acint, Author at Bulwark Black LLC

DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks

acint2 months ago03 mins

North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing the campaign, which leverages malicious LNK (shortcut) files, encoded payloads, and living-off-the-land (LOTL) techniques to maintain persistence while…

LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads

acint2 months ago03 mins

A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—the same threat group behind the recent Trivy supply chain compromises—targeted LiteLLM versions 1.82.7 and 1.82.8 on PyPI. According to…

Operation TrueChaos: Chinese APT Exploits TrueConf Zero-Day CVE-2026-3502 to Target Southeast Asian Governments

acint2 months ago03 mins

A critical zero-day vulnerability in the TrueConf video conferencing platform is being actively exploited in a sophisticated espionage campaign targeting government entities across Southeast Asia. Check Point Research has uncovered Operation TrueChaos, a targeted attack campaign weaponizing CVE-2026-3502 (CVSS 7.8) to compromise dozens of government agencies through a single compromised TrueConf server. The campaign deploys…

Axios npm Supply Chain Attack Deploys Cross-Platform RAT to 83 Million Weekly Users

acint2 months ago03 mins

On March 31, 2026, the cybersecurity landscape was shaken by a significant supply chain attack targeting Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem with over 83 million weekly downloads. Attackers compromised a maintainer account to inject a cross-platform remote access trojan (RAT) into two malicious package versions. Attack…

DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign

acint2 months ago04 mins

A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…

ShinyHunters Breaches European Commission: 350GB of Sensitive Data Exfiltrated from AWS Cloud

acint2 months ago03 mins

The European Commission has confirmed a significant data breach after its Europa.eu web platform was compromised in a cyberattack claimed by the notorious ShinyHunters extortion gang. The attackers allegedly exfiltrated over 350GB of sensitive data from the Commission’s Amazon Web Services (AWS) cloud environment. Breach Discovery and Response The intrusion was detected on March 24,…

CVE-2026-3055: Critical Citrix NetScaler Memory Flaw Actively Exploited in the Wild

acint2 months ago02 mins

Threat actors are actively exploiting CVE-2026-3055, a critical severity memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances. Security researchers at watchTowr have confirmed in-the-wild exploitation began at least March 27, 2026, with attackers extracting authenticated administrative session IDs that could enable full takeover of vulnerable devices. The Vulnerability CVE-2026-3055 is a memory…

FBI Alert: Iranian MOIS Hackers Weaponize Telegram as C2 Channel to Target Dissidents Worldwide

acint2 months ago02 mins

The FBI has issued a critical alert warning that Iranian government hackers are weaponizing Telegram as a command and control (C2) channel to steal data from dissidents, opposition groups, and journalists who oppose the regime around the world. According to the FBI alert published Friday, hackers working for Iran’s Ministry of Intelligence and Security (MOIS)…

FBI Confirms Handala Hackers Breached Director Patel’s Personal Email Account

acint2 months ago03 mins

Iran-linked hackers have successfully breached the personal email account of FBI Director Kash Patel, publishing photos, documents, and email correspondence in a significant escalation of cyber operations targeting senior U.S. government officials. The Handala Hack Team, a hacktivist persona operating on behalf of Iran’s Ministry of Intelligence and Security (MOIS), announced the compromise on Friday,…

Infinity Stealer: New macOS Infostealer Combines ClickFix Social Engineering with Nuitka Compilation

acint2 months ago03 mins

A sophisticated new info-stealing malware named Infinity Stealer is targeting macOS systems using an innovative attack chain that combines ClickFix social engineering with Python payloads compiled using the open-source Nuitka compiler. Attack Overview According to Malwarebytes researchers, this marks the first documented macOS campaign combining ClickFix delivery with a Python-based infostealer compiled using Nuitka. The…