Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

Unit 42

20 articles

Unit 42 Campaigns 2d ago

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation

A cybercrime campaign combined a loader-as-a-service framework and DLL sideloading via a Go-compiled fake MpClient.dll, a novel evasion layer combination.

Unit 42 →

Unit 42 General Microsoft Jul 2

How We Added WebAuthn to a Browser-Based RDP Client

A look inside the reverse-engineering journey of building the first RDP client outside of Windows to support WebAuthn redirection. The post How We Added WebA...

Unit 42 →

Unit 42 Vulnerability Disclosure Jul 1

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more.

T1195

Unit 42 →

Unit 42 Malware Jun 25

CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure

Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor...

Unit 42 →

Unit 42 Supply Chain Jun 23

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

Unit 42's analysis of ClawHub revealed evasive malicious skills bypassing automated scanners to deploy infostealers and execute agentic financial fraud. The ...

Unit 42 →

Unit 42 Vulnerability Disclosure Jun 22

The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration

Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post Th...

T1041

Unit 42 →

Unit 42 General Jun 20

Threat Brief: Mitigating Large-Scale Credential Attacks

We provide guidance for preparing for mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post T...

Unit 42 →

Unit 42 Vulnerability Disclosure Jun 16

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more.

T1190

Unit 42 →

Unit 42 General Jun 15

Inside the Modern SOC: The 72-Minute Race

Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunt...

T1041

Unit 42 →

Unit 42 General Apple Jun 12

Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered

Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here.

Unit 42 →

Unit 42 Supply Chain Jun 11

Trust No Skill: Integrity Verification for AI Agent Supply Chains

Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust ...

Unit 42 →

Unit 42 General Apple Jun 9

Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility

Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion.

Unit 42 →

Unit 42 General Microsoft Jun 8

When “Hi, This Is IT” Comes Through Microsoft Teams

Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security.

Unit 42 →

Unit 42 CVE Palo Alto Networks Jun 5

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 ...

1 IOC

Unit 42 →

Unit 42 Campaigns Apple Jun 2

Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor

Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework.

T1189

Unit 42 →

Unit 42 Ransomware May 28

2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface

The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here.

Unit 42 →

Unit 42 General May 27

Out of the Crypt: The Evolving Cyber Extortion Economy

Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The...

T1041

Unit 42 →

Unit 42 Campaigns May 22

Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns

Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tr...

Unit 42 →

Unit 42 TTPs May 22

Paved With Intent: ROADtools and Nation-State Tactics in the Cloud

Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use.

Unit 42 →

Unit 42 Malware May 20

Tracking TamperedChef Clusters via Certificate and Code Reuse

Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Track...

T1189

Unit 42 →

1 2 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA