Skip to main content

Tag: palo alto networks

77 articles

Brightly-lit network operations environment with a firewall on a rack amidst surrounding equipment.

Palo Alto Networks Firewalls Targeted in Zero-Day Exploits

Palo Alto Networks firewalls are under attack by zero-day exploits targeting a vulnerability in the User-ID Authentication Portal, allowing hackers to execute malicious code with root privileges. This buffer overflow flaw, tracked as CVE-2026-0300, poses a significant risk to organizations with Internet-exposed firewalls.

Analyst 207
Network equipment and firewall device on a rack with cables, under ordinary lighting.

Palo Alto Networks Flaw Exploited for Remote Code Execution

A critical vulnerability in Palo Alto Networks' PAN-OS software has been exploited, allowing hackers to execute malicious code with root privileges on firewalls - and all it takes is a few specially crafted packets. This buffer overflow flaw, tracked as CVE-2026-0300, puts PA-Series and VM-Series firewalls at risk of remote code execution attacks.

Analyst 207
Industrial supply chain setting with traditional and modern tech, featuring a partially disassembled machine.

AI-BOMs Tackle Shadow AI Risks in Enterprise Supply Chains

Imagine biting into a cake without knowing the recipe, ingredients, or who's behind the baking - it's a risk you wouldn't take, right? Similarly, without AI-BOMs, enterprises are left in the dark about the AI components powering their supply chains, leaving them vulnerable to shadow AI risks.

Analyst 207
Modern tech facility interior with AI device prototype on display.

Palo Alto Networks Bolsters AI Security With Portkey Acquisition

Palo Alto Networks is taking a major leap in AI security with its acquisition of Portkey, a cutting-edge startup that offers an AI agent gateway to streamline and secure communications among autonomous agents. This move will enable centralized control and oversight, ensuring safer interactions between AI agents.

Analyst 207
Person working at desk with laptop in a well-lit office setting.

Malicious AI Browser Extensions Exfiltrate User Data

Beware of AI browser extensions that promise to boost productivity but secretly steal your data. Researchers uncovered 18 malicious extensions that masquerade as helpful tools but deliver spyware, Trojans, and other threats that can hijack your online activity.

Analyst 207
Brightly-lit retail setting with a point-of-sale terminal in the foreground, hinting at unease.

BlackFile Targets Retail, Hospitality with Extortion Attacks

Meet BlackFile, a notorious extortion group wreaking havoc on the retail and hospitality sectors with high-stakes attacks, demanding seven-figure ransoms from its victims. With a modus operandi that includes impersonation and voice-phishing, this threat actor is using pressure tactics to get what they want.

Analyst 207
Busy airport terminal in Central or South America with laptop on luggage cart.

TGR-STA-1030 Intensifies Espionage Push in Central, South America

The threat group TGR-STA-1030 is ramping up its espionage efforts in Central and South America, with sustained and widespread activity observed across multiple countries since February. This persistent campaign has recently intensified, with a heavy focus on regions within Central and South America.

Analyst 207
Palo Alto CEO Exclusive: AI Risky for Business, Yet

Palo Alto CEO Exclusive: AI Risky for Business, Yet

Nikesh Arora of Palo Alto warns AI is irresistible—but also a new form of enterprise risk. Companies are racing to deploy LLMs and coding assistants, yet boards and CISOs must pair ambition with guardrails to prevent model poisoning, data leaks and costly failures.

Analyst 207
Cybersecurity Exclusive: M&A Makes AI Security Stronger

Cybersecurity Exclusive: M&A Makes AI Security Stronger

When cybersecurity giants snap up AI‑security specialists, November 2025s M&A wave became a fast lane to protect models, training data and inference pipelines — reshaping defenses as vendors race to bake AI security into every stack.

Analyst 207
Palo Alto Networks administrative portals: Urgent Threat

Palo Alto Networks administrative portals: Urgent Threat

A sudden fivefold surge in automated scans of Palo Alto Networks’ admin portals is a clear warning that attackers are probing for weaknesses — now’s the time to patch, tighten access, and verify your telemetry. While scans don’t prove compromise, treat this spike as a prompt to hunt for misconfigurations and strengthen admin controls.

Analyst 207
Palo Alto portal scans: Stunning 500% Risky Surge

Palo Alto portal scans: Stunning 500% Risky Surge

Is your firewall login page being probed right now? GreyNoise logged a nearly 500% one‑day surge in targeted scans against Palo Alto Networks admin portals — a structured reconnaissance blast that should prompt immediate checks: lock down management interfaces, enable MFA, patch, and review logs.

