Stay informed about the latest vulnerability findings, security patches, and risk management strategies in information security.
Search across headline titles and summaries.
Background for this topic.
Vulnerability in information security is a weakness, flaw, or gap in a system’s design, implementation, operation, or management that could be exploited to violate the system's security policy. It is essentially a defect within a system that leaves it open to potential attacks from threat actors, such as hackers or malicious software. Vulnerabilities can exist in various components of an information system, including the hardware, software, network, or even the human elements involved in operations.
Vulnerabilities can stem from a number of sources, including, but not limited to, insufficient security controls, incorrect system configurations, programming errors, and inadequate security practices. They can be discovered through the use of automated scanning tools, manual code analysis, or through the notification by third parties, such as security researchers or users who have encountered unexpected system behavior.
Considering the dynamic landscape of cyber threats, regularly identifying, categorizing, patching, and mitigating vulnerabilities is key to protecting information assets. Failure to address vulnerabilities can lead to unauthorized access, data breaches, loss of sensitive data, and other severe consequences that compromise an organization's integrity, availability, and confidentiality of data.
Weekly headline count for the current query.
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploiting Palo Alto Networks defect that initially flew under the radar appeared first on CyberScoop.
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS […]
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop.
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
The vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks. The post A critical Palo Alto PAN-OS zero-day is being exploited in the wild appeared first on CyberScoop.
Vendor Details Mitigations, Promises Patched PAN-OS Software in Coming WeeksPalo Alto Networks warned that a critical vulnerability in the PAN-OS software that runs its firewalls is being actively exploited in the wild by attackers. The vendor detailed temporary mitigations and promised to release updated software to fully patch the flaw later this month.
Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. [...]
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild