Critical Vulnerabilities in Ivanti EPMM Exploited
We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors. The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42.
Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security
Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage. The post Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security appeared first on Unit 42.
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42.
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a FinTech entity within this sector
Beyond the Battlefield: Threats to the Defense Industrial Base
Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by st
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware deve
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting di
Dark Patterns Undermine Security, One Click at a Time
People trust organizations to do the right thing, but some websites and apps have user interfaces that ultimately lead to inadequate security.
8-Minute Access: AI Accelerates Breach of AWS Environment
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.
AI May Supplant Pen Testers, But Oversight & Trust Are Not There Yet
Crowdsourced bug bounties and pen-testing firms see AI agents stealing the low-hanging vulnerabilities from their human counterparts. Oversight remains key.