All news with #palo alto networks tag

🔐 This article outlines seven certification programs from leading vendors that validate skills in converged, cloud-native Secure Access Service Edge (SASE) architectures. It summarizes entry to professional-level credentials from Cato Networks, Cisco, Fortinet, Netskope, Palo Alto Networks, Versa, and Zscaler, highlighting target audiences, exam formats, costs, and key competencies such as SD‑WAN, ZTNA, CASB and FWaaS. The piece also notes Gartner’s market projection and emphasizes that these credentials address a widening skills gap as enterprises migrate from perimeter-based defenses.

🔒 RansomHouse has upgraded its encryptor to a multi-layered variant called 'Mario', shifting from a single-pass linear transform to a two-stage process that uses a 32-byte primary key and an 8-byte secondary key. The change increases entropy, speeds processing, and aims to improve reliability on modern targets. It also introduces dynamic chunk sizing with intermittent encryption for files over 8GB, complicating static analysis. The updated binary targets VM files, appends the .emario extension, drops a How To Restore Your Files.txt ransom note, and Unit 42 warns this upgrade makes decryption and reverse engineering notably harder.

🔒 Security researchers observed a coordinated credential-stuffing campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect portals over a two-day span in mid-December. GreyNoise reported millions of automated login sessions from more than 10,000 unique IPs, using a consistent TCP fingerprint and a Firefox-like user agent. The activity did not exploit software flaws but instead relied on large-scale username/password probes. Analysts urged enforcing strong passwords and MFA, auditing exposed edge devices, and leveraging threat-intel blocklists to filter malicious traffic.

🔐 An automated password-spraying campaign is targeting multiple VPN platforms, with credential-based attacks observed against Palo Alto Networks GlobalProtect portals and Cisco SSL VPN gateways. GreyNoise recorded login attempts peaking at 1.7 million over 16 hours from more than 10,000 unique IPs, largely originating from the 3xK GmbH hosting space. The actor reused common username/password combinations and used an unusual Firefox user agent, indicating scripted credential probing rather than exploitation. Administrators are advised to enforce strong passwords, enable MFA, audit appliances, and block known malicious IPs.

🔒 Palo Alto Networks sets a partner-first agenda for 2026 focused on integration, embedded AI and ecosystem-driven growth. The company encourages partners to consolidate point tools onto a unified platform, embed AI into core workflows and build repeatable services across consulting, resale and managed security. Program updates will simplify engagement, expand API and alliance integrations, and aim to increase partner profitability while accelerating customer time‑to‑value.

🔒 Unit 42 analyzes a notable upgrade to RansomHouse (tracked as Jolly Scorpius) that replaces a simple linear encryptor with a more complex, multi-layered design. The revised encryptor, Mario, implements a two-stage scheme using a 32-byte primary key and an 8-byte secondary key, plus chunked and sparse file processing. These changes complicate static analysis and decryption and specifically target ESXi virtual and backup artifacts. Unit 42 highlights detection controls and mitigation guidance for defenders.

🔒 The Palo Alto Networks State of Cloud Security Report 2025 warns that rapid enterprise AI adoption has massively expanded the cloud attack surface, with 75% running AI in production and 99% reporting at least one AI-targeted incident last year. It finds GenAI-assisted coding accelerating insecure code into production and AppSec teams unable to keep pace with weekly deploys. The research highlights rising API attacks, persistent identity weaknesses, and widespread tool sprawl, and argues for agentic security to unify cloud and SOC operations.

🔒 Hybrid and multicloud environments have expanded the attack surface, creating operational complexity and fractured visibility across public clouds, private data centers and edge locations. Palo Alto Networks and Nutanix recommend an open, unified security layer that enforces consistent policies, provides inline east‑west visibility, and uses tag‑driven automation to ensure protections follow workloads. This approach aims to replace fragmented point solutions with cohesive, scalable defense-in-depth.

🔒 Researchers warn that the React2Shell flaw (CVE-2025-55182) is being actively exploited to deploy sophisticated Linux backdoors and harvest credentials. Palo Alto Networks Unit 42 and NTT Security report active use of KSwapDoor and ZnDoor, which provide interactive shells, file operations, lateral scanning, and stealthy mesh networking. Attackers are also abusing Cloudflare Tunnels and secret-scraping tools to extract cloud and AI tokens. Organizations should prioritize discovery, credential rotation, and removal of dropped backdoors and follow vendor mitigations immediately.

🔒 Palo Alto Networks announces that Prisma Browser has been named the best-positioned market leader in the Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report, recognized for both innovation and growth. The vendor frames the browser as the enterprise 'OS' where 85% of work occurs and 95% of security incidents originate, emphasizing the urgent need for native browser defenses. Powered by Precision AI, Cloud-Delivered Security Services and embedded Enterprise DLP, Prisma Browser inspects live, fully rendered content to detect evasive AI-driven phishing, zero-day browser exploits and malicious extensions. Combined with Advanced WildFire, URL Filtering and runtime extension security, the solution delivers last-mile protection without disrupting user workflows.

