All news with #palo alto networks tag

🚀 Palo Alto Networks has reworked its NextWave partner program and unified it with a value exchange framework to simplify engagement, reward impact and accelerate growth in 2026. The update emphasizes predictability, repeatability and profitability, expanding enablement, labs, demos, quoting APIs and targeted rebates. Partners gain clearer paths for specialization, delivery and managed services while customers benefit from more consistent, integrated AI-driven security outcomes.

🔒 Palo Alto Networks has partnered with the RAF Association to modernize its cybersecurity with a secure-by-design, zero trust architecture. The engagement consolidates legacy controls into a unified platform using Prisma SASE, Cortex XDR and Strata Cloud Manager with AIOps to improve visibility, automate operations and protect sensitive beneficiary data. The initiative prioritizes operational resilience and scalable, cost‑efficient support.

🔒 Palo Alto Networks unveiled Quantum-Safe Security to help organizations transition to post-quantum cryptography without disrupting operations. It provides continuous, real-time cryptographic visibility by collecting telemetry from PAN-OS NGFW, Prisma Access and third-party tools to catalog certificates, algorithms, key exchanges and libraries. The solution prioritizes harvest now, decrypt later risks, guides staged remediation including hybrid algorithms and real-time encryption translation for legacy systems, and automates governance and compliance. Integration with SIEM, EDR and other systems supports gradual migration across complex environments.

🔐 Palo Alto Networks announced Quantum-Safe Security, a continuous solution to discover, assess and remediate enterprise cryptographic risk as organizations migrate to post-quantum standards. The offering ingests telemetry from PAN-OS NGFW, Prisma Access and third-party systems to build a real-time Cryptographic Bill of Materials (CBOM), prioritize harvest-now, decrypt-later exposure, and automate remediation—including cipher translation at the network edge. General availability is expected on January 30, 2026.

🚀 The author uses the Alien films to illustrate modern SOC challenges, arguing that threats enter unseen, tools create noise, and visibility gaps are lethal. The post highlights Unit 42 findings on faster exfiltration and critiques legacy SIEMs, advocating for a unified data foundation and AI-driven platforms like Cortex XSIAM. It recommends automation to accelerate response while preserving human expertise.

⚠️ Unit 42 details a technique where seemingly benign webpages call trusted LLM APIs from the browser to generate malicious JavaScript dynamically and execute it at runtime. Carefully engineered prompts can bypass model safety guardrails and return credential-harvesting code that assembles in-browser into personalized phishing pages. Because payloads are served via trusted domains and differ per visit, this approach defeats many static and network-based detectors, making runtime behavioral analysis the most effective mitigation.

🔒 Palo Alto Networks' assessment identifies phishing and spoofed websites as the primary initial access vectors for the Milano-Cortina 2026 Winter Games. Researchers highlight business email compromise (BEC) as central to these campaigns, noting 76% of observed phishing relied on BEC to exploit trust among staff, partners and suppliers. The report warns that ransomware groups, nation-state actors and hacktivists will target ticketing, payment systems and APIs, and it advises basic vigilance, supplier vetting and reputable purchasing to reduce consumer risk.

🔒 IBM and Palo Alto Networks are partnering to deliver a unified, AI-powered cybersecurity foundation across Northern Europe, helping enterprises reduce tool sprawl, improve visibility and accelerate compliance. Their integrated stack—Cortex XSIAM, Cortex Cloud, Prisma Access and IBM consulting—secures cloud, AI pipelines and hybrid work while automating SOC workflows. The program targets measurable ROI, faster detection and simplified policy management aligned to NIS2, DORA and the EU AI Act.

🚀Palo Alto Networks partnered with Google Cloud to replace a brittle single-tenant data pipeline model with a unified, multi-tenant Unified Data Platform powered by Dataflow, Pub/Sub and BigQuery. The migration consolidated more than 30,000 pipelines into a shared, autoscaling platform that processes billions of events daily. The change delivered roughly 30% compute cost savings, faster onboarding, and reduced operational overhead, enabling engineers to refocus on analytics and threat detection.

⚠️ Economic pressures, mass layoffs, and rapid AI adoption have pushed insider risk to multi-year highs. In 2025 tech companies announced roughly 245,000 job cuts while US employers logged more than 1.17 million cuts, fueling resentment, negligence, and opportunistic exfiltration. Autonomous AI agents — highlighted by Palo Alto Networks — expand the attack surface, introducing risks like goal hijacking, prompt injection, and shadow deployments that require urgent governance and monitoring.

