<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0">

<channel>
	<title>Unit 42</title>
	<atom:link href="https://unit42.paloaltonetworks.com/feed/?v=2" rel="self" type="application/rss+xml"/>
	<link>https://unit42.paloaltonetworks.com/</link>
	<description>Palo Alto Networks</description>
	<lastBuildDate>Wed, 08 Jul 2026 18:40:42 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9.4</generator>

<image>
	<url>https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png</url>
	<title>Unit 42</title>
	<link>https://unit42.paloaltonetworks.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<itunes:explicit>no</itunes:explicit><itunes:subtitle>Palo Alto Networks</itunes:subtitle><item>
		<title>Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation</title>
		<link>https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/</link>
		
		<dc:creator><![CDATA[Bharath Nannaka and Pranay Kumar Chhaparwal]]></dc:creator>
		<pubDate>Tue, 07 Jul 2026 22:00:21 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[AMSI]]></category>
		<category><![CDATA[Cryptocurrency]]></category>
		<category><![CDATA[DLL Sideloading]]></category>
		<category><![CDATA[Factory-v3]]></category>
		<category><![CDATA[malvertising]]></category>
		<category><![CDATA[X3D MINER]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=183287</guid>

					<description><![CDATA[<p>A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/">Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>10</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/07/01_Malware_Category_1920x900-2-300x300.jpg</featuredImage>
		<dcterms:extent>10</dcterms:extent>
		<enclosure length="611028" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/07/01_Malware_Category_1920x900-2.jpg"/>
			<itunes:explicit/><itunes:subtitle>A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination. The post Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation appeared first on Unit 42.</itunes:subtitle><itunes:summary>A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination. The post Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation appeared first on Unit 42.</itunes:summary><itunes:keywords>Malware, Threat Research, AMSI, Cryptocurrency, DLL Sideloading, Factory-v3, malvertising, X3D MINER</itunes:keywords></item>
		<item>
		<title>How We Added WebAuthn to a Browser-Based RDP Client</title>
		<link>https://unit42.paloaltonetworks.com/webauthn-added-to-browser-based-rdp/</link>
		
		<dc:creator><![CDATA[Daniel Prizmant]]></dc:creator>
		<pubDate>Thu, 02 Jul 2026 22:00:39 +0000</pubDate>
				<category><![CDATA[General]]></category>
		<category><![CDATA[Insights]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[IDA Pro]]></category>
		<category><![CDATA[Microsoft]]></category>
		<category><![CDATA[RDP]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=183236</guid>

					<description><![CDATA[<p>A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/webauthn-added-to-browser-based-rdp/">How We Added WebAuthn to a Browser-Based RDP Client</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>8</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/07/06_Myth-Busting_Overview_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>8</dcterms:extent>
		<enclosure length="938745" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/07/06_Myth-Busting_Overview_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebAuthn to a Browser-Based RDP Client appeared first on Unit 42.</itunes:subtitle><itunes:summary>A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebAuthn to a Browser-Based RDP Client appeared first on Unit 42.</itunes:summary><itunes:keywords>General, Insights, Threat Research, IDA Pro, Microsoft, RDP</itunes:keywords></item>
		<item>
		<title>Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector</title>
		<link>https://unit42.paloaltonetworks.com/phantom-squatting-hallucinated-web-domains/</link>
		
		<dc:creator><![CDATA[Keerthiraj Nagaraj, Diva-Oriane Marty, Beliz Kaleli and Oleksii Starov]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 01:00:11 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[LLMs]]></category>
		<category><![CDATA[Malicious Domains]]></category>
		<category><![CDATA[malvertising]]></category>
		<category><![CDATA[Phantom Squatting]]></category>
		<category><![CDATA[phishing]]></category>
		<category><![CDATA[slopsquatting]]></category>
		<category><![CDATA[supply chain]]></category>
		<category><![CDATA[URL hallucination]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=183096</guid>

