Category: Unit 42

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42. This…

Read more →

Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit…

Read more →

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 10) appeared first on Unit 42. This…

Read more →

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42. This article has been indexed from…

Read more →

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 9) appeared first on Unit 42. This…

Read more →

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182. The post Exploitation of Critical Vulnerability in React Server Components (Updated December 8) appeared first on Unit 42. This…

Read more →

Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42. This article has been…

Read more →

We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478. The post Critical Vulnerabilities in React Server Components and Next.js appeared first on Unit 42. This article…

Read more →

85% of daily work occurs in the browser. Unit 42 outlines key security controls and strategies to make sure yours is secure. The post The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen appeared first on Unit…

Read more →

Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season. The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared first on Unit 42. This article has been indexed from Unit…

Read more →

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 25) appeared first on…

Read more →

The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs. The post The Dual-Use Dilemma of AI: Malicious LLMs appeared first on Unit 42. This article has…

Read more →

Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise. The post Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise…

Read more →

Two campaigns delivering Gh0st RAT to Chinese speakers show a deep understanding of the target population’s virtual environment and online behavior. The post Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT appeared first on Unit 42. This article…

Read more →

A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface. The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared first on Unit 42. This article has been indexed from…

Read more →

A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface. The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared first on Unit 42. This article has been indexed from…

Read more →

Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files. The post LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices appeared first on Unit 42. This article has…

Read more →

Effective cyber defense starts with knowing your own network. Unit 42 explains why asset management is the foundation of threat intelligence. The post Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management appeared first on…

Read more →

CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft’s WSUS. Our observations from cases show a consistent methodology. The post Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) appeared first on Unit 42. This…

Read more →

Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples. The post When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems appeared first on Unit 42. This…

Read more →