< ciso
brief />
Tag Banner

All news with #palo alto networks tag

224 articles

Fake Microsoft Teams support call scam targets files

📢 Palo Alto Networks’ Unit 42 warns of a new campaign targeting Microsoft Teams users that begins with a survey email and a malicious PDF. If opened, victims soon receive a voice call claiming to be Microsoft Support; the fake agent requests permission to install a remote access tool and additionally deploys Ether RAT. The Trojan gives attackers full access to the compromised machine, enabling theft of sensitive information and files. Users should be cautious of unsolicited surveys and support calls.
read more →

Phantom squatting: AI-hallucinated domains abused

🛡️ Palo Alto Networks' Unit 42 warns attackers are registering AI-hallucinated domains and using them for phishing and malware distribution. The report shows models invent millions of links, many unregistered, and attackers are preemptively purchasing and cloning brand sites. Because new domains lack reputation data, they evade blocklists until damage is done. Unit 42 documents several real-world cases and offers mitigation steps for defenders and users.
read more →

Palo Alto Networks Defines Identity Security Future

🔒 Palo Alto Networks announces Idira™, its next-generation identity security platform, following the acquisition of CyberArk to position identity as a core control plane for AI-driven enterprises. The platform treats every identity—human, machine and AI agent—as privileged, offering real-time discovery, just-in-time privilege and continuous governance. Partners are urged to adopt new advisory and delivery models to help customers reduce fragmentation and secure hybrid, cloud-native, and AI-enabled environments. The move aligns with customer demand for integrated, AI-powered security and supports partner enablement through the NextWave program.
read more →

Stonehenge as a Model for Cybersecurity Architecture

🪨 The author uses Stonehenge as a metaphor for designing resilient cybersecurity architectures, arguing organisations must move from fragmented point solutions to a modular, platform-based approach. Palo Alto Networks emphasises a unified cyber data layer, Precision AI integration, and an Autonomous SOC to enable real-time detection and response across IT, OT, cloud, and edge. The piece highlights identity security, AI runtime protection, and supply-chain risks as critical pillars for long-term resilience.
read more →

Cloud bucket hijacking risks across major providers

🔒 Unit 42 researchers describe a bucket hijacking technique that exploits globally unique storage bucket names across major cloud providers. By deleting a target bucket and recreating it under an attacker-controlled account with the same name, data streams (logs, Pub/Sub, replication, transfer jobs, etc.) can be silently rerouted to an adversary. The team validated the attack across Google Cloud, AWS and demonstrated cross-subscription scenarios in Azure, and has shared findings with the affected vendors.
read more →

Prisma AIRS local cloud launch in Japan

🚀 Palo Alto Networks is launching a local cloud location for Prisma® AIRS™ in Japan to secure emerging AI deployments. The expansion provides domestic data residency, low-latency processing, and phased rollout of comprehensive AI security features for models, agents, and artifacts. It aims to help Japanese organizations adopt Generative AI and agentic workflows with improved operational efficiency and cyber resilience.
read more →

Google Vertex AI SDK bucket-squatting flaw patched

🛡️ Palo Alto Networks Unit 42 disclosed a flaw in the Google Cloud Vertex AI Python SDK that let an attacker with only their own Google Cloud project and a victim's project ID hijack model uploads and execute code in Vertex AI serving containers. Google fixed the issue; users must update to google-cloud-aiplatform version 1.148.0 or later and explicitly set a staging_bucket. The bug arose from predictable default bucket names and lack of ownership checks, enabling an attacker to precreate the bucket, swap uploaded model files (often pickled), and run malicious code when Vertex AI loaded the model.
read more →

Palo Alto and Databricks Set AI Security Standard

🔒 Palo Alto Networks and Databricks announce an integrated runtime security solution to protect agentic AI across the enterprise. The partnership embeds Prisma AIRS into the Databricks Unity AI Gateway to provide centralized governance, real-time inspection, and policy-driven enforcement for prompts, tool calls, and model interactions. This approach aims to prevent prompt injections, data exfiltration, and malicious tool usage while enabling faster, secure AI deployments.
read more →

Palo Alto DNS Security Preview for Route 53 Resolver

🛡️ Amazon Web Services announces a preview integration of Palo Alto Networks Advanced DNS Security with Route 53 Resolver DNS Firewall. Security teams can now subscribe to PANW protections directly from the DNS Firewall console and apply categories like Command and Control, Malware, and Phishing without deploying separate firewalls. The integration supports hybrid traffic, AWS multi-account management, centralized visibility via AWS Security Hub, and preview availability across multiple regions.
read more →

Palo Alto Warns of Active Exploitation of PAN‑OS Bug

🔒 Palo Alto Networks has observed active exploitation of CVE-2026-0257, an authentication bypass in PAN-OS affecting GlobalProtect portal and gateway components that can enable unauthorized VPN connections. Initial in-the-wild activity was seen on May 17, 2026, though the threat actor remains unidentified. The company provided IoCs and urges customers to search GlobalProtect logs for gateway-connected events and specific client configuration indicators.
read more →

