Tag: Unit 42

A suspected Iranian espionage campaign impersonated a model agency site for data collection, including fictitious models as possible social engineering lures. The post Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation appeared first on Unit 42. This article…

Read more →

Lampion malware distributors are now using the social engineering method ClickFix. Read our analysis of a recent campaign. The post Lampion Is Back With ClickFix Lures appeared first on Unit 42. This article has been indexed from Unit 42 Read…

Read more →

Programs leveraging AI agents are increasingly popular. Nine attack scenarios using open-source agent frameworks show how bad actors target these applications. The post AI Agents Are Here. So Are the Threats. appeared first on Unit 42. This article has been…

Read more →

Advertised on Telegram, Gremlin Stealer is new malware active since March 2025 written in C#. Data stolen is uploaded to a server for publication. The post Gremlin Stealer: New Stealer on Sale in Underground Forum appeared first on Unit 42.…

Read more →

Advertised on Telegram, Gremlin Stealer is new malware active since March 2025 written in C#. Data stolen is uploaded to a server for publication. The post Gremlin Stealer: New Stealer on Sale in Underground Forum appeared first on Unit 42.…

Read more →

Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics. The post Extortion and Ransomware Trends January-March 2025 appeared first on Unit 42. This…

Read more →

Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics. The post Extortion and Ransomware Trends January-March 2025 appeared first on Unit 42. This…

Read more →

North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications. The post False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation appeared first on Unit 42.…

Read more →

Agent Tesla, Remcos RAT and XLoader delivered via a complex phishing campaign. Learn how attackers are using multi-stage delivery to hinder analysis. The post Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis appeared first on Unit…

Read more →

North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit…

Read more →

North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit…

Read more →

GenAI boosts productivity but also poses security risks. Palo Alto Networks has a new whitepaper about prompt-based threats and how to defend against them. The post How Prompt Attacks Exploit GenAI and How to Fight Back appeared first on Unit…

Read more →

We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources. The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared first on Unit 42. This article has been indexed from…

Read more →

Phishing with QR codes: New tactics described here include concealing links with redirects and using Cloudflare Turnstile to evade security crawlers. The post Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon appeared first on Unit 42. This article has…

Read more →

Phishing with QR codes: New tactics described here include concealing links with redirects and using Cloudflare Turnstile to evade security crawlers. The post Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon appeared first on Unit 42. This article has…

Read more →

Understanding trends amidst noise: tracking shifts in security alerts allows cloud defenders to parse threats from attackers targeting IAM, storage and more. The post Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration appeared first…

Read more →

A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment…

Read more →

A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment…

Read more →

A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files appeared first on Unit 42. This article…

Read more →

Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework. The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42. This…

Read more →