					<description><![CDATA[<p>Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/phantom-squatting-hallucinated-web-domains/">Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>19</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_799983387-1-1-300x300.jpg</featuredImage>
		<dcterms:extent>19</dcterms:extent>
		<enclosure length="503127" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_799983387-1-1-scaled.jpg"/>
			<itunes:explicit/><itunes:subtitle>Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42.</itunes:subtitle><itunes:summary>Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42.</itunes:summary><itunes:keywords>Malware, Threat Research, Agentic AI, LLMs, Malicious Domains, malvertising, Phantom Squatting, phishing, slopsquatting, supply chain, URL hallucination</itunes:keywords></item>
		<item>
		<title>Threat Brief: Mitigating Large-Scale Credential Attacks</title>
		<link>https://unit42.paloaltonetworks.com/large-scale-credential-attacks/</link>
		
		<dc:creator><![CDATA[Andy Piazza]]></dc:creator>
		<pubDate>Fri, 26 Jun 2026 19:05:33 +0000</pubDate>
				<category><![CDATA[General]]></category>
		<category><![CDATA[High Profile Threats]]></category>
		<category><![CDATA[credential theft]]></category>
		<category><![CDATA[fortibleed]]></category>
		<category><![CDATA[password spraying]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182713</guid>

					<description><![CDATA[<p>We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/large-scale-credential-attacks/">Threat Brief: Mitigating Large-Scale Credential Attacks</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>5</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/07_Vulnerabilities_1920x900-1-300x300.jpg</featuredImage>
		<dcterms:extent>5</dcterms:extent>
		<enclosure length="1486607" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/07_Vulnerabilities_1920x900-1.jpg"/>
			<itunes:explicit/><itunes:subtitle>We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appeared first on Unit 42.</itunes:subtitle><itunes:summary>We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appeared first on Unit 42.</itunes:summary><itunes:keywords>General, High Profile Threats, credential theft, fortibleed, password spraying</itunes:keywords></item>
		<item>
		<title>CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure</title>
		<link>https://unit42.paloaltonetworks.com/cl-sta-1062-tinyrct-backdoor/</link>
		
		<dc:creator><![CDATA[Unit 42]]></dc:creator>
		<pubDate>Thu, 25 Jun 2026 22:00:52 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[backdoor]]></category>
		<category><![CDATA[CL-STA-1062]]></category>
		<category><![CDATA[malware]]></category>
		<category><![CDATA[Mimikatz]]></category>
		<category><![CDATA[southeast asia]]></category>
		<category><![CDATA[TinyRCT]]></category>
		<category><![CDATA[VPN]]></category>
		<category><![CDATA[web shells]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182868</guid>

					<description><![CDATA[<p>Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/cl-sta-1062-tinyrct-backdoor/">CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>10</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/03_Malware_Category_1920x900-5-300x300.jpg</featuredImage>
		<dcterms:extent>10</dcterms:extent>
		<enclosure length="874605" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/03_Malware_Category_1920x900-5.jpg"/>
			<itunes:explicit/><itunes:subtitle>Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. The post CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure appeared first on Unit 42.</itunes:subtitle><itunes:summary>Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. The post CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure appeared first on Unit 42.</itunes:summary><itunes:keywords>Malware, Threat Research, backdoor, CL-STA-1062, malware, Mimikatz, southeast asia, TinyRCT, VPN, web shells</itunes:keywords></item>
		<item>
		<title>OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat</title>
		<link>https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/</link>
		
		<dc:creator><![CDATA[Shresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher and Oleksii Starov]]></dc:creator>
		<pubDate>Tue, 23 Jun 2026 22:00:51 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[Agentic AI]]></category>
		<category><![CDATA[ClawHavoc]]></category>
		<category><![CDATA[ClawHub]]></category>
		<category><![CDATA[defense evasion]]></category>
		<category><![CDATA[Infostealer]]></category>
		<category><![CDATA[OpenClaw]]></category>
		<category><![CDATA[payload]]></category>
		<category><![CDATA[VirusTotal]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182742</guid>

					<description><![CDATA[<p>Unit 42's analysis of ClawHub revealed evasive malicious skills bypassing automated scanners to deploy infostealers and execute agentic financial fraud.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/">OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>9</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_768915868-1-300x300.jpg</featuredImage>
		<dcterms:extent>9</dcterms:extent>
		<enclosure length="2020533" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_768915868-1.jpg"/>
			<itunes:explicit/><itunes:subtitle>Unit 42's analysis of ClawHub revealed evasive malicious skills bypassing automated scanners to deploy infostealers and execute agentic financial fraud. The post OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42's analysis of ClawHub revealed evasive malicious skills bypassing automated scanners to deploy infostealers and execute agentic financial fraud. The post OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat appeared first on Unit 42.</itunes:summary><itunes:keywords>Malware, Threat Research, Agentic AI, ClawHavoc, ClawHub, defense evasion, Infostealer, OpenClaw, payload, VirusTotal</itunes:keywords></item>
		<item>
		<title>The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration</title>
		<link>https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/</link>
		
		<dc:creator><![CDATA[Yahav Festinger]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 22:00:04 +0000</pubDate>
				<category><![CDATA[Cloud Cybersecurity Research]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[AWS]]></category>
		<category><![CDATA[bucket hijacking]]></category>
		<category><![CDATA[cloud data exfiltration]]></category>
		<category><![CDATA[cloud logging]]></category>
		<category><![CDATA[CSPs]]></category>
		<category><![CDATA[Google Cloud]]></category>
		<category><![CDATA[IAM]]></category>
		<category><![CDATA[Microsoft Azure]]></category>
		<category><![CDATA[privilege escalation]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182610</guid>

					<description><![CDATA[<p>Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/cloud-bucket-hijacking-risks/">The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>13</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/09_Cloud_cybersecurity_research_Overview_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>13</dcterms:extent>
		<enclosure length="1265691" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/09_Cloud_cybersecurity_research_Overview_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42.</itunes:summary><itunes:keywords>Cloud Cybersecurity Research, Threat Research, AWS, bucket hijacking, cloud data exfiltration, cloud logging, CSPs, Google Cloud, IAM, Microsoft Azure, privilege escalation</itunes:keywords></item>
		<item>
		<title>Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE</title>
		<link>https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/</link>
		
		<dc:creator><![CDATA[Ori Hadad]]></dc:creator>
		<pubDate>Tue, 16 Jun 2026 10:00:29 +0000</pubDate>
				<category><![CDATA[Cloud Cybersecurity Research]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[bucket squatting]]></category>
		<category><![CDATA[Google Cloud]]></category>
		<category><![CDATA[joblib]]></category>
		<category><![CDATA[Python]]></category>
		<category><![CDATA[RCE]]></category>
		<category><![CDATA[SDKs]]></category>
		<category><![CDATA[Vertex AI]]></category>
		<category><![CDATA[vulnerability]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182510</guid>

					<description><![CDATA[<p>Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/">Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>12</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_1270203474-1-300x300.png</featuredImage>
		<dcterms:extent>12</dcterms:extent>
		<enclosure length="2082712" type="image/png" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_1270203474-1.png"/>
			<itunes:explicit/><itunes:subtitle>Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42.</itunes:summary><itunes:keywords>Cloud Cybersecurity Research, Threat Research, bucket squatting, Google Cloud, joblib, Python, RCE, SDKs, Vertex AI, vulnerability</itunes:keywords></item>
		<item>
		<title>Inside the Modern SOC: The 72-Minute Race</title>
		<link>https://unit42.paloaltonetworks.com/soc-72-minute-race/</link>
		
		<dc:creator><![CDATA[Sharon Maydar]]></dc:creator>
		<pubDate>Mon, 15 Jun 2026 23:00:19 +0000</pubDate>
				<category><![CDATA[Inside the Modern SOC]]></category>
		<category><![CDATA[Insights]]></category>
		<category><![CDATA[identity]]></category>
		<category><![CDATA[operation security]]></category>
		<category><![CDATA[Unit 42 Incident Response Report]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182568</guid>

