Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Palo Alto Networks Vulnerability Under Active Exploitation

Palo Alto Networks Vulnerability Under Active Exploitation

Posted on June 1, 2026 By CWS

Recently, cybersecurity firm Rapid7 reported that attackers are actively exploiting a vulnerability in Palo Alto Networks’ GlobalProtect portal and gateway. This issue, identified as CVE-2026-0257 and assigned a CVSS score of 7.8, was publicly disclosed shortly before exploitation began. The flaw allows unauthorized users to bypass authentication and establish VPN connections to compromised systems.

Details of the Vulnerability

The vulnerability affects firewalls with GlobalProtect portal or gateway enabled under specific configurations, as outlined by Palo Alto Networks in their advisory on May 13. The company released patches to mitigate the issue, emphasizing the need for immediate updates due to the critical nature of the defect. Despite these efforts, malicious actors began exploiting the flaw shortly after its disclosure.

On the same day, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog, urging rapid patch deployment by June 1. The National Institute of Standards and Technology (NIST) also marked the issue as critical, highlighting the potential impact on unpatched systems.

Observed Exploitation Activities

According to Rapid7, exploitation activities were first detected on May 17, involving suspicious cookie authentication to local admin accounts from the hosting provider Vultr. This pattern was observed across multiple customer environments. A subsequent wave of attacks was noted on May 21, originating from Dromatics Systems, where the threat actors used VPN IP assignments post-authentication to access internal networks.

The attackers successfully leveraged forged cookies to exploit the authentication bypass in multiple instances. Rapid7 noted that in eight out of ten attempts, the cookies were accepted without establishing a full VPN session, suggesting a sophisticated understanding of the vulnerability and its exploitation.

Mitigation and Defensive Measures

To aid organizations in identifying vulnerable systems, Rapid7 released a proof-of-concept script along with indicators of compromise. These tools are designed to help defenders pinpoint potential breaches and reinforce network security measures. Palo Alto Networks has provided patches in updates for PAN-OS versions 12.1, 11.2, 11.1, 10.2, and Prisma Access versions 11.2.0 and 10.2.0. Organizations are strongly advised to implement these updates promptly to mitigate risks.

In conclusion, the active exploitation of this vulnerability underscores the necessity for timely patch management and robust network defense strategies. As the cybersecurity landscape evolves, staying informed and proactive in addressing vulnerabilities remains crucial for safeguarding digital infrastructures.

Security Week News Tags:authentication bypass, CISA, CVE-2026-0257, cyber threats, Cybersecurity, Exploitation, Firewalls, GlobalProtect, indicators of compromise, network security, Palo Alto Networks, proof-of-concept, Rapid7, Vulnerability

Post navigation

Previous Post: WP Maps Pro Vulnerability Exploited to Create Admin Accounts
Next Post: Microsoft Clarifies Legal Stance on Security Research

Related Posts

In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost Security Week News
Lumma Stealer Activity Drops After Doxxing Lumma Stealer Activity Drops After Doxxing Security Week News
RaccoonO365 Phishing Service Disrupted, Leader Identified RaccoonO365 Phishing Service Disrupted, Leader Identified Security Week News
Microsoft Paid Out  Million in Bug Bounties in Past Year Microsoft Paid Out $17 Million in Bug Bounties in Past Year Security Week News
Battering RAM Attack Breaks Intel and AMD Security Tech With  Device Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device Security Week News
WhatsApp Fixes File Spoofing and URL Vulnerabilities WhatsApp Fixes File Spoofing and URL Vulnerabilities Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark