acint, Author at Bulwark Black LLC

Business

CISA Confirms VMware ESXi Flaw CVE-2025-22225 Now Exploited in Active Ransomware Campaigns

acint3 months ago02 mins

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to confirm that CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability, is now being actively exploited in ransomware attacks. The Vulnerability CVE-2025-22225 is an arbitrary-write vulnerability that allows attackers with privileges within the VMX process to trigger an arbitrary…

EnCase Forensic Driver Weaponized: BYOVD Attack Targets 59 EDR Tools Through SonicWall VPN Breach

acint3 months ago03 mins

Security researchers at Huntress have documented a sophisticated intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to deploy a custom EDR killer that abuses a legitimate forensic driver from Guidance Software’s EnCase to terminate security processes from kernel mode. Attack Overview The attack, disrupted in early February 2026 before ransomware deployment, demonstrates a growing…

PDFSider: The Stealthy Backdoor Targeting Fortune 100 Financial Institutions

acint3 months ago03 mins

A newly identified Windows malware strain called PDFSider has emerged as a dangerous tool in the arsenals of multiple ransomware operators, with at least one confirmed attack targeting a Fortune 100 finance company. Security researchers at Resecurity uncovered the malware during an incident response engagement, describing it as an advanced stealth backdoor designed for long-term…

ShinyHunters Claims Massive Ivy League Breach: 2.2 Million Records from Harvard and UPenn

acint3 months ago02 mins

The notorious threat actor group ShinyHunters has claimed responsibility for a significant data breach targeting two of America’s most prestigious academic institutions: Harvard University and the University of Pennsylvania. What’s Being Claimed On February 4, 2026, ShinyHunters announced the alleged exfiltration of a massive dataset containing over 2.2 million records from both institutions. According to…

AI-Powered Attack Achieves AWS Admin Access in Under 10 Minutes: A New Era of Automated Intrusions

acint3 months ago04 mins

In a stark demonstration of how artificial intelligence is transforming the cybersecurity threat landscape, the Sysdig Threat Research Team (TRT) has documented a sophisticated cloud intrusion where attackers achieved full administrative control of an AWS environment in less than 10 minutes — with strong evidence that large language models (LLMs) were used to automate the…

ShadowHS: Fileless Linux Post-Exploitation Framework Runs Entirely in Memory

acint3 months ago03 mins

Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated Linux intrusion framework dubbed ShadowHS — a stealthy, fileless post-exploitation tool that executes entirely from memory, leaving virtually no traces on disk. This discovery highlights the growing sophistication of Linux-targeted threats and the challenges they pose for traditional security tools. What Makes ShadowHS Different Unlike…

Vibe Coding Gone Wrong: Moltbook AI Social Network Exposes 4.75 Million Records in Massive Database Breach

acint3 months ago3 months ago04 mins

Google-owned Wiz discovers 4.75 million exposed records in AI social network Moltbook, including 1.5M API tokens and plaintext OpenAI keys—all because Row Level Security was never enabled on the “vibe-coded” platform.

Chinese Cyber Threat Intelligence

Chinese APT Lotus Blossom Hijacks Notepad++ Update Mechanism to Deploy Chrysalis Backdoor

acint4 months ago03 mins

Chinese state-sponsored threat actors hijacked Notepad++ update infrastructure for nearly six months, deploying a sophisticated custom backdoor called Chrysalis to selectively targeted victims.

Russian Legion hacker alliance launches OpDenmark cyberattack campaign against Denmark

Russian Legion Hacker Alliance Launches OpDenmark Campaign Against Danish Critical Infrastructure

acint4 months ago4 months ago02 mins

A newly formed Russian hacktivist alliance called Russian Legion has launched OpDenmark, a coordinated cyberattack campaign against Danish critical infrastructure in retaliation for the country’s 1.5 billion DKK military aid package to Ukraine.

BreachForums Breach Exposes 324,000 Cybercriminal Identities in Unprecedented Dark Web Leak

acint4 months ago03 mins

The tables have turned: BreachForums, one of the largest dark web marketplaces for stolen data, has been breached. A disgruntled insider leaked the real identities of nearly 324,000 cybercriminals, including email addresses, IP addresses, and connections to notorious groups like ShinyHunters.