Skip to main content

Tag: unit 42

31 articles

Modern tech lab with people working, sleek workstation and laptop in foreground.

AI Empowers Cyberattacks with Operational Efficiency

As AI continues to evolve, it's crucial to treat AI-driven threats as a top priority, using the technology to supercharge their attacks and compress timelines. AI is being used by attackers to automate routine work, streamline reconnaissance, and shorten development cycles, turning what once took days into operations that can be executed in just hours.

Analyst 207
Person working in office with router and cables in background.

AI Models Expose Millions to Phantom Squatting Phishing Threat

Millions are now at risk of falling prey to a new, rapidly evolving phishing threat called phantom squatting, where attackers exploit AI-generated links to create malicious websites that can evade detection. By registering domains invented by large language models, hackers can create seemingly trustworthy sites that are actually designed to steal sensitive information or spread malware.

Analyst 207
LLMs Expose Software Supply Chain to Phantom Squatting Threat

LLMs Expose Software Supply Chain to Phantom Squatting Threat

Imagine a hidden threat lurking in the software supply chain, where 250,000 "phantom" domains lie waiting to be claimed by malicious actors - a vulnerability uncovered in a staggering 2.1 million URLs generated by LLMs. This phantom squatting threat has the potential to compromise security, and it's essential to understand its scope and impact.

Analyst 207
Government building with technology infrastructure in background.

Chinese Hackers Target Southeast Asia's Energy, Government Sectors

Chinese hackers have launched a stealthy assault on Southeast Asia's energy and government sectors, infiltrating at least ten organizations between October and December 2025. This sophisticated threat, tracked as CL-STA-1062, has been lurking in the shadows since March 2022, using clever tactics like hard-coded encryption keys to evade detection.

Analyst 207
Cluttered marketplace shelf with scattered AI devices, some hidden or obscured, conveying evasion and malicious activity.

Malicious AI Skills Evade Detection on ClawHub Marketplace

Malicious AI skills are slipping through the cracks on ClawHub, with nearly 1 in 5 skills analyzed carrying hidden threats, and a recent audit found a thriving marketplace for bad actors to exploit. Unit 42 uncovered alarming trends, including infostealers and evasion techniques, highlighting the need for vigilance in this rapidly evolving threat landscape.

Analyst 207
Mac computer on cluttered desk with Terminal app open, displaying blurred commands.

MacOS ClickFix Attack Exploits Terminal Commands to Spread Infostealer

Beware of a sneaky new attack on macOS, known as ClickFix, that tricks you into pasting a Terminal command, allowing hackers to silently download and launch info-stealing malware on your device. This cleverly crafted scam starts with a fake CAPTCHA page, convincing victims to unwittingly give attackers a backdoor to their sensitive data.

Analyst 207
Network operations environment with servers, routers, and cables, showing a data stream being intercepted.

Cloud Providers' Global Namespace Flaw Enables Bucket Hijacking

A newly discovered flaw in cloud providers' global namespace has been exploited in a simple yet powerful bucket hijacking technique, allowing attackers to redirect sensitive data streams into their own accounts. This alarming vulnerability affects multiple services across major cloud providers.

Analyst 207
Security analysts work urgently at desks in a brightly-lit operations center surrounded by multiple screens displaying data…

Cybersecurity's 72-Minute Challenge

The clock is ticking: in the blink of an eye, just 72 minutes, attackers can breach your defenses and make off with your data, highlighting a daunting speed gap between threat actors and security teams. This alarming acceleration demands a serious rethink of traditional security operations.

Analyst 207
Researcher's workspace with laptop, notes, and diagrams on whiteboard and paper.

AI Skills Marketplace Exposes Security Gaps

A recent audit of OpenClaw's AI skills marketplace uncovered a staggering 250,706 behavioral deviations in 49,943 agent "skills", revealing a significant gap between what AI skills claim to do and what they actually do. This alarming mismatch highlights the urgent need for robust security measures, such as Palo Alto Networks' Unit 42's Behavioral Integrity Verification (BIV) solution.

Analyst 207
Rows of servers and storage systems in a cloud data center or server room.

Attackers Target Cloud Logging Services for Defense Evasion and Continuous Visibility

Cloud logging services, like AWS CloudTrail and Google Cloud Logging, are a treasure trove of insights into your cloud environment - but they're also a prime target for attackers looking to erase their tracks or gain continuous visibility into your operations. By manipulating these services, adversaries can create persistent blind spots that leave you vulnerable.

Analyst 207
Network device with cables on a rack in a well-lit technology room.

Palo Alto Networks Warns of Active PAN-OS Vulnerability Exploitation

Palo Alto Networks has sounded the alarm on a critical PAN-OS vulnerability, CVE-2026-0257, that's being actively exploited by threat actors to bypass authentication and gain unauthorized access to VPN connections. This security gap could allow attackers to circumvent controls and initiate their own VPN sessions, putting your network at risk.

Analyst 207
Cluttered home office desk with Mac computer and blurred screen, suburban neighborhood visible through window.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users

macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Analyst 207
Concerned individuals walk down a modern office corridor lined with server racks and filing cabinets, with a focused laptop…

Cyber Extortion Economy Shifts Away From Ransomware Encryption

The cyber extortion landscape is undergoing a seismic shift, with threat actors ditching ransomware encryption in favor of data-only extortion - and they're moving at lightning speed, with one case seeing data exfiltration in just 39 seconds. This trend is driven by improved backup and recovery methods, leaving attackers to focus on stealing sensitive data.

Analyst 207
Devices and equipment in a brightly-lit tech facility with a laptop screen displaying blurred code.

Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns

Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.

Analyst 207
Dimly lit server room with rows of rack-mounted equipment and cables.

Gremlin Stealer Evolves With Advanced Obfuscation Tactics

Meet the new and improved Gremlin Stealer, which has upgraded its hiding game by cleverly concealing its payloads in .NET resource blobs and only revealing them at runtime, making it a stealthier threat than ever. This latest variant uses single-byte XOR encoding to mask its malicious code, evading detection by signature and heuristic scanners.

Analyst 207
Network device in a brightly-lit tech environment with blurred background infrastructure.

Palo Alto Networks Discloses Active Exploitation of PAN-OS Flaw Enabling Espionage

Palo Alto Networks has uncovered active exploitation of a high-severity flaw in PAN-OS software, allowing attackers to execute arbitrary code with root privileges and inject shellcode into vulnerable systems. This critical vulnerability, tracked as CVE-2026-0300, enables unauthenticated remote code execution, putting affected appliances at risk of espionage.

Analyst 207
Brightly-lit network operations center with multiple workstations and natural light from floor-to-ceiling windows.

Threat Actors Exploit Blind Spots Beyond Endpoint Defenses

Attackers are now moving at an alarming pace, taking data four times faster than in 2025, and exploiting the blind spots that an over-reliance on endpoint defenses creates. They're striking across multiple surfaces, from cloud services to remote users, to evade detection and get in and out quickly.

Analyst 207
Person working at desk with laptop in a well-lit office setting.

Malicious AI Browser Extensions Exfiltrate User Data

Beware of AI browser extensions that promise to boost productivity but secretly steal your data. Researchers uncovered 18 malicious extensions that masquerade as helpful tools but deliver spyware, Trojans, and other threats that can hijack your online activity.

Analyst 207
Brightly-lit retail setting with a point-of-sale terminal in the foreground, hinting at unease.

BlackFile Targets Retail, Hospitality with Extortion Attacks

Meet BlackFile, a notorious extortion group wreaking havoc on the retail and hospitality sectors with high-stakes attacks, demanding seven-figure ransoms from its victims. With a modus operandi that includes impersonation and voice-phishing, this threat actor is using pressure tactics to get what they want.

Analyst 207
Busy airport terminal in Central or South America with laptop on luggage cart.

TGR-STA-1030 Intensifies Espionage Push in Central, South America

The threat group TGR-STA-1030 is ramping up its espionage efforts in Central and South America, with sustained and widespread activity observed across multiple countries since February. This persistent campaign has recently intensified, with a heavy focus on regions within Central and South America.

Analyst 207
Person hunched over laptop with eerie glow, surrounded by shattered shield and robotic arm, with cityscape in background.

AI Models Turbocharge Vulnerability Discovery

Imagine a world where AI models don't just help find software bugs, but actually behave like expert security researchers - that's the reality we're facing, and it's changing the vulnerability discovery game. Frontier AI models are now capable of autonomously discovering zero-day vulnerabilities and speeding up patching processes.

Analyst 207
Person in hoodie sits before laptop with eerie glow, surrounded by cables, with cityscape and Iranian flag in background.

Iran's Cyber Threat Landscape Intensifies

Iran's cyber threat landscape is escalating, with phishing, hacktivist operations, and criminal activity converging to create a complex risk picture. A recent Unit 42 threat brief offers valuable insights and practical guidance to help defenders stay ahead of these emerging threats.

Analyst 207
Shadowy figure in a hoodie amidst industrial complex with glowing laptop screens and cables.

TeamPCP Infiltrates Security Infrastructure with Multi-Stage Supply Chain Attack

When security tools meant to safeguard networks become the entry point for attacks, trust is shattered - and that's exactly what's happening with TeamPCP's multi-stage supply chain attacks on security infrastructure. This sinister tactic lets threat actors turn protectors into launchpads for wider compromise.

Analyst 207
Tangled web of interconnected chains and gears with a broken link highlighted, set against a cityscape at dusk.

Unit 42 Uncovers Axios Supply Chain Attack's Far-Reaching Consequences

When a trusted software pathway is compromised, the consequences can be far-reaching - as Unit 42's recent analysis of the Axios supply chain attack starkly reveals, threatening digital trust and resilience. The team's detailed examination exposes the attack's full chain, from initial dropper to forensic cleanup.

Analyst 207