Unit 42 Archives • Information Security News

The Silent Symphony: Three Chinese Cyber Syndicates Infiltrate a Single Sovereign Agency An overview of EggStreme Loader’s execution flow

The Silent Symphony: Three Chinese Cyber Syndicates Infiltrate a Single Sovereign Agency

ddos March 31, 2026

A multitude of cybercriminal syndicates concurrently infiltrated the network of a Southeast Asian sovereign agency, operating in...

The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign

ddos March 25, 2026

Occasionally, a malicious campaign is betrayed not by labyrinthine code, but by a minuscule detail. Within the...

The Illusion of Sapience: Unmasking the “Performative” AI and the Rise of Agentic Malware

ddos March 23, 2026

Malefactors are already endeavoring to weave artificial intelligence into the fabric of malicious software, yet the current...

Digital Decapitation? Israel Targets the IRGC’s “Central Nervous System” in Tehran Kinetic Strike Radio Nordseewelle Attack Municipal cyberattack JLR Cyberattack German economy cyberattacks AI misuse Chinese APT GMX Hack Iran Cyber Threat, US Cyberattack Warning Pegasus spyware Jordan

Radio Nordseewelle Attack Municipal cyberattack JLR Cyberattack German economy cyberattacks AI misuse Chinese APT GMX Hack Iran Cyber Threat, US Cyberattack Warning Pegasus spyware Jordan

Digital Decapitation? Israel Targets the IRGC’s “Central Nervous System” in Tehran Kinetic Strike

ddos March 7, 2026

Israel has heralded a formidable strike upon facilities situated within Tehran, which the Israeli military asserts were...

Digital Conflagration: How “Operation Epic Fury” Triggered a Global Hacktivist Surge Against Israel and its Allies North Korea IT Worker Fraud Checkout.com ShinyHunters JLR Cyberattack GDP AI Cybercrime 2026 NuGet Sabotage Code CBO Cyberattack ZeroAccess Botnet Nuclear security Aisuru DDoS Record JLR Production Halt Zero-Day Exploitation Co-op Cyberattack RaidForums Extradition Vastaamo hacking Kaspersky report North Korean hackers Saint Paul Cyberattack NHS Cyberattack Russian APT Cloudflare Breached

North Korea IT Worker Fraud Checkout.com ShinyHunters JLR Cyberattack GDP AI Cybercrime 2026 NuGet Sabotage Code CBO Cyberattack ZeroAccess Botnet Nuclear security Aisuru DDoS Record JLR Production Halt Zero-Day Exploitation Co-op Cyberattack RaidForums Extradition Vastaamo hacking Kaspersky report North Korean hackers Saint Paul Cyberattack NHS Cyberattack Russian APT Cloudflare Breached

Digital Conflagration: How “Operation Epic Fury” Triggered a Global Hacktivist Surge Against Israel and its Allies

ddos March 5, 2026

The joint military offensive mounted by the United States and Israel against Iran has precipitously inflamed hostilities...

Edge Fatigue: How Two 9.8 Zero-Days are Dismantling Ivanti’s Mobile Management Fleet CVE-2024-29827

Edge Fatigue: How Two 9.8 Zero-Days are Dismantling Ivanti’s Mobile Management Fleet

ddos February 23, 2026

Two nascent zero-day vulnerabilities within the Ivanti mobile device management ecosystem are currently being exploited in live...

The Attribution Dilemma: Inside Palo Alto Networks’ “Shadow Operations” Report and the Unnamed Giant

ddos February 16, 2026

Palo Alto Networks has conspicuously tempered the rhetoric within its latest dossier regarding an extensive cyber-espionage campaign,...

The Discord Hijacker: VVS Stealer Uses PyArmor to Evade EDR VVS

The Discord Hijacker: VVS Stealer Uses PyArmor to Evade EDR

ddos January 7, 2026

A detailed technical analysis of the malware known as VVS Stealer, also referred to as VVS $tealer,...

Level Up: RansomHouse Deploys the “Mario” Encryptor to Crush ESXi Hypervisors ransom-notes

Level Up: RansomHouse Deploys the “Mario” Encryptor to Crush ESXi Hypervisors

ddos December 23, 2025

The group behind one of the most notorious ransomware distribution services, RansomHouse, has significantly strengthened the technical...

