Palo Alto Networks Unit 42

The moment we’ve been waiting for is here… That’s right, the 2025 Unit 42 Global Incident Response Report is live. Here are some of the key findings: ? Attacks are getting fast: In 25% of cases, attacked data was exfiltrated within 5 hours. ??? Attack techniques are evolving: 44% of cases exploited human factors through web browsers using phishing, redirects, and malware. ?? There are key emerging trends: Disruptive extortion, nation-state-sponsored insider threats, and AI-assisted attacks are all on the rise. …and so much more. Get all of the insights you need to stay secure. https://bit.ly/4kimD07

Who run the world? Cybersecurity thrives on bold leadership and fresh perspectives. Four industry trailblazers share how they’re shaping the future of AI-driven security, breaking barriers, driving innovation, and mentoring the next generation. Their insights highlight why cybersecurity is one of the most exciting careers today. Featuring Kristy Friedrichs (McBride), Tanya Shastri, Sama Manchanda, and Stephanie Regan. Listen now ?? https://bit.ly/445qSpQ

Our latest research on alert trends in the context of cloud security is enriched by providing a background on CSPM, along with case studies and intriguing trend data. By exploring the criticality of different cloud resources, we investigate the reasons behind the escalating number of alerts and why threat actors target cloud environments of all types: https://bit.ly/41Jtdp8

Join us as the Consulting Director of the Intel Services Team in Threat Intelligence and drive innovation. You will: 1?? Lead delivery of our Deep and Dark Web threat intelligence service by overseeing and guiding a matrixed team of consultants. 2?? Build and deliver new threat intelligence service offerings in collaboration with Unit 42 Threat Intel and Consulting leadership. 3?? Align Threat Intel lead services with other cyber risk management services and Unit 42 outcomes across the organization. 4?? Perform team management responsibilities, mentoring and guiding intelligence consultants for professional growth and skill development. 5?? Leverage Unit 42’s unique data holdings to provide valuable insights and enhance effectiveness of our threat intelligence capabilities. Ready to take on this rewarding role? Apply now: https://bit.ly/422BymH

?? Signs point to… secure ?? You ask the Magic 8 Ball: Can my business stay ahead of cyberthreats? It shakes, it swirls… “Yes…if you have the right strategy.” Fact: Cybercriminals aren’t just testing one door—they’re trying them all. In 70% of attacks, adversaries used three or more entry points to break in. The good news? You can stay ahead. Get the Unit 42 Global Incident Response Report 2025 to see how security leaders are outpacing threats and building resilience. https://bit.ly/3RlMEy6

Do you have expert knowledge of threats to the retail and hospitality industries? Join Unit 42's External Engagement team as a Strategic Threat Intelligence Advisor! In this role, you will: 1?? Analyze threat intelligence data relevant to retail and hospitality 2?? Document and communicate emerging threats and trends effectively 3?? Investigate and communicate adversary actions using frameworks like MITRE ATT&CK 4?? Conduct deep analysis using internal telemetry and open-source datasets 5?? Foster collaboration with key stakeholders and partner organizations Make a meaningful impact in these sectors — apply today: https://bit.ly/43rqwKe

Last chance to tune in! Join Sam Rubin and Michael Sikorski from Palo Alto Networks Unit 42 today at 12:30 PM PT for key insights from the 2025 Global Incident Response Report. What you’ll learn: ?? Insider threats and AI-driven attack trends ?? Practical defense strategies ?? How to address the human element of cybersecurity https://bit.ly/422yWVV

Last night, Palo Alto Networks Unit 42 first broke the news that the recently reported GitHub supply chain attack through the tj-actions/changed-files action originally targeted Coinbase. While the attacker attempted to use initial access for further compromises, they were unable to modify any code or publish malicious packages. The attacker then expanded and went on to compromise CI/CD pipelines of tens of thousands of repositories. The attacker manipulated a compromised action to access sensitive credentials in GitHub Actions workflows. This tactic is particularly dangerous because many organizations rely on automated development pipelines, often with implicit trust in their dependencies. Once attackers gain access, they can pivot into cloud environments, steal data, or tamper with code. This isn’t an isolated incident. We’ve seen a rise in supply chain attacks where attackers exploit third-party integrations to bypass traditional security controls, use stolen credentials to move laterally across cloud environments, and leverage automation tools to scale attacks with minimal effort. Supply chain security isn’t just an IT issue, it’s a business risk. As attackers refine their tactics, companies must manage their use of third-party services, monitor and secure developer workflows, and enforce least-privilege access. Threat assessment here: https://lnkd.in/ge7TStGQ Outstanding work from Omer Gil, Aviad Hahami, Asi Greenholts, Yaron Avital #SupplyChainSecurity #GitHubActions #DevSecOps

We found 80K+ domains used in investment and job #scams. Attackers #StrategicallyAged newly-registered domains for at least 1 month to evade blocking. When active, the domains redirect to URLs on linksapp[.]top and mainly target Japanese users. Details at https://bit.ly/41EIkPm

UPDATE: GitHub Actions Supply Chain Attack Our team discovered that the initial attack was on Coinbase and that set the stage for the broader tj-actions/changed-files incident. While Coinbase wasn’t compromised, our latest update dives deep into the timeline and details behind this attack, shedding light on how the breach expanded to affect thousands of repositories. This incident underscores the significant risks posed by third-party dependencies, with potential consequences like data breaches, code tampering, and unauthorized access. Get all the details here. https://bit.ly/4hmDhZG