4+ day, 12+ hour ago  (373+ words) The threat actors are leveraging a multi-stage process to gain persistent, high-privilege access: Unit 42 observed an initial access broker (IAB) on the Russian-language cybercrime forum Exploit[.]in claiming responsibility for this campaign, referencing a CVE (no further information), and offering…...

1+ week, 1+ day ago  (865+ words) The root enabler of this attack is a predictable default bucket name, combined with a missing ownership check in the SDK's staging logic. When a Vertex AI user uploads a model without specifying a custom staging bucket, the SDK constructs…...

1+ week, 1+ day ago  (480+ words) This marks the beginning of our series, Inside the Modern SOC: Trends and Insights from Unit 42 Managed Services. This series draws directly from Unit 42 customer environments, security operations center (SOC) assessments, threat hunting engagements and frontline investigation experience to highlight…...

1+ week, 5+ day ago  (388+ words) Forensic examiners are constantly hunting for data that reveals not just what happened on a system, but the user's intent behind it. With the release of mac OS Tahoe 26, a new artifact has surfaced that provides exactly this level of…...

1+ week, 6+ day ago  (1216+ words) AI agents now extend their capabilities by installing third-party skills the way smartphones install apps. Anyone can publish a skill to a public registry. Anyone can install one into a production agent. And until now, no automated tool has verified…...

2+ week, 1+ day ago  (1175+ words) Services such as Amazon Web Services (AWS) Cloud Trail and Google Cloud are powerful for defenders, and prime targets for attackers seeking to remain undetected by disrupting the flow of logs. Attack techniques against cloud logging services primarily fall into…...

2+ week, 2+ day ago  (251+ words) It's Friday afternoon. The week has been busy, and everyone is wrapping up before the weekend. One of your workers receives a message (Figure 1) through Microsoft Teams from what appears to be the IT Service Provider. This scenario shows how…...

2+ week, 5+ day ago  (430+ words) Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Highlights…...

3+ week, 1+ day ago  (1592+ words) Operation Flutter Bridge targets a global audience through an extensive Google Ads campaign, with an emphasis on Anglophone and Western European markets, distributed via hundreds of Google-verified advertisements. Our research indicates that the attackers behind this cluster distributed the ads…...

3+ week, 6+ day ago  (1086+ words) Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Highlights…...