{“lastseen”:”2026-06-15T06:33:20″,”description”:”\\n\\nPalo Alto Networks has revealed that it has observed \\”active exploitation\\” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.\\n\\nThe vulnerability in question is **CVE-2026-0257** (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections.\\n\\nAccording to the network security company, the security defect could be exploited by a bad actor to bypass security controls and initiate VPN connections.\\n\\nThe vulnerability has been exploited in the wild in limited attacks, with initial activity observed on May 17, 2026. It’s currently unknown who is behind the exploitation efforts.\\n\\n\\”No post-access behavior or lateral movement has been identified as of this time,\\” Palo Alto Networks said. \\”Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events.\\”\\n\\nThe company has also released indicators of compromise (IoCs) associated with the activity -\\n\\n * IP addresses – \\n * 23.128.228[.]6\\n * 104.207.144[.]154\\n * 146.19.216[.]119\\n * 146.19.216[.]120\\n * 146.19.216[.]125\\n * 179.43.172[.]213\\n * 185.195.232[.]139\\n * 198.12.106[.]60\\n * 202.144.192[.]47\\n * Host Names and MAC Addresses – \\n * aa:bb:cc:dd:ee:ff\\n * 00:11:22:33:44:55\\n * WINDOWS-LAPTOP-001\\n * DESKTOP-GP01\\n * GP-CLIENT\\n\\n\\n\\nPalo Alto Networks is also urging customers to search GlobalProtect logs for successful gateway-connected events that match the following hard-coded client configuration values from a proof-of-concept (PoC) exploit -\\n\\n * endpoint_os_version : Microsoft Windows 10 Pro 64-bit\\n * source_user_info.domain : empty\\n\\n\\n\\nLate last month, the U.S. Cybersecurity and Infrastructure Security Agency (CSIA) added CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to mitigate the flaw by June 1, 2026.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-06-15T06:17:00″,”modified”:”2026-06-15T06:17:32″,”type”:”thn”,”title”:”Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw”,”source”:””,”references”:””,”id”:”THN:23F3604E6D0C0EDC18C5C8E4FF76DDC8″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-0257″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/06\/palo-alto-warns-of-active-exploitation.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-15T06:33:20″,”description”:”\\n\\nPalo Alto Networks has revealed that it has observed \\”active exploitation\\” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,10,12,13,7,11,43,5],"class_list":["post-62620","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n