🔒 Palo Alto Networks has released patches for PAN-OS after a researcher disclosed CVE-2026-0227, a high-severity (CVSS 7.7) vulnerability in GlobalProtect gateway and portal components that can trigger a denial-of-service and force affected firewalls into maintenance mode. The vendor reports no known in-the-wild exploitation but acknowledges proof-of-concept code exists. Prisma Access customers have largely been upgraded; on-premises NGFWs must apply vendor updates per the posted remediation table. There are no official workarounds; temporarily disabling the VPN interface may reduce risk while patching.

⚠️ Palo Alto Networks patched a high-severity flaw (CVE-2026-0227) in PAN-OS that can allow unauthenticated actors to trigger a denial-of-service, forcing affected firewalls into maintenance mode when GlobalProtect gateway or portal features are enabled. The issue impacts PAN-OS 10.1 and later and some Prisma Access configurations; most cloud Prisma Access instances have been upgraded. Administrators should apply vendor-supplied fixes for their PAN-OS branch immediately to prevent potential disruptions.

🛡️ International law enforcement, together with Microsoft, dismantled the RedVDS cybercrime service after seizing servers hosted in Germany. Authorities from Germany, the United States and the United Kingdom, confirmed by the ZIT and the State Criminal Police Office of Brandenburg, say the platform enabled large-scale phishing and boss‑scam frauds. Microsoft reports $40 million in US losses over seven months and highlights prolific phishing volumes from rented virtual machines. No arrests have been reported; suspects are believed to be located in an unspecified Middle Eastern country.

🔒 Palo Alto Networks has released patches for a high-severity denial-of-service vulnerability (CVE-2026-0227, CVSS 7.7) affecting GlobalProtect Gateway and Portal components. The flaw, caused by an improper check for exceptional conditions (CWE-754), can be triggered by an unauthenticated attacker and may force affected firewalls into maintenance mode. A proof-of-concept exploit exists and there are no workarounds, so administrators should prioritize applying the vendor updates.

🛡️ Prisma AIRS integrates with Factory’s Droid Shield Plus to secure agent-native software development by inspecting all LLM interactions in real time. The platform monitors prompts, model responses and downstream tool calls to detect prompt injection, secret leakage and malicious code execution. Using an API Intercept pattern, Prisma AIRS can coach, block or quarantine risky inputs and generated outputs before they reach developers or repositories. This native, continuous protection is designed to preserve developer velocity while improving deployment confidence.

🛡️ Vibe coding accelerates development but often omits essential security controls, introducing vulnerabilities, data exfiltration, and destructive actions. Unit 42 documents incidents where AI-generated code bypassed authentication, executed arbitrary commands, deleted production databases, or exposed sensitive identifiers. To mitigate these risks, Unit 42 proposes the SHIELD framework—Separation, Human review, Input/output validation, Enforcer helper models, Least agency, and Defensive controls. Implementing these measures restores governance and enables safer AI-assisted development.

🔒 The UK is investing more than £210 million to boost cyber defenses across government departments and the wider public sector through a new Government Cyber Action Plan. The initiative creates a dedicated Government Cyber Unit, mandates minimum security standards, and strengthens incident response capabilities. A new Software Security Ambassador Scheme will promote best practices with firms including Cisco, Palo Alto Networks, Sage, NCC Group, and Santander. The plan builds on the Cyber Security and Resilience Bill and earlier measures to curb ransom payments and telecom spoofing.

🔒 Palo Alto Networks announced that Prisma AIRS, accelerated on the NVIDIA BlueField DPU, is now part of the NVIDIA Enterprise AI Factory validated design. The integration embeds zero trust runtime security into AI infrastructure by running Prisma AIRS Network Intercept on BlueField and extending enforcement to cloud environments. It leverages NVIDIA DOCA and DOCA Argus telemetry to feed Cortex XSIAM and Cortex XSOAR for AI-driven detection and response, and recommends hyperscale firewall clusters for defense-in-depth and improved TCO.

🔍 Unit 42 provides a detailed technical analysis of VVS stealer, a Python-based malware family that targets Discord users and Chromium/Firefox browsers to exfiltrate tokens, credentials, and browser data. The report explains distribution as PyInstaller packages protected with Pyarmor (observed v9.1.4) and documents the deobfuscation steps used to recover bytecode, AES keys, and encrypted strings. It summarizes runtime behaviors including Discord client injection via modified Electron files, webhook-based exfiltration, persistence in %APPDATA%, and sample indicators defenders can monitor.

🔒 Our Cloud-Delivered Security Services unify Advanced Threat Prevention, Advanced WildFire, Advanced DNS Security and Advanced URL Filtering into a single AI-powered fabric. Precision AI correlates billions of signals across networks, users and applications to shift organizations from reactive detection to proactive, patient-zero prevention. When fully enabled and integrated through a single management plane, CDSS reduces operational complexity, delivers consistent policy enforcement and blocks evolving threats in real time to protect business continuity.