					<description><![CDATA[<p>Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/soc-72-minute-race/">Inside the Modern SOC: The 72-Minute Race</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>4</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/02_Interview_Overview_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>4</dcterms:extent>
		<enclosure length="1004213" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/02_Interview_Overview_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The 72-Minute Race appeared first on Unit 42.</itunes:subtitle><itunes:summary>Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The 72-Minute Race appeared first on Unit 42.</itunes:summary><itunes:keywords>Inside the Modern SOC, Insights, identity, operation security, Unit 42 Incident Response Report</itunes:keywords></item>
		<item>
		<title>Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered</title>
		<link>https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/</link>
		
		<dc:creator><![CDATA[Chip Riley]]></dc:creator>
		<pubDate>Fri, 12 Jun 2026 22:00:14 +0000</pubDate>
				<category><![CDATA[General]]></category>
		<category><![CDATA[Insights]]></category>
		<category><![CDATA[digital forensics]]></category>
		<category><![CDATA[macOS]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182477</guid>

					<description><![CDATA[<p>Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/">Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>3</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/11_Listicle_Category_1505x922-300x300.jpg</featuredImage>
		<dcterms:extent>3</dcterms:extent>
		<enclosure length="620023" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/11_Listicle_Category_1505x922.jpg"/>
			<itunes:explicit/><itunes:subtitle>Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. The post Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. The post Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered appeared first on Unit 42.</itunes:summary><itunes:keywords>General, Insights, digital forensics, macOS</itunes:keywords></item>
		<item>
		<title>Trust No Skill: Integrity Verification for AI Agent Supply Chains</title>
		<link>https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/</link>
		
		<dc:creator><![CDATA[Yuhao Wu, Tony Li and Hongliang Liu]]></dc:creator>
		<pubDate>Thu, 11 Jun 2026 10:00:24 +0000</pubDate>
				<category><![CDATA[Malware]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[AI agents]]></category>
		<category><![CDATA[credential exfiltration]]></category>
		<category><![CDATA[LLMs]]></category>
		<category><![CDATA[OpenClaw]]></category>
		<category><![CDATA[supply chain]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182196</guid>

					<description><![CDATA[<p>Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/">Trust No Skill: Integrity Verification for AI Agent Supply Chains</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>7</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_429594706-300x300.jpg</featuredImage>
		<dcterms:extent>7</dcterms:extent>
		<enclosure length="1464345" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/AdobeStock_429594706.jpg"/>
			<itunes:explicit/><itunes:subtitle>Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit 42.</itunes:subtitle><itunes:summary>Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit 42.</itunes:summary><itunes:keywords>Malware, Threat Research, AI agents, credential exfiltration, LLMs, OpenClaw, supply chain</itunes:keywords></item>
		<item>
		<title>Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility</title>
		<link>https://unit42.paloaltonetworks.com/cloud-logging-defense-evasion/</link>
		
		<dc:creator><![CDATA[Yahav Festinger]]></dc:creator>
		<pubDate>Tue, 09 Jun 2026 22:00:21 +0000</pubDate>
				<category><![CDATA[Cloud Cybersecurity Research]]></category>
		<category><![CDATA[Threat Research]]></category>
		<category><![CDATA[AWS CloudTrail]]></category>
		<category><![CDATA[cloud logging]]></category>
		<category><![CDATA[defense evasion]]></category>
		<category><![CDATA[Google Cloud]]></category>
		<category><![CDATA[log poisoning]]></category>
		<category><![CDATA[log router]]></category>
		<category><![CDATA[log storage]]></category>
		<category><![CDATA[S3]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182090</guid>

					<description><![CDATA[<p>Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/cloud-logging-defense-evasion/">Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>12</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/11_Cloud_cybersecurity_research_Overview_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>12</dcterms:extent>
		<enclosure length="1153636" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/11_Cloud_cybersecurity_research_Overview_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42.</itunes:summary><itunes:keywords>Cloud Cybersecurity Research, Threat Research, AWS CloudTrail, cloud logging, defense evasion, Google Cloud, log poisoning, log router, log storage, S3</itunes:keywords></item>
		<item>
		<title>Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257</title>
		<link>https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/</link>
		
