10+ hour, 57+ min ago  (681+ words) This article examines new obfuscation techniques the Gremlin stealer malware uses to conceal malicious payloads within embedded resources. We analyze a variant protected by a sophisticated commercial packing utility that employs instruction virtualization, transforming the original code into a custom,…...

4+ day, 10+ hour ago  (1577+ words) We provide a technical deep-dive into advanced AD CS exploitation, including certificate template misconfigurations and shadow credential misuse. Our findings present a comprehensive breakdown of the attacker's toolkit and their evolving operational behaviors. Cortex XDR and XSIAM customers are protected…...

1+ week, 1+ day ago  (622+ words) Palo Alto Networks customers receive protections from and mitigations in the following products: The Unit 42 Incident Response team can also be engaged to help with a compromise or to provide a proactive assessment to lower your risk. A buffer overflow…...

1+ week, 2+ day ago  (656+ words) Unlike many kernel vulnerabilities, this logic flaw is deterministic, meaning it does not rely on race conditions or specific kernel offsets. A single 732-byte Python script can successfully exploit it without any modification across different Linux distributions. The vulnerability originates…...

1+ week, 6+ day ago  (361+ words) The 2026 Unit 42 Global Incident Response Report delivers a sharp wake-up call: Threat actors are now moving 4x faster to exfiltration than in 2025. By striking across three or more surfaces simultaneously, adversaries are intentionally exploiting the blind spots created by an over-reliance…...

2+ week, 6+ day ago  (1422+ words) The security of the npm ecosystem reached a critical inflection point in September 2025. The Shai-Hulud worm, a self-replicating malware that automated the compromise and redistribution of malicious packages, marked the end of the "nuisance" era of npm attacks and the…...

3+ week, 14+ hour ago  (866+ words) Over the last several weeks, Palo Alto Networks and Unit 42 have been talking with CISOs and security leaders globally to discuss the emergence of frontier AI models and their broader implications on cybersecurity. A clear theme has emerged. While the…...

3+ week, 1+ day ago  (1369+ words) This disclosure shifted the conversation from "could this happen?" to "this is happening." But it also raised practical questions: Can AI actually operate autonomously end-to-end, or does it still require human guidance at each decision point? Where do current LLM…...

3+ week, 2+ day ago  (1029+ words) Due to the widespread adoption of these protocols, the impact is industry-wide, affecting Wi-Fi devices from several major vendors. Major operating systems, including Android, mac OS, i OS, Windows and Ubuntu Linux, also rely on these protocols. WPA2 and WPA3-Enterprise protocols…...

3+ week, 4+ day ago  (813+ words) The impact of frontier AI models on the threat landscape goes way beyond vulnerability discovery and exploitation. As these models become widely available in the near future, we are likely to see dramatic increases in the speed and scale of…...