Skip to content
The Nexus
DossierENTITY

Unit 42

Coverage of Unit 42 in the Nexus archive.

Earliest in view: Apr 27 · 14:18 UTCMost recent: May 7 · 13:53 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 7 · 13:53 UTCTHE REGISTER
    State-backed hackers hammer Palo Alto firewall zero-day before patch lands

    State-backed hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2026-0300, to gain root access without login required. The flaw affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Attacks are already underway, tied to a cluster of likely state-sponsored threat activity tracked as CL-STA-1132.

  • SECURITYApr 27 · 14:18 UTCCYBERSCOOP
    BlackFile actively extorting data-theft victims in retail and hospitality sector

    BlackFile, a cyber extortion group linked to The Com, is targeting retail and hospitality organizations via voice-phishing and social engineering to steal data and demand ransoms. The group, tracked under aliases like CL-CRI-1116 and Cordial Spider, uses SaaS environments and data-leak sites to pressure victims, with attacks ongoing since February 2025.

Unit 42 · Dossier · The Nexus