, Author at Bulwark Black LLC

CVE-2026-1731: Critical BeyondTrust Remote Support Vulnerability Under Active Exploitation

acint3 months ago02 mins

A critical pre-authentication command injection vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) is now being actively exploited in the wild, with threat actors targeting self-hosted deployments including legacy Bomgar appliances. Vulnerability Overview According to CSO Online, the vulnerability tracked as CVE-2026-1731 is a critical-severity flaw that allows unauthenticated attackers to execute…

DockerDash: Critical AI Assistant Flaw Enabled Code Execution via Malicious Image Metadata

acint3 months ago03 mins

Cybersecurity researchers at Noma Labs have disclosed details of a critical vulnerability in Ask Gordon, Docker’s AI assistant integrated into Docker Desktop and the Docker CLI. The flaw, codenamed DockerDash, could have been exploited to execute arbitrary code and exfiltrate sensitive data from compromised environments. Docker addressed the vulnerability in version 4.50.0, released in November…

Critical Unstructured.io Vulnerability CVE-2025-64712 Threatens AI Pipelines at Amazon, Google, and Fortune 1000 Enterprises

acint3 months ago03 mins

A critical vulnerability (CVE-2025-64712) discovered in Unstructured.io, a widely deployed ETL library for AI data processing, exposes Amazon, Google, Bank of America, and 87% of Fortune 1000 companies to remote code execution attacks. The Vulnerability: CVSS 9.8 Path Traversal Leading to RCE Security researchers have identified a severe path traversal vulnerability in Unstructured.io’s partition_msg function,…

XWorm RAT Campaign Exploits 7-Year-Old Office Vulnerability with Fileless Techniques

acint3 months ago02 mins

Fortinet researchers have uncovered a new phishing campaign delivering the XWorm remote access trojan (RAT) by chaining a years-old Microsoft Office vulnerability with fileless execution techniques to evade detection. The Attack Chain The campaign uses business-themed phishing emails with malicious Excel add-ins that exploit CVE-2018-0802, a memory corruption flaw in Microsoft Office’s Equation Editor that…

Google Blocks Massive Model Extraction Campaign Targeting Gemini AI with 100,000+ Malicious Prompts

acint3 months ago03 mins

Google has revealed it detected and blocked a sophisticated campaign involving more than 100,000 prompts designed to extract the proprietary reasoning capabilities of its Gemini AI model, according to the Google Threat Intelligence Group’s latest quarterly threat report. The Growing Threat of Model Extraction The coordinated attack represents what security researchers call model extraction or…

Metro4Shell: Critical React Native CLI Vulnerability Actively Exploited to Deploy Malware

acint3 months ago02 mins

Threat actors are actively exploiting a critical remote code execution vulnerability in the popular @react-native-community/cli npm package, impacting countless mobile application developers worldwide. The Vulnerability: CVE-2025-11953 Dubbed Metro4Shell, this critical vulnerability (CVSS 9.8) affects the Metro Development Server bundled with the React Native CLI. The flaw allows remote unauthenticated attackers to execute arbitrary operating system…

AiFrame Campaign: 30 Fake AI Chrome Extensions with 300K Users Steal Credentials, Gmail Content

acint3 months ago03 mins

Researchers at browser security platform LayerX have uncovered a coordinated malware campaign dubbed “AiFrame” involving 30 malicious Chrome extensions installed by more than 300,000 users. The extensions masquerade as AI assistants while secretly stealing credentials, email content, and browsing information. Campaign Overview All analyzed extensions share the same internal structure, JavaScript logic, permissions, and communicate…

Phorpiex Botnet Resurfaces: Phishing Campaign Delivers Offline-Capable Global Group Ransomware

acint3 months ago02 mins

A new phishing campaign leveraging the infamous Phorpiex botnet has been observed distributing Global Group ransomware through weaponized Windows shortcut (.LNK) files, according to a new advisory from Forcepoint X-Labs. The Attack Chain The campaign uses phishing emails with the subject line “Your Document” — a lure that has remained effective throughout 2024 and 2025….

Cybercriminals Weaponize ChatGPT and Grok to Distribute AMOS Stealer on macOS

acint3 months ago03 mins

A sophisticated attack campaign is exploiting user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), representing a dangerous evolution in social engineering tactics that combines legitimate AI chatbot services with paid Google advertising. According to research from Flare, threat actors are creating shareable AI chat links on ChatGPT and Grok containing…

XWorm RAT Campaign Exploits CVE-2018-0802 in Multi-Language Phishing Attacks Using Fileless Injection

acint3 months ago03 mins

FortiGuard Labs has uncovered a sophisticated phishing campaign delivering XWorm version 7.2, a multi-functional Remote Access Trojan (RAT) that provides attackers with full remote control of compromised Windows systems. Campaign Overview The campaign utilizes multiple phishing email themes written in various languages to maximize its reach. Emails are disguised as: Payment detail requests requiring recipient…