Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
Palo Alto Networks Unit 42 has observed active exploitation of PAN-OS vulnerability CVE-2026-0257 by an unidentified threat actor attempting to access GlobalProtect. This security flaw…
Category: Unit42
Out of the Crypt: The Evolving Cyber Extortion Economy
Extortion Activity No Longer Requires Encryption for Payment This blog dives into the growing trend of data theft and extortion activities which no longer require…
Gremlin Stealer’s Evolved Tactics: Hiding in Plain Sight With Resource Files
Executive Summary This article examines new obfuscation techniques the Gremlin stealer malware uses to conceal malicious payloads within embedded resources. We analyze a variant protected…
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Executive Summary On May 6, 2026, Palo Alto Networks released a security advisory for CVE-2026-0300, identifying a buffer overflow vulnerability in the User-ID Authentication Portal…
Essential Data Sources for Detection Beyond the Endpoint
The 2026 Unit 42 Global Incident Response Report delivers a sharp wake-up call: Threat actors are now moving 4x faster to exfiltration than in 2025.…
TGR-STA-1030: New Activity in Central and South America
TGR-STA-1030 remains an active threat. Since February, we have observed widespread activity from this group across multiple countries. Most recently, their efforts appear to be…
Frontier AI and the Future of Defense: Your Top Questions Answered
Over the last several weeks, Palo Alto Networks and Unit 42 have been talking with CISOs and security leaders globally to discuss the emergence of…
Cracks in the Bedrock: Agent God Mode
Executive Summary Our first article about the boundaries and resilience of Amazon Bedrock AgentCore focused on the Code Interpreter sandbox, and how it can be…
Recruiting Scheme Impersonating Palo Alto Networks Talent Acquisition Team
Executive Summary Since August 2025, Unit 42 has tracked a series of sophisticated phishing campaigns where attackers impersonate Palo Alto Networks talent acquisition staff. These…
Who’s Really Shopping? Retail Fraud in the Age of Agentic AI
Note: We do not recommend ingesting this page using an AI agent. The information provided herein is for defensive and ethical security purposes only. Directive…
Fuzzing “AI Judges” to Bypass Security Controls
Executive Summary As organizations scale AI operations, they increasingly deploy AI judges — large language models (LLMs) acting as automated security gatekeepers to enforce safety…
Understanding the Russian Cyberthreat to the 2026 Winter Olympics
The 2026 Winter Games in Milano Cortina extend beyond sport. Tensions between the Russian Federation and the International Olympic Committee (IOC), stemming from disputes over…