Palo Alto posted several advisories yesterday, if you missed them, including one for a critical vulnerability: https://security.paloaltonetworks.com/

CRITICAL: CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration https://security.paloaltonetworks.com/CVE-2026-0274 #PaloAlto #vulnerability #infosec

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

An unidentified threat actor is actively exploiting CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portal and gateway components. The flaw allows unauthorized attackers to circumvent security controls and initiate VPN connections. The vulnerability was added to CISA's Known Exploited Vulnerabilities catalog on May 29, 2026. Exploitation activity has been detected targeting GlobalProtect, with a small portion of probed devices successfully establishing VPN sessions. No post-access behavior or lateral movement has been identified. Organizations are advised to hunt for indicators including specific IP addresses, suspicious host IDs, and MAC addresses. Palo Alto Networks recommends following security advisory guidance, implementing available workarounds, and upgrading to patched versions.

Pulse ID: 6a230a1d075271a064d3f708
Pulse Link: https://otx.alienvault.com/pulse/6a230a1d075271a064d3f708
Pulse Author: AlienVault
Created: 2026-06-05 17:40:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CISA #CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #PaloAlto #VPN #Vulnerability #bot #AlienVault

Times of India | Technology company whose CEO’s pay has been rejected the most number of times in Corporate America

AI generated summary, Read the full article for complete information.

Palo Alto Networks has faced the most “say‑on‑pay” rejections of any S&P 500 firm, with shareholders voting down its executive compensation proposals seven times since 2015 – the latest in December 2025 when a near‑$100 million package for CEO Nikesh Arora was rejected. Despite the opposition, the cybersecurity company has posted strong results, with shares up almost 800 % and market value rising over $100 billion since Arora became CEO in 2018. The board defended the pay, saying it is performance‑based, while investors such as the Florida State Board of Administration and proxy advisers ISS and Glass Lewis argued that the targets are insufficiently challenging and the CEO‑to‑worker pay gap, which hit 442‑to‑1 in FY 2025, is excessive. Executive compensation for other senior leaders also exceeded $25 million each, and although Palo Alto has tweaked payout caps and performance metrics, those changes did not prevent the latest package from being rejected. Arora maintains that his compensation is tied to shareholder returns, noting that he received no pay in 2024 despite the company’s growth.

Read more: https://timesofindia.indiatimes.com/technology/tech-news/technology-company-whose-ceos-pay-has-been-rejected-the-most-number-of-times-in-corporate-america/articleshow/131487514.cms

#PaloAlto #NikeshArora #ISS #GlassLewis #SP500

US Top News and Analysis | We're upping our Palo Alto price target after strong earnings vanquish AI disruption fears

AI generated summary, Read the full article for complete information.

Palo Alto Networks posted a robust fiscal 2026 third‑quarter beat, with revenue rising 31% year‑over‑year to $3 billion—above the $2.94 billion consensus—and adjusted earnings per share climbing 6% to $0.85, surpassing expectations. The company credited its “platform” approach to cybersecurity, bolstered by AI‑driven threats, and highlighted the strategic value of recent acquisitions—most notably the $25 billion CyberArk deal and the Chronosphere purchase—which have expanded its addressable market and accelerated organic bookings, driving a 36% jump in total remaining performance obligations and a 60% surge in next‑generation security ARR. Management raised its fiscal‑year outlook, projecting revenue of roughly $11.42 billion, non‑GAAP EPS of $3.78, and next‑gen security ARR near $8.9 billion, and the analyst team lifted the price target to $325 from $255, citing strong execution, growing platformization deals, and the company’s ability to turn AI advances into growth opportunities.

Read more: https://www.cnbc.com/2026/06/02/were-upping-our-palo-alto-price-target-after-strong-earnings-vanquish-ai-disruption-fears-.html

#PaloAlto #Anthropic #NikeshArora #CyberArk #ProjectGlasswing

Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

In this article, I break down how the vulnerability works, affected configurations, exploitation scenarios, and the mitigation steps organizations should take to protect their remote access infrastructure.

https://denizhalil.com/2026/06/02/cve-2026-0257-pan-os-globalprotect-authentication-bypass/

#CyberSecurity #PaloAlto #GlobalProtect #PANOS #CVE20260257 #VulnerabilityManagement #ThreatDetection #NetworkSecurity #BlueTeam #RedTeam #InfoSec #DenizHalil

CVE-2026-0257: Palo Alto GlobalProtect auth bypass — no credentials needed. Attacker forges auth cookie via exposed HTTPS cert public key → full VPN access. Active exploitation since May 17. CISA KEV deadline was June 1. 

Patch PAN-OS now.

#CyberSecurity #PaloAlto

Palo Alto VPN Bug Sees Active Exploitation

Security experts at Rapid7 have confirmed that hackers are actively exploiting a critical authentication bypass flaw in Palo Alto Networks' VPN, putting PAN-OS users at risk of targeted attacks. This urgent development means users must patch their systems ASAP to prevent exploitation.

https://osintsights.com/palo-alto-vpn-bug-sees-active-exploitation?utm_source=mastodon&utm_medium=social

#PaloAlto #Vpn #AuthenticationBypass #Panos #Rapid7