🔐 Unit 42 details activity by Hamas-affiliated Ashen Lepus using a new modular .NET suite named AshTag, alongside custom loaders and revised C2 techniques to evade detection. The actors targeted Arabic-speaking government and diplomatic entities across the Middle East, delivering malware via RAR archives, DLL sideloading, and payloads hidden in benign HTML. Operators improved encryption and domain masquerading and performed hands-on exfiltration using Rclone. Organizations should monitor the provided IOCs and strengthen EDR and egress controls.

🔒 WIRTE (tracked as Ashen Lepus by Palo Alto Networks) has been observed using benign binaries to sideload a malicious DLL named AshenLoader, which drops additional components to deploy the AshTag .NET backdoor. The intrusion chain begins with a decoy PDF and a RAR archive from file-sharing services, leading to in-memory execution of a stager to minimize forensic traces. Targets are primarily government and diplomatic entities in the Middle East, with recent expansion to Oman and Morocco. Operators have been observed staging diplomacy-related documents and exfiltrating them using Rclone.

🤝 Google Cloud announced Palo Alto Networks has joined the Google Unified Security Recommended program, bringing validated integrations across endpoint, network, and access security to deepen interoperability and choice for customers. The integration ingests telemetry from Cortex XDR, VM‑Series NGFWs and Prisma Access into Google Security Operations to drive AI-powered analytics, threat hunting and faster investigation and response. Customers can execute automated playbook actions and procure qualified solutions via the Google Cloud Marketplace for streamlined deployment.

🔒 The Cortex Cloud team at Palo Alto Networks is hosting a technical webinar that dissects three recent cloud investigations and demonstrates practical defenses. Speakers will reveal the mechanics of AWS identity misconfigurations, techniques attackers use to hide malicious artifacts by mimicking AI model naming, and how overprivileged Kubernetes entities are abused. The session emphasizes Code-to-Cloud detection, runtime intelligence, and audit-log analysis to close visibility gaps; register to attend the live deep dive.

🚀 Palo Alto Networks announced that partners voted Cortex XSIAM as CRN’s 2025 Product of the Year for Security Operations Platform/SIEM and Prisma SASE as a 2025 Tech Innovator. Solution providers credited XSIAM’s AI-driven approach for sweeping the evaluation — leading in technology, revenue and customer need — and praised its ability to shift SOCs from tool management to outcome delivery. Partners highlighted Prisma SASE’s multicloud architecture, unified policies and AI copilot as essential for securing hybrid workforces, informed by feedback from over 70,000 customers and the recent Prisma SASE 4.0 release. Palo Alto frames these awards as validation of platform convergence and continued partner enablement.

🔒 Gartner and Palo Alto Networks argue that AI security must be treated as a platform problem to manage accelerating generative AI risk, cost and complexity. The post recommends a two‑phase path: start with AI usage control to govern third‑party GenAI consumption, then extend protections into AI application development and runtime. Prisma Browser, Prisma SASE and Prisma AIRS are presented as the integrated tooling to discover, govern and protect AI usage and models. Palo Alto highlights Unit 42, Huntr and autonomous red teaming as sources of continuous validation.

🔐 Beginning December 2, a campaign using more than 7,000 IPs from German host 3xK GmbH (AS200373) carried out brute-force login attempts against Palo Alto GlobalProtect portals and soon pivoted to scanning SonicWall SonicOS API endpoints. GreyNoise links the activity to three recurring client fingerprints seen in prior scans and to earlier campaigns that generated millions of HTTP sessions. Organizations should monitor authentication velocity and failures, block implicated IPs and fingerprints, and enforce MFA to reduce credential abuse.

🛡️ In early December 2025 the React project disclosed a critical server-side vulnerability dubbed React2Shell (CVE-2025-55182) rated CVSS 10.0. The bug allows unauthenticated attackers to execute arbitrary code by sending a specially crafted request to a vulnerable server feature. Check Point notes that CloudGuard WAF customers were proactively protected and not affected. Organizations should patch promptly and review traffic controls.

🔒 Palo Alto Networks explains why the GSA OneGov agreement matters for federal AI adoption and cybersecurity. Author Eric Trexler cites Unit 42 research showing new risks—particularly AI Agent Smuggling via indirect prompt injection and agent session smuggling—and argues AI must be defended as an attack surface. The post highlights platform protections including Prisma AIRS, FedRAMP High CNAPP, and Prisma SASE to secure AI workloads, edge users, and data. It positions OneGov as a procurement shortcut for agencies to deploy AI securely and notes promotional offers through 31 January 2028.

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.