Extortion in the Enterprise: Defending Against BlackFile Attacks

Executive Summary Unit 42 has responded to numerous incidents since February 2026 involving data theft and extortion across various industries. We attribute a specific portion of this financially-motivated activity with moderate confidence to the activity cluster CL-CRI-1116, which overlaps with public reporting on BlackFile, UNC6671 and Cordial Spider.  This blog is designed to provide RH-ISAC…

Read More

New NGate Variant in Trojanized NFC Payment App

Executive Summary ESET Researchers discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The malicious code allows attackers to transfer NFC data from the victim’s payment card to their own device and use it for contactless ATM cash-outs and unauthorized payments, while also capturing the victim’s payment…

Read More

The Missing Security Layer in Agentic AI in Retail

A New Class of Digital Operator Retail organizations are moving quickly to operationalize agentic AI to streamline customer service, create self-serve customer workflows, enable shopping bots, and improve internal employee productivity. This is not just an internal transformation. Your customers will use agents to browse, compare, and buy. Your employees will create their own “mini…

Read More

Vercel Discloses Unauthorized Access to Internal Systems; ShinyHunters Claims Responsibility

Executive Summary Infrastructure provider Vercel disclosed a significant security incident, stemming from a compromise of the third-party AI tool Context[.]ai. A highly sophisticated threat actor leveraged a hijacked OAuth token from a Vercel employee to gain unauthorized access to internal environments and non-sensitive environment variables. ShinyHunters has claimed responsibility for the breach, allegedly offering the exfiltrated data for sale…

Read More

Where Retail and Hospitality Fraud is Actually Happening Now (and What to Do About It)

For years, fraud has been a payments problem. Detect it at checkout. Measure success in chargebacks avoided. Build controls around transactions. That model made sense when fraud itself was transactional – and reactive. That era is over. Modern fraud operations are not waiting for a payment event. They are active earlier in the customer journey,…

Read More