Skip to main content

Tag: unit 42

31 articles

Large ominous robot with cracked facade surrounded by swarming autonomous agents.

Unit 42 Research Exposes Risks in Amazon Bedrock's Multi-Agent AI Systems

Unit 42's latest research reveals a hidden threat: multi-agent AI systems on Amazon Bedrock can be vulnerable to new and alarming risks, including prompt injection attacks that practitioners can't afford to ignore. Learn how to safeguard your AI applications from these emerging threats.

Analyst 207
Cracked sandbox with miniature cityscape and exposed glowing wires amidst shattered glass and broken screens.

Vulnerabilities Exposed in Amazon Bedrock AgentCore Sandbox

Security researchers at Unit 42 have uncovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, revealing that a protective layer meant to separate code and services can be breached using DNS tunneling, exposing sensitive credentials in the process. This alarming discovery highlights the potential risks of slipping through the cracks of a supposedly secure system.

Analyst 207
Kubernetes Environments Under Siege as Attacks Escalate

Kubernetes Environments Under Siege as Attacks Escalate

Kubernetes environments are under attack like never before, with threat actors exploiting identities and critical vulnerabilities to compromise cloud infrastructure - so what can organizations do to protect themselves? The warning signs are clear: it's time to take action against escalating Kubernetes attacks.

Analyst 207
TGR-STA-1030 Exclusive: Severe Breach Hits 70 Sites

TGR-STA-1030 Exclusive: Severe Breach Hits 70 Sites

Meet TGR-STA-1030: a stealthy Asia-based espionage crew that’s quietly breached at least 70 government and critical‑infrastructure networks across 37 countries, using bespoke tools, credential harvesting and meticulous reconnaissance to keep long‑term, hard-to-detect access to telecom and communications systems.

Analyst 207
Nation-State Hackers Deploy Dire Exclusive Airstalk Malware

Nation-State Hackers Deploy Dire Exclusive Airstalk Malware

Think your MDM keeps devices safe? Think again — a suspected nation-state is using the AirWatch API to deploy Airstalk malware, hijacking trusted management channels to stealthily compromise fleets of phones.

Analyst 207
Jingle Thief Exclusive: Costly Cloud Hack Steals Millions

Jingle Thief Exclusive: Costly Cloud Hack Steals Millions

Imagine criminals turning your retailer’s cloud into a holiday ATM—Unit 42 warns the Jingle Thief gang uses phishing and smishing to steal credentials and exploit misconfigured cloud systems to issue and redeem millions in gift cards. Stronger identity controls, logging and vendor oversight are urgent fixes before consumers and merchants are left cleaning up the mess.

Analyst 207
NET malware Dangerous: Exclusive Phantom Taurus Threat

NET malware Dangerous: Exclusive Phantom Taurus Threat

A Beijing-linked group dubbed Phantom Taurus is quietly using custom .NET malware to hunt credentials and siphon sensitive files from government web servers across Asia, Africa and the Middle East — a sharp reminder that everyday frameworks can hide serious threats. Defenders should harden .NET apps, tighten logging and MFA, and share indicators fast to turn the tables before secrets slip away.

Analyst 207