-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Unit 42 | Breaking Cybersecurity News | The Hacker News

Category — Unit 42
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

7月 01, 2026 Artificial Intelligence / Threat Intelligence
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting , and its new research shows it is already happening in the wild. The reason it matters is trust. Developers and AI assistants increasingly treat the links a model hands back as real. When a model invents a domain that does not exist yet, whoever registers it first inherits all of that misplaced trust, with no phishing email and no malicious ad required. To measure the problem, Unit 42 asked two AI models 685,339 questions about 913 well-known brands across technology, finance, healthcare, government, gambling, and other sectors. The models produced 2.1 million links. Threat intelligence already flagged 13,229 of them as outright malicious, meaning the AI was handing out known-ba...
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

6月 25, 2026 Browser Security / Malware
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube , has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension (ID: cmedhionkhpnakcndndgjdbohmhepckk ) description states that it allows users to prevent web page elements like ads, including preroll ads, from being displayed on the video sharing platform, as well as on external sites that load YouTube. While the add-on offers the promised functionality, it also features capabilities to run arbitrary JavaScript code. "It also contains the architectural ingredients for arbitrary JavaScript execution on any website, activated by a single server-side configuration change, without an extension update, without a store review, and without any visible sign that something has changed," researchers Oleg Zaytsev and Shachar Gritzman said in a re...
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

9月 30, 2025 Cyber Espionage / Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42 researcher Lior Rochberger said . "The group's primary objective is espionage. Its attacks demonstrate stealth, persistence, and an ability to quickly adapt their tactics, techniques, and procedures (TTPs)." It's worth pointing out that the hacking group was first detailed by the cybersecurity company back in June 2023 under the moniker CL-STA-0043 . Then last May, the threat cluster was graduated to a temporary group, TGR-STA-0043 , following revelations about its sustained cyber espionage efforts aimed at governmental entities since at least late 2022 as part of...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
Expert Insights Articles Videos
Cybersecurity Resources