Palo Alto Networks has confirmed that hackers are actively exploiting CVE-2026-0257, an authentication bypass vulnerability in GlobalProtect VPN, to breach corporate networks.
The vulnerability allows attackers to circumvent authentication mechanisms in Palo Alto's GlobalProtect VPN gateway, potentially granting unauthorized access to internal enterprise systems without valid credentials.
What's affected
The flaw impacts Palo Alto Networks PAN-OS, the operating system powering the company's next-generation firewalls and VPN gateways. GlobalProtect is widely deployed across enterprises for secure remote access.
Active exploitation
The company confirmed the vulnerability is being weaponized in real-world attacks. Details on the attack vectors and scope of compromises remain limited, though Palo Alto has advised customers to prioritize patching efforts.
Severity
Authentication bypass flaws in VPN infrastructure are considered critical vulnerabilities because they provide direct pathways to corporate networks. Successful exploitation enables attackers to establish persistent access and move laterally to steal data or deploy ransomware.
Remediation
Palo Alto Networks has released patches for affected PAN-OS versions. The company recommends immediate updates and network monitoring for signs of exploitation, including unusual VPN connection patterns or authentication failures followed by successful logins.
Context
This incident follows a pattern of high-profile VPN vulnerabilities exploited by threat actors. Palo Alto's security products are among the most widely deployed firewalls globally, making any critical flaw a concern across numerous organizations.
A security researcher has published technical documentation on parallel reconstruction of lawful TLS wiretapping, demonstrating how encrypted traffic can be decrypted in compliance with court orders. The post has generated significant discussion in the security community.
EY Canada's recent cybersecurity report contained fabricated citations, with most references appearing to be AI-generated rather than factual sources. The discovery raises questions about quality control in enterprise consulting.
Meta's mouse tracking program for employees could violate EU privacy laws by capturing non-US data, according to Reuters. The company offers 30-minute breaks from the monitoring, but faces potential regulatory action.
A newly discovered local privilege escalation vulnerability in the Linux kernel, dubbed CIFSwitch, could allow attackers to gain root privileges on multiple distributions. The flaw affects the CIFS (Common Internet File System) subsystem.