Palo Alto Networks PBMM Assessment Expands Cloud Coverage

🔒 Palo Alto Networks announced successful completion of a Cloud Medium security assessment by the Canadian Centre for Cyber Security, expanding PBMM coverage across Cortex®, Cortex Cloud and Strata. The assessment validates these cloud services for Protected B / Medium Integrity / Medium Availability environments, enabling organizations handling sensitive Canadian data to use a unified, AI-driven security architecture while maintaining compliance and operational resilience. This milestone highlights PBMM's growing relevance beyond government into critical infrastructure and private sector organizations.
read more →

Behavioral Integrity Risks in AI Agent Skills

🔎 AI agent skills can install third-party capabilities with privileged access, yet registries lack automated audits. Palo Alto Networks introduces Behavioral Integrity Verification (BIV), which compares declared metadata, executable code and natural-language instructions to detect mismatches. Applied to the OpenClaw registry, BIV found widespread deviations and identified multi-stage attack chains that enable credential theft, RCE and exfiltration. The report recommends inventorying skills and requiring pre-install behavioral checks.
read more →

OMB M-26-14: From Data Hoarding to Active Defense

🔐 The OMB Memo M-26-14 ends compliance-driven data hoarding and mandates a risk-based, machine-speed logging approach. It requires six months of logs to be hot and searchable and one year retrievable, expands visibility to IoT/OT, and emphasizes continuous event monitoring and AI-driven detection. Legacy SIEMs struggle to meet these goals; Palo Alto Networks positions Cortex XSIAM as a FedRAMP-certified solution built for index-free, AI-enabled, cross-domain threat hunting.
read more →

Trust and Sovereignty: A Framework for Europe

🔒 The article argues that sovereignty in Europe demands verifiable control, not just contractual promises. It emphasizes integrity, accountability, and transparency, and describes the Sovereign Cortex with T Security — a partnership with Deutsche Telekom and Google Cloud — as a practical response. The post underscores placing meaningful control with trusted local partners and treating sovereignty as a design principle.
read more →

FlutterShell macOS backdoor spreads via malvertising

🛡️ Palo Alto Networks Unit 42 uncovered Operation FlutterBridge, a macOS malvertising campaign distributing a Flutter-built backdoor called FlutterShell. The campaign links to a cluster known as JSCoreRunner/FileRipple and an actor tracked as CL-CRI-1089, active since at least 2023. FlutterShell uses WebView and a JavaScript-to-native bridge to load malicious logic from attacker-controlled sites, supports command execution, file manipulation, and exfiltration, and has multiple evolving variants that passed Apple notarization.
read more →

Weekly recap: PAN-OS, Gogs, GlassWorm takedown

🔔 This week's briefing highlights active exploitation of a PAN-OS GlobalProtect authentication bypass (CVE-2026-0257), a critical unauthenticated RCE in Gogs, and the coordinated takedown of GlassWorm C2 infrastructure. Other notable items include a long-standing Linux LPE (CIFSwitch) patched upstream, CERT-In urging rapid patching timelines, and several AI-enabled and supply-chain aided campaigns increasing attacker speed and reach.
read more →

Palo Alto fixes auth-bypass in GlobalProtect VPN

🔒 Palo Alto Networks patched CVE-2026-0257, an authentication bypass on the GlobalProtect portal and gateway, after attackers began exploiting the flaw. Initially rated medium, the issue was raised to high severity following multiple exploitation attempts on unpatched PAN-OS devices. Rapid7 observed forged-cookie probes and VPN IP assignment to internal networks, prompting urgent patching guidance. CISA added the vulnerability to its KEV Catalog and federal agencies must remediate by June 1.
read more →

PAN-OS GlobalProtect Authentication Bypass Exploited

🔒 Palo Alto Networks disclosed a medium-severity authentication bypass (CVE-2026-0257, CVSS 7.8) affecting PAN-OS and Prisma Access GlobalProtect portals and gateways when authentication override cookies and a specific certificate configuration are used. The vendor warned on May 13, 2026, and updated on May 29 after confirming limited in-the-wild exploit attempts targeting unpatched devices. Rapid7 reported successful exploitation beginning May 17 with a second wave on May 21, in some cases granting VPN IP assignment and internal network access. Temporary mitigations include disabling authentication override or generating a dedicated certificate for the override feature.
read more →

Palo Alto Networks Unifies AI Gateway for Agents

🔒 Palo Alto Networks has completed its acquisition of Portkey and will integrate Portkey’s AI Gateway into Prisma AIRS to provide a centralized control plane that secures and governs AI agents at scale. The integrated Prisma AIRS AI Gateway will offer unified APIs, an agent registry, semantic routing, artifact scanning, automated red teaming and runtime security to identify, authenticate and authorize agent interactions in real time. This aims to give enterprises a single enforcement point to manage agent identity, least-privilege access and consistent policies across autonomous workloads.
read more →

PAN-OS Captive Portal Critical RCE Affecting Siemens Devices

⚠️A buffer overflow in the User-ID™ Authentication Portal (Captive Portal) of Palo Alto Networks PAN-OS permits an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens has identified affected Siemens RUGGEDCOM APE1808 devices and is preparing fixes while recommending immediate mitigations. Recommended actions include disabling Response Pages on exposed interfaces, disabling the User-ID Authentication Portal if not required, and restricting portal access to trusted internal IP addresses; contact vendor support for patch information.
read more →