All Posts

Author(s): Unit Zero Threat Research Team 🚪 Initial Access Broker (IAB) Activities in the period targeted Japanese financial and industrial sectors, with sales of compromised access credentials and vulnerabilities on forums key listings emphasized high-value entry points for further exploitation. Our Unit Zero research team identified this possible victim according to the threat actor claims the Japanese bank in question appear to be Oita Bank, Ltd. February 10: Sale of acce

Author(s): Unit Zero Threat Research Team 🔍 Japan Darkweb Activity In the period from January 7 to January 27, 2026, darkweb monitoring revealed a surge in data leaks and illicit sales targeting Japanese entities, primarily via forums like BreachForums, LeakBase, and DarkNetArmy. Key activities included the sale of personal data and leaks of corporate/government documents, often attributed to ransomware groups like Clop. No activities were noted between January 7 and January

News Summary In June 2025, SoftBank Corp. announced that its subcontractor , UF Japan Co., Ltd. (which operates call centers, etc.) , may have improperly handled up to approximately 140,000 customer personal information records. In response to the potential leaks, SoftBank terminated its contract and began an investigation. UF Japan subsequently filed for bankruptcy in January 2026. This series of events illustrates how risk management, information security, and maintaining

Authors: Reyben T. Cortes, Azim Uddin, Abdullah Mamun, ThreatCluster , DefusedCyber Happy Monday! Unless you've been living under a rock, we're tracking the development of one of the most controversial conversations in the security community regarding the release of ClawdBot, that is what we will only call it for today. While this isn't the first iteration, this agentic tool unloads a can of worms into your local system by crawling every single crevice of files and API crede

Author: MD. Azim Uddin Figure 1: India's Cyber Digital Monsoon 2025 As we monitor the movements of threat actors across the Asia Pacific (APAC) region, examining attack trends and the evolution of cyber warfare from low-skill attacks conducted by inexperienced actors to advanced state-sponsored operations, it is clear that 2025 marked a sobering moment for India’s cybersecurity landscape. Our analysis presents a concerning reality: India has become one of the world's top targ

Author(s): Reyben T. Cortes, Azim Udin, Unit Zero Threat Research Team, DefusedCyber Figure 1: Pie chart statistics of top n8n versions in Japan Happy New Year! Since early December leading up to the Holiday break we flagged a series of n8n vulnerabilities that came to our immediate attention, for a good reason. N8n one of the most trending, Free-to-start low-code no code automation platform used by all types of users and organizations worldwide. Due to it's extremely scalabl

Author(s): Reyben T. Cortes Happy Friday! It was the calm before the storm, within the past 48 hours the security community finally came full circle after details of a working PoC (Proof of Concept) exploit recently went public for CVE-2025-66478, an unpublished Next.js vulnerability built on React created by Vercel. With Its focus on making beautiful interactive user interface, the widely used frontend library garnered over 82 million websites worldwide, becoming the world's