In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content. The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit…
Category: Unit 42
The Evolution of Linux Binaries in Targeted Cloud Operations
Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files. The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42. This article…
Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first…
Blitz Malware: A Tale of Game Cheats and Code Repositories
Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2. The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first…
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue. The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42. This article has been indexed from…
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue. The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42. This article has been indexed from…
How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms
We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems. The post How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content…
Threat Brief: CVE-2025-31324 (Updated May 23)
CVE-2025-31324 impacts SAP NetWeaver’s Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 (Updated May 23) appeared first on Unit 42. This article has been indexed from Unit…
Threat Group Assessment: Muddled Libra (Updated May 16, 2025)
Muddled Libra continues to evolve. From social engineering to adaptation of new technologies, significant time is spent breaking down organizational defenses. The post Threat Group Assessment: Muddled Libra (Updated May 16, 2025) appeared first on Unit 42. This article has…
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads. The post DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt appeared first on…