All news with #palo alto networks tag

Palo Alto Networks Joins Google Unified Security Recommended

🤝 Google Cloud announced Palo Alto Networks has joined the Google Unified Security Recommended program, bringing validated integrations across endpoint, network, and access security to deepen interoperability and choice for customers. The integration ingests telemetry from Cortex XDR, VM‑Series NGFWs and Prisma Access into Google Security Operations to drive AI-powered analytics, threat hunting and faster investigation and response. Customers can execute automated playbook actions and procure qualified solutions via the Google Cloud Marketplace for streamlined deployment.

Tools and Strategies to Secure Model Context Protocol

🔒 Model Context Protocol (MCP) is increasingly used to connect AI agents with enterprise data sources, but real-world incidents at SaaS vendors have exposed practical weaknesses. The article describes what MCP security solutions should provide — discovery, runtime protection, strong authentication and comprehensive logging — and surveys offerings from hyperscalers, platform providers and startups. It stresses least-privilege and Zero Trust as core defenses.

Partners Fuel Innovation with Cortex XSIAM & Prisma SASE

🚀 Palo Alto Networks announced that partners voted Cortex XSIAM as CRN’s 2025 Product of the Year for Security Operations Platform/SIEM and Prisma SASE as a 2025 Tech Innovator. Solution providers credited XSIAM’s AI-driven approach for sweeping the evaluation — leading in technology, revenue and customer need — and praised its ability to shift SOCs from tool management to outcome delivery. Partners highlighted Prisma SASE’s multicloud architecture, unified policies and AI copilot as essential for securing hybrid workforces, informed by feedback from over 70,000 customers and the recent Prisma SASE 4.0 release. Palo Alto frames these awards as validation of platform convergence and continued partner enablement.

Why AI Security Requires an Integrated Platform and Governance

🔒 Gartner and Palo Alto Networks argue that AI security must be treated as a platform problem to manage accelerating generative AI risk, cost and complexity. The post recommends a two‑phase path: start with AI usage control to govern third‑party GenAI consumption, then extend protections into AI application development and runtime. Prisma Browser, Prisma SASE and Prisma AIRS are presented as the integrated tooling to discover, govern and protect AI usage and models. Palo Alto highlights Unit 42, Huntr and autonomous red teaming as sources of continuous validation.

React2Shell RCE Exploited, 77K+ IPs and 30+ Breaches

🔴 React2Shell (CVE-2025-55182) is an unauthenticated remote code execution flaw in React Server Components and frameworks like Next.js, disclosed on December 3, 2025. A public proof-of-concept on December 4 accelerated automated scanning and exploitation; Shadowserver found 77,664 vulnerable IPs (≈23,700 in the US), and Palo Alto reports more than 30 breached organizations. Observed attacks use PowerShell stages, AMSI bypass and Cobalt Strike; mitigation requires updating React, rebuilding and redeploying apps, and reviewing logs for post-exploitation indicators.

New Wave of VPN Login Attempts Targets GlobalProtect

🔐 Beginning December 2, a campaign using more than 7,000 IPs from German host 3xK GmbH (AS200373) carried out brute-force login attempts against Palo Alto GlobalProtect portals and soon pivoted to scanning SonicWall SonicOS API endpoints. GreyNoise links the activity to three recurring client fingerprints seen in prior scans and to earlier campaigns that generated millions of HTTP sessions. Organizations should monitor authentication velocity and failures, block implicated IPs and fingerprints, and enforce MFA to reduce credential abuse.

CISA Adds Critical React2Shell RCE to KEV Catalog Now

⚠️ CISA has added a critical remote code execution flaw affecting React Server Components (tracked as CVE-2025-55182 / React2Shell) to its Known Exploited Vulnerabilities catalog. The vulnerability, rated CVSS 10.0, stems from insecure deserialization in React’s Flight protocol and enables unauthenticated attackers to run arbitrary commands via crafted HTTP requests. Fixes are available in react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack (versions 19.0.1, 19.1.2, 19.2.1) and should be applied immediately.

Securing the AI Frontier: GSA OneGov Accelerates Secure AI

🔒 Palo Alto Networks explains why the GSA OneGov agreement matters for federal AI adoption and cybersecurity. Author Eric Trexler cites Unit 42 research showing new risks—particularly AI Agent Smuggling via indirect prompt injection and agent session smuggling—and argues AI must be defended as an attack surface. The post highlights platform protections including Prisma AIRS, FedRAMP High CNAPP, and Prisma SASE to secure AI workloads, edge users, and data. It positions OneGov as a procurement shortcut for agencies to deploy AI securely and notes promotional offers through 31 January 2028.

AI Security Posture Management: A Practical Buyer's Guide

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.

