Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
Both China-backed APTs and ordinary cyberattackers have seized on a pair of Ivanti VPN bugs for global exploitation.
The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear.
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.
Pulse Connect VPN server software received several updates over the years, and thousands of hosts haven't patched.
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.