All news with #palo alto networks tag

⚠️ Palo Alto Networks has warned of a critical buffer overflow (CVE-2026-0300) in the User-ID Authentication Portal component of PAN-OS, allowing unauthenticated remote code execution as root. The flaw carries a CVSS of 9.3 when the portal is internet-accessible (8.7 for internal-only access). Palo Alto reports limited in-the-wild exploitation targeting publicly accessible portals; fixes are scheduled to begin May 13, 2026. Administrators should restrict or disable the portal until patches are applied.

📎 Modern phishing now prioritizes speed over persuasion. By forcing immediate downloads via trusted cloud providers (for example Dropbox?s dl=1), attackers remove the preview step and exploit double extensions and hidden OS behavior to disguise executables. Cortex Email Security applies deep static analysis, behavioral signals, and LLM-based intent classification to detect forced-download parameters, identity-bound cloaking, and rotating social-engineering lures before they reach endpoints.

🔍 The 2026 Unit 42 Global Incident Response Report warns that adversaries are moving to exfiltration four times faster than in 2025 and are exploiting gaps created by an over-reliance on endpoint telemetry. Unit 42 found critical evidence present in logs for 75% of incidents, yet siloed systems and inaccessible telemetry prevented timely detection and response. The authors recommend a single-pane-of-glass, AI-driven SOC that centralizes logs and uses tools like Cortex XSIAM for alert stitching, ML-based scoring and unified investigations to reduce alert fatigue and close multi-surface blind spots.

🔒 Palo Alto Networks’ Unit 42 Frontier AI Defense now integrates Anthropic’s Claude Security powered by Opus 4.7 to accelerate detection and remediation of AI-driven threats. The integration enables AI-driven exposure analysis, scalable deep-stack application reviews, and agentic defense workflows that autonomously detect and remediate issues under human oversight. Participation in Anthropic’s Cyber Verification Program further validates approved defensive use.

🔒 Palo Alto Networks' Unit 42 is expanding its Frontier AI Defense service through a new partnership with Armadin, the offensive security firm founded by Kevin Mandia. The collaboration introduces an autonomous External AI Hyperattack Assessment that passively discovers internet-facing assets, then deploys a coordinated swarm of AI attack agents to validate exposures and exploit vulnerabilities in parallel. Unit 42 says this pressure-tested, decision-grade evidence accelerates remediation and helps organizations reduce AI-enabled external attack risk across cloud and perimeter environments.

🔒 Palo Alto Networks announced its intent to acquire Portkey and integrate Portkey’s AI Gateway into Prisma AIRS to provide a centralized control plane for agentic AI. The combined platform will offer a unified API to thousands of LLMs, an agent registry, semantic routing, caching and runtime protections such as Agent Artifact scanning and automated red teaming. Integration with CyberArk is intended to enforce agent identity and least‑privilege controls. The goal is to enable enterprises to move autonomous workloads from development to production with consistent governance and minimal performance tradeoffs.

📞 BlackFile, a financially motivated extortion group active since February 2026, is using vishing and spoofed VoIP/CNAM calls to impersonate IT support and harvest employee credentials and one-time passcodes. Palo Alto Networks' Unit 42 and RH-ISAC report attackers register devices to bypass multifactor authentication, escalate to executive accounts, and search Salesforce and SharePoint via APIs for files containing terms like 'confidential' and 'SSN'. Stolen data is moved to attacker-controlled infrastructure and published on a dark web leak site before seven-figure ransom demands are issued; victims have also faced swatting and targeted harassment. Organizations are advised to tighten call-handling policies, enforce caller identity verification, and conduct simulation-based social engineering training.

🔒 Palo Alto Networks' Unit 42 summarizes the ten most frequent CISO questions about frontier AI, outlining operational risks, strategic impacts, and prioritized mitigation steps. The piece characterizes frontier models (for example, Anthropic Mythos) as advanced foundational systems that can autonomously find vulnerabilities, chain exploits, and scale reconnaissance and social engineering at machine speed. Unit 42 urges organizations to prioritize findings by attacker reachability and AI exploitability, adopt machine-speed defenses, integrate frontier models into the SDLC, and consider the Unit 42 Frontier AI Defense service and a CISO checklist for immediate and long-term hardening.

🔒 Unit 42 demonstrates Zealot, a multi-agent LLM proof of concept that autonomously chained well-known cloud exploits in an isolated GCP sandbox. The system coordinated specialist agents to perform reconnaissance, exploit an SSRF vulnerability, steal metadata service credentials, impersonate service accounts and exfiltrate BigQuery data without step-by-step human prompts. The report emphasizes that AI acts as a force multiplier—accelerating exploitation of misconfigurations rather than inventing novel techniques—and urges defenders to harden metadata access, enforce least privilege and adopt machine-speed detection and response.

🤝 Palo Alto Networks and Google Cloud announced integrated protections to secure the shift from generative to agentic AI. Native Prisma AIRS integration with Google Cloud Gemini Enterprise Agent Platform governs agentic workflows and prevents runtime agent risks, prompt injection, and sensitive-data leakage. A Palo Alto Networks template in Google Cloud’s Application Design Center enables security-as-code, while Advanced WildFire is embedded in Google Cloud NGFW Enterprise for inline sandboxing and zero-day prevention. A Prisma AIRS Model Security agent will be available via the Google Cloud Marketplace as Agent-as-a-Service and runs inside customers’ Google Cloud environments.

🔒 Palo Alto Networks and Google Cloud outline a platform-based approach to scale AI agents securely for business-critical use. The post emphasizes a layered architecture and more than 80 co-engineered integrations to provide visibility, lifecycle management and AI-driven security across hybrid cloud environments. It highlights $2.4 billion in GCP bookings and four 2026 Google Cloud Partner of the Year awards as evidence of proven scale and customer impact.

🔒 Palo Alto Networks has joined DNS-OARC as a Platinum Member, reinforcing collaboration between DNS operators, researchers, and security practitioners. As a Platinum Member, our subject matter experts will engage in community discussions and contribute research on evolving DNS threats and large-scale operational challenges. These contributions will help integrate community-driven intelligence into Unit 42 threat findings and improve protections across our Network, Cloud, Security Operations, AI and Identity offerings for customers worldwide.

🔒 Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 report that threat actors are exploiting a command injection flaw, CVE-2024-3721, in TBK DVR devices to deliver a Mirai-family loader tracked as Nexcorium. The loader installs architecture-specific binaries, establishes persistence via crontab and systemd, and uses hard-coded credential lists plus an exploit for CVE-2017-17215 to spread to Huawei HG532 devices. Unit 42 also observed automated scans targeting EoL TP-Link routers via CVE-2023-33538, though initial attempts were flawed and did not achieve compromise. Researchers warn that unpatched, unsupported IoT devices and default credentials continue to enable large-scale DDoS botnets and recommend replacing EoL hardware and removing default passwords.

🔐 Palo Alto Networks today announced the Frontier AI Alliance with Accenture, Deloitte, IBM, NTT DATA and PwC to accelerate enterprise defenses against emergent frontier AI models. The alliance integrates Unit 42® Frontier AI Defense with partner implementation and remediation capabilities to deliver a validated AI Defense Blueprint and rapid exposure analysis. Together they offer on‑demand expertise and operational support to achieve accelerated immunity and resilience at machine speed, shortening hardening timelines from years to weeks.

🛡️ Palo Alto Networks' early testing of frontier AI models—including Anthropic's Mythos (via Project Glasswing) and OpenAI models evaluated through Trusted Access for Cyber—shows these models can rapidly find vulnerabilities and generate exploits at scale. The company found a roughly 50% improvement in coding efficiency driving quantum leaps in scanning, vulnerability chaining, and full-stack logic analysis. This creates urgent risks: a deluge of discovered vulnerabilities, supply-chain "inside-out" attacks targeting AI infrastructure, and AI-driven autonomous attack agents that compress attack cycles to minutes. Organizations must accelerate automated patching, adopt zero trust, deploy XDR and agentic endpoint protections, and operationalize AI-driven SOCs like Cortex XSIAM to achieve near-real-time detection and response.

🔒 Palo Alto Networks' Unit 42 is launching Frontier AI Defense, a consulting-led program that evaluates whether organizations are prepared for AI-powered attacks and provides six months of complimentary access to Cortex XDR, Cortex Xpanse and Koi Agentic Security for eligible customers. The offering pairs frontier AI models with Unit 42 offensive security expertise and threat telemetry to identify, validate and prioritize vulnerabilities, misconfigurations and attack paths most likely to be weaponized. It also delivers an Autonomous Security Blueprint to benchmark gaps and an Agentic Defense Transformation to implement prioritized architectural, control and operational changes that reduce exposure and improve containment.

🔒 Palo Alto Networks is participating in Anthropic’s Project Glasswing to test the Claude Mythos model for vulnerability discovery. EMEA CEO Helmut Reisinger says Mythos has identified unprecedented zero-day flaws across multiple operating systems and browsers and can often generate working exploits. Palo Alto is integrating Protect AI, Chronosphere, CyberArk, and soon Koi into its modular platform to secure AI, identity, observability, and agentic endpoints. Reisinger highlighted BYOK, European AI Act compliance, and preparations for the post-quantum era.

🔎 Unit 42 observed automated scans targeting CVE-2023-33538 in several end-of-life TP‑Link routers (TL‑WR940N, TL‑WR740N, TL‑WR841N). Payloads resembled Mirai-like botnet binaries and attempted to download and execute an arm7 ELF, but in-the-wild attempts were flawed and generally failed. Emulation and reverse engineering confirmed a real command-injection flaw in the ssid1 parameter that reaches a system shell, but successful exploitation requires web authentication (default credentials like admin:admin remain a practical risk). TP‑Link lists the devices as EOL with no patches; Unit 42 recommends replacing affected units and avoiding default credentials while using layered protections.

🔒 Palo Alto Networks reaffirms its commitment to UK digital autonomy, offering UK-based data hosting, Bring Your Own Key (BYOK) capabilities and contractual protections aligned to UK GDPR. The post cites Unit 42 research on accelerating exfiltration and identity-driven compromises and explains how Systems Data fuels collective defence without sacrificing operational privacy. It stresses local presence, certifications and tailored support for critical national infrastructure.

🔧 Palo Alto Networks announces the general availability of the ADEM Universal Agent, a hardware-agnostic telemetry agent for Prisma Access designed to deliver consistent, high-fidelity data from branch and edge sites. The agent can run on VMs or containers, enabling synthetic testing, hop-by-hop path analysis, and overlay/underlay visibility regardless of on-prem hardware. By consolidating disparate telemetry into a unified data engine, the agent reduces blind spots and accelerates root-cause identification to support automated, machine-speed operations.