logo

Palo Alto Networks Unit 42

ID: c8d50a5a-c805-599d-99ad-5b5f5e92b089

STIX ID: identity--c8d50a5a-c805-599d-99ad-5b5f5e92b089

Feed Type: rss

Earliest post: 2024-03-15

Latest post: 2026-07-10

Deep-dive threat research, malware analysis, and intelligence from Palo Alto Networks’ elite Unit 42 team.

01/01/2020
07/14/2026
Title Date Published Describes IncidentAuthorVisible
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector2026-07-01TrueKeerthiraj Nagaraj, Diva-Oriane Marty, Beliz Kaleli and Oleksii StarovTrue
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure2026-06-25TrueUnit 42True
OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat2026-06-23TrueShresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher and Oleksii StarovTrue
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration2026-06-22TrueYahav FestingerTrue
Threat Brief: Mitigating Large-Scale Credential Attacks2026-06-20TrueAndy PiazzaTrue
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE2026-06-16TrueOri HadadTrue
Inside the Modern SOC: The 72-Minute Race2026-06-15TrueSharon MaydarTrue
Trust No Skill: Integrity Verification for AI Agent Supply Chains2026-06-11TrueYuhao Wu, Tony Li and Hongliang LiuTrue
Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility2026-06-09TrueYahav FestingerTrue
When “Hi, This Is IT” Comes Through Microsoft Teams2026-06-08TrueBill BatchelorTrue
Threat Brief: Active Exploitation of PAN-OS CVE-2026-02572026-06-05TrueAndy Piazza and Unit 42True
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor2026-06-02TrueIdo Asher, Noa Dekel and Tom FaktermanTrue
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface2026-05-28TrueJustin MooreTrue
Out of the Crypt: The Evolving Cyber Extortion Economy2026-05-27TrueMatt Brady and Justin MooreTrue
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns2026-05-22TrueUnit 42True
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud2026-05-22TrueBill Batchelor and Eyal RafianTrue
Tracking TamperedChef Clusters via Certificate and Code Reuse2026-05-20TrueJoseph GanterTrue
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files2026-05-15TruePranay Kumar Chhaparwal and Mark LimTrue
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools2026-05-11TrueStav Setty, Tom Fakterman and Shachar RoitmanTrue
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution2026-05-07TrueJustin Moore and Unit 42True
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years2026-05-05TrueJustin MooreTrue
Essential Data Sources for Detection Beyond the Endpoint2026-05-01TrueCorey Berman and Matt GayfordTrue
That AI Extension Helping You Write Emails? It’s Reading Them First2026-04-30TrueShresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher, Oleksii Starov, Qinge Xie and Fang LiuTrue
The npm Threat Landscape: Attack Surface and Mitigations2026-04-24TrueUnit 42True
TGR-STA-1030: New Activity in Central and South America2026-04-24TrueUnit 42True
Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System2026-04-23TrueYahav Festinger and Chen DoytshmanTrue
When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks2026-04-22TrueEmmanuel Zhou, Adam Robbie, Rick Wyble, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy and Mathy VanhoefTrue
Fracturing Software Security With Frontier AI Models2026-04-20TrueAndy PiazzaTrue
A Deep Dive Into Attempted Exploitation of CVE-2023-335382026-04-16TrueAsher Davila, Malav Vyas and Chris NavarreteTrue
Cracks in the Bedrock: Agent God Mode2026-04-08TrueOri HadadTrue
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox2026-04-07TrueOri HadadTrue
Understanding Current Threats to Kubernetes Environments2026-04-06TrueEyal Rafian and Bill BatchelorTrue
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications2026-04-03TrueJay Chen and Royce LuTrue
Threat Brief: Widespread Impact of the Axios Supply Chain Attack2026-04-01TrueUnit 42True
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure2026-03-31TrueUnit 42True
Double Agents: Exposing Security Blind Spots in GCP Vertex AI2026-03-31TrueOfir ShatyTrue
Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government2026-03-26TrueDoel Santos and Hiroaki HaraTrue
Threat Brief: Recruiting Scheme Impersonating Palo Alto Networks Talent Acquisition Team2026-03-24TrueJustin MooreTrue
Google Authenticator: The Hidden Mechanisms of Passwordless Authentication2026-03-23TrueArie OlshteinTrue
Who’s Really Shopping? Retail Fraud in the Age of Agentic AI2026-03-20TrueMatt Brady and Christa McHughTrue
Analyzing the Current State of AI Use in Malware2026-03-19TrueUnit 42True
Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models2026-03-17TrueYu Fu, May Wang, Royce Lu and Shengming XuTrue
Boggy Serpens Threat Assessment2026-03-16TrueUnit 42True
Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization2026-03-16TrueJustin MooreTrue
Insights: Increased Risk of Wiper Attacks2026-03-12TrueAndy Piazza, Eric Goldstrom and Steve ElovitzTrue
Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia2026-03-12TrueLior Rochberger and Yoav ZemahTrue
Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls2026-03-10TrueTony Li, Hongliang Liu and Yuhao WuTrue
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors2026-03-06TrueTom FaktermanTrue
Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild2026-03-03TrueBeliz Kaleli, Shehroze Farooqi, Oleksii Starov and Nabeel MohamedTrue
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran2026-03-03TrueUnit 42True

1–50 of 214