Unit 42 Archives • Daily CyberSecurity

Operation FlutterBridge Malware Targets macOS Platforms with Backdoor Capabilities

Operation FlutterBridge malware WebView-based architecture

Operation FlutterBridge Malware Targets macOS Platforms with Backdoor Capabilities

Do Son June 8, 2026

Widespread Adware Campaign Evolves into Dangerous Shell Threat Security teams are tracking an increasingly widespread threat targeting...

New Screening Serpens Cyberattacks Target Global Technology Professionals

Do Son May 27, 2026

Security researchers have discovered an aggressive cyber espionage campaign targeting multiple nations. Specifically, Unit 42 recently exposed...

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Do Son May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

State-Sponsored Actors Weaponize Critical PAN-OS Zero-Day for Root PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

State-Sponsored Actors Weaponize Critical PAN-OS Zero-Day for Root

Do Son May 7, 2026

Palo Alto Networks has released a high-priority security advisory and a detailed intelligence report following the discovery...

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI Vertex AI Security AI Double Agents

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI

Do Son April 6, 2026

As organizations race to integrate autonomous systems into their workflows, a new and subtle threat is emerging...

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia UNC5221 HAFNIUM Extradition PRC State Espionage

UNC5221 HAFNIUM Extradition PRC State Espionage

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia

Do Son April 2, 2026

A recent investigation by Unit 42 researchers has exposed a massive, persistent cyberespionage campaign targeting a high-value...

Hijacked Accounts and AI Code: The Deadly New Playbook of Iranian APT ‘Boggy Serpens’ Boggy Serpens Iranian APT

Hijacked Accounts and AI Code: The Deadly New Playbook of Iranian APT ‘Boggy Serpens’

Do Son March 20, 2026

A new assessment from Unit 42 reveals a significant maturation in the tactics of Boggy Serpens, an...

Unit 42 Unmasks CL-STA-1087’s Years-Long Cyber Espionage Against Asian Militaries UNC5221 HAFNIUM Extradition PRC State Espionage

Unit 42 Unmasks CL-STA-1087’s Years-Long Cyber Espionage Against Asian Militaries

Do Son March 13, 2026

Security researchers at Unit 42 have pulled back the curtain on a sophisticated espionage cluster they’ve dubbed...

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure CL-UNK-1068 Chinese APT

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure

Do Son March 11, 2026

Since 2020, a sophisticated cluster of activity has been quietly infiltrating high-value organizations across South, Southeast, and...

From Theory to Threat: Hackers Are Now Weaponizing Web Pages to Brainwash AI Agents axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

From Theory to Threat: Hackers Are Now Weaponizing Web Pages to Brainwash AI Agents

Do Son March 9, 2026

For years, the security community has debated the theoretical risks of “tricking” Artificial Intelligence through its input...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Cyber Escalation: Multi-Vector Attacks Surge Following “Operation Epic Fury”

Do Son March 3, 2026

In the wake of the massive joint offensive launched by the United States and Israel on February...

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors

Do Son February 23, 2026

A critical security flaw in a widely used enterprise access platform is under active attack, prompting urgent...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Dormant” Backdoors: Ivanti EPMM Zero-Days Exploited to Plant Long-Term Spies

Do Son February 18, 2026

Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are currently being exploited in a widespread...

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed Muddled Libra Rogue VM

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed

Do Son February 13, 2026

A new investigation by Unit 42 has pulled back the curtain on the operations of Muddled Libra,...

“JackMa” & ShadowGuard: TGR-STA-1030 Spies on 37 Nations via Linux Rootkit TGR-STA-1030 Espionage ShadowGuard Rootkit

“JackMa” & ShadowGuard: TGR-STA-1030 Spies on 37 Nations via Linux Rootkit

Do Son February 9, 2026

A massive, state-aligned cyber espionage campaign has quietly infiltrated government networks across 37 countries, targeting ministries of...

The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages GenAI Phishing Polymorphic Attacks

The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages

Do Son January 26, 2026

Security researchers at Palo Alto Networks Unit 42 have unveiled a concerning evolution in web-based attacks, demonstrating...

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts VVS Stealer, Pyarmor Obfuscation

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts

Do Son January 5, 2026

A new, highly sophisticated malware strain is making the rounds on the cybercrime underground, targeting the massive...

Mario’s Deadly Upgrade: RansomHouse Unveils Dual-Key Encryption to Defeat Backups and Recovery RansomHouse Mario Malware, Jolly Scorpius Encryption

RansomHouse Mario Malware, Jolly Scorpius Encryption

Mario’s Deadly Upgrade: RansomHouse Unveils Dual-Key Encryption to Defeat Backups and Recovery

Do Son December 19, 2025

Jolly Scorpius, the cybercriminal group behind the notorious RansomHouse operation, has rolled out a major overhaul of...

Silent, Fast, & Brutal: How WormGPT 4 and KawaiiGPT Democratize Cybercrime Malicious LLMs, WormGPT 4

Silent, Fast, & Brutal: How WormGPT 4 and KawaiiGPT Democratize Cybercrime

Do Son November 26, 2025

The cybersecurity landscape is facing a pivotal shift as the very tools designed to revolutionize productivity are...

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation Gh0st RAT, Chinese Campaign Typosquat

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

Do Son November 18, 2025

Researchers at Palo Alto Networks Unit 42 have uncovered two expansive and interconnected malware campaigns active throughout...

Critical Alert 1 Active Exploit Detected Today