Analyst 207
NET malware Dangerous: Exclusive Phantom Taurus Threat

NET malware Dangerous: Exclusive Phantom Taurus Threat

A Beijing-linked group dubbed Phantom Taurus is quietly using custom .NET malware to hunt credentials and siphon sensitive files from government web servers across Asia, Africa and the Middle East — a sharp reminder that everyday frameworks can hide serious threats. Defenders should harden .NET apps, tighten logging and MFA, and share indicators fast to turn the tables before secrets slip away.

Analyst 207
Salesloft GitHub repository Massive Risky Breach

Salesloft GitHub repository Massive Risky Breach

A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Analyst 207
Salesloft and Drift Risky Breach: Must-Have Defenses

Salesloft and Drift Risky Breach: Must-Have Defenses

When attackers siphoned customer data from Salesloft and Drift this week and impacted security names like Qualys and Tenable, it became painfully clear that your defenses are only as strong as the third‑party tools your team uses. Now’s the time to tighten API tokens, enforce MFA, and treat vendor risk as a core part of your security posture before contact lists become high‑value phishing and BEC fodder.

Analyst 207
Shattered laptop screen with ominous glow amidst broken alarm clock and dark cityscape.

Salesloft–Drift compromise: Devastating Risk Alert

Trust in the tools that run our businesses can break fast — Zscaler says some customer data was exposed in the Salesloft–Drift supply‑chain attack on Salesforce integrations, a reminder that one upstream breach can ripple across entire enterprise stacks.

Analyst 207
OAuth tokens: Must-Have Fixes to Stop Risky Leaks

OAuth tokens: Must-Have Fixes to Stop Risky Leaks

Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Analyst 207
Salt Typhoon: Exclusive Risky Breach Exposes 600+ Orgs

Salt Typhoon: Exclusive Risky Breach Exposes 600+ Orgs

A China-linked APT called Salt Typhoon has quietly breached over 600 organizations by exploiting Cisco, Ivanti, and Palo Alto flaws—targeting backbone routers and management systems to gain persistent, wide-reaching access. The campaign is a wake-up call to prioritize patching, inventory, and stronger segmentation and logging for every organization that relies on critical network infrastructure.

Analyst 207
AI in Cybersecurity: Stunning Must-Have Defense

AI in Cybersecurity: Stunning Must-Have Defense

In a rapidly evolving digital landscape, the battle between AI-driven attacks and defenses is more intense than ever. Join us as we unpack the insights from the recent Black Hat conference, where experts discussed how AI can transform from a weapon for cybercriminals to a vital shield for defenders—reminding us that in cybersecurity, staying one step ahead is crucial!

Analyst 207
Gold Melody IAB Exploits ASP.NET Keys for Unauthorized Access

Gold Melody IAB Exploits ASP.NET Keys for Unauthorized Access

Gold Melody, an Initial Access Broker tracked as TGR-CRI-0045 by Palo Alto Networks’ Unit 42, exploits leaked ASP.NET machine keys to forge authentication tokens, enabling stealthy, unauthorized access that bypasses traditional security measures and threatens organizational networks at their core.

Analyst 207
Will AI Undermine the Cybersecurity Talent Pipeline?

Will AI Undermine the Cybersecurity Talent Pipeline?

Explore how AI could impact the cybersecurity talent pipeline, analyzing potential challenges and opportunities for workforce development in the industry.

Analyst 207
Deceptive Network Traffic: Uncovering Hidden Threats

Deceptive Network Traffic: Uncovering Hidden Threats

Explore the world of deceptive network traffic and learn how to uncover hidden threats that can compromise your security and data integrity.

Analyst 207
Cyber Criminals Target African Financial Institutions Using Open-Source Tools

Cyber Criminals Target African Financial Institutions Using Open-Source Tools

Cyber criminals exploit open-source tools to target African financial institutions, increasing risks and challenging security measures across the sector.

Analyst 207
Redefining identity security in the age of agentic AI

Redefining identity security in the age of agentic AI

Redefining identity security through agentic AI with adaptive, intelligent safeguards that empower and protect your digital future.

Analyst 207
JSFireTruck Malware Compromises Over 269,000 Websites in a Single Month

JSFireTruck Malware Compromises Over 269,000 Websites in a Single Month

JSFireTruck malware compromised over 269,000 websites in a month, exposing vulnerabilities and stirring global security concerns.

Analyst 207