We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior. The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42. This article…
Category: Unit 42
The Shadow Campaigns: Uncovering Global Espionage
In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155. The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42. This article has been indexed from Unit 42 Read the…
Why Smart People Fall For Phishing Attacks
Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit…
Privileged File System Vulnerability Present in a SCADA System
We detail our discovery of CVE-2025-0921, a privileged file system flaw in Iconics Suite (SCADA) that attackers could exploit to cause a denial-of-service (DoS) attack. The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit…
Understanding the Russian Cyber Threat to the 2026 Winter Olympics
Russia’s current isolation from the Olympics may lead to increased cyber threats targeting the 2026 Winter Games. We discuss the potential threat picture. The post Understanding the Russian Cyber Threat to the 2026 Winter Olympics appeared first on Unit 42.…
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 celebrates 9 years of the Cyber Threat Alliance, tracing its journey from a bold idea to a global leader in collaborative cyber defense. The post Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense appeared first…
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time
We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser. The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time…
DNS OverDoS: Are Private Endpoints Too Private?
We’ve identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42. This article has been indexed from…
Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats. The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering…
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42. This article has been indexed from Unit 42…
Remote Code Execution With Modern AI/ML Formats and Libraries
We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA. The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42. This article has been indexed from Unit 42…
Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk
AI-generated code looks flawless until it isn’t. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach. The post Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk appeared first on Unit 42.…
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy. The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42. This article…
Who Does Cybersecurity Need? You!
Cybersecurity thrives on diverse skills, not just coding and engineering. From writers to designers, there’s a place for you in this field. The post Who Does Cybersecurity Need? You! appeared first on Unit 42. This article has been indexed from…
From Linear to Complex: An Upgrade in RansomHouse Encryption
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered. The post From Linear to Complex: An Upgrade in RansomHouse Encryption appeared first on Unit 42. This article has been indexed from…
Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene
Cyber hygiene is just as vital as personal hygiene. Unit 42 shares tips for people of all experience levels to keep their digital lives secure. The post Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene appeared…
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42. This…
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit…
Exploitation of Critical Vulnerability in React Server Components (Updated December 10)
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 10) appeared first on Unit 42. This…
01flip: Multi-Platform Ransomware Written in Rust
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42. This article has been indexed from…