Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details.

The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42.

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.

The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.

Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America.

The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.

Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup.

The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42.

TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group.

The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure appeared first on Unit 42.

Unit 42 research explores how AI is currently used in malware, from superficial integrations to advanced decision-making, and its future impact.

The post Analyzing the Current State of AI Use in Malware appeared first on Unit 42.

Iranian threat group Boggy Serpens' cyberespionage evolves with AI-enhanced malware and refined social engineering. Unit 42 details their persistent targeting.

The post Boggy Serpens Threat Assessment appeared first on Unit 42.

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.

The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42.

In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155.

The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42.

Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.

The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit 42.

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.

The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.