Unit 42® Threat Intelligence Updates
Palo Alto Networks Unit 42
Unit 42 Threat Intelligence & Incident Response. Intelligence Driven. Response Ready.
Welcome to our July Threat Bulletin! Each month, Unit 42® analyzes hundreds of cyberattacks and conducts extensive threat research to help organizations worldwide stay safer from evolving digital threats. Here are our latest research findings and threat intelligence, curated to help you defend against the most critical attacks we're tracking.
We’d love to hear your thoughts. Please drop a comment below and tell us what you think!
Trending Intel
Threat Brief: Active Exploitation of Microsoft SharePoint Vulnerabilities
The Brief: Four critical zero-day vulnerabilities are being actively exploited in on-premises SharePoint Server, enabling attackers to bypass MFA/SSO and execute remote code. Organizations with internet-exposed SharePoint should assume compromise as threats persist postpatching without cryptographic key rotation. Primary targets include government, healthcare and enterprise sectors. SharePoint Online is unaffected.
Leadership Lens: This breach of core identity controls threatens network-wide compromise through SharePoint's deep Microsoft ecosystem integration. CISOs must coordinate immediate crisis response: disconnect vulnerable servers, emergency patch, rotate all cryptographic keys and engage incident response teams.
Unit 42 Global Incident Response Report: Social Engineering
The Brief: Unit 42® data reveals social engineering now drives over one third of 2025 breaches — the leading attack vector. Threat actors deploy both automated and targeted campaigns that bypass technical controls, causing data exposure in 50%+ of incidents, with manufacturing and healthcare hit hardest.
Leadership Lens: Social engineering threatens enterprise trust, operations and brand — not just user awareness. CISOs need systemic resilience through zero trust integration, executive alignment and board investment in sustained defense capabilities aligned with organizational risk appetite.
CISO Confidential: Retail vs. Social Engineering
The Brief: Retail organizations face escalating risk from social engineering, now marked by increasing sophistication and persistence. In CISO Confidential, Unit 42's Mitch Mayne and Matt Brady examine these emerging tactics, highlighting the operational and reputational impact on the sector.
Leadership Lens: Social engineering challenges the core of enterprise resilience and trust, extending beyond classic awareness campaigns. CISOs must build systemic defenses — including effective multifactor authentication and proactive monitoring — to counter evolving attacker ingenuity. Mayne and Brady underscore the strategic imperative for executive alignment and sustained investment, ensuring defense capabilities remain tightly matched to organizational risk appetite.
Get Ahead
Unit 42 Insider Threat Services help detect, deter, and disrupt malicious and accidental insider threats, leveraging our years of experience to ensure your organization remains resilient against internal risks.
Stay vigilant,
Your Unit 42 Team
Threat Analyst Picks
Never miss out on new Unit 42 research. Subscribe to our Threat Research Center.