Latest Blogs

POPULAR BLOGS

Popular Topics

SOC
Cortex XDR
Code to Cloud
Runtime Protection
Real-time cloud security
Cortex Cloud

Unit 42 Threat Research

company article
Threat Research Vulnerabilities

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain T...

Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files....
November 7, 2025
By  Unit 42
company article
Insights Opinions

Know Ourselves Before Knowing Our Enemies: Threat Intelligence at...

Effective cyber defense starts with knowing your own network. Unit 42 explains why asset management is the foundation of threat intelligence....
November 4, 2025
By  Bradley Duncan
company article
High Profile Threats Vulnerabilities

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Ex...

CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft’s WSUS. Our observations from cases show a consistent methodology....
November 3, 2025
By  Unit 42
company article
Threat Research Vulnerabilities

When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Sy...

Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples....
October 31, 2025
By  Jay Chen , Royce Lu
company article
Malware Threat Research

Suspected Nation-State Threat Actor Uses New Airstalk Malware in ...

A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API....
October 29, 2025
By  Kristopher Russo , Chema Garcia
company article
Insights Opinions

Bots, Bread and the Battle for the Web

Unit 42 explores the escalating threat of AI-powered malicious SEO and its impact on the credibility of the open web. Read more about how threat actors are expl...
October 28, 2025
By  Anna Chung
company article
Cloud Cybersecurity Research Threat Research

Cloud Discovery With AzureHound

Unit 42 discusses the misuse of pentesting tool AzureHound by threat actors for cloud discovery. Learn how to detect this activity through telemetry....
October 24, 2025
By  Margaret Kelley , Bill Batchelor , Eyal Rafian
company article
Malware Threat Research

The Smishing Deluge: China-Based Campaign Flooding Global Text Me...

Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale....
October 23, 2025
By  Reethika Ramesh , Zhanhao Chen , Daiping Liu , Chi-Wei Liu , Shehroze Farooqi , Moe Ghasemisharif
See all Unit 42 threat research

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Get the latest news, invites to events, and threat alerts