Unit 42 https://unit42.paloaltonetworks.com/ Palo Alto Networks Mon, 04 May 2026 18:46:43 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.1 https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png Unit 42 https://unit42.paloaltonetworks.com/ 32 32 noPalo Alto Networks The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/ Sat, 02 May 2026 00:10:33 +0000 https://unit42.paloaltonetworks.com/?p=179395 Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.

The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.

]]> 15 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/05_Malware_Category_1920x900-300x300.jpg 15 Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.High Profile Threats, Malware, Credential Harvesting, GitHub, npm packages, obfuscation, payload, supply chain, worm propagation Essential Data Sources for Detection Beyond the Endpoint https://unit42.paloaltonetworks.com/detection-beyond-the-endpoint/ Fri, 01 May 2026 23:00:13 +0000 https://unit42.paloaltonetworks.com/?p=180120 Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here.

The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.

]]> 4 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/13_Cloud_cybersecurity_research_Overview_1920x900-300x300.jpg 4 Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.General, Insights, Cloud Security, IAM, incident response, threat detection That AI Extension Helping You Write Emails? It’s Reading Them First https://unit42.paloaltonetworks.com/high-risk-gen-ai-browser-extensions/ Thu, 30 Apr 2026 22:00:57 +0000 https://unit42.paloaltonetworks.com/?p=179576 Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser.

The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.

]]> 13 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/AdobeStock_739390615-1-300x300.jpg 13 Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.Malware, Threat Research, AI browser, browser extension, GenAI, Infostealer, malware, Remote Access Trojan, search hijacker, spyware TGR-STA-1030: New Activity in Central and South America https://unit42.paloaltonetworks.com/new-activity-central-south-america/ Fri, 24 Apr 2026 20:30:19 +0000 https://unit42.paloaltonetworks.com/?p=179467 Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America.

The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.

]]> 1 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/01_Nation-State-cyberattacks_1505x922-300x300.jpg 1 Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.General, Insights, TGR-STA-1030 Frontier AI and the Future of Defense: Your Top Questions Answered https://unit42.paloaltonetworks.com/frontier-ai-top-questions-answered/ Thu, 23 Apr 2026 20:45:50 +0000 https://unit42.paloaltonetworks.com/?p=179376 What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking.

The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42.

]]> 4 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/03_Listicle_Overview_1920x900-300x300.jpg 4 What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42.What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42.General, Insights, GenAI, LLM, n-day, open source Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System https://unit42.paloaltonetworks.com/autonomous-ai-cloud-attacks/ Thu, 23 Apr 2026 10:00:31 +0000 https://unit42.paloaltonetworks.com/?p=178504 Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security.

The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.

]]> 12 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/12_Cloud_cybersecurity_research_Overview_1920x900-300x300.jpg 12 Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security. The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security. The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.Cloud Cybersecurity Research, Threat Research, AI, Cloud, data exfiltration, GCP, Google Cloud, LLMs, multi-agent, penetration testing When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks https://unit42.paloaltonetworks.com/air-snitch-enterprise-wireless-attacks/ Wed, 22 Apr 2026 10:00:22 +0000 https://unit42.paloaltonetworks.com/?p=178804 Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabilities.

The post When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks appeared first on Unit 42.

]]> 12 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/11_Security-Technology_Category_1505x922-300x300.jpg 12 Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabilities. The post When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks appeared first on Unit 42.Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabilities. The post When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks appeared first on Unit 42.Malware, Threat Research, AirSnitch, MitM, network security, port stealing, WiFi encryption, wireless, WPA2, WPA3 Fracturing Software Security With Frontier AI Models https://unit42.paloaltonetworks.com/ai-software-security-risks/ Mon, 20 Apr 2026 10:00:14 +0000 https://unit42.paloaltonetworks.com/?p=177819 Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching.

The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42.

]]> 6 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/06_General_Overview_1920x900-300x300.jpg 6 Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42.Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42.General, Insights, AI, attack path, data exfiltration, malware, n-day, Open Source Software, zero-day Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/ Fri, 17 Apr 2026 22:35:07 +0000 https://unit42.paloaltonetworks.com/?p=174415 Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.

The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42.

]]> 14 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/03/12_Security-Technology_Category_1920x900-300x300.jpg 14 Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42.Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42.Hacktivism, High Profile Threats, Malware, Ransomware, APK, DDoS attacks, GenAI, hacktivism, Iran, phishing, Tarnished Scorpius, wiper A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/ Thu, 16 Apr 2026 22:00:13 +0000 https://unit42.paloaltonetworks.com/?p=177971 CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware.

The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42.

]]> 17 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/04_Vulnerabilities_1920x900-300x300.jpg 17 CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42.CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42.Threat Research, Vulnerabilities, botnet, Command injection, CVE-2023-33538, Mirai, WiFi routers Cracks in the Bedrock: Agent God Mode https://unit42.paloaltonetworks.com/exploit-of-aws-agentcore-iam-god-mode/ Wed, 08 Apr 2026 22:00:51 +0000 https://unit42.paloaltonetworks.com/?p=177420 Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks.

The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42.

]]> 8 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/03_Cloud_cybersecurity_research_Category_1505x922-300x300.jpg 8 Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42.Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42.Malware, Threat Research, agentcore, AI agents, AWS, bedrock, DNS tunneling, exfiltration, IAM, identity, killchain, privilege escalation, Sandbox Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-mode/ Tue, 07 Apr 2026 22:00:11 +0000 https://unit42.paloaltonetworks.com/?p=177263 Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure.

The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42.

]]> 13 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/05_Cloud_cybersecurity_research_Overview_1920x900-300x300.jpg 13 Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42.Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42.Malware, Threat Research, agentcore, agentcore runtime, AWS, DNS tunneling, GenAI, Sandbox Understanding Current Threats to Kubernetes Environments https://unit42.paloaltonetworks.com/modern-kubernetes-threats/ Mon, 06 Apr 2026 22:00:08 +0000 https://unit42.paloaltonetworks.com/?p=177112 Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments.

The post Understanding Current Threats to Kubernetes Environments appeared first on Unit 42.

]]> 20 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/03_Malware_Category_1920x900-3-300x300.jpg 20 Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments. The post Understanding Current Threats to Kubernetes Environments appeared first on Unit 42.Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments. The post Understanding Current Threats to Kubernetes Environments appeared first on Unit 42.Malware, Threat Research, audit logs, Cloud, Containers, Kubernetes, PowerShell, queries, react server, react2shell When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications https://unit42.paloaltonetworks.com/amazon-bedrock-multiagent-applications/ Fri, 03 Apr 2026 22:00:38 +0000 https://unit42.paloaltonetworks.com/?p=176805 Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications.

The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on Unit 42.

]]> 15 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/AdobeStock_260323351-2-300x300.jpg 15 Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on Unit 42.Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on Unit 42.Malware, Threat Research, AI, Amazon, bedrock, guardrails, LLM, multi-agent, payload, prompt injection Threat Brief: Widespread Impact of the Axios Supply Chain Attack https://unit42.paloaltonetworks.com/axios-supply-chain-attack/ Wed, 01 Apr 2026 18:30:10 +0000 https://unit42.paloaltonetworks.com/?p=176776 Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup.

The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42.

]]> 9 https://unit42.paloaltonetworks.com/wp-content/uploads/2026/04/02_Security-Technology_Category_1920x900-300x300.jpg 9 Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42.Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42.High Profile Threats, Malware, API attacks, JavaScript, PowerShell, supply chain, Trojan, VBScript