Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Exploitation of PAN-OS Security Flaw Intensifies

Exploitation of PAN-OS Security Flaw Intensifies

Posted on May 30, 2026 By CWS

Recent developments reveal that the security vulnerability CVE-2026-0257 in Palo Alto Networks’ PAN-OS is being actively exploited. This medium-severity flaw, affecting the PAN-OS and Prisma Access platforms, is under scrutiny due to its potential to facilitate unapproved VPN connections by circumventing authentication protocols.

Understanding the PAN-OS Vulnerability

Identified as CVE-2026-0257 with a CVSS score of 7.8, this vulnerability allows attackers to bypass security measures in the GlobalProtect portal and gateway of PAN-OS software. The flaw specifically impacts firewalls configured with authentication override cookies and particular certificate setups, as detailed in a company advisory on May 13, 2026.

Palo Alto Networks has observed limited exploitation attempts targeting unpatched PAN-OS devices lacking mitigations. Rapid7 has documented successful exploitation attempts, initially detected on May 17, 2026, with a subsequent wave noted on May 21, believed to originate from the same threat actor.

Impact on Network Security

During the second wave of attacks, unauthorized VPN IP assignments were detected following cookie-based authentication, granting attackers access to internal networks. While no further malicious activity was noted within affected environments, the potential impact on organizations is substantial, emphasizing the need for immediate action.

Rapid7 underscores the critical nature of this vulnerability, advising organizations with affected systems to implement vendor-supplied patches without delay. The risks associated with an authentication bypass in enterprise VPN appliances underscore the urgency for corrective measures.

Mitigation Strategies and Future Outlook

To mitigate risks, it is advised to either disable the authentication override feature or issue a new certificate solely for this function. This proactive approach aims to prevent unauthorized access until comprehensive patching is completed.

The exploitation of CVE-2026-0257 is part of a broader trend, following reports of the weaponization of another significant vulnerability in FortiClient Endpoint Management Server (CVE-2026-35616). Organizations are urged to remain vigilant and proactive in their cybersecurity measures to safeguard against emerging threats.

As the situation evolves, maintaining updated security protocols and regularly applying patches is crucial to protect networks from potential exploits.

The Hacker News Tags:authentication bypass, CVE-2026-0257, Cybersecurity, Exploit, Firewall, GlobalProtect, network security, Palo Alto Networks, PAN-OS, Prisma Access, Rapid7, security flaw, threat actor, VPN, Vulnerability

Post navigation

Previous Post: Post-Quantum Cryptography Gains Momentum
Next Post: Introducing Pentest Swarm AI: Revolutionizing Autonomous Penetration Testing

Related Posts

 Google Sues China-Based Hackers Behind  Billion Lighthouse Phishing Platform  Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform The Hacker News
New ClickFix Campaign Exploits Sites for MIMICRAT Deployment New ClickFix Campaign Exploits Sites for MIMICRAT Deployment The Hacker News
Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware The Hacker News
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims The Hacker News
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers The Hacker News
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fortinet Addresses Vulnerabilities in Key Security Software
  • Microsoft Addresses 622 Vulnerabilities, Highlights Two Zero-Days
  • Critical SAP NetWeaver Vulnerability Addressed in July Updates
  • Microsoft Fixes 570 Vulnerabilities in Major Update
  • Synopsys Denies Data Breach Amid Bosch Hack Allegations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fortinet Addresses Vulnerabilities in Key Security Software
  • Microsoft Addresses 622 Vulnerabilities, Highlights Two Zero-Days
  • Critical SAP NetWeaver Vulnerability Addressed in July Updates
  • Microsoft Fixes 570 Vulnerabilities in Major Update
  • Synopsys Denies Data Breach Amid Bosch Hack Allegations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark