Skip to content
Wednesday, June 3, 2026
  • TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure
  • Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary
  • AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem
  • FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
  • TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure
  • Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary
  • AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem
  • FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware
Register / Sign Up
RSS
Bulwark Black LLC

Bulwark Black LLC

Cyber Security | Software Development | Consulting Services

  • Cyber Threat Intelligence
    • Russian Cyber Threat Intelligence
      • Russian Actors and Alias’s 09JAN2024
    • Chinese Cyber Threat Intelligence
      • Chinese Actors and Alias’s
    • North Korean Cyber Threat Intelligence
      • North Korean Actors and Alias’s
    • Iranian Cyber Threat Intelligence
      • Iranian Actors and Alias’s
    • Malware
      • Top 200 Malware of January 2024
    • Global Cyber Threat Intelligence
      • Global Threat Actors
  • Defensive Security
    • Detection
  • Offensive Security
    • Bug Bounty
    • Offensive Devices / Tactics
    • Red Teaming
  • AI (Artificial Intelligence)
    • AI (General)
  • Privacy & Security
    • Becoming Self Sufficient
    • Digital Assets
    • Makes you Think
    • Social Engineering
  • Research Papers
  • Training / Projects
    • Projects
    • Training
  • Blog
    • Cyber Security Blog
  • Contact
  • About
  • Donations
  • Products
    • VA Disability Calc & Track App
  • Services
  • Operational Technology (OT)
Recent
  • Editorial cybersecurity illustration showing global phishing, remote access tooling, and defensive monitoring for TA4922-style campaigns.

    TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure

    41 minutes ago
  • Editorial cybersecurity illustration of an npm supply-chain compromise moving through CI/CD pipelines and cloud credentials.

    Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

    6 hours ago
  • Editorial illustration of AI-assisted ransomware tooling testing EDR evasion and Active Directory discovery workflows.

    AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

    20 hours ago
  • Cyber threat intelligence illustration of macOS malvertising delivering a FlutterShell backdoor through fake desktop applications.

    FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware

    1 day ago
  • Editorial cybersecurity illustration of Mustang Panda PlugX fake browser updater intrusion chain

    Mustang Panda’s Fake Browser Updater Shows Why LNK Files Still Matter

    1 day ago
  • Editorial cybersecurity illustration of FortiClient EMS exploitation delivering an infostealer through endpoint management workflows.

    FortiClient EMS Exploitation Turns Endpoint Management Into an Infostealer Delivery System

    2 days ago
  • Editorial cybersecurity illustration of AI support bot account recovery abuse defended by passkeys and MFA

    Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter

    2 days ago
  • Abstract cybersecurity illustration of an information stealer moving endpoint data through webhook infrastructure.

    SolyxImmortal Shows Why Python Infostealers Are a Business Risk, Not Just Malware Noise

    2 days ago
  • Editorial cybersecurity illustration of telecom network intrusion using Linux and Windows backdoors with defender tracing covert proxy tunnels.

    Showboat and JFMBackdoor Show Telecom Intrusions Are Built for Pivoting

    3 days ago
  • Illustration of a WordPress plugin vulnerability being exploited to create rogue administrator accounts while defenders patch and investigate.

    WP Maps Pro Exploitation Shows Why Plugin Support Features Need Security Review

    3 days ago
Editorial cybersecurity illustration showing global phishing, remote access tooling, and defensive monitoring for TA4922-style campaigns.
  • Chinese Cyber Threat Intelligence
  • Cyber Security Blog
41 minutes ago

TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure

Proofpoint’s TA4922 reporting shows how localized HR, payroll, tax, and invoice lures can become full initial-access infrastructure through DLL sideloading, loaders, RATs, RMM tools, and browser credential theft.

Editorial cybersecurity illustration of an npm supply-chain compromise moving through CI/CD pipelines and cloud credentials.
  • Cyber Security Blog
  • General CTI
6 hours ago

Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

A Red Hat Cloud Services npm compromise shows why signed releases and trusted publishing must be paired with install-time controls, CI/CD isolation, and fast credential rotation.

