Reed MidekeIt's called PAN-OS because it'll hook up with anybody
They're a 10
(CVSS score)
Classic vendor speak from PAN: "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet" - The great thing about "a limited number" is that literally any finite number is "limited" https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/
IvantiConnectALot (with a fine paragraph of completely substance free vendor speak to set the mood) https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Plus the classics https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283
Shot*: FortiAI-Protect safeguards organizations with real-time intelligence that blocks new and emerging threats, while contextual risk assessment prioritizes critical responses, minimizing false positives. Advanced AI uncovers hidden threats, including unauthorized AI use, mitigating risks. Enhanced intrusion prevention…
Chaser: HTTP POST /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi to create local admin-level accounts
https://www.bleepingcomputer.com/news/security/fortinet-confirms-silent-patch-for-fortiweb-zero-day-exploited-in-attacks/
* https://www.fortinet.com/solutions/enterprise-midsize-business/fortiai
Chaser: HTTP POST /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi to create local admin-level accounts
https://www.bleepingcomputer.com/news/security/fortinet-confirms-silent-patch-for-fortiweb-zero-day-exploited-in-attacks/
* https://www.fortinet.com/solutions/enterprise-midsize-business/fortiai
Your periodic reminder that "a limited number" is meaningless vendor speak which provides no constraint on the impact: 'Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems'
Chaser: 'Troy Hunt, a security researcher and creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers'
https://techcrunch.com/2026/02/18/data-breach-at-fintech-giant-figure-affects-close-to-a-million-customers/
Chaser: 'Troy Hunt, a security researcher and creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers'
https://techcrunch.com/2026/02/18/data-breach-at-fintech-giant-figure-affects-close-to-a-million-customers/
threatchain@reedmideke The math here is brutal - "limited number of files" turned into nearly a million exposed customers. This is exactly why incident disclosure templates need to die. Companies should just say "we're still assessing the scope" instead of these meaningless qualifiers that always age poorly.