Tag: Unit 42

CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 affect multiple Cisco products, and are being exploited by a threat actor linked to the ArcaneDoor campaign. The post Threat Insights: Active Exploitation of Cisco ASA Zero Days appeared first on Unit 42. This article has…

Read more →

We connect Bookworm malware to Chinese APT Stately Taurus using our attribution framework, enhancing our understanding of threat group tradecraft. The post Bookworm to Stately Taurus Using the Unit 42 Attribution Framework appeared first on Unit 42. This article has…

Read more →

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 23) appeared first on…

Read more →

SEO poisoning campaign “Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites. The post Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign appeared first on Unit 42. This…

Read more →

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated September 18) appeared first on…

Read more →

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit 42. This…

Read more →

Unit 42 explores how innocent clicks can have serious repercussions. Learn how simply visiting a malicious site can expose users to significant digital dangers. The post Myth Busting: Why "Innocent Clicks" Don't Exist in Cybersecurity appeared first on Unit 42.…

Read more →

We examine security weaknesses in LLM code assistants. Issues like indirect prompt injection and model misuse are prevalent across platforms. The post The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception appeared first on Unit 42. This article…

Read more →

Effective OAuth token management is crucial for supply chain security, preventing breaches caused by dormant integrations, insecure storage or lack of rotation. The post Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain appeared first on Unit 42.…

Read more →

Unit 42 delves into how cybercriminals are treating stolen data like digital diamonds amid rising attacks and evolving extortion tactics. The post Data Is the New Diamond: Latest Moves by Hackers and Defenders appeared first on Unit 42. This article…

Read more →

AdaptixC2, an open-source C2 framework, is increasingly used in attacks. We discuss its features and potential use case scenarios. The post AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks appeared first on Unit 42. This article has been indexed…

Read more →

AdaptixC2, an open-source C2 framework, is increasingly used in attacks. We discuss its features and potential use case scenarios. The post AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks appeared first on Unit 42. This article has been indexed…

Read more →

Unit 42 delves into how cybercriminals are treating stolen data like digital diamonds amid rising attacks and evolving extortion tactics. The post Data Is the New Diamond: Latest Moves by Hackers and Defenders appeared first on Unit 42. This article…

Read more →

Discover what it’s like to be a Threat Intelligence intern at Unit 42, from diving into research to tackling real-world cyber threats. The post Why Threat Intelligence: A Conversation With Unit 42 Interns appeared first on Unit 42. This article…

Read more →

Model namespace reuse is a potential security risk in the AI supply chain. Attackers can misuse platforms like Hugging Face for remote code execution. The post Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust appeared first on…

Read more →

Model namespace reuse is a potential security risk in the AI supply chain. Attackers can misuse platforms like Hugging Face for remote code execution. The post Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust appeared first on…

Read more →

Discover what it’s like to be a Threat Intelligence intern at Unit 42, from diving into research to tackling real-world cyber threats. The post Why Threat Intelligence: A Conversation With Unit 42 Interns appeared first on Unit 42. This article…

Read more →

This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42. This article has been…

Read more →

Unit 42 explores the similarities between the social engineering and reconnaissance tactics used by financially motivated criminals. The post Data Is the New Diamond: Heists in the Digital Age appeared first on Unit 42. This article has been indexed from…

Read more →

Unit 42 explores the similarities between the social engineering and reconnaissance tactics used by financially motivated criminals. The post Data Is the New Diamond: Heists in the Digital Age appeared first on Unit 42. This article has been indexed from…

Read more →