Unit 42

Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns

Unit 42 — Fri, 22 May 2026 13:00:42 +0000

Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns.

The post Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns appeared first on Unit 42.

Paved With Intent: ROADtools and Nation-State Tactics in the Cloud

Bill Batchelor and Eyal Rafian — Fri, 22 May 2026 10:00:24 +0000

Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use.

The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first on Unit 42.

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)

Unit 42 — Thu, 21 May 2026 15:30:33 +0000

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.

The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21) appeared first on Unit 42.

Tracking TamperedChef Clusters via Certificate and Code Reuse

Joseph Ganter — Wed, 20 May 2026 10:00:46 +0000

Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets.

The post Tracking TamperedChef Clusters via Certificate and Code Reuse appeared first on Unit 42.

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pranay Kumar Chhaparwal and Mark Lim — Fri, 15 May 2026 10:00:52 +0000

Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data.

The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42.

Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

Stav Setty, Tom Fakterman and Shachar Roitman — Mon, 11 May 2026 22:00:43 +0000

Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders.

The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools appeared first on Unit 42.

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

Justin Moore and Unit 42 — Thu, 07 May 2026 00:00:53 +0000

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details.

The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42.

Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years

Justin Moore — Tue, 05 May 2026 23:00:33 +0000

Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis.

The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42.

Essential Data Sources for Detection Beyond the Endpoint

Corey Berman and Matt Gayford — Fri, 01 May 2026 23:00:13 +0000

Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here.

The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.

That AI Extension Helping You Write Emails? It’s Reading Them First

Thu, 30 Apr 2026 22:00:57 +0000

Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser.

The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.

TGR-STA-1030: New Activity in Central and South America

Unit 42 — Fri, 24 Apr 2026 20:30:19 +0000

Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America.

The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.

Frontier AI and the Future of Defense: Your Top Questions Answered

Sam Rubin — Thu, 23 Apr 2026 20:45:50 +0000

What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking.

The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42.

Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System

Yahav Festinger and Chen Doytshman — Thu, 23 Apr 2026 10:00:31 +0000

Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security.

The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.

When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks

Wed, 22 Apr 2026 10:00:22 +0000

Unit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabilities.

The post When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks appeared first on Unit 42.

Fracturing Software Security With Frontier AI Models

Andy Piazza — Mon, 20 Apr 2026 10:00:14 +0000

Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching.

The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42.