Bulwark Black LLC

Fake 7-Zip Downloads Convert Home PCs Into Residential Proxy Nodes for Cybercriminals

acint2 months ago03 mins

A sophisticated brand impersonation campaign is weaponizing the popular 7-Zip file archiver to silently transform infected Windows computers into residential proxy nodes—monetizing victims’ IP addresses for fraud, scraping, and anonymity laundering operations. The Lookalike Domain Trap Security researchers at Malwarebytes have documented a long-running campaign where attackers operate 7zip[.]com—a convincing lookalike of the legitimate 7-zip.org…

North Korean Hackers Deploy AI-Generated Deepfakes and Seven Malware Families in Targeted Cryptocurrency Attacks

acint2 months ago2 months ago03 mins

North Korean threat actor UNC1069 has launched a sophisticated campaign targeting the cryptocurrency and decentralized finance (DeFi) sectors, deploying AI-generated deepfake videos and seven unique malware families to steal credentials and financial data, according to new research from Google Cloud’s Mandiant threat intelligence team. AI-Enabled Social Engineering: The New Frontier The attack begins with a…

TGR-STA-1030 Espionage Campaign Compromises 70 Organizations Across 37 Nations Using ShadowGuard Linux Rootkit

acint2 months ago13 mins

A massive, state-aligned cyber espionage campaign has quietly infiltrated government networks across 37 countries, targeting ministries of finance, law enforcement, and critical infrastructure. In a new report, Unit 42 exposes the operations of TGR-STA-1030 (also tracked as UNC6619), an Asia-based threat group that has compromised at least 70 organizations worldwide over the past year. The…

BridgePay Ransomware Attack Forces Nationwide Cash-Only Payment Disruption

acint2 months ago03 mins

A major ransomware attack on BridgePay Network Solutions has caused a nationwide payment processing outage, forcing merchants across the United States to switch to cash-only operations and disrupting card transactions for municipalities and businesses alike. Ransomware Confirmed Within Hours BridgePay confirmed late Friday, February 6, 2026, that ransomware was responsible for the incident that began…

Qilin Ransomware Hits Romania’s National Oil Pipeline Operator Conpet, Claims Nearly 1 TB Data Theft

acint2 months ago02 mins

Romania’s national oil pipeline operator Conpet has confirmed a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier this week. The company operates approximately 3,800 kilometers (2,360 miles) of pipelines supplying domestic and imported crude oil and petroleum products to refineries across Romania. Attack Details While Conpet’s official statement on Wednesday…

Flickr Data Breach Exposes User Information Through Third-Party Email Vendor Vulnerability

acint2 months ago03 mins

Photo and video sharing service Flickr has disclosed a data security incident where user personal information was potentially exposed through a vulnerability at a third-party email service provider. The San Francisco-based platform confirmed on February 5, 2026, that the breach may have compromised sensitive user data while passwords and payment information remained secure. Incident Timeline…

SafePay Ransomware Attack on Conduent Exposes Data of 25.9 Million Americans

acint2 months ago02 mins

A January 2025 ransomware attack on government technology giant Conduent has exploded into one of the largest data breaches in recent history, with confirmed victims now numbering at least 25.9 million Americans across multiple states. The breach, attributed to the SafePay ransomware gang, continues to expand as the company notifies additional victims more than a…

APT-Q-27 (GoldenEyeDog) Deploys Fileless Malware in Stealthy Corporate Network Attacks

acint2 months ago03 mins

A new investigation from CyStack’s security team reveals how the threat group APT-Q-27, also known as GoldenEyeDog, is bypassing modern security defenses through an elaborate multi-stage attack chain that operates almost entirely in memory. The Attack Chain: From Support Ticket to Full Compromise The intrusion began with an unsuspecting customer support agent clicking a link…

Betterment Data Breach Exposes 1.4 Million Customers Following Sophisticated Social Engineering Attack

acint2 months ago02 mins

Automated investment platform Betterment has disclosed a significant data breach affecting approximately 1.4 million customers, following a sophisticated social engineering campaign that targeted company employees in January 2026. Attack Overview According to Betterment’s official incident report, the attack commenced on January 9, 2026, when threat actors exploited human vulnerabilities rather than technical flaws. By manipulating…

Iranian APT group Infy cyber espionage operations

Iranian APT Infy Resurfaces with New Tornado Malware After Internet Blackout

acint2 months ago03 mins

The elusive Iranian threat group known as Infy (also tracked as Prince of Persia) has evolved its tactics and deployed new command-and-control infrastructure, resuming operations precisely when Iran’s government-imposed internet blackout ended in late January 2026. Operational Timeline Reveals State Sponsorship According to SafeBreach researchers, Infy’s C2 servers went offline on January 8, 2026—the same…