Unit 42 @Unit42_Intel
The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response. unit42.paloaltonetworks.com Joined December 2015-
Tweets3K
-
Followers69K
-
Following81
-
Likes254
We identified a vulnerability in the Google Cloud Vertex AI SDK for Python involving predictable staging bucket names. This flaw enabled remote code execution through bucket squatting and pickle deserialization. Read our analysis for technical details: bit.ly/3QGwFxY
A large email #phishing campaign impersonates popular retail stores with expiring reward points as a lure. Emails are likely generated from a shared kit with LLM-crafted text, unique nonce padding to evade classifiers, hidden with CSS tricks. Details at bit.ly/4vRN8yb
Codeless attack: An attacker types plain text into a chat app. An #LLM turns the text into shell commands on the victim. Stolen files come back through the same chat. Zero coding skills needed to operate, and no custom infrastructure to detect. Details at bit.ly/4eBC2GL
AI agents use third-party skills with privileged access. Many of these skills deviate from their declared behavior. While most mismatches are simple documentation errors, the real threat lies in multi-stage attack chains. Read our analysis for details: bit.ly/4ekzAnR
We detected a malicious browser extension campaign that trojanizes legitimate extensions to serve ads covertly. The extension categories include ad blocking, messaging privacy, screen recording and music control. 1,000+ installations so far. Details at bit.ly/4xtQcT3
Cloud logging services provide visibility but attackers target them to create weak spots. By manipulating encryption keys or redirecting log flows they can evade detection and monitor activity in real time. Our research analyzes these risks: bit.ly/3SlMYAJ
Actors weaponize #AI hype: fake LLM domains, branded C2 infrastructure and payment skimmers. We tracked three active campaigns abusing AI lures and infrastructure. Details at bit.ly/3SHlc1D
Unit 42 is tracking the active targeting of Oracle PeopleSoft servers by Bling Libra (aka #ShinyHunters). Our analysis reveals suspected exploitation of RCE flaw CVE-2026-35273 and primary targeting of the education sector since at least late May 2026. bit.ly/4xpxKLb
We detected a #Browser-in-the-Browser phishing campaign using a draggable, OS/browser-fingerprinted popup with a spoofed OAuth URL. It evades detection by blocking debugging, fragmenting keywords, and redirecting bots. Details at bit.ly/49Md3yO
Unit 42 provides indicators of activity and mitigations for PAN-OS CVE-2026-0257, an authentication bypass in GlobalProtect. bit.ly/4fu1rEo
We detected an evasive #ClickFix injection with a fake Lirunex payment platform lure tricking the user into requesting the SSL certificate path through a file dialog box but silently delivers a RAT disguised as image files. Details at bit.ly/4eo0Sea
FlutterShell is a new macOS backdoor spread by malvertising. Built with Flutter, it uses a WebView-based architecture for adware, allowing attackers to remain dynamic. We discuss its evolution, variants and command structure in a recent campaign. bit.ly/43TZaLr
We are tracking Pink (CL-CRI-1147), a new Com-affiliated extortion brand whose leak site went live 5/31/26. Pink uses vishing and IT impersonation to phish credentials/MFA, then exfiltrates enterprise cloud storage and productivity data to extort victims: bit.ly/4en565G
An update to our Threat Brief on npm supply chain attacks discusses the latest compromise, pushing a payload named Miasma. The tradecraft used substantially matches Mini Shai-Hulud malware used by TeamPCP. Read now: bit.ly/4cwtCk3
An #adware campaign involving 50+ Chrome extensions (disguised as live wallpapers) has hit ~30K users. Spread across three publisher accounts, the attackers are pushing remote HTML to 40+ extensions and wiping IndexedDB on install and startup. Details at bit.ly/3Q05sWB
We detected indirect prompt injection on a fake Excel template store. Hidden via white text, the prompt uses social engineering to manipulate AI agents into boosting SEO, aiming to funnel users to a malicious Chrome extension. Details at bit.ly/3RCl2s2
New analysis reveals a massive network of fraudulent domains capitalizing on the 2026 FIFA World Cup, with 1k+ registered in the past 6 months. Tactics include redirects to shady gambling apps, data harvesting, malvertising, and PUP downloads. Details at bit.ly/4dDTiMd
#TuxBot v3 Evolution: IoT malware/C2 framework tied to AISURU/Keksec. Self-ID "Akiru." 30-plus exploit targets, 1,496 credential pairs, encrypted C2, and DGA. Developers used an LLM to port exploits and write code, leaving traces in some files. Details at bit.ly/3RAFJ7N
2026-05-26 (Tuesday): Another page impersonating Claude was used to push #SHubStealer when viewed on a macOS host. Details at bit.ly/4fcekmj
Offensive and defensive framework ROADtools is being misused by nation-state actors for cloud attacks. Understand how to identify the activity that signals its malicious usage, including proactive hunting for anomalous activity: bit.ly/4fyQYHB
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
BleepingComputer @BleepinComputer
254K Followers 205 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 569 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
blackorbird @blackorbird
42K Followers 702 Following Peace and Love. Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/. #APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai Need Remote Job
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
DebugPrivilege @DebugPrivilege
41K Followers 2K Following Not active anymore on X. Problem solver with a passion for troubleshooting complex issues.
