Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.
The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324)
May 2, 2025
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, ...
- Cyber criminals claim to have private information of 20 million people who signed up to Co-op’s membership
May 2, 2025
Cyber criminals have told BBC News their hack against Co-op is far more serious than the company previously admitted. Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee data. After being approached on Friday, a Co-op spokesperson said the hackers “accessed data relating to a significant ...
- Dating app Raw exposed users’ location data and personal information
May 2, 2025
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found. The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were specific ...
- Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
May 1, 2025
In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on ...
- AI Agents are here. So are the threats.
May 1, 2025
Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security implications is critical. This article investigates ways attackers can target agentic applications, presenting nine concrete attack ...
- Harrods becomes latest retailer struck by cyberattack attempts
May 1, 2025
Harrods has become the latest retailer to be targeted by cyberattacks, which have struck Marks and Spencer and The Co-op this week. The luxury department store revealed it has had to take action against similar hacking attempts in recent days. In a statement shared with ITV News, Harrods said: “We recently experienced attempts to gain unauthorised ...