Bulwark Black LLC

Abstract cybersecurity illustration of cloud identity token abuse, rogue device registration, and defender investigation workflows.

ROADtools Abuse Shows Cloud Identity Is the New Attack Surface

acint1 week ago04 mins

Unit 42’s ROADtools research shows why Microsoft Entra ID token abuse, rogue device registration, and Graph API enumeration need to be treated as core incident-response signals for SMBs and government contractors.

Editorial cybersecurity illustration of defenders monitoring web application exploitation attempts against Drupal PostgreSQL sites.

Drupal CVE-2026-9082 Shows Web Asset Inventory Is Emergency Response

acint2 weeks ago03 mins

Drupal CVE-2026-9082 is already being scanned and exploited in the wild. The lesson for SMBs and government contractors: know where your Drupal sites are, verify PostgreSQL exposure, patch fast, and review logs before probing turns into compromise.

Editorial cybersecurity illustration of Void Dokkaebi InvisibleFerret developer endpoint malware risk

Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk

acint2 weeks ago03 mins

Trend Micro reports North Korea-aligned Void Dokkaebi has moved InvisibleFerret into Cython-compiled Python extension modules. For SMBs and government contractors, the real risk is developer endpoint access to CI/CD, cloud, and production secrets.

Editorial cybersecurity illustration of Iranian Nimbus Manticore APT tooling, fake installers, SEO poisoning, and backdoor command-and-control.

Nimbus Manticore Shows Iranian APTs Are Moving Faster With AI-Assisted Tooling

acint2 weeks ago04 mins

Check Point Research reports that IRGC-affiliated Nimbus Manticore resurfaced with fake Zoom and SQL Developer lures, SEO poisoning, AppDomain hijacking, and a new MiniFast backdoor. Here is what SMBs and government contractors should tighten first.

Editorial cybersecurity illustration of an edge appliance compromise pivoting into Linux, Confluence, and identity systems

F5-to-Confluence Intrusion Shows Edge Devices Are Identity Attack Paths

acint2 weeks ago05 mins

Microsoft analyzed an intrusion where an F5 BIG-IP edge appliance led to Linux access, Confluence compromise, credential theft, and identity relay attempts. Here is what SMBs and government contractors should tighten first.

Editorial cybersecurity illustration of Iranian APT Screening Serpens recruitment-lure espionage and RAT command-and-control.

Screening Serpens Shows Recruiting Is Now an Espionage Attack Surface

acint2 weeks ago04 mins

Iran-nexus Screening Serpens used recruitment and meeting lures, new RAT variants, and .NET AppDomainManager hijacking. Here is what SMBs and government contractors should tighten now.

Editorial cybersecurity illustration of an IoT DDoS botnet being contained by defenders and law enforcement signal lines.

Kimwolf Arrest Shows DDoS Risk Starts on Forgotten IoT

acint2 weeks ago03 mins

The alleged Kimwolf botmaster arrest is a useful reminder for SMBs and government contractors: DDoS resilience starts with asset visibility, upstream protection, and hardening forgotten IoT and edge devices.

Editorial cybersecurity illustration of trojanized productivity apps hiding malware command-and-control infrastructure.

TamperedChef Shows Signed Productivity Apps Cannot Be Trusted by Default

acint2 weeks ago04 mins

TamperedChef-style malware hides inside convincing signed productivity apps. Here is what SMBs and government contractors should do about it.

Editorial cybersecurity illustration of AI-assisted influence operations, credential theft, and crypto fraud infrastructure.

Patriot Bait Shows AI-Enabled Fraud Can Turn Trust Into Attack Surface

acint2 weeks ago04 mins

Trend Micro’s Patriot Bait research shows how one operator used AI assistance, social trust, WordPress credential attacks, and crypto fraud infrastructure to scale a low-cost cybercrime operation.

Editorial cybersecurity illustration of npm supply-chain malware targeting CI/CD secrets and cloud credentials

Mini Shai-Hulud Shows CI/CD Secrets Are the Real npm Supply-Chain Prize

acint2 weeks ago04 mins

Mini Shai-Hulud’s @antv npm compromise shows why dependency malware should be treated as a CI/CD credential-theft threat, not just a package hygiene problem.

Bulwark Black LLC

Bulwark Black LLC

TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure

Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware

Mustang Panda’s Fake Browser Updater Shows Why LNK Files Still Matter

FortiClient EMS Exploitation Turns Endpoint Management Into an Infostealer Delivery System

Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter

SolyxImmortal Shows Why Python Infostealers Are a Business Risk, Not Just Malware Noise

Showboat and JFMBackdoor Show Telecom Intrusions Are Built for Pivoting

WP Maps Pro Exploitation Shows Why Plugin Support Features Need Security Review

ROADtools Abuse Shows Cloud Identity Is the New Attack Surface

Drupal CVE-2026-9082 Shows Web Asset Inventory Is Emergency Response

Void Dokkaebi’s InvisibleFerret Shift Shows Developer Endpoints Are Production Risk

Nimbus Manticore Shows Iranian APTs Are Moving Faster With AI-Assisted Tooling

F5-to-Confluence Intrusion Shows Edge Devices Are Identity Attack Paths

Screening Serpens Shows Recruiting Is Now an Espionage Attack Surface

Kimwolf Arrest Shows DDoS Risk Starts on Forgotten IoT

TamperedChef Shows Signed Productivity Apps Cannot Be Trusted by Default

Patriot Bait Shows AI-Enabled Fraud Can Turn Trust Into Attack Surface

Mini Shai-Hulud Shows CI/CD Secrets Are the Real npm Supply-Chain Prize