Blue Team News @blueteamsec1
56K Followers 9K Following The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
ςεяβεяμs - м�... @c3rb3ru5d3d53c
26K Followers 245 Following 💕 Malware Reverse Engineer & Malware Geneticist 💕 #Binlex Developer https://t.co/EKYUS9Itvd 👩💻 She/Her
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Germán Fernández @1ZRR4H
38K Followers 463 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
Max_Malyutin @Max_Mal_
13K Followers 305 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
rootsecdev @rootsecdev
27K Followers 1K Following Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
Karsten Hahn @struppigel
26K Followers 783 Following MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
Clandestine @akaclandestine
61K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
my melanin is ravishi... @EuniceOlajumok2
123 Followers 348 Following
Roh3xis0 @Roh3xis01
4 Followers 3K Following
gadgetsclash @gadgetsclash
31 Followers 213 Following tech website: https://t.co/gQaboeyQFF latest update of mobile,computer,socialmedia etc
bill braski, esq. XVI... @billbraski17
42 Followers 1K Following I do not provide tax, financial, medical, or legal advice. Just another shameless parody account of the real BB17. purely opinion-based shitposting
Srini Nidumolu @dumdum443
132 Followers 1K Following
Constantine @Al_Bufli
0 Followers 226 Following
Yannis Veneris @VenerisYan77835
27 Followers 1K Following
Mehmet Incealan PhD. @misecx
42 Followers 114 Following Cyber Security Engineer 👨🏻💻| Incident Responder & Threat Hunter | Researcher | Vulnerability Management | Malware Analysis | Threat Intelligence
crashnburn1123 @crashnburn1123
0 Followers 209 Following
Eyematrixyz @Swamp_Dragonfly
6 Followers 520 Following
Hussenali seid a @aliseidhussen8
2 Followers 190 Following World digital assent crypto currency and Electronica market P2P and B2B platform open your but alignment and Align Black Rock context and said small and local b
Josh A @Joshsl1988
14 Followers 96 Following
Halit Alptekin @crimedisruptor
19 Followers 198 Following Final Boss of the Threat Actors • Cybercrime Disruptor • Heir of the Akindji • Silent in noise, lethal in shadow.
CheapVod @CheapVod
6 Followers 49 Following
Moonlock Lab @moonlock_lab
2K Followers 79 Following Malware research lab @moonlock_com Assembled by @macpaw to detect and study cybersecurity threats.
Sun_K @sunbelt_kerio
37 Followers 1K Following
hai @wangaq83
7 Followers 545 Following
KSPD THE ONE | 대한... @KSPD_Detective
5 Followers 182 Following 외도·보험사기·기업비리 조사 전문 | 합법적 증거 확보로 의뢰인의 진실을 밝힙니다 | 글로벌 스탠다드 자격 보유 | 실무 인사이트 & 조사 노하우 공유 | 📩 DM 상담 가능
procore @operador61452
2 Followers 45 Following
Kane Dusk 🇺🇸�... @KaneDusk
37 Followers 757 Following Anti-Communist \ Proud Covid-19 super spreader \ Islamophobe \ Center-Right
Subash Kumar @Subashkumar001
1 Followers 38 Following
xigou @xigouQ
0 Followers 16 Following
Matei Viorel @Matviorel
1 Followers 120 Following
Audi @1Mercedes_Benz
4 Followers 487 Following
Oli Eve @OliEve89
187 Followers 558 Following Avid Tea Drinker and aspiring squash player. I also have some wicked computer skills....
SKiZZ @planetSKiZZ
7 Followers 304 Following
Paulo Vinicius @Pvchip1
324 Followers 4K Following Enthusiast by technology, admirer of the evolution of humanity, his mental processes, and all the brain functioning, speculator about human behavior.
marco @marco97392446
0 Followers 299 Following
Requiem por la educac... @por_requie75553
8 Followers 523 Following
Édlon @itsEdMarcus
448 Followers 549 Following Cyber {IN}security enthusiast. Sometimes, paranoid... Green on black, they're watching us!
Vitafruitestdecli99 @Vitafruitestde1
0 Followers 402 Following
Ryo @Rio995636064832
4 Followers 33 Following
Tom K @TomK_50
4 Followers 49 Following
Analyst @analyst_bg
3 Followers 91 Following
Rahul @rahulkadavil_
139 Followers 936 Following ⚽📷💻 Penetration Tester , https://t.co/Y3mgM9942q, https://t.co/PEP8hIluVa
Travis Lee Swift @TravisSwif21600
579 Followers 3K Following OWNER OF HVT FOUNDATION A SOCIAL ENTERPRISE THAT DONT JUST HAVE A CHARITY ARM BUT BUT DIFFERENT COMPANYS PROVIDING FUNDS TO GROW. [email protected].
yaser teymurzade @yteymurzade
6 Followers 146 Following
S3gm3nt4t10n F4ult @s3gm3n_F4ult
0 Followers 44 Following
SOC @lumma_stealer
0 Followers 19 Following
Alabama OIT @Fake_AlabamaOIT
0 Followers 49 Following Streamlining IT in Alabama: Where we defy standards and attempt to keep servers alive. Why follow norms when chaos is fun? Y'all come back! (#Parody account)
K io @CaioMariins
1K Followers 1K Following Tomei um banho de água fresca no lindo lago do amor. Analista de dados. Sociólogo. Ciência da Computação. Bon-vivant.
NPC @npc_naritti
0 Followers 17 Following
Reed @mer_reed
141 Followers 134 Following B.S. Exercise Science 🏋🏻♀️🧬 M.S. Cybersecurity Twitch: ter_mer_nator
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
BleepingComputer @BleepinComputer
254K Followers 205 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
SANS.edu Internet Sto... @sans_isc
117K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -
CISA Cyber @CISACyber
299K Followers 73 Following Part of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
Life at Palo Alto Net... @WeHireLeaders
2K Followers 324 Following @PaloAltoNtwks is the global #cybersecurity leader. Learn about #LifeAtPaloAltoNetworks and the work we do to make the world safer and more secure. 🧡
Wendi Whitmore @wendiwhitmore
3K Followers 467 Following CSIO, Palo Alto Networks. Inaugural member DHS CSRB, USAF Veteran. Former CrowdStrike, Mandiant, & IBM Security X-Force. All views my own.
João-Pierre Ruth @jpruth
2K Followers 1K Following Senior Editor, @InformationWeek covering tech policy, #Fintech, code strategy, cloud & edge. Corporate goth, part-time vampire. NO EMBARGOED PITCHES!
Lawrence Hecht @LawrenceHecht
3K Followers 297 Following Analyst sharing open data and sharing insight about enterprise IT, tech policy, surveys, economics. Bluesky: @lawrencehecht.info
Naomi Eide @NaomiEide
2K Followers 1K Following Send me your tech thoughts. Lead Editor at @CIOdive and @CybersecDive -- @ProvidenceCol & @merrillcollege alum
Joseph Menn @josephmenn
24K Followers 2K Following Covering hacking, disinformation at the Washington Post. Person account. Signal joemenn.01. https://t.co/Nw79kDHP2f, first.last at https://t.co/NAqcNbS2m8
Dustin Volz @dnvolz
35K Followers 2K Following @nytimes Washington correspondent reporting on hackers and spies. Priors w/ @WSJ, @Reuters and @nationaljournal.
Kim Zetter @KimZetter
94K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
Nicole Perlroth @nicoleperlroth
85K Followers 6K Following told the story of cyber; now doing everything in my power to change the story of cyber
@[email protected]... @dangoodin001
40K Followers 720 Following Please use this hell site as sparingly as possible. Elmo can't be allowed to succeed. Follow me on Mastodon @[email protected]
Ars Technica @arstechnica
1.7M Followers 1K Following Original news, reviews, analysis of tech trends, and expert advice on the most fundamental aspects of tech.