		<dc:creator><![CDATA[Andy Piazza and Unit 42]]></dc:creator>
		<pubDate>Tue, 09 Jun 2026 14:05:42 +0000</pubDate>
				<category><![CDATA[High Profile Threats]]></category>
		<category><![CDATA[Vulnerabilities]]></category>
		<category><![CDATA[CVE-2026-0257]]></category>
		<category><![CDATA[vulnerability]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182026</guid>

					<description><![CDATA[<p>We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/">Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>3</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/07_Vulnerabilities_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>3</dcterms:extent>
		<enclosure length="1486607" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/07_Vulnerabilities_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.</itunes:subtitle><itunes:summary>We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.</itunes:summary><itunes:keywords>High Profile Threats, Vulnerabilities, CVE-2026-0257, vulnerability</itunes:keywords></item>
		<item>
		<title>When “Hi, This Is IT” Comes Through Microsoft Teams</title>
		<link>https://unit42.paloaltonetworks.com/microsoft-teams-phishing/</link>
		
		<dc:creator><![CDATA[Bill Batchelor]]></dc:creator>
		<pubDate>Mon, 08 Jun 2026 23:00:45 +0000</pubDate>
				<category><![CDATA[General]]></category>
		<category><![CDATA[Insights]]></category>
		<category><![CDATA[Cloaked Ursa]]></category>
		<category><![CDATA[identity]]></category>
		<category><![CDATA[phishing]]></category>
		<category><![CDATA[social engineering]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=182028</guid>

					<description><![CDATA[<p>Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security.</p>
<p>The post <a href="https://unit42.paloaltonetworks.com/microsoft-teams-phishing/">When “Hi, This Is IT” Comes Through Microsoft Teams</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>6</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/02_Opinion_Overview_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>6</dcterms:extent>
		<enclosure length="807184" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/06/02_Opinion_Overview_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, This Is IT” Comes Through Microsoft Teams appeared first on Unit 42.</itunes:subtitle><itunes:summary>Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, This Is IT” Comes Through Microsoft Teams appeared first on Unit 42.</itunes:summary><itunes:keywords>General, Insights, Cloaked Ursa, identity, phishing, social engineering</itunes:keywords></item>
		<item>
		<title>The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)</title>
		<link>https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/</link>
		
		<dc:creator><![CDATA[Unit 42]]></dc:creator>
		<pubDate>Tue, 02 Jun 2026 17:30:33 +0000</pubDate>
				<category><![CDATA[High Profile Threats]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Credential Harvesting]]></category>
		<category><![CDATA[GitHub]]></category>
		<category><![CDATA[npm packages]]></category>
		<category><![CDATA[obfuscation]]></category>
		<category><![CDATA[payload]]></category>
		<category><![CDATA[supply chain]]></category>
		<category><![CDATA[worm propagation]]></category>
		<guid isPermaLink="false">https://unit42.paloaltonetworks.com/?p=179395</guid>

					<description><![CDATA[<p>Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. </p>
<p>The post <a href="https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/">The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)</a> appeared first on <a href="https://unit42.paloaltonetworks.com">Unit 42</a>.</p>
]]></description>
		
		
		
		<readTime>23</readTime>
		<featuredImage>https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/05_Malware_Category_1920x900-300x300.jpg</featuredImage>
		<dcterms:extent>23</dcterms:extent>
		<enclosure length="611893" type="image/jpeg" url="https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/05_Malware_Category_1920x900.jpg"/>
			<itunes:explicit/><itunes:subtitle>Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Unit 42.</itunes:subtitle><itunes:summary>Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Unit 42.</itunes:summary><itunes:keywords>High Profile Threats, Malware, Credential Harvesting, GitHub, npm packages, obfuscation, payload, supply chain, worm propagation</itunes:keywords></item>
	</channel>
</rss>