Thursday, April 23, 2026
RSS

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

RSS

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

Malware

DarkCloud Infostealer Emerges as Major Enterprise Threat: $30 Malware Delivers Scalable Credential Theft

acint04 mins

The cybersecurity threat landscape is facing a growing challenge as infostealers continue to dominate the initial access ecosystem in 2026. Among the latest threats drawing serious attention is DarkCloud, a commercially available credential-harvesting malware that proves even low-cost tools can deliver devastating results against enterprise environments. The $30 Threat That Can Compromise Entire Networks DarkCloud…

Read More

APT28 Targets European Entities with Operation MacroMaze Webhook Malware Campaign

acint02 mins

Russia’s notorious state-sponsored threat actor APT28 (also known as Fancy Bear) has been attributed to a sophisticated new campaign targeting organizations across Western and Central Europe. According to S2 Grupo’s LAB52 threat intelligence team, the campaign—codenamed Operation MacroMaze—was active between September 2025 and January 2026. What makes this campaign notable is its reliance on basic…

Read More

Remcos RAT Evolves with Real-Time Webcam Streaming and Live Keylogging Capabilities

acint02 mins

A newly observed variant of Remcos RAT has introduced significant upgrades to its surveillance arsenal, marking a dangerous evolution in how this remote access trojan operates on compromised Windows systems. From Storage to Streaming According to Infosecurity Magazine, the updated strain represents a fundamental shift in operational methodology. Rather than relying primarily on storing stolen…

Read More

SANDWORMMODE: Self-Replicating npm Worm Steals Dev Secrets and Targets AI Coding Tools

acint02 mins

A sophisticated supply chain worm dubbed SANDWORMMODE is actively targeting the npm ecosystem, compromising at least 19 malicious packages designed to steal developer credentials and CI/CD secrets while automatically spreading across repositories and workflows. Researchers at Socket identified the campaign, which uses typosquatted npm packages and poisoned GitHub Actions to infect developer machines and CI…

Read More

Facebook Malvertising Campaign Uses Fake Windows 11 Pages to Deploy Credential-Stealing Malware

acint03 mins

Attackers are running a sophisticated malvertising campaign that leverages paid Facebook ads to distribute credential-stealing malware disguised as official Windows 11 updates. The campaign uses convincing fake Microsoft download pages and includes multiple technical countermeasures designed to evade security researchers. How the Attack Works The campaign starts with professional-looking Facebook advertisements featuring Microsoft branding, promoting…

Read More

Kimwolf Botnet Swamps I2P Anonymity Network in Massive Sybil Attack

acint13 mins

The massive Kimwolf IoT botnet has caused significant disruptions to The Invisible Internet Project (I2P), a decentralized privacy network, after botnet operators accidentally overwhelmed the system while attempting to use it for command-and-control evasion. The Attack According to Krebs on Security, I2P users began reporting severe network disruptions on February 3, 2026, when tens of…

Read More

Russian Threat Actor Deploys CANFAIL Malware Against Ukrainian Organizations

acint02 mins

Google Threat Intelligence Group (GTIG) has uncovered a new threat actor possibly affiliated with Russian intelligence services that has been systematically targeting Ukrainian organizations with a sophisticated malware strain known as CANFAIL. Target Profile The threat group has focused its operations on high-value targets within Ukraine, including: Defense and military organizations Government entities (regional and…

Read More
ClawHavoc supply chain attack compromises ClawHub AI marketplace with malicious skills

ClawHavoc Supply Chain Attack Poisons OpenClaw ClawHub With 1,184 Malicious AI Agent Skills

acint03 mins

A massive supply chain attack dubbed ClawHavoc has compromised ClawHub, the official skill marketplace for OpenClaw, an open-source AI agent platform formerly known as ClawdBot and Moltbot. Researchers have uncovered at least 1,184 malicious “Skills”—plugin-style packages that extend the agent’s capabilities—turning a rapidly growing AI ecosystem into an active malware distribution hub. The Attack at…

Read More

NexShield Fake Ad Blocker Uses CrashFix Attack to Deliver ModeloRAT Malware

acint03 mins

Security researchers at Huntress have uncovered a sophisticated new malware campaign that weaponizes browser stability against users. The attack, dubbed CrashFix, represents an evolution of the notorious ClickFix social engineering technique—but with a dangerous twist: instead of faking system problems, it creates real ones. How NexShield Works The malicious Chrome and Edge extension, called NexShield,…

Read More

OysterLoader: Sophisticated Multi-Stage Malware Loader Linked to Rhysida Ransomware Campaigns

acint03 mins

A highly sophisticated malware loader known as OysterLoader has emerged as a significant cybersecurity threat, employing advanced multi-layer obfuscation techniques to evade detection while delivering dangerous payloads including Rhysida ransomware and the widespread Vidar infostealer. Sophisticated Distribution Through Fake Software First identified by Rapid7 in June 2024, this C++ malware has evolved into a formidable…

Read More