Threat Brief: Widespread Impact of the Axios Supply Chain Attack
Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42.
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, demonstrating DNS tunneling and credential exposure. The post Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox appeared first on Unit 42.
Cracks in the Bedrock: Agent God Mode
Unit 42 reveals "Agent God Mode" in Amazon Bedrock AgentCore. Broad IAM permissions lead to privilege escalation and data exfiltration risks. The post Cracks in the Bedrock: Agent God Mode appeared first on Unit 42.
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the comp
White House Cyber Strategy Prioritizes Offense
In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.
Middle East Conflict Highlights Cloud Resilience Gaps
Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical events.
Xygeni GitHub Action Compromised Via Tag Poison
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
_Maskot_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It
The real front line of American cybersecurity is a bidding war on eBay for 30-year-old industrial controllers.
What Orgs Can Learn From Olympics, World Cup IR Plans
In this edition of "Reporters' Notebook," we discuss cyberattackers targeting the Milan-Cortina Winter Games, adding them to a long list of global sporting events in the crosshairs. Though the attack surface is grander, there are key incident-response takeaways for regular enterp