Microsoft Disrupts Cybercrime Service RedVDS
RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation.
⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreac
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Res
Why Secrets in JavaScript Bundles are Still Being Missed
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to a
Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk
AI-generated code looks flawless until it isn't. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach. The post Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk appeared first on Unit 42.
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.
Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats. The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering appeared first on Unit 42.