acint, Author at Bulwark Black LLC

Unit 42 Exposes Active Exploitation of BeyondTrust CVE-2026-1731 with VShell and SparkRAT Backdoors

acint4 months ago03 mins

Palo Alto Networks’ Unit 42 has uncovered an active exploitation campaign targeting BeyondTrust Remote Support and Privileged Remote Access appliances through CVE-2026-1731, a critical pre-authentication remote code execution vulnerability with a CVSS score of 9.9. The attacks have deployed sophisticated backdoors including VShell and SparkRAT across organizations in financial services, healthcare, legal, and high-tech sectors….

Chinese APT Exploited Dell RecoverPoint Zero-Day for 18 Months Before Discovery

acint4 months ago03 mins

A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day vulnerability in Dell’s RecoverPoint for Virtual Machines (CVE-2026-22769) since at least mid-2024, according to new research from Google’s Threat Intelligence Group (GTIG) and Mandiant. The attackers deployed sophisticated backdoors and maintained persistent access inside targeted networks for over 18 months before discovery. 🎯…

Remcos RAT Evolves with Real-Time Webcam Streaming and Live Keylogging Capabilities

acint4 months ago02 mins

A newly observed variant of Remcos RAT has introduced significant upgrades to its surveillance arsenal, marking a dangerous evolution in how this remote access trojan operates on compromised Windows systems. From Storage to Streaming According to Infosecurity Magazine, the updated strain represents a fundamental shift in operational methodology. Rather than relying primarily on storing stolen…

CVE-2026-20841: Windows Notepad RCE Vulnerability Weaponized with Public PoC Exploit

acint4 months ago03 mins

A high-severity remote code execution (RCE) vulnerability in Microsoft’s modern Windows Notepad application has been patched as part of the February 2026 Patch Tuesday release—but security researchers have already published a working proof-of-concept exploit on GitHub, raising concerns about active exploitation in the wild. The Vulnerability: Command Injection via Markdown Rendering Tracked as CVE-2026-20841, the…

SANDWORMMODE: Self-Replicating npm Worm Steals Dev Secrets and Targets AI Coding Tools

acint4 months ago02 mins

A sophisticated supply chain worm dubbed SANDWORMMODE is actively targeting the npm ecosystem, compromising at least 19 malicious packages designed to steal developer credentials and CI/CD secrets while automatically spreading across repositories and workflows. Researchers at Socket identified the campaign, which uses typosquatted npm packages and poisoned GitHub Actions to infect developer machines and CI…

Starkiller: New Commercial-Grade Phishing Kit Bypasses MFA with Live Site Proxying

acint4 months ago02 mins

A newly uncovered phishing kit allows cybercriminals to steal credentials with a sophisticated toolkit that spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts at Abnormal Security have warned. Dubbed Starkiller, the phishing platform has been described as “a commercial-grade cybercrime platform” and “a comprehensive toolkit for stealing identities at scale.” The…

IDMerit Exposes One Billion Personal Records in Massive KYC Database Leak

acint4 months ago03 mins

Digital identity verification provider IDMerit inadvertently exposed more than one billion personal records across 26 countries after leaving a database unsecured and accessible on the public internet, according to research by Cybernews. Scale of the Exposure The exposed MongoDB database contained over three billion records weighing more than one terabyte. Security researchers estimate that approximately…

Facebook Malvertising Campaign Uses Fake Windows 11 Pages to Deploy Credential-Stealing Malware

acint4 months ago03 mins

Attackers are running a sophisticated malvertising campaign that leverages paid Facebook ads to distribute credential-stealing malware disguised as official Windows 11 updates. The campaign uses convincing fake Microsoft download pages and includes multiple technical countermeasures designed to evade security researchers. How the Attack Works The campaign starts with professional-looking Facebook advertisements featuring Microsoft branding, promoting…

AI-Fueled Supply Chain Attacks Surge in Asia-Pacific: Group-IB Report Exposes Self-Reinforcing Cybercrime Ecosystem

acint4 months ago04 mins

Supply chain cyber attacks are reshaping the threat landscape across Asia-Pacific, as criminals and state-aligned groups increasingly use trusted vendors, software components, and service providers as entry points into broader networks, according to Group-IB’s High-Tech Crime Trends Report 2026. The Interconnected Threat Ecosystem The report describes a fundamental shift from single-target intrusions to what it…

287 Chrome Extensions Caught Exfiltrating Browsing History from 37.4 Million Users

acint4 months ago02 mins

A massive data exfiltration operation involving 287 Chrome extensions that secretly steal browsing history from approximately 37.4 million users worldwide has been uncovered by security researcher Q Continuum (alias qcontinuum1). The discovery represents roughly one percent of the global Chrome user base, highlighting a significant privacy breach affecting millions of internet users. How the Extensions…