Neil Jenkins @nejenkins
1K Followers 935 Following PhD Chemist doing cyber @Cisco @TalosSecurity. Opinions = my own. Homies w/ @IST_org. Former @DHSgov, @CyberAlliance. @[email protected]
Lindsey O’Donnell W... @LindseyOD123
4K Followers 2K Following Cybersecurity writer @HuntressLabs @DecipherSec Previous @ThreatPost, @CRN, @Holy_cross alum
Charlie Osborne @SecurityCharlie
11K Followers 409 Following Cybersecurity Ventures | Cybercrime Radio @CybersecuritySF contributor, @ZDNet writer, rugby/F1 fan, photographer, BBQ enthusiast : https://t.co/787dJi8hPW
360 Threat Intelligen... @360CoreSec
5K Followers 123 Following
Kathi Whitbey 🇺�... @kjo364
269 Followers 385 Following Cybersecurity professional. EMS. Lucky wife. Runner. Traveler. Awesome Aunt. Marine Brat. Beer Girl.
Jake Williams @MalwareJake
150K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Wireshark Foundation @WiresharkNews
16K Followers 38 Following We want to help as many people as possible understand their networks as much as possible. Shared amongst several of the core team, but mostly @GeraldCombs.
Michael Howard @michael_howard
4K Followers 151 Following Software security @MSFT working on Azure. Co-author of 'Designing and Developing Secure Azure Solutions' and Co-host of the Azure Security Podcast.
Ivan Macalintal @IMNetSpyder
221 Followers 145 Following Connecting the Dots, Tweeting and Hooting through the kaleidoscope of life. Tweets, Hoots and Opinions are my own and do not represent that of my employer.
Lawrence Abrams @LawrenceAbrams
18K Followers 834 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. DM on Signal: LawrenceA.11 * https://t.co/LXVRoICs8Z
Catalin Cimpanu @campuscodi
107K Followers 2K Following Cybersecurity reporter. I'm mostly active on BlueSky and Mastodon.
Katie🌻Moussouris (... @k8em0
110K Followers 10K Following @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue check
Ionut Ilascu @Ionut_Ilascu
5K Followers 179 Following security news reporter @BleepinComputer 🐘: https://t.co/9L2XjPxKEV
Sean Kerner @TechJournalist
65K Followers 3K Following IT consultant, technology user, tinkerer and sometimes Klingon ; tips [email protected]
Robert J. A. Abel @RobertJAAbel
1K Followers 444 Following Cybersecurity, Cars, Culture, Boxing, and the occasional airport rant
Eduard Kovacs @EduardKovacs
14K Followers 1K Following Managing Editor @SecurityWeek - I cover ICS/OT security, data breaches, vulnerabilities, cybercrime, malware, and industry news.
Pierluigi Paganini - ... @securityaffairs
38K Followers 5K Following Founder of Security Affairs, CYBHORUS, and Cybaze. Director of the Cybersecurity Observatory at Unipegaso, Ethical Hacker, Security Evangelist, Security Analyst
Steve Ragan ⚠️ @SteveD3
15K Followers 3K Following Father. Grandpa. Geek. Hacker. Former journalist. Security researcher. CMO @BSidesLV. Member: @CuratedIntel | BOD @CircleCityCon (RIP). | Tweets are my own.
briankrebs @briankrebs
331K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp
Help Net Security @helpnetsecurity
60K Followers 26 Following Independent cybersecurity news since 1998. Discover what matters in the world of information security today.
SwiftOnSecurity @SwiftOnSecurity
410K Followers 9K Following computer security person. former helpdesk.
ATT&CK @MITREattack
117K Followers 514 Following MITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Re-tweeting ≠ endorsement. @ https://t.co/wt46ArkZVt
SANS Institute @SANSInstitute
193K Followers 412 Following SANS is the most trusted and by far the largest source for information & cyber security training, certification and research in the world.
Johannes Ullrich @johullrich
14K Followers 445 Following
Microsoft Security Re... @msftsecresponse
145K Followers 214 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
Jessica Payne @jepayneMSFT
30K Followers 31 Following Security Person at Microsoft, currently in Windows Defender Security Research. Opinions are my own.Trends for United States
You might like