Unit 42 and AWS Launch No-Cost Incident Response Retainer

🔒 Palo Alto Networks Unit 42 and Amazon Web Services have expanded their partnership to offer a no-cost Unit 42 Incident Response Retainer in AWS Marketplace for qualified customers. The retainer provides 250 hours of initial incident response, a 2-hour response SLA and 24/7/365 access to Unit 42’s incident response team. The offering is designed to accelerate containment, enable holistic investigations across cloud and enterprise environments, and reduce procurement overhead while providing preferred pricing for proactive services.

Cybersecurity M&A Roundup: Giants Strengthen AI Security

🛡️ November 2025 saw a flurry of cybersecurity acquisitions as major vendors raced to embed AI, observability and exposure management across their portfolios. Deals included Palo Alto Networks' $3.35bn purchase of Chronosphere, LevelBlue's completion of its Cybereason acquisition, and Bugcrowd's buy of AI app-security firm Mayhem. Other moves saw Safe Security acquire Balbix, Zscaler buy SPLX, and Arctic Wolf agree to acquire UpSight to bolster ransomware prevention. Collectively these transactions accelerate AI-driven automation and resilience across cloud, endpoint and software security.

Choosing the Best Cloud Security Posture Management Tools

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

New ClickFix Attacks Use Fake Windows Update Lures

🛡️Huntress warns of an evolved ClickFix campaign that uses a convincing full‑screen Windows Update splash and steganographic PNGs to trick employees into pasting and running commands. Those commands deliver loaders that in turn deploy LummaC2 and Rhadamanthys infostealers. The firm reports a 313% increase in ClickFix incidents over six months and noted multiple active lure domains even after the Nov 13 Operation Endgame takedown. Primary mitigation advice is to disable the Windows Run dialog via Registry or GPO and pair user awareness with endpoint monitoring and EDR.

Massive Scan Campaign Targets GlobalProtect VPN Portals

🔎 GreyNoise reports a roughly 40x surge in malicious scans against Palo Alto Networks GlobalProtect VPN login portals beginning November 14, with about 2.3 million sessions hitting the /global-protect/login.esp endpoint between Nov 14–19. Activity focused on the United States, Mexico, and Pakistan and is linked to recurring TCP/JA4t fingerprints and ASN reuse, notably AS200373 and AS208885. GreyNoise recommends treating these probes as active reconnaissance — block and monitor attempts rather than dismissing them.

Attack Surface Management: 12 Tools to Harden Perimeter

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

CIO: Embed Security into AI from Day One at Scale

🔐 Meerah Rajavel, CIO at Palo Alto Networks, argues that security must be integrated into AI from the outset rather than tacked on later. She frames AI value around three pillars — velocity, efficiency and experience — and describes how Panda AI transformed employee support, automating 72% of IT requests. Rajavel warns that models and data are primary attack surfaces and urges supply-chain, runtime and prompt protections, noting the company embeds these controls in Cortex XDR.

Arista and Palo Alto Expand Zero-Trust for Data Centers

🔒 Arista Networks and Palo Alto Networks extended their partnership to deliver a framework for zero-trust inside the data center. The integration pairs Arista’s Multi-Domain Segmentation Services (MSS) fabric and full network visibility with Palo Alto’s next-generation firewall (NGFW) to enable an inspect-once, enforce-many model. CloudVision MSS supports dynamic quarantine and can offload trusted high-bandwidth 'elephant flows' after inspection, while the NGFW triggers hardware line-rate isolation when threats are detected. Unified policy orchestration and Arista Validated Designs (AVD) with AVA automation add network-as-code and CI/CD-friendly deployment so NetOps and SecOps can scale independently.

Widespread Outdated and Unmanaged Devices Threaten Networks

🔒 Palo Alto Networks found that 26% of Linux systems and 8% of Windows systems are running outdated versions across telemetry from 27 million devices spanning 1,800 companies. The analysis also shows 39% of devices lack active endpoint protection and roughly one-third of devices operate outside IT control. Poor segmentation and unmanaged edge devices increase the risk of undetected compromise.

Enterprise networks hit by legacy, unpatched systems

🔍 New research from Palo Alto Networks shows enterprise networks remain sprawling and poorly controlled: telemetry from 27 million devices across 1,800 enterprises found 26% of Linux and 8% of Windows systems running on end-of-life OS versions, 39% of directory-registered devices lack active endpoint protection, and 32.5% operate outside IT control. Poor segmentation — present in 77% of networks — and unmanaged edge devices increase attacker opportunities.

CISA Adds Samsung Zero-Day Used to Deploy LandFall Spyware

🛡️ US federal agencies have been directed to patch a critical Samsung zero-day exploited to deploy spyware on mobile devices. The out-of-bounds write flaw CVE-2025-21042 (CVSS 9.8) was patched by Samsung in April, but Palo Alto Networks reports it has been used in a campaign since mid-2024. Commercial spyware LandFall was embedded in malicious DNG images and distributed via WhatsApp, with possible zero-click remote code execution. CISA added the bug to its KEV catalog and requires mitigation or discontinuation by December 1.