Unit 42
Critical Vulnerabilities in Ivanti EPMM Exploited 17 February 2026 at 21:35

Critical Vulnerabilities in Ivanti EPMM Exploited

17 February 2026 at 21:35

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.

The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.

Unit 42
Nation-State Actors Exploit Notepad++ Supply Chain 12 February 2026 at 00:00

Nation-State Actors Exploit Notepad++ Supply Chain

Unit 42

By: Unit 42

12 February 2026 at 00:00

Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery.

The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.

Unit 42
The Shadow Campaigns: Uncovering Global Espionage 5 February 2026 at 12:00

The Shadow Campaigns: Uncovering Global Espionage

Unit 42

By: Unit 42

5 February 2026 at 12:00

In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155.

The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42.

Unit 42
Threat Brief: MongoDB Vulnerability (CVE-2025-14847) 13 January 2026 at 21:30

Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

Unit 42

By: Unit 42

13 January 2026 at 21:30

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.

The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.

Unit 42
Exploitation of Critical Vulnerability in React Server Components (Updated December 12) 12 December 2025 at 22:40

Exploitation of Critical Vulnerability in React Server Components (Updated December 12)

Unit 42

By: Unit 42

12 December 2025 at 22:40

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.

The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.

Unit 42
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite 11 December 2025 at 12:00

Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite

Unit 42

By: Unit 42

11 December 2025 at 12:00

Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.

The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit 42.

Unit 42
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen 3 December 2025 at 01:00

The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen

Unit 42

By: Unit 42

3 December 2025 at 01:00

85% of daily work occurs in the browser. Unit 42 outlines key security controls and strategies to make sure yours is secure.

The post The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen appeared first on Unit 42.

Unit 42
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) 25 November 2025 at 17:00

"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26)

Unit 42

By: Unit 42

25 November 2025 at 17:00

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more.

The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) appeared first on Unit 42.