Bulwark Black LLC

Fake Google Security Check Transforms Browser Into Surveillance Toolkit via PWA Installation

acint3 months ago13 mins

A sophisticated phishing campaign has been discovered that transforms web browsers into comprehensive surveillance platforms by masquerading as a Google Account security page. According to Malwarebytes researchers, this attack represents one of the most fully-featured browser-based surveillance toolkits observed in the wild. Attack Methodology The attack begins with a convincing replica of a Google Account…

Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid

acint3 months ago3 months ago02 mins

Russian cyberattacks targeting Ukraine’s energy infrastructure have shifted focus from immediate disruption to intelligence gathering for guiding missile strikes, Ukrainian cybersecurity officials revealed at the Kyiv International Cyber Resilience Forum. Strategic Shift in Attack Methodology Oleksandr Potii, head of Ukraine’s State Service of Special Communications and Information Protection, confirmed that attackers are now prioritizing reconnaissance…

Hackers Weaponize Claude Code AI to Steal 150GB from Mexican Government in Month-Long Campaign

acint3 months ago3 months ago02 mins

In a disturbing escalation of AI-enabled cyber operations, hackers have weaponized Anthropic’s Claude Code AI assistant to develop exploits, create custom attack tools, and systematically exfiltrate more than 150GB of data from Mexican government systems, according to Israeli cybersecurity firm Gambit Security. Attack Scope and Impact The threat actors compromised 10 Mexican government agencies and…

Google Disrupts UNC2814 GRIDTIDE Campaign: Chinese APT Breaches 53 Organizations Across 42 Countries

acint3 months ago03 mins

Google has disclosed details of a massive disruption operation against UNC2814, a suspected China-nexus cyber espionage group that breached at least 53 organizations across 42 countries. The campaign, tracked as GRIDTIDE, represents one of the most far-reaching espionage operations uncovered in recent years. The Scope of the Intrusion According to Google Threat Intelligence Group (GTIG)…

OpenAI Confirms ChatGPT Exploited by Chinese and Russian Threat Actors for Cyberattacks

acint3 months ago03 mins

OpenAI has confirmed that Chinese and Russian state-affiliated threat actors have been exploiting ChatGPT to support malicious cyber and influence operations, marking one of the first documented cases of adversaries weaponizing generative AI for tactical offensive cyber activities. Chinese APT Groups Leverage ChatGPT for Cyber Operations According to OpenAI’s investigation, Chinese threat actors associated with…

Operation Roar of the Lion: Israel Executes Largest Cyberattack in History Against Iran

acint3 months ago03 mins

In an unprecedented display of cyber warfare capability, Israel has executed what is being described as the largest cyberattack in history, plunging Iran into near-total digital darkness during a coordinated military operation on Saturday, February 28, 2026. Near-Total Internet Blackout Confirmed Independent internet monitor NetBlocks confirmed that Iran’s national connectivity dropped to just 4% of…

Steaelite RAT Bundles Ransomware and Data Theft in Single Web Panel for Double Extortion Attacks

acint3 months ago03 mins

A dangerous new remote access trojan called Steaelite RAT has emerged on cybercrime forums, offering attackers a unified platform for executing double extortion attacks with unprecedented efficiency. Unlike traditional attack chains that require separate tools for data theft and ransomware deployment, Steaelite consolidates the entire operation into a single browser-based dashboard. Automated Credential Theft on…

APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks

acint3 months ago04 mins

Zscaler ThreatLabz has uncovered a sophisticated campaign by North Korean threat group APT37, introducing five new malware tools designed specifically to infiltrate and exfiltrate data from air-gapped systems through weaponized USB drives. Campaign Overview In December 2025, security researchers at Zscaler discovered the Ruby Jumper campaign, orchestrated by APT37 (also known as ScarCruft, Ruby Sleet,…

UAC-0050 Targets European Financial Institution in Strategic Phishing Campaign

acint3 months ago02 mins

Russia-aligned threat actor UAC-0050 has expanded operations beyond Ukraine, targeting a European financial institution involved in reconstruction efforts with a sophisticated multi-stage spear-phishing attack. Campaign Overview Security researchers at BlueVoyant have uncovered a targeted phishing campaign attributed to UAC-0050, also known as the DaVinci Group. The threat cluster, tracked by BlueVoyant as “Mercenary Akula,” has…

Chinese APT Campaign Delivers PlugX RAT via G DATA Antivirus DLL Side-Loading

acint3 months ago03 mins

A sophisticated Chinese-aligned threat campaign has been observed delivering the PlugX Remote Access Trojan (RAT) through a clever abuse of legitimate G DATA antivirus components, according to new research from LAB52. The Attack Chain The infection begins with a spear-phishing email titled “Meeting Invitation” containing two links — one redirecting to Iceland’s Ministry of Foreign…

Bulwark Black LLC

Bulwark Black LLC

TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure

Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware

Mustang Panda’s Fake Browser Updater Shows Why LNK Files Still Matter

FortiClient EMS Exploitation Turns Endpoint Management Into an Infostealer Delivery System

Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter

SolyxImmortal Shows Why Python Infostealers Are a Business Risk, Not Just Malware Noise

Showboat and JFMBackdoor Show Telecom Intrusions Are Built for Pivoting

WP Maps Pro Exploitation Shows Why Plugin Support Features Need Security Review

Fake Google Security Check Transforms Browser Into Surveillance Toolkit via PWA Installation

Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid

Hackers Weaponize Claude Code AI to Steal 150GB from Mexican Government in Month-Long Campaign

Google Disrupts UNC2814 GRIDTIDE Campaign: Chinese APT Breaches 53 Organizations Across 42 Countries

OpenAI Confirms ChatGPT Exploited by Chinese and Russian Threat Actors for Cyberattacks

Operation Roar of the Lion: Israel Executes Largest Cyberattack in History Against Iran

Steaelite RAT Bundles Ransomware and Data Theft in Single Web Panel for Double Extortion Attacks

APT37 Ruby Jumper Campaign: North Korean Hackers Deploy Malware Arsenal to Bridge Air-Gapped Networks

UAC-0050 Targets European Financial Institution in Strategic Phishing Campaign

Chinese APT Campaign Delivers PlugX RAT via G DATA Antivirus DLL Side-Loading