惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
T
Troy Hunt's Blog
Y
Y Combinator Blog
V
V2EX
美团技术团队
Last Week in AI
Last Week in AI
S
Security @ Cisco Blogs
IT之家
IT之家
博客园_首页
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
阮一峰的网络日志
阮一峰的网络日志
AI
AI
罗磊的独立博客
人人都是产品经理
人人都是产品经理
H
Hacker News: Front Page
N
News and Events Feed by Topic
P
Privacy International News Feed
V2EX - 技术
V2EX - 技术
Recent Commits to openclaw:main
Recent Commits to openclaw:main
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
GbyAI
GbyAI
L
LINUX DO - 热门话题
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Azure Blog
Microsoft Azure Blog
Martin Fowler
Martin Fowler
月光博客
月光博客
WordPress大学
WordPress大学
Latest news
Latest news
Google DeepMind News
Google DeepMind News
S
Schneier on Security
N
Netflix TechBlog - Medium
腾讯CDC
T
Tailwind CSS Blog
TaoSecurity Blog
TaoSecurity Blog
S
Secure Thoughts
L
LINUX DO - 最新话题
Project Zero
Project Zero
Cyberwarzone
Cyberwarzone
D
DataBreaches.Net
Webroot Blog
Webroot Blog
B
Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
H
Help Net Security
L
LangChain Blog
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

The Register - Security: Cyber-crime

Election interlopers register 5K+ domains, hope to catch some voting phish ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak Carnival confirms ShinyHunters cruised off with 6M customer records after April breach CrowdStrike, Google shatter Glassworm botnet MyPillow must decide whether to be firm or soft as ransomware crims demand pay A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Shai-Hulud copycat worm infects yet another npm package Grafana Labs admits all its codebase are belong to someone who popped its GitHub account Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files Cache-poisoning caper turns TanStack npm packages toxic 'CopyFail' attackers start cashing in on Linux flaw Cushman & Wakefield confirms vishing cyberattack ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Critical cPanel exploited: 'Millions' of sites could be hit Pro-Iran group turns Ubuntu DDoS into shakedown French prosecutors link 15-year-old to gov mega-breach UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Burglar alarm biz gets burgled, ShinyHunters pursues ransom Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning 500k Biobank volunteers' data listed for sale on Alibaba Another npm supply chain worm hits dev environments France's 'Secure' ID agency probes breach as crooks claim 19M records France's 'Secure' ID agency probes claimed 19M record breach macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets macOS ClickFix attacks deliver AppleScript stealers Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords Third ransomware pro pleads guilty to cybercrime U-turn AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account AI-pwned: Vercel breach traced to stolen employee creds Crook claims to leak 'video surveillance footage' of companies Crook claims to leak 'video surveillance footage' of firms Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Adaptavist Group breach: Ransomware crew claims mega-haul Scot becomes second Scattered Spider-linked crook to plead guilty in US US gets second Scattered Spider-linked guilty plea North Korea targets macOS users in latest heist McGraw Hill linked to 13.5M-record data leak McGraw Hill linked to 13.5M-record data leak Autovista blames ransomware for service disruption Autovista blames ransomware for service disruption No honor among thieves as 0APT threatens rival ransomware gang Krybit 0APT ransomware gang extorts Krybit amid doxxing threat Fake Linux leader using Slack to con devs into giving up their secrets Fake Linux Foundation leader using Slack to phish devs Booking.com warns of possible reservation data exposure Booking.com warns of possible reservation data exposure Gym giant Basic-Fit breached with at least 1M affected US, UK, Canadian cops disrupt $45M global crypto scam www.theregister.com Old Adobe Reader zero-day uses PDFs to size up targets Zephyr Energy loses £700K to contractor payment fraud Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns Russia's APT28 behind latest wave of router, DNS attacks AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack Mercor says it was 'one of thousands' hit in LiteLLM attack Telnyx package latest hit in PyPI supply-chain compromise Telnyx package latest hit in PyPI supply-chain compromise European Commission admits breach of public web systems European Commission admits breach of public web systems AFC Ajax drops ball as hackers transfer tickets, lift bans AFC Ajax drops ball as hackers transfer tickets, lift bans HackerOne slams supplier for delayed breach notice after staff data exposed HackerOne slams supplier over delayed breach notice Russian initial access broker jailed for 81 months in US Russian initial access broker jailed for 81 months in US Smooth criminals talking their way into cloud environments, Google says Chip tester shrugged off ransomware – then came the leak Chip tester shrugged off ransomware – then came the leak Russians posing as Signal support to launch phishing raids JLR cyber bailout risks dangerous precedent, watchdog warns Unknown attackers exploit yet another critical SharePoint bug Microsoft Intune: Lock it down, warn feds after Stryker Ransomware crims abused Cisco 0-day weeks before disclosure North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un Robotics surgical biz Intuitive discloses phishing attack Cybercrime up 245% since the start of the Iran war AI-driven fraud far more profitable, Interpol warns Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs Interpol sinkholes 45,000 IPs linked to global cybercrime SocksEscort fraud-enabling proxy service taken down CISA warns max-severity n8n bug is being exploited in the wild Iran-linked cyber crew claims hit on US med-tech firm Meta, cops deploy AI and handcuffs in scam crackdown Dutch police collar teen over string of bank card frauds EU law advisor wants cybercrime protections fast-tracked Cybercrime isn't just a cover for Iran's government goons Crooks compromise WordPress sites, spread infostealers Ericsson breach blamed on third party vendor vishing attack Polish cyber police busts gang of alleged teen DDoS peddlers
Palo Alto VPN bug graduates from advisory to active exploitation
Carly Page Carly Page · 2026-06-01 · via The Register - Security: Cyber-crime

Cyber-crime

Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users

Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.

The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations.

Palo Alto disclosed the bug on May 13 and initially assigned it a medium-severity rating, saying it was aware of attempts to exploit it but had not observed any malicious exploitation.

That assessment has not aged well.

Security boffins at Rapid7 said they observed successful exploitation across multiple customer environments dating back to at least May 17 and validated the attack technique using its own proof-of-concept testing. Attackers established unauthorized VPN sessions on vulnerable systems, potentially granting access to internal corporate networks without legitimate credentials, it added.

Rapid7's analysis suggests the flaw comes down to how PAN-OS trusts authentication override cookies. In certain deployments, hackers can create their own cookies and have the firewall accept them as legitimate. The risk is highest where the same certificate is used for both HTTPS services and authentication override cookies, giving the baddies access to the information needed to generate convincing fakes.

Rapid7 said it observed multiple waves of activity targeting vulnerable devices. In some cases, cybercrims successfully obtained VPN IP addresses and network access, but the company said it didn’t observe evidence of successful lateral movement following initial access in the incidents it investigated.

The flaw has now landed in CISA's Known Exploited Vulnerabilities catalog, with federal agencies given until June 1 to patch or otherwise secure affected systems. Palo Alto has also revised its advisory, elevating the severity rating and attaching its highest urgency label. Fixes are available for supported releases.

"Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied," the firm said in an update. 

The latest PAN-OS headache arrives less than a month after another Palo Alto emergency. In May, state-backed attackers were found exploiting CVE-2026-0300, a critical remote code execution flaw in the PAN-OS User-ID Authentication Portal, before patches became widely available.

Organizations running vulnerable GlobalProtect gateways now face a familiar choice: patch quickly or find out whether someone else gets there first.®