Editorial illustration of AI-assisted ransomware tooling testing EDR evasion and Active Directory discovery workflows.
  • AI (General)
  • Cyber Security Blog
20 hours ago

AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

Sophos observed ransomware-linked operators using AI-assisted development workflows to accelerate EDR evasion testing and Active Directory discovery. The defensive lesson: validate controls, harden identity, and monitor behavior before attackers iterate around your tooling.

Cyber threat intelligence illustration of macOS malvertising delivering a FlutterShell backdoor through fake desktop applications.
  • Cyber Security Blog
  • General CTI
1 day ago

FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware

Unit 42’s FlutterBridge research shows macOS malvertising evolving from adware into FlutterShell backdoor delivery. Here is what SMBs and government contractors should tighten first.

How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation
  • Business
  • Red Teaming

How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover
  • Malware
  • Russian Cyber Threat Intelligence

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover

Steaelite RAT Bundles Ransomware and Data Theft in Single Web Panel for Double Extortion Attacks

    Steaelite RAT Bundles Ransomware and Data Theft in Single Web Panel for Double Extortion Attacks

    Pakistan’s APT36 Floods Indian Government Networks With AI-Generated ‘Vibeware’ Malware
    • Global Cyber Threat Intelligence

    Pakistan’s APT36 Floods Indian Government Networks With AI-Generated ‘Vibeware’ Malware

    Editorial cybersecurity illustration showing global phishing, remote access tooling, and defensive monitoring for TA4922-style campaigns.
    • Chinese Cyber Threat Intelligence
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    TA4922’s Global Expansion Shows HR and Tax Lures Are Initial Access Infrastructure

    acint41 minutes ago04 mins

    Proofpoint’s TA4922 reporting shows how localized HR, payroll, tax, and invoice lures can become full initial-access infrastructure through DLL sideloading, loaders, RATs, RMM tools, and browser credential theft.

    Read More
    Editorial cybersecurity illustration of an npm supply-chain compromise moving through CI/CD pipelines and cloud credentials.
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary

    acint6 hours ago05 mins

    A Red Hat Cloud Services npm compromise shows why signed releases and trusted publishing must be paired with install-time controls, CI/CD isolation, and fast credential rotation.

    Read More
    Editorial illustration of AI-assisted ransomware tooling testing EDR evasion and Active Directory discovery workflows.
    • AI (General)
    • Cyber Security Blog
    • General CTI
    • Malware
    • Privacy & Security

    AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

    acint20 hours ago04 mins

    Sophos observed ransomware-linked operators using AI-assisted development workflows to accelerate EDR evasion testing and Active Directory discovery. The defensive lesson: validate controls, harden identity, and monitor behavior before attackers iterate around your tooling.

    Read More
    Cyber threat intelligence illustration of macOS malvertising delivering a FlutterShell backdoor through fake desktop applications.
    • Cyber Security Blog
    • General CTI
    • Malware

    FlutterBridge Shows Why macOS Malvertising Is Backdoor Delivery, Not Just Adware

    acint1 day ago04 mins

    Unit 42’s FlutterBridge research shows macOS malvertising evolving from adware into FlutterShell backdoor delivery. Here is what SMBs and government contractors should tighten first.

    Read More
    Editorial cybersecurity illustration of Mustang Panda PlugX fake browser updater intrusion chain
    • Chinese Cyber Threat Intelligence
    • Cyber Security Blog
    • General CTI
    • Malware

    Mustang Panda’s Fake Browser Updater Shows Why LNK Files Still Matter

    acint1 day ago04 mins

    Mustang Panda’s fake browser updater chain shows why defenders still need to hunt LNK-to-PowerShell execution, DLL sideloading, user-context persistence, and suspicious HTTPS beaconing.

    Read More
    Editorial cybersecurity illustration of FortiClient EMS exploitation delivering an infostealer through endpoint management workflows.
    • Cyber Security Blog
    • General CTI
    • Malware

    FortiClient EMS Exploitation Turns Endpoint Management Into an Infostealer Delivery System

    acint2 days ago03 mins

    Attackers are abusing CVE-2026-35616 in FortiClient EMS to push a credential stealer through trusted endpoint management workflows. Here is what defenders should check first.

    Read More
    Editorial cybersecurity illustration of AI support bot account recovery abuse defended by passkeys and MFA
    • AI (General)
    • Cyber Security Blog
    • General CTI
    • Privacy & Security

    Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter

    acint2 days ago04 mins

    Attackers reportedly abused Meta’s AI support assistant during Instagram account recovery. The lesson for SMBs and contractors: recovery workflows are identity infrastructure and need MFA, monitoring, and guardrails.

    Read More
    Abstract cybersecurity illustration of an information stealer moving endpoint data through webhook infrastructure.
    • Cyber Security Blog
    • General CTI
    • Malware

    SolyxImmortal Shows Why Python Infostealers Are a Business Risk, Not Just Malware Noise

    acint2 days ago04 mins

    SolyxImmortal combines persistence, browser credential theft, document collection, screenshots, keylogging, and webhook exfiltration. Here is what SMB and government-contractor defenders should do about it.

    Read More
    Editorial cybersecurity illustration of telecom network intrusion using Linux and Windows backdoors with defender tracing covert proxy tunnels.
    • Chinese Cyber Threat Intelligence
    • Cyber Security Blog
    • General CTI
    • Malware

    Showboat and JFMBackdoor Show Telecom Intrusions Are Built for Pivoting

    acint3 days ago04 mins

    Lumen and PwC reporting on Showboat, Red Lamassu, and JFMBackdoor shows how China-linked telecom intrusions combine Linux footholds, proxying, and Windows backdoors. Here is what SMBs and government contractors should harden now.

    Read More
    Illustration of a WordPress plugin vulnerability being exploited to create rogue administrator accounts while defenders patch and investigate.
    • Cyber Security Blog
    • General CTI
    • Privacy & Security

    WP Maps Pro Exploitation Shows Why Plugin Support Features Need Security Review

    acint3 days ago04 mins

    Attackers are exploiting CVE-2026-8732 in WP Maps Pro to create rogue WordPress administrator accounts. Here is what SMBs and contractors should patch, audit, and verify.

    Read More
    • 1
    • 2
    • 3
    • …
    • 33

    File Search

    2
    ThumbNameSizeDate
    Thumb IOCs_YARA_TTPs_Posted_Articles/ IOCs_YARA_TTPs_Posted_Articles

    IOCs_YARA_TTPs_Posted_Articles

    Open 99.71 KB 2024-01-12 January 12, 2024 2024-03-22 March 22, 2024
    21 Items
    99.71 KB
    March 22, 2024

    0

    9c7306c2b7

    You May Have Missed

    • Offensive Devices / Tactics

    FAKING BLUETOOTH LE WITH AN NRF24L01+ MODULE

    bulwarkblack 2 years ago2 years ago
    • General CTI

    SAP NetWeaver Critical Zero-Day (CVE-2025-31324) Under Active Exploitation by Initial Access Brokers

    acint 3 months ago

      CVE-2026-2441: Google Patches First Actively Exploited Chrome Zero-Day of 2026

      acint 4 months ago
      • Chinese Cyber Threat Intelligence

      SoundCloud Data Breach Exposes 29.8 Million User Accounts

      acint 4 months ago
      • Business
      • General CTI

      The Underground Economist: Volume 4, Issue 1

      bulwarkblack 2 years ago
      • Chinese Cyber Threat Intelligence

      DKnife: Cisco Talos Exposes China-Nexus Gateway-Monitoring AitM Framework Active Since 2019

      acint 4 months ago
      • Malware

      Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT

      acint 4 months ago4 months ago
      Editorial cybersecurity illustration of P2Pinfect botnet activity across Kubernetes and Redis cloud workloads
      • Cyber Security Blog
      • General CTI

      P2Pinfect Shows Exposed Redis in Kubernetes Can Become Dormant Botnet Infrastructure

      acint 2 weeks ago
      2026 Powered By BlazeThemes.