Palo Alto Networks has disclosed a critical remote code execution vulnerability in PAN-OS that is actively being exploited in the wild. The unpatched flaw affects the User-ID Authentication Portal.
Palo Alto Networks alerted customers to a critical-severity zero-day vulnerability in its PAN-OS User-ID Authentication Portal that threat actors are actively exploiting in targeted attacks.
The vulnerability allows unauthenticated attackers to execute arbitrary code remotely on affected devices. Users of the authentication portal feature in PAN-OS deployments are at immediate risk.
Palo Alto Networks has not released patches as of the warning date. The company advised customers to implement mitigations immediately, including disabling the User-ID Authentication Portal if it is not required, or restricting network access to trusted sources only.
The company is working on fixes and has not disclosed specific version numbers affected, though it typically impacts multiple PAN-OS releases. Organizations running vulnerable configurations should prioritize this threat in their patching schedules.
This marks another critical vulnerability in enterprise security infrastructure. Palo Alto Networks firewalls are widely deployed across organizations globally, making zero-day flaws in these systems particularly concerning for IT teams. The active exploitation means attackers have already developed working exploits.
Organizations should review their PAN-OS deployments immediately to determine if they use the User-ID Authentication Portal feature. Those that do should implement the recommended mitigations without delay. Palo Alto Networks will provide updates as patches become available.
Customers are advised to monitor Palo Alto Networks' security advisories and apply updates as soon as they are released. In the interim, network segmentation and access controls are essential defensive measures.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.
The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.
Spanish authorities dismantled a major cybercrime organization responsible for €140 million in fraudulent earnings, resulting in four arrests. The ring operated investment scams and business email compromise attacks.
SonicWall has released security updates to address two actively exploited vulnerabilities in its SMA1000 appliance. The company urges customers to patch immediately.