Bulwark Black LLC

UAT-9244: China-Nexus APT Deploys Three New Malware Implants Against South American Telecom Providers

acint2 months ago13 mins

Cisco Talos has disclosed a new threat activity cluster, UAT-9244, assessed with high confidence to be a China-nexus advanced persistent threat (APT) actor closely associated with FamousSparrow and Tropic Trooper. Since 2024, the group has targeted critical telecommunications infrastructure in South America with three distinct malware implants. Key Findings TernDoor: A new Windows backdoor variant…

Global Coalition Dismantles Tycoon 2FA Phishing Platform: 87 Million Emails, 330 Domains Seized

acint2 months ago13 mins

Microsoft, Europol, and a coalition of cybersecurity partners have dismantled Tycoon 2FA, one of the most prolific phishing-as-a-service (PhaaS) platforms ever documented, seizing 330 domains used for credential theft and multi-factor authentication bypass. The coordinated takedown marks the first cross-border public-private action of its kind under a U.S. court order and Europol’s Cyber Intelligence Extension…

Cisco Patches Two Max Severity Secure FMC Flaws Enabling Root Access

acint2 months ago02 mins

Cisco has released critical security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that could allow unauthenticated remote attackers to gain complete root access to affected systems. Critical Vulnerabilities Overview Secure FMC serves as the central management interface for Cisco firewall administrators, providing control over application policies, intrusion prevention,…

Open-Source CyberStrikeAI Tool Weaponized in AI-Driven FortiGate Attacks Across 55 Countries

acint2 months ago03 mins

Team Cymru has revealed that threat actors behind the recent AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute mass automated attacks, compromising over 600 devices across 55 countries. Key Findings The investigation traced back to IP address 212.11.64[.]250, used by a suspected Russian-speaking threat actor for…

Zerobot Malware Targets n8n Automation Platform: First Active Exploitation of CVE-2025-68613

acint2 months ago04 mins

Akamai SIRT discovers Zerobot botnet actively exploiting CVE-2025-68613 in n8n workflow automation platform, marking a shift from traditional IoT targeting to enterprise infrastructure.

Silver Dragon APT Targets Southeast Asia and Europe Using GearDoor Backdoor with Google Drive C2

acint2 months ago03 mins

Check Point Research has unveiled a sophisticated Chinese APT campaign dubbed Silver Dragon that has been actively targeting government entities and organizations across Southeast Asia and Europe since mid-2024. The threat actor operates within the umbrella of Chinese-nexus APT41 and employs multiple infection chains to deliver custom backdoors designed for covert data exfiltration. Campaign Overview…

APT28 Exploited CVE-2026-21513 MSHTML Zero-Day as Attack Vector Before February Patch Tuesday

acint2 months ago02 mins

Russia’s state-sponsored threat actor APT28 (also known as Fancy Bear) has been linked to active exploitation of CVE-2026-21513, a high-severity MSHTML zero-day vulnerability, before Microsoft released its patch in February 2026. This finding comes from new research published by Akamai, highlighting the sophisticated tradecraft employed by Russian intelligence operations. Vulnerability Details CVE-2026-21513 carries a CVSS…

Malicious Go Crypto Module Steals Passwords and Deploys Rekoobe Backdoor

acint2 months ago02 mins

A sophisticated supply chain attack has been uncovered targeting Go developers through a malicious module that impersonates the legitimate golang.org/x/crypto library. The attack demonstrates how threat actors are increasingly exploiting namespace confusion to compromise developer environments and deploy persistent backdoors. The Attack Mechanism Security researchers at Socket discovered the malicious module github[.]com/xinfeisoft/crypto, which masquerades as…

Fake Google Security Check Transforms Browser Into Surveillance Toolkit via PWA Installation

acint2 months ago13 mins

A sophisticated phishing campaign has been discovered that transforms web browsers into comprehensive surveillance platforms by masquerading as a Google Account security page. According to Malwarebytes researchers, this attack represents one of the most fully-featured browser-based surveillance toolkits observed in the wild. Attack Methodology The attack begins with a convincing replica of a Google Account…

Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid

acint2 months ago2 months ago02 mins

Russian cyberattacks targeting Ukraine’s energy infrastructure have shifted focus from immediate disruption to intelligence gathering for guiding missile strikes, Ukrainian cybersecurity officials revealed at the Kyiv International Cyber Resilience Forum. Strategic Shift in Attack Methodology Oleksandr Potii, head of Ukraine’s State Service of Special Communications and Information Protection, confirmed that attackers are now prioritizing reconnaissance…

Bulwark Black LLC

Bulwark Black LLC

JDownloader Site Compromise Shows Why Trusted Downloads Still Need Verification

Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here

MCP Server Command Injection Shows Why AI Tools Need Real Isolation

Dirty Frag Turns Linux Footholds Into Root: What Defenders Should Do Now

Prompt Injection Just Became an RCE Problem for AI Agents

NASA Put a Geospatial AI Foundation Model in Orbit — That Should Make You Think

PAN-OS Captive Portal Zero-Day Shows Why Internet-Facing Edge Devices Need Immediate Review

PCPJack Shows Cloud Malware Is Moving From Cryptomining to Credential Theft

UAT-9244: China-Nexus APT Deploys Three New Malware Implants Against South American Telecom Providers

Global Coalition Dismantles Tycoon 2FA Phishing Platform: 87 Million Emails, 330 Domains Seized

Cisco Patches Two Max Severity Secure FMC Flaws Enabling Root Access

Open-Source CyberStrikeAI Tool Weaponized in AI-Driven FortiGate Attacks Across 55 Countries

Zerobot Malware Targets n8n Automation Platform: First Active Exploitation of CVE-2025-68613

Silver Dragon APT Targets Southeast Asia and Europe Using GearDoor Backdoor with Google Drive C2

APT28 Exploited CVE-2026-21513 MSHTML Zero-Day as Attack Vector Before February Patch Tuesday

Malicious Go Crypto Module Steals Passwords and Deploys Rekoobe Backdoor

Fake Google Security Check Transforms Browser Into Surveillance Toolkit via PWA Installation

Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid