Tag: unit 42
31 articles

AI Empowers Cyberattacks with Operational Efficiency
As AI continues to evolve, it's crucial to treat AI-driven threats as a top priority, using the technology to supercharge their attacks and compress timelines. AI is being used by attackers to automate routine work, streamline reconnaissance, and shorten development cycles, turning what once took days into operations that can be executed in just hours.

AI Models Expose Millions to Phantom Squatting Phishing Threat
Millions are now at risk of falling prey to a new, rapidly evolving phishing threat called phantom squatting, where attackers exploit AI-generated links to create malicious websites that can evade detection. By registering domains invented by large language models, hackers can create seemingly trustworthy sites that are actually designed to steal sensitive information or spread malware.

LLMs Expose Software Supply Chain to Phantom Squatting Threat
Imagine a hidden threat lurking in the software supply chain, where 250,000 "phantom" domains lie waiting to be claimed by malicious actors - a vulnerability uncovered in a staggering 2.1 million URLs generated by LLMs. This phantom squatting threat has the potential to compromise security, and it's essential to understand its scope and impact.

Chinese Hackers Target Southeast Asia's Energy, Government Sectors
Chinese hackers have launched a stealthy assault on Southeast Asia's energy and government sectors, infiltrating at least ten organizations between October and December 2025. This sophisticated threat, tracked as CL-STA-1062, has been lurking in the shadows since March 2022, using clever tactics like hard-coded encryption keys to evade detection.

Malicious AI Skills Evade Detection on ClawHub Marketplace
Malicious AI skills are slipping through the cracks on ClawHub, with nearly 1 in 5 skills analyzed carrying hidden threats, and a recent audit found a thriving marketplace for bad actors to exploit. Unit 42 uncovered alarming trends, including infostealers and evasion techniques, highlighting the need for vigilance in this rapidly evolving threat landscape.

MacOS ClickFix Attack Exploits Terminal Commands to Spread Infostealer
Beware of a sneaky new attack on macOS, known as ClickFix, that tricks you into pasting a Terminal command, allowing hackers to silently download and launch info-stealing malware on your device. This cleverly crafted scam starts with a fake CAPTCHA page, convincing victims to unwittingly give attackers a backdoor to their sensitive data.

Cloud Providers' Global Namespace Flaw Enables Bucket Hijacking
A newly discovered flaw in cloud providers' global namespace has been exploited in a simple yet powerful bucket hijacking technique, allowing attackers to redirect sensitive data streams into their own accounts. This alarming vulnerability affects multiple services across major cloud providers.

Cybersecurity's 72-Minute Challenge
The clock is ticking: in the blink of an eye, just 72 minutes, attackers can breach your defenses and make off with your data, highlighting a daunting speed gap between threat actors and security teams. This alarming acceleration demands a serious rethink of traditional security operations.

AI Skills Marketplace Exposes Security Gaps
A recent audit of OpenClaw's AI skills marketplace uncovered a staggering 250,706 behavioral deviations in 49,943 agent "skills", revealing a significant gap between what AI skills claim to do and what they actually do. This alarming mismatch highlights the urgent need for robust security measures, such as Palo Alto Networks' Unit 42's Behavioral Integrity Verification (BIV) solution.

Attackers Target Cloud Logging Services for Defense Evasion and Continuous Visibility
Cloud logging services, like AWS CloudTrail and Google Cloud Logging, are a treasure trove of insights into your cloud environment - but they're also a prime target for attackers looking to erase their tracks or gain continuous visibility into your operations. By manipulating these services, adversaries can create persistent blind spots that leave you vulnerable.

Palo Alto Networks Warns of Active PAN-OS Vulnerability Exploitation
Palo Alto Networks has sounded the alarm on a critical PAN-OS vulnerability, CVE-2026-0257, that's being actively exploited by threat actors to bypass authentication and gain unauthorized access to VPN connections. This security gap could allow attackers to circumvent controls and initiate their own VPN sessions, putting your network at risk.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users
macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Cyber Extortion Economy Shifts Away From Ransomware Encryption
The cyber extortion landscape is undergoing a seismic shift, with threat actors ditching ransomware encryption in favor of data-only extortion - and they're moving at lightning speed, with one case seeing data exfiltration in just 39 seconds. This trend is driven by improved backup and recovery methods, leaving attackers to focus on stealing sensitive data.

Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns
Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.

Gremlin Stealer Evolves With Advanced Obfuscation Tactics
Meet the new and improved Gremlin Stealer, which has upgraded its hiding game by cleverly concealing its payloads in .NET resource blobs and only revealing them at runtime, making it a stealthier threat than ever. This latest variant uses single-byte XOR encoding to mask its malicious code, evading detection by signature and heuristic scanners.

Palo Alto Networks Discloses Active Exploitation of PAN-OS Flaw Enabling Espionage
Palo Alto Networks has uncovered active exploitation of a high-severity flaw in PAN-OS software, allowing attackers to execute arbitrary code with root privileges and inject shellcode into vulnerable systems. This critical vulnerability, tracked as CVE-2026-0300, enables unauthenticated remote code execution, putting affected appliances at risk of espionage.

Threat Actors Exploit Blind Spots Beyond Endpoint Defenses
Attackers are now moving at an alarming pace, taking data four times faster than in 2025, and exploiting the blind spots that an over-reliance on endpoint defenses creates. They're striking across multiple surfaces, from cloud services to remote users, to evade detection and get in and out quickly.

Malicious AI Browser Extensions Exfiltrate User Data
Beware of AI browser extensions that promise to boost productivity but secretly steal your data. Researchers uncovered 18 malicious extensions that masquerade as helpful tools but deliver spyware, Trojans, and other threats that can hijack your online activity.

BlackFile Targets Retail, Hospitality with Extortion Attacks
Meet BlackFile, a notorious extortion group wreaking havoc on the retail and hospitality sectors with high-stakes attacks, demanding seven-figure ransoms from its victims. With a modus operandi that includes impersonation and voice-phishing, this threat actor is using pressure tactics to get what they want.

TGR-STA-1030 Intensifies Espionage Push in Central, South America
The threat group TGR-STA-1030 is ramping up its espionage efforts in Central and South America, with sustained and widespread activity observed across multiple countries since February. This persistent campaign has recently intensified, with a heavy focus on regions within Central and South America.

AI Models Turbocharge Vulnerability Discovery
Imagine a world where AI models don't just help find software bugs, but actually behave like expert security researchers - that's the reality we're facing, and it's changing the vulnerability discovery game. Frontier AI models are now capable of autonomously discovering zero-day vulnerabilities and speeding up patching processes.

Iran's Cyber Threat Landscape Intensifies
Iran's cyber threat landscape is escalating, with phishing, hacktivist operations, and criminal activity converging to create a complex risk picture. A recent Unit 42 threat brief offers valuable insights and practical guidance to help defenders stay ahead of these emerging threats.

TeamPCP Infiltrates Security Infrastructure with Multi-Stage Supply Chain Attack
When security tools meant to safeguard networks become the entry point for attacks, trust is shattered - and that's exactly what's happening with TeamPCP's multi-stage supply chain attacks on security infrastructure. This sinister tactic lets threat actors turn protectors into launchpads for wider compromise.

Unit 42 Uncovers Axios Supply Chain Attack's Far-Reaching Consequences
When a trusted software pathway is compromised, the consequences can be far-reaching - as Unit 42's recent analysis of the Axios supply chain attack starkly reveals, threatening digital trust and resilience. The team's detailed examination exposes the attack's full chain, from initial dropper to forensic cleanup.