Palo Alto Firewalls Targeted in Active Exploitation
Thousands of Palo Alto firewalls are at risk due to an actively exploited vulnerability, CVE-2026-0300, that allows hackers to execute arbitrary code with root privileges. This alarming flaw affects 5,821 internet-exposed VM-Series firewalls, leaving them open to potential cyber attacks.
Palo Alto Networks Firewalls Targeted in Zero-Day Exploits
Palo Alto Networks firewalls are under attack by zero-day exploits targeting a vulnerability in the User-ID Authentication Portal, allowing hackers to execute malicious code with root privileges. This buffer overflow flaw, tracked as CVE-2026-0300, poses a significant risk to organizations with Internet-exposed firewalls.
The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.
See https://isc.sans.edu/feeds/block.txt and also the Internet Storm Center https://isc.sans.edu/index.html
Jugando con Kathará para emular redes TCP/IP! 🚀
Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).
Se ve muy interesante para incorporarla a las clases!
Seguramente haga algo de contenido sobre esto 🙂
+Info: https://www.kathara.org/
#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables
Why a Locked Floppy Disk Could Be Safer Than a Modern Network
Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.
THE LOCKED-BOX LOGIC
If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.
That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.
MODERN SECURITY, NEW PROBLEMS
Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.
Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.
So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.
Sources:
Britannica — https://www.britannica.com/technology/floppy-disk
Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg
Little Snitch, the macOS network tool, is now available on Linux
https://squeet.me/display/962c3e10-570ded0e-b43507cbd64709a4
Little Snitch, the macOS network tool, is now available on Linux
“Little Snitch for Linux is written in Rust and uses eBPF for kernel-level traffic interception (this lets sandboxed code run inside the Linux kernel without modifying it). The tool shows processes on your machine making network connections, and giv ...continues
See https://gadgeteer.co.za/little-snitch-the-macos-network-tool-is-now-available-on-linux/
Blocking Bad Bots With AbuseIPD Blacklist
Sean Conner at The Boston Diaries wrote about trying to block annoying and/or malicious bots from crawling his website. It is a good read. Beginning in late 2024, I started noticing The New Leaf Journal going down periodically. The server logs suggested that it was being overrun by bots and crawlers. I tried various methods to ensure that NLJ would be up all the time, including fiddling with Apache configs and my .htaccess file. I stumbled upon the "solution" (for now, at least) in late […]https://social.emucafe.org/naferrell/blocking-bad-bots-with-abuseipd-blacklist-04-08-26/
Enterprise software was a major focus of zero-day activity during 2025, with security and networking devices, like firewalls, VPNs, and virtualization platforms among the most targeted by malicious hackers.
Analyst207
Grumpy Old Techie 🕊️
Diego Córdoba 🇦🇷
Thoughtful Disclaimer
Danie
Danie van der Merwe
Nicholas A. Ferrell
Benjamin Carr, Ph.D. 👨🏻💻🧬
Milo Dide