A Mastercard survey reveals that 46% of small and medium businesses have experienced a cyberattack, and nearly 20% of those that suffered an attack were then forced to file for ban…

Palo Alto

2026-05-07 SecurityWeek

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking

The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hal…

Palo Alto

2026-05-07 The Hacker News

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerab…

Palo Alto CVE-2026-0300

2026-05-07 BleepingComputer

Palo Alto Networks firewall zero-day exploited for nearly a month

Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]

Palo Alto

2026-05-06 BleepingComputer

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. [...]

Palo Alto

2026-05-06 The Hacker News

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked …

Palo Alto CVE-2026-0300

2026-05-06 SecurityWeek

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeare…

Palo Alto CVE-2026-0300

2026-05-05 Palo Alto Security Advisories

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)

Palo Alto CVE-2026-0300

2026-05-04 SecurityWeek

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket. The post Cybersecurity M&A Roundup: 33 Deals Announced in April …

Palo Alto

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

Palo Alto

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

Palo Alto

2026-05-02 Palo Alto Security Advisories

Security & Lifecycle News

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerability (Severity: MEDIUM)

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B) (Severity: MEDIUM)

CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability (Severity: MEDIUM)

HN826: An Inside Look at Palo Alto Networks Prisma Browser for Business (Sponsored)

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks firewall zero-day exploited for nearly a month

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)

Cybersecurity M&A Roundup: 33 Deals Announced in April 2026

PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) (Severity: MEDIUM)

CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)

PAN-SA-2025-0017 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION (Severity: INFORMATIONAL)

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password (Severity: MEDIUM)

CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)

CVE-2025-4619 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets (Severity: MEDIUM)

PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (Severity: MEDIUM)

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability (Severity: LOW)

CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials (Severity: LOW)

PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025) (Severity: MEDIUM)

PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025) (Severity: MEDIUM)

PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026) (Severity: MEDIUM)

CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate (Severity: MEDIUM)

CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate (Severity: LOW)