General CTI Archives - Bulwark Black LLC

Critical Cisco IMC Authentication Bypass Grants Remote Attackers Admin Privileges

acint2 weeks ago03 mins

Cisco has released emergency security updates to patch a critical authentication bypass vulnerability in its Integrated Management Controller (IMC), a critical component embedded on the motherboard of Cisco UCS C-Series and E-Series servers that provides out-of-band management capabilities. The Vulnerability: CVE-2026-20093 Tracked as CVE-2026-20093, this maximum-severity flaw exists in the password change functionality of Cisco…

UAT-10608: NEXUS Listener Framework Compromises 766 Next.js Hosts in 24-Hour Credential Harvesting Blitz

acint2 weeks ago03 mins

Cisco Talos has disclosed a large-scale automated credential harvesting campaign carried out by a threat cluster they are tracking as “UAT-10608.” The systematic exploitation campaign leverages a custom framework called “NEXUS Listener” to target Next.js applications vulnerable to React2Shell (CVE-2025-55182), resulting in the compromise of at least 766 hosts within a 24-hour period. Key Findings…

ShinyHunters Breaches European Commission: 350GB of Sensitive Data Exfiltrated from AWS Cloud

acint2 weeks ago03 mins

The European Commission has confirmed a significant data breach after its Europa.eu web platform was compromised in a cyberattack claimed by the notorious ShinyHunters extortion gang. The attackers allegedly exfiltrated over 350GB of sensitive data from the Commission’s Amazon Web Services (AWS) cloud environment. Breach Discovery and Response The intrusion was detected on March 24,…

Oracle Issues Rare Out-of-Band Patch for Critical CVE-2026-21992 RCE in Identity Manager

acint3 weeks ago03 mins

Oracle has released an emergency out-of-band security patch for a critical unauthenticated remote code execution vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992 with a CVSS v3.1 score of 9.8, this flaw allows attackers to achieve full system compromise over HTTP without any authentication. The Vulnerability CVE-2026-21992 impacts two critical…

TeamPCP Spreads Trivy Supply Chain Attack to Docker Hub and Kubernetes with Devastating Wiper Payload

acint3 weeks ago03 mins

The cybersecurity community is reeling from an escalating supply chain attack targeting Trivy, Aqua Security’s popular open-source vulnerability scanner with over 33,800 GitHub stars. The threat actor known as TeamPCP has expanded their campaign from compromised GitHub Actions to Docker Hub images and now a destructive Kubernetes wiper that specifically targets Iranian infrastructure. The Attack…

Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale

acint3 weeks ago03 mins

Palo Alto Networks’ Unit 42 has published new research examining how the rise of “agentic commerce” – AI agents that autonomously browse, shop, and transact on behalf of users – could be exploited by cybercriminals to conduct retail fraud at unprecedented scale. Read the full research from Unit 42. The Coming Wave of Agentic Commerce…

CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure

acint4 weeks ago03 mins

A critical vulnerability in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines, was weaponized by threat actors within just 20 hours of public disclosure—before any proof-of-concept code was publicly available. The Vulnerability Tracked as CVE-2026-33017 (CVSS 9.3), the vulnerability is an unauthenticated remote code execution (RCE) flaw affecting the /api/v1/build_public_tmp/{flow_id}/flow…

DoJ Disrupts Four Massive IoT Botnets Behind Record-Breaking 31.4 Tbps DDoS Attacks

acint4 weeks ago02 mins

The U.S. Department of Justice announced a major law enforcement operation to disrupt four IoT botnets — AISURU, Kimwolf, JackSkid, and Mossad — responsible for record-breaking distributed denial-of-service (DDoS) attacks reaching 31.4 terabits per second. The court-authorized takedown, conducted in partnership with authorities from Canada and Germany, targeted command-and-control infrastructure that had enslaved over 3…

CVE-2026-33017: Critical Langflow AI Platform Flaw Exploited Within 20 Hours of Disclosure

acint4 weeks ago02 mins

A critical vulnerability in Langflow, a popular open-source AI workflow automation platform, has been actively exploited in the wild within just 20 hours of public disclosure—before any proof-of-concept code was even available. The Vulnerability Tracked as CVE-2026-33017 with a CVSS score of 9.3, the flaw combines missing authentication with code injection to enable unauthenticated remote…

Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure

acint4 weeks ago03 mins

A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders have to patch critical flaws. The Vulnerability: CVE-2026-33017 Tracked as CVE-2026-33017 with a CVSS score of 9.3, the…