Bulwark Black LLC

DarkCloud Infostealer Emerges as Major Enterprise Threat: $30 Malware Delivers Scalable Credential Theft

acint2 months ago04 mins

The cybersecurity threat landscape is facing a growing challenge as infostealers continue to dominate the initial access ecosystem in 2026. Among the latest threats drawing serious attention is DarkCloud, a commercially available credential-harvesting malware that proves even low-cost tools can deliver devastating results against enterprise environments. The $30 Threat That Can Compromise Entire Networks DarkCloud…

Diesel Vortex: Russian Cybercrime Group Steals 1,600+ Credentials From Global Logistics Sector

acint2 months ago03 mins

A Russian-linked cybercrime group dubbed Diesel Vortex has been systematically targeting the global freight and logistics industry, stealing over 1,600 unique login credentials from users of major logistics platforms in a sophisticated phishing campaign that ran from September 2025 through February 2026. Campaign Overview Security researchers at Have I Been Squatted, in collaboration with Ctrl-Alt-Intel,…

Cisco Talos Exposes Three-Year Campaign: UAT-8616 Exploits SD-WAN Zero-Day for Critical Infrastructure Access

acint2 months ago03 mins

Cisco Talos has disclosed the active exploitation of CVE-2026-20127, a critical zero-day vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart), by a highly sophisticated threat actor tracked as UAT-8616. The campaign, which dates back at least three years, targets critical infrastructure sectors through persistent network edge device compromise. The Vulnerability: CVE-2026-20127 The vulnerability allows an…

North Korean Lazarus Group Adopts Medusa Ransomware in Global Extortion Campaign

acint2 months ago03 mins

North Korean cyber operations are crossing a significant threshold into commercial ransomware markets, demonstrating an intensified focus on direct financial gains. Recent intelligence from Symantec and Carbon Black Threat Hunter Team reveals the notorious state-backed Lazarus Group has begun deploying Medusa ransomware against targets in the Middle East while simultaneously attempting to breach healthcare organizations…

APT31’s Multi-Year Cyber Espionage Campaign Against Czech Ministry of Foreign Affairs

acint2 months ago02 mins

The Czech Republic has publicly attributed a sophisticated multi-year cyber intrusion to Chinese state-sponsored group APT31 (also known as Zirconium or Judgment Panda), marking one of the most significant national attribution cases in European cyber defense history. The Campaign From 2022 through May 2025, APT31 maintained persistent access to unclassified networks at the Czech Ministry…

APT28 Deploys Operation MacroMaze: Webhook-Based Macro Malware Targets European Entities

acint2 months ago03 mins

Russia-linked APT28 (also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has launched a sophisticated espionage campaign targeting entities across Western and Central Europe. The operation, codenamed Operation MacroMaze by S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. Campaign Overview Operation MacroMaze demonstrates that simplicity…

Chinese APT UnsolicitedBooker Deploys LuciDoor and MarsSnake Backdoors Against Central Asian Telecoms

acint2 months ago03 mins

A China-aligned threat actor known as UnsolicitedBooker has expanded its targeting to telecommunications companies in Kyrgyzstan and Tajikistan, deploying two sophisticated backdoors—LuciDoor and MarsSnake—in a series of espionage campaigns documented by Positive Technologies researchers. Campaign Overview UnsolicitedBooker, first documented by ESET in May 2025 after targeting Saudi Arabian organizations, has been active since at least…

AI-Augmented Attack: Russian-Speaking Cybercriminals Compromise 600+ FortiGate Firewalls

acint2 months ago02 mins

A Russian-speaking cybercrime group has compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, leveraging off-the-shelf generative AI tools to automate and scale their operations, according to a new incident report from AWS. Attack Campaign Overview The campaign, which ran from mid-January to mid-February 2026, didn’t rely on sophisticated…

APT28 Targets European Entities with Operation MacroMaze Webhook Malware Campaign

acint2 months ago02 mins

Russia’s notorious state-sponsored threat actor APT28 (also known as Fancy Bear) has been attributed to a sophisticated new campaign targeting organizations across Western and Central Europe. According to S2 Grupo’s LAB52 threat intelligence team, the campaign—codenamed Operation MacroMaze—was active between September 2025 and January 2026. What makes this campaign notable is its reliance on basic…

Unit 42 Exposes Active Exploitation of BeyondTrust CVE-2026-1731 with VShell and SparkRAT Backdoors

acint2 months ago03 mins

Palo Alto Networks’ Unit 42 has uncovered an active exploitation campaign targeting BeyondTrust Remote Support and Privileged Remote Access appliances through CVE-2026-1731, a critical pre-authentication remote code execution vulnerability with a CVSS score of 9.9. The attacks have deployed sophisticated backdoors including VShell and SparkRAT across organizations in financial services, healthcare, legal, and high-tech sectors….