Category Archive
Business
15 reports · All intelligence
Bulwark Black cyber threat intelligence filed under Business.
Hormuz Crisis Investment Report
2026 Hormuz Crisis — Investment Strategy Report BRENT CRUDE $101.91 ▲3.47% WTI CRUDE $98.50 ▲3.12% GOLD $4,750 ▼0.72% XLE +25% YTD XOP +30% YTD BWET +411% Q1 2026 S&P 500 -4.4% YTD 10-YR YIELD 4.46% HORMUZ STATUS BLOCKADE ACTIVE IEA: LARGEST SUPPLY DISRUPTION IN HISTORY BRENT CRU
Identity Security Becomes Critical Attack Vector as Organizations Battle Fragmented Access Controls
Identity attacks have evolved beyond simply compromising individual accounts—modern threat actors now focus on what those identities can access across an organization’s sprawling digital ecosystem. As enterprises manage an explosive growth in human, non-human, and agentic identit
Google Patches Two Actively Exploited Chrome Zero-Days: CVE-2026-3909 and CVE-2026-3910
Google has released emergency security updates to fix two high-severity vulnerabilities in Chrome that are being actively exploited in the wild. These are the second and third Chrome zero-days patched in 2026, highlighting the continued targeting of browser vulnerabilities by thr
CISA Confirms VMware ESXi Flaw CVE-2025-22225 Now Exploited in Active Ransomware Campaigns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to confirm that CVE-2025-22225, a high-severity VMware ESXi sandbox escape vulnerability, is now being actively exploited in ransomware attacks. The Vuln
Aisuru Botnet Shatters Records with 31.4 Tbps DDoS Attack
The Aisuru/Kimwolf botnet launched the largest DDoS attack ever publicly disclosed, peaking at 31.4 Tbps and 200 million requests per second in Cloudflare’s ‘Night Before Christmas’ campaign.
Match Group Data Breach Exposes User Information from Tinder, Hinge, and OkCupid
Match Group confirms cybersecurity incident after ShinyHunters voice phishing campaign compromises SSO account, exposing data from popular dating apps including Tinder, Hinge, OkCupid, and Match.com.
16 Malicious Chrome Extensions Steal ChatGPT Session Tokens
Security researchers discovered 16 malicious browser extensions claiming to enhance ChatGPT that actually steal session tokens, giving attackers full access to accounts and conversation history.
Google Disrupts World’s Largest Residential Proxy Botnet
Google Threat Intelligence Group disrupts IPIDEA, the world’s largest residential proxy network, used by 550+ threat groups including nation-state actors from China, Russia, Iran, and North Korea.
Complete Guide: Setting Up FreePBX with VPS, Docker, and VPN (CGNAT Bypass Solution)
Complete FreePBX Setup Guide – Docker, VPN, and Twilio Integration Requirements / Setup Digital Ocean or whatever cloud provider you choose Docker (FreePBX) Nginx Setup OVPN Configuration IP Tables Setup YeaLink Phone configuration, the (YeaLinkT45w) was used in this tutorial Twi
How to communicate a cyber breach to minimize reputational damage
READ ARTICLE Sarah Woodhouse, Director of AMBITIOUS, explains how businesses must communicate a cyber breach in order to remain trustworthy and minimise damage. A cyber breach occurs roughly once every 39 seconds. With businesses as targets for their data, it’s not a case of if b
How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
Read Article The ability to quickly build out a C2 infrastructure within a few minutes, including all the set up and tear down logic included would be a great asset for any offensive security group or operator. In this post, I will show exactly how to build a fully automated func
Review: Engineering-grade OT security: A manager’s guide
The Underground Economist: Volume 4, Issue 1
https://www.zerofox.com/blog/the-underground-economist-volume-4-issue-1/ On December 27, 2023, threat actor “APTlord” announced on the dark web forum RAMP that they were selling source code and other information owned by marinetraffic[.]com, which was allegedly obtained by the th
Red Pandas Unleashed: How Webhooks, Bad USB, and WiFi Collide in Cyberspace
Read Article The Power of Automation for Pentesting Automation has become a game-changer in the world of penetration testing. With the ever-increasing complexity of networks and systems, manually tracking and responding to security events is no longer viable. This is where webhoo