Latest Blogs

POPULAR BLOGS

Popular Topics

SOC
Cortex XDR
Code to Cloud
Runtime Protection
Real-time cloud security
Cortex Cloud

Unit 42 Threat Research

company article
High Profile Threats Vulnerabilities

Threat Brief: Nation-State Actor Steals F5 Source Code and Undisc...

A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others....
October 16, 2025
By  Unit 42
company article
Malware Threat Research

PhantomVAI Loader Delivers a Range of Infostealers

PhantomVAI is a new loader used to deploy multiple infostealers. We discuss its overall evolution and use of steganography and obfuscated scripts....
October 15, 2025
By  Tom Fakterman
company article
General Insights

Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment...

BlackSuit ransomware delivered by APT Ignoble Scorpius started with a vishing attack. Read how Unit 42 helped and the ultimate outcome....
October 14, 2025
By  Preston Miller
company article
Hospitality Hacks and Retail Reality Checks Insights Threat Actor Groups

The Golden Scale: Bling Libra and the Evolving Extortion Economy

Scattered Lapsus$ Hunters: Organizations, be aware of the effort of this cybercriminal alliance as they target retail and hospitality for extortion....
October 10, 2025
By  Matt Brady
company article
Malware Threat Research

When AI Remembers Too Much – Persistent Behaviors in Agents’ Memo...

Indirect prompt injection can poison long-term AI agent memory, allowing injected instructions to persist and potentially exfiltrate conversation history....
October 9, 2025
By  Jay Chen , Royce Lu
company article
Business Email Compromise Threat Research

The ClickFix Factory: First Exposure of IUAM ClickFix Generator

Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals....
October 8, 2025
By  Amer Elsad
company article
Cloud Cybersecurity Research General Insights

Responding to Cloud Incidents: A Step-by-Step Guide From the 2025...

Cloud breaches are rising. This step-by-step guide from Unit 42 shows how to investigate, contain and recover from cloud-based attacks....
October 7, 2025
By  Margaret Kelley
company article
Threat Research Vulnerabilities

TOTOLINK X6000R: Three New Vulnerabilities Uncovered

Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact....
October 1, 2025
By  Zhibin Zhang
See all Unit 42 threat research

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Get the latest news, invites to events, and threat alerts