Unit 42

LinkedIn Search leads to #CastleLoader delivering #AsyncRAT. Attackers use Clickfix lures with fake verification popups to mask PowerShell activity. The loader decrypts the payload via RC4, using the first 64 bytes as a key to bypass filters. Details: bit.ly/4uOIqka

Active Directory Certificate Services is a high impact vector for privilege escalation. Adversaries misuse built-in features to impersonate accounts and establish persistence. Our research provides a deep dive into these methods. Read our analysis: bit.ly/3R9vLKn

We detected 7 dynamic runtime impersonating malicious Chrome extensions. A remote kill-switch targets #crypto users. They used deceptive practices including Unicode BIDI spoofing (Ledger, Braavos, etc), dual-identity, BSC drainer and fake Solana wallet: bit.ly/4dbw8wC

We observed a phishing campaign pivot to evade static analysis, shifting from credential theft to #OAuth device code phishing. Attackers replaced hardcoded URLs with runtime-fetched landing pages and generated images as blob URLs. Details at: bit.ly/4uCtzJQ

New threat brief: CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Unit 42 observed limited exploitation for unauthenticated RCE. Read our analysis for mitigation steps and Palo Alto Networks guidance: bit.ly/4uEte9A

Threat actors leverage LLMs to accelerate development of malicious browser extensions. These extensions masquerade as AI tools, exploiting privileges to steal sensitive data. Understand this evolving threat. Read our analysis: bit.ly/3P4J2TB

Copy Fail (CVE-2026-31431) is a critical privilege escalation in the Linux kernel's crypto subsystem. Attackers can stealthily write to page cache, bypassing integrity checks. This impacts Kubernetes, multi-tenant hosts and CI/CD. Details: bit.ly/4cTVWgs

New C2 infrastructure and lures detected associated with #Coruna and #DarkSword malware. Threat actors are using fake crypto reward scam web pages to deliver malicious URLs and RCE exploits to iOS users. Details at: bit.ly/4d8mOs7

Finger protocol LOLBin #ClickFix campaign that uses fake AI tools, background removers and LinkedIn lures and injects “finger <username> @ C2” with 12+ lure domains containing fake reCAPTCHA, 6 Finger usernames and 6 rotating C2 domains. Details at: bit.ly/3Rmc4Pl

Obfuscated #WebSocket backdoors are injecting credit card skimmers into hundreds of compromised websites. The payload sends stolen card information back to attacker's C2 domains. Details at: bit.ly/42HyNb3

New AirSnitch attack techniques target the Wi-Fi infrastructure itself. We show how attackers can intercept and inject packets, bypassing encryption. This fundamentally shifts assumptions of wireless security. Read our full analysis: bit.ly/3OP0X0s

#ClickFix style campaign operated eight bulk registered 588gj*[.]shop lure domains impersonating AI software “PureClaw.” Injected payload is staged with rotating final-stage payloads including a backdoor, AI-gateway implant and ransomware dropper. Details: bit.ly/499lGTJ

Autonomous AI is a force multiplier for cloud misconfiguration exploitation. Our multi-agent pen-testing PoC system, Zealot, empirically tests autonomous AI offensive capabilities and raises more questions about AI-driven attacks. Read the full article: bit.ly/3QyXMe1

We discovered phishing emails falsely warning recipients their mailbox storage limit was exceeded. Emails include shortened links that redirect to fake cloud storage pages, ultimately redirecting users to pages selling VPNs or antivirus software. Details: bit.ly/4tLKnhy

Shai-Hulud changed npm supply chain attacks. Adversaries now use wormable propagation, infrastructure persistence and multi-stage payloads. Coordinated campaigns weaponize dev tooling (Docker, GitHub, VS Code, npm). Read the full analysis for our insights. bit.ly/4cwtCk3

Our research reveals "Agent God Mode" in Amazon Bedrock AgentCore. Overly broad IAM permissions allow privilege escalation across AWS accounts. A compromised agent can access memories and extract sensitive data via a multi-stage attack. Read our analysis: bit.ly/4mssGAM

V2 of the #Kali365 PhaaS toolkit has emerged with dedicated OAuth and AI-based lure generation, seeing widespread abuse. This kit is distributed via Telegram and has features like a domain marketplace, Cloudflare worker hosting and keyword searching: bit.ly/3QupSXM

“How do I distinguish between marketing hype and real, AI-driven threats?” Sam Rubin, senior vice president of Unit 42, answers this and nine other questions regarding frontier AI in a new post on Insights. Read now: bit.ly/48j2keD

#SEOPoisoning seen delivering #LummaStealer via fake YubiKey pages. The attack chain utilizes DLL sideloading and PowerShell-based defense evasion to deploy a heavily obfuscated AutoIt loader, which ultimately injects Lumma Stealer directly into memory: bit.ly/4u5e8tp

Discover Unit 42’s learnings from getting hands-on with frontier AI models. We illustrate an AI-enabled attack path from recon and initial access to exfil and documentation. Learn what you should do right now to not be outpaced by AI-assisted adversaries: bit.ly/3Qx43Xu