Latest Blogs

POPULAR BLOGS

Popular Topics

SOC
Code to Cloud
Runtime Protection
Real-time cloud security
Cortex Cloud
Agentic AI

Unit 42 Threat Research

company article
Malware Threat Research

An Investigation Into Years of Undetected Operations Targeting Hi...

In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft....
March 6, 2026
By  Tom Fakterman
company article
Malware Threat Research

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed i...

Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud....
March 3, 2026
By  Beliz Kaleli , Shehroze Farooqi , Oleksii Starov , Nabeel Mohamed
company article
Hacktivism High Profile Threats Malware Ransomware

Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for...
March 2, 2026
By  Unit 42
company article
Malware Threat Research

Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensio...

A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw....
March 2, 2026
By  Gal Weizman
company article
General Insights

Bring the Fight to the Edge: Turning Time Into an Advantage in OT...

Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage....
February 24, 2026
By  Adam Robbie
company article
High Profile Threats Vulnerabilities

VShell and SparkRAT Observed in Exploitation of BeyondTrust Criti...

CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials....
February 19, 2026
By  Justin Moore
company article
High Profile Threats Vulnerabilities

Critical Vulnerabilities in Ivanti EPMM Exploited

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors....
February 17, 2026
By  Justin Moore
company article
Malware Threat Research

Phishing on the Edge of the Web and Mobile Using QR Codes

We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security....
February 13, 2026
By  Diva-Oriane Marty , Shehroze Farooqi , Alex Starov
See all Unit 42 threat research

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Get the latest news, invites to events, and threat alerts

Get the latest news, invites to events, and threat alerts