Live

Intelligence Feed

Latest threat intelligence articles from trusted security sources, auto-processed to extract entities, IoCs, and TTPs.

Filtered by source: unit42 Clear filter
Trust No Skill: Integrity Verification for AI Agent Supply Chains

3w ago · unit42

AI agents are increasingly extended with third-party skills from public registries, creating supply chain risks due to insufficient behavioral verification. A new audit method called Behavioral Integrity Verification (BIV) reveals that 80% of skills exhibit behavioral deviations from their declared capabilities, with 18.9% showing adversarial intent. These malicious skills often form multi-stage attack chains enabling credential exfiltration, remote code execution, or silent data theft, highlighting the need for pre-installation integrity checks in AI agent ecosystems.

Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered

3w ago · unit42

A new forensic artifact, App.MenuItem, has been discovered in macOS Tahoe 26, which logs user menu interactions such as 'Compress' and 'Move to Trash' to provide insight into user intent. This artifact is stored in a SEGB-encapsulated protobuf format within the Apple Biome system and requires specialized tools like ccl-segb for parsing. The data enables investigators to reconstruct user workflows, such as data compression and deletion, enhancing visibility into potential data exfiltration or malicious activity.

Inside the Modern SOC: The 72-Minute Race

2w ago · unit42

The article highlights the increasing speed of cyberattacks, with adversaries achieving data exfiltration in as little as 72 minutes. Attackers leverage compromised credentials and identity-based techniques to rapidly escalate privileges and move laterally across environments. Modern SOCs struggle to keep pace due to manual processes and fragmented workflows. Threat actors like Muddled Libra and Spoiled Scorpius are exemplifying this trend by exploiting identity weaknesses to accelerate attack timelines.

2 Actors
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

2w ago · unit42

A vulnerability in the Google Cloud Vertex AI Python SDK versions 1.139.0 and 1.140.0 allowed attackers to hijack model uploads via bucket squatting, leading to cross-tenant remote code execution (RCE). By predicting and preemptively creating a default staging bucket, an attacker could intercept and replace legitimate model artifacts with malicious payloads exploiting pickle deserialization. The victim's model deployment would then execute the attacker's code, enabling credential theft and lateral movement within Google Cloud environments.

3 IoCs
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration

1w ago · unit42

A universal bucket hijacking technique has been identified that exploits the global uniqueness of cloud storage bucket names across major cloud providers including Google Cloud, AWS, and Microsoft Azure. Attackers with permissions to delete a storage bucket can recreate it under their control, redirecting data streams such as logs, Pub/Sub messages, and storage transfers to their own environment, leading to silent data exfiltration. While no active exploitation has been observed, the architectural flaw enables long-term, undetectable compromise of sensitive data if proper IAM controls and monitoring are not in place.

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

1w ago · unit42

OpenClaw's skill marketplace, ClawHub, has become a vector for AI supply chain attacks involving malicious skills that distribute infostealers, evade detection through file padding, and enable financial fraud via affiliate injection and front-running schemes. Multiple malicious skills were discovered between February and May 2026, leveraging paste-site redirects, C2 infrastructure, and dynamic payload delivery. These threats bypassed automated screening tools like VirusTotal and ClawScan, highlighting weaknesses in current detection mechanisms. Palo Alto Networks has collaborated with ClawHub and NVIDIA to improve skill verification and protect customers through advanced security services.

15 IoCs 1 Malware
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure

1w ago · unit42

CL-STA-1062, a Chinese-speaking threat actor group active since at least March 2022, has been targeting government entities and critical infrastructure in Southeast Asia. The group, also tracked as UAT-7237, uses a hybrid toolkit combining open-source tools like SoftEther VPN, Mimikatz, and VNT with a custom backdoor named TinyRCT. This backdoor enables command execution, file exfiltration, screen capture, and self-destruction, and is deployed via AppDomainManager injection through a maliciously crafted archive. The campaign demonstrates a sustained regional focus, with attacks spanning from Taiwan to Southeast Asia, particularly targeting energy and government sectors.

13 IoCs 1 Actors 2 Malware
Threat Brief: Mitigating Large-Scale Credential Attacks

1w ago · unit42

Unit 42 has identified a large-scale password spraying and credential theft campaign dubbed 'FortiBleed' targeting Fortinet, Sophos, and MSSQL services. The threat actors use a curated password list derived from prior breaches and previously compromised credentials to conduct password spraying attacks, extract device configurations, and perform offline password cracking. An initial access broker has claimed responsibility on the Exploit[.]in forum, offering stolen credentials for sale. Palo Alto Networks recommends hardening remote access controls, enabling MFA, and monitoring for suspicious login patterns.

1 IoCs
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

4d ago · unit42

Unit 42 researchers identified a new threat called 'phantom squatting,' where adversaries register AI-hallucinated domains to exploit software supply chains. Large language models (LLMs) frequently generate fictitious domains for legitimate brands, and attackers preemptively register these domains to intercept traffic from AI systems and users. A real-world case involved the 'Montana Empire' phishing kit, which targeted a hallucinated domain 23 days before its registration, demonstrating AI-assisted attack development. The research uncovered 13,229 malicious URLs and approximately 250,000 unregistered hallucinated domains, highlighting a growing risk to AI-driven workflows and developer tooling.

4 IoCs
How We Added WebAuthn to a Browser-Based RDP Client

2d ago · unit42

This article details a research effort to implement WebAuthn redirection in a browser-based RDP client, reverse-engineering Microsoft's undocumented internal handling of WebAuthn in Windows. The research uncovered that Microsoft's mstsc.exe uses an undocumented internal plugin path in webauthn.dll to process hash-only WebAuthn requests from older Windows servers, while public APIs require full clientDataJSON. The work enabled the first non-Windows implementation of WebAuthn redirection in an RDP client, predating FreeRDP's support. The findings highlight critical gaps in Microsoft's documentation and the complexity of cross-platform WebAuthn implementation in RDP environments.