Ashen Lepus (WIRTE) Targets Middle East Governments with Stealthy AshTag Malware Toolkit Typus Finance Scattered LapSus Hunters APT-C-08 Social engineering North Korea Muddled Libra cyber-espionage WormGPT Volt Typhoon group Kimsuky

Typus Finance Scattered LapSus Hunters APT-C-08 Social engineering North Korea Muddled Libra cyber-espionage WormGPT Volt Typhoon group Kimsuky

Ashen Lepus (WIRTE) Targets Middle East Governments with Stealthy AshTag Malware Toolkit

ddos December 16, 2025

The Unit 42 team at Palo Alto Networks has documented a prolonged and low-visibility campaign targeting government...

Rust Ransomware: New 01flip Strain Targets Critical Infrastructure in Asia-Pacific Post of the alleged data leak on a dark web forum

Rust Ransomware: New 01flip Strain Targets Critical Infrastructure in Asia-Pacific

ddos December 15, 2025

A new ransomware strain known as 01flip, written in Rust, has begun appearing with increasing frequency in...

Invisible Hijack: New Agent Session Smuggling Attack Forces AI to Buy Stock Silently Agent Session Smuggling, Multi-Agent Security

Invisible Hijack: New Agent Session Smuggling Attack Forces AI to Buy Stock Silently

ddos November 4, 2025

Experts from Palo Alto Networks Unit 42 have described a new attack vector targeting multi-agent systems, known...

Global Espionage: China-Linked Storm-1849 Targets U.S. & European Cisco ASA Networks Cisco ASA Attack ToolShell Chinese cyber-espionage, Salt Typhoon

Cisco ASA Attack ToolShell Chinese cyber-espionage, Salt Typhoon

Global Espionage: China-Linked Storm-1849 Targets U.S. & European Cisco ASA Networks

ddos November 4, 2025

The Chinese hacking group Storm-1849 continues its aggressive campaign against Cisco ASA devices used by government agencies...

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

ddos October 2, 2025

A newly identified cyber-espionage group, Phantom Taurus, linked to China, has spent the past two and a...

Unit 42

The Silent Symphony: Three Chinese Cyber Syndicates Infiltrate a Single Sovereign Agency

The Bot Numerology: How “stager_51_bot” Unmasked MuddyWater’s Global LampoRAT Campaign

The Illusion of Sapience: Unmasking the “Performative” AI and the Rise of Agentic Malware

Digital Decapitation? Israel Targets the IRGC’s “Central Nervous System” in Tehran Kinetic Strike

Digital Conflagration: How “Operation Epic Fury” Triggered a Global Hacktivist Surge Against Israel and its Allies

Edge Fatigue: How Two 9.8 Zero-Days are Dismantling Ivanti’s Mobile Management Fleet

The Attribution Dilemma: Inside Palo Alto Networks’ “Shadow Operations” Report and the Unnamed Giant

The Discord Hijacker: VVS Stealer Uses PyArmor to Evade EDR

Level Up: RansomHouse Deploys the “Mario” Encryptor to Crush ESXi Hypervisors

Ashen Lepus (WIRTE) Targets Middle East Governments with Stealthy AshTag Malware Toolkit

Rust Ransomware: New 01flip Strain Targets Critical Infrastructure in Asia-Pacific

Invisible Hijack: New Agent Session Smuggling Attack Forces AI to Buy Stock Silently

Global Espionage: China-Linked Storm-1849 Targets U.S. & European Cisco ASA Networks

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

You may have missed

The War for Your Documents: Why The Document Foundation is Challenging Microsoft’s OOXML Monopoly

Urgent Patch: Microsoft Defender Update Fixes Critical SYSTEM-Level Privilege Escalation Flaw

The Pre-Boot Breach: Microsoft Releases Critical Emergency Script to Defend Against “YellowKey” BitLocker Bypass

The Reddit Clone: Meta Secretly Launches “Forum” App to Unbundle Facebook Groups