Unit 42

Entity category: organization

Artificial Intelligence

Chrome Gemini Flaw Lets Malicious Extensions Spy on You

March 4, 2026
Chrome logo with password field, security concept.

A high-severity vulnerability (CVE-2026-0628) in Google Chrome's Gemini AI allowed malicious extensions to hijack the AI panel and steal sensitive…

Read More »
Artificial Intelligence

One Stolen Password Can Breach Your Entire System

February 20, 2026
Global network attack visualization with radiating red lines and impact zones.

Identity has become the primary attack vector, with stolen credentials and phishing driving nearly 90% of breaches and enabling attackers…

Read More »
Artificial Intelligence

AI-Powered “Vibe Extortion” by Low-Skilled Hackers

February 18, 2026
AI interface with 'Generate' button and 'AI-powered ransomware' command prompt.

A new trend called "vibe extortion" sees low-skilled criminals using AI to script professional-seeming threats, effectively masking their lack of…

Read More »
Business

Beware: Fake Spam Filter Alerts Invading Inboxes

November 15, 2025
Man at computer looking at an email with a warning symbol.

A new phishing scam tricks users with fake alerts about spam filters blocking legitimate emails, urging them to click links…

Read More »
Cybersecurity

CISA Urges Immediate Patch for Samsung Spyware Zero-Day

November 11, 2025
CISA logo with eagle and city skyline on a dark, abstract background.

A critical vulnerability (CVE-2025-21042) in Samsung smartphones allows attackers to install LandFall spyware via manipulated DNG images sent through WhatsApp,…

Read More »
Newswire

Samsung Phones Infected by “Landfall” Spyware for Nearly a Year

November 7, 2025
Close-up of the blue Samsung logo etched onto a metallic surface.

The Landfall spyware campaign targeted Samsung Galaxy phones by exploiting a zero-day vulnerability (CVE-2025-21042) to steal personal data without user…

Read More »
Business

Hacker Groups Unite: Scattered Spider, ShinyHunters, LAPSUS$ Form Alliance

November 5, 2025
Silhouette of chess pieces: rook, king, and knight, with warm light behind them.

Scattered LAPSUS$ Hunters (SLH) is a confirmed alliance merging the reputations of Scattered Spider, ShinyHunters, and LAPSUS$, signaling a long-term…

Read More »
Business

Cyber Attackers Target Retail Gift Cards with Cloud-Only Tactics

October 23, 2025
Abstract digital cloud with glowing circuits and data points.

The "Jingle Thief" cyber campaign targets retailers by exploiting cloud environments using stolen credentials from phishing, bypassing traditional malware and…

Read More »
Cybersecurity

Hackers Target SAP NetWeaver Flaw to Spread Linux Auto-Color Malware

July 31, 2025
A stylish penguin in sunglasses and a bow tie, depicted in a vibrant pop art style against a multicolored background.

Cybersecurity experts discovered a sophisticated attack using a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color malware on Linux systems,…

Read More »
BigTech Companies

Microsoft Warns of Active Attacks on On-Prem SharePoint Servers

July 22, 2025
Close-up of a smartphone displaying the SharePoint app login screen.

Microsoft warns of active cyberattacks targeting on-premises SharePoint servers, risking sensitive data in critical industries like government and healthcare. Attackers…

Read More »
BigTech Companies

Microsoft SharePoint Zero-Day Exploit Sparks Widespread Attacks

July 21, 2025
A vibrant, multicolored Microsoft logo displayed on a large digital billboard atop a modern glass skyscraper.

A critical zero-day vulnerability in Microsoft SharePoint (CVE-2025-53771) is being actively exploited, risking data breaches for businesses and government agencies.…

Read More »