Bulwark Black LLC

Code on screen representing GitHub malware campaign

BoryptGrab Stealer Spreads Through 100+ Fake GitHub Repositories in Massive Malware Campaign

acint1 month ago03 mins

Trend Micro researchers have uncovered a large-scale malware distribution campaign using over 100 GitHub repositories to spread BoryptGrab, an information stealer that targets browser credentials, cryptocurrency wallets, and sensitive files while deploying reverse SSH backdoors for persistent access. The campaign leverages the trust users place in GitHub to distribute malware disguised as legitimate software tools,…

BoryptGrab Stealer Spreads Through 100+ Malicious GitHub Repositories

acint1 month ago1 month ago02 mins

A massive malware distribution campaign has been discovered leveraging more than 100 GitHub repositories to spread the BoryptGrab information stealer. According to Trend Micro research, the campaign targets Windows users through deceptive downloads masquerading as legitimate software tools and gaming cheats. The Attack Chain The threat actors behind this campaign have deployed an extensive network…

Russian APT Deploys Cat-Themed BadPaw and MeowMeow Malware to Target Ukraine

acint1 month ago03 mins

Security researchers from ClearSky have uncovered a sophisticated Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware strains with distinctly playful names: BadPaw and MeowMeow. Despite their whimsical naming, these tools represent a serious threat designed for stealth, persistence, and evasion. The Attack Chain: From Phishing to Persistent Backdoor The campaign begins with…

Velvet Tempest Ransomware Group Deploys CastleRAT via ClickFix Attacks Linked to Termite Operations

acint1 month ago03 mins

Five-Year Ransomware Affiliate Uses Malvertising and Legitimate Windows Tools in Sophisticated Intrusion Security researchers at MalBeacon have exposed a 12-day intrusion campaign by Velvet Tempest (also tracked as DEV-0504), a prolific ransomware affiliate group now deploying the CastleRAT backdoor through ClickFix social engineering attacks. The campaign demonstrates the continued evolution of ransomware operators toward sophisticated…

APT36 Vibeware Campaign: Pakistan’s Transparent Tribe Weaponizes AI to Mass-Produce Malware Targeting India

acint1 month ago04 mins

Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…

SAP NetWeaver Critical Zero-Day (CVE-2025-31324) Under Active Exploitation by Initial Access Brokers

acint1 month ago02 mins

SAP customers are being urged to immediately patch a critical zero-day vulnerability in the Visual Composer component of SAP NetWeaver application server that threat actors are actively exploiting to deploy web shell backdoors. The Vulnerability Tracked as CVE-2025-31324, this unrestricted file upload vulnerability received the maximum severity score of 10 on the CVSS scale. The…

VOID#GEIST: Multi-Stage Malware Campaign Uses Python Loaders and APC Injection to Deploy XWorm, AsyncRAT, and Xeno RAT

acint1 month ago03 mins

Security researchers at Securonix have uncovered a sophisticated multi-stage malware campaign dubbed VOID#GEIST that delivers three separate remote access trojans (RATs) through an elaborate infection chain designed to evade detection. A Modular Attack Framework Unlike traditional malware that relies on standalone executables, VOID#GEIST employs a modular pipeline comprising batch scripts for orchestration, PowerShell for stealthy…

Google Disrupts Chinese APT UNC2814’s GRIDTIDE Backdoor Campaign Targeting 42 Countries

acint1 month ago02 mins

Google Threat Intelligence Group (GTIG) has disrupted a massive global cyber espionage campaign targeting telecommunications and government organizations across 42 countries. The threat actor, tracked as UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has monitored since 2017. The attacker deployed a novel backdoor called GRIDTIDE that abuses Google…

Pakistan’s APT36 Floods Indian Government Networks With AI-Generated ‘Vibeware’ Malware

acint1 month ago03 mins

A Pakistan-linked threat group is overwhelming Indian government networks with a new breed of disposable, AI-generated malware in a campaign that marks a concerning shift in the digital conflict between the two nations. According to research from Bitdefender, the threat actor APT36 (also known as Transparent Tribe) has shifted away from sophisticated, carefully crafted tools…

Google and Mandiant Disrupt GRIDTIDE: Chinese APT Espionage Campaign Compromises 53 Victims in 42 Countries

acint1 month ago13 mins

Google Threat Intelligence Group (GTIG) and Mandiant have executed a coordinated takedown of one of the most expansive cyber espionage campaigns in recent memory. The operation targeted UNC2814, a suspected People’s Republic of China (PRC)-nexus threat actor that has operated globally since 2017, compromising telecommunications and government organizations across four continents. Scale of the Compromise…