Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.
The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Rust Botnet “RustoBot” is Routed via Routers
April 21, 2025
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to ...
- Phishing attacks leveraging HTML code inside SVG files
April 21, 2025
With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML attachments that either host the entire phishing site or use JavaScript to ...
- Google Confirms Gmail Warning – 3 Billion Users Must Now Act
April 20, 2025
Google has confirmed another attack on Gmail users that combines inherent vulnerabilities in the platform with devious social engineering. The net result is a flurry of headlines and viral social media posts followed by an urgent platform update. Google’s security warning is clear. Users should stop using their passwords. This latest attack has been bubbling on ...
- FBI Warns of Scammers Impersonating the IC3
April 18, 2025
The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams. How It Works Complainants report initial contact from the ...
- IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
April 17, 2025
Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...
- Cisco Releases Security Advisory for Webex App
April 17, 2025
Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading ...