#unit-42
8 articles
From 14 articles published between April 22 and June 26, 2026, ZCyberNews coverage of Unit 42 highlights 11 high-severity and one critical incident. Key threat actors observed include CL-STA-1062, Gremlin Stealer, and LockBit. The technology, enterprise, software development, energy, and financial services sectors were most affected, with reported impacts spanning Global, Central America, North America, South America, and Southeast Asia.
HIGHCL-STA-1062 Targets Southeast Asian Governments and Critical
Chinese-speaking threat group CL-STA-1062 compromised at least 10 Southeast Asian government and energy entities in 2025 using web shells, tunneling tools, and a new TinyRCT...
HIGHTrust No Skill: BIV Audit Finds 80% of AI Agent Skills Misbehave
Unit 42's Behavioral Integrity Verification scanned 49,943 OpenClaw skills and found 80% deviate from declared behavior, with multi-stage attack chains enabling credential theft...
HIGHGremlin Stealer Evolves: Crypto Clipping, Session Hijacking, Packed
Unit 42 details a new Gremlin stealer variant using XOR-encrypted resource sections, crypto clipper, WebSocket session hijacking, and a commercial packer with instruction...
HIGHWest Pharma Hit by Ransomware, Systems Disrupted Globally
West Pharmaceutical Services took systems offline globally after a May 4 ransomware attack with data exfiltration. Unit 42 is investigating; ransom may have been paid.
HIGHAI Browser Extensions Steal Emails, Passwords via Prompt Injection
Unit 42 finds 30+ malicious AI browser extensions exfiltrating email content, credentials, and API keys via prompt injection and DOM scraping. Affects Chrome, Edge users.
CRITICALTeamPCP Partners with Vect Ransomware in Supply Chain Attacks
Unit 42 reports TeamPCP has partnered with Vect ransomware group to target security software vendors in multi-stage supply chain attacks, compromising trusted update mechanisms.
HIGHUnit 42 Tracks TGR-STA-1030 Activity in Central and South America
Palo Alto Unit 42 reports TGR-STA-1030 remains active in Central and South America, targeting government and energy sectors with custom malware and living-off-the-land techniques.
HIGHAirSnitch Attacks Bypass WPA2/3 Encryption, Expose Enterprise Wi-Fi
Unit 42 reveals AirSnitch attacks bypass WPA2/3 encryption and client isolation, exposing enterprise Wi-Fi to packet injection and credential theft.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.