BeyondMachines 
Scanning campaign targets critical Palo Alto GlobalProtect vulnerability
Security researchers detected a significant surge in exploitation attempts targeting CVE-2024-3400, a critical arbitrary file creation vulnerability in Palo Alto Networks PAN-OS GlobalProtect that allows unauthenticated attackers to execute arbitrary code with root privileges on firewalls running versions 10.2, 11.0, and 11.1. Thousands of automated scanning attempts have been observed since late September 2025.
**If you still haven't patched your Palo Alto Networks firewalls with GlobalProtect VPN since 2024, you are probably hacked. Nevertheless, make sure to update IMMEDIATELY. Also check for indicators of compromise and if you have any suspicion, make a full factory-reset per Palo Alto support instructions.**
#cybersecurity #infosec #attack #activeattack
https://beyondmachines.net/event_details/scanning-campaign-targets-critical-palo-alto-globalprotect-vulnerability-m-9-v-8-z/gD2P6Ple2L
Scanning campaign targets critical Palo Alto GlobalProtect vulnerability
Security researchers detected a significant surge in exploitation attempts targeting CVE-2024-3400, a critical arbitrary file creation vulnerability in Palo Alto Networks PAN-OS GlobalProtect that allows unauthenticated attackers to execute arbitrary code with root privileges on firewalls running versions 10.2, 11.0, and 11.1. Thousands of automated scanning attempts have been observed since late September 2025.