ZCyberNews
中文

#unit-42

8 articles

From 14 articles published between April 22 and June 26, 2026, ZCyberNews coverage of Unit 42 highlights 11 high-severity and one critical incident. Key threat actors observed include CL-STA-1062, Gremlin Stealer, and LockBit. The technology, enterprise, software development, energy, and financial services sectors were most affected, with reported impacts spanning Global, Central America, North America, South America, and Southeast Asia.

Map of Southeast Asia with highlighted government and energy sector icons, representing CL-STA-1062 targetingHIGH
Malware

CL-STA-1062 Targets Southeast Asian Governments and Critical

Chinese-speaking threat group CL-STA-1062 compromised at least 10 Southeast Asian government and energy entities in 2025 using web shells, tunneling tools, and a new TinyRCT...

4 min readCL-STA-1062
Diagram showing AI agent skill audit pipeline comparing declared vs actual behavior across metadata, code, and instructions.HIGH
Malware

Trust No Skill: BIV Audit Finds 80% of AI Agent Skills Misbehave

Unit 42's Behavioral Integrity Verification scanned 49,943 OpenClaw skills and found 80% deviate from declared behavior, with multi-stage attack chains enabling credential theft...

3 min read
Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, PackedHIGH
Malware

Gremlin Stealer Evolves: Crypto Clipping, Session Hijacking, Packed

Unit 42 details a new Gremlin stealer variant using XOR-encrypted resource sections, crypto clipper, WebSocket session hijacking, and a commercial packer with instruction...

5 min readGremlin Stealer
West Pharma Hit by Ransomware, Systems Disrupted GloballyHIGH
Industry News

West Pharma Hit by Ransomware, Systems Disrupted Globally

West Pharmaceutical Services took systems offline globally after a May 4 ransomware attack with data exfiltration. Unit 42 is investigating; ransom may have been paid.

2 min readLockBit
AI Browser Extensions Steal Emails, Passwords via Prompt InjectionHIGH
Threat Intel

AI Browser Extensions Steal Emails, Passwords via Prompt Injection

Unit 42 finds 30+ malicious AI browser extensions exfiltrating email content, credentials, and API keys via prompt injection and DOM scraping. Affects Chrome, Edge users.

3 min read
TeamPCP Partners with Vect Ransomware in Supply Chain AttacksCRITICAL
Threat Intel

TeamPCP Partners with Vect Ransomware in Supply Chain Attacks

Unit 42 reports TeamPCP has partnered with Vect ransomware group to target security software vendors in multi-stage supply chain attacks, compromising trusted update mechanisms.

2 min readTeamPCP
Unit 42 Tracks TGR-STA-1030 Activity in Central and South AmericaHIGH
Threat Intel

Unit 42 Tracks TGR-STA-1030 Activity in Central and South America

Palo Alto Unit 42 reports TGR-STA-1030 remains active in Central and South America, targeting government and energy sectors with custom malware and living-off-the-land techniques.

2 min readTGR-STA-1030
AirSnitch Attacks Bypass WPA2/3 Encryption, Expose Enterprise Wi-FiHIGH
Threat Intel

AirSnitch Attacks Bypass WPA2/3 Encryption, Expose Enterprise Wi-Fi

Unit 42 reveals AirSnitch attacks bypass WPA2/3 encryption and client isolation, exposing enterprise Wi-Fi to packet injection and credential theft.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.