Critical Alert: Palo Alto Networks Discovers New Firewall Vulnerability Targeted by Hackers

Critical Alert: Palo Alto Networks Discovers New Firewall Vulnerability Targeted by Hackers

Palo Alto Networks, a leading cybersecurity firm in the U.S., has recently issued a critical warning regarding a new vulnerability in its firewall software. Hackers are actively exploiting this flaw to infiltrate unpatched customer networks, raising significant concerns for organizations relying on PAN-OS.

Details of the Vulnerability in PAN-OS

The vulnerability, identified as CVE-2025-0108, was discovered earlier this month by the cybersecurity firm Assetnote. The company was analyzing previous vulnerabilities in Palo Alto Networks firewalls when it uncovered this latest threat.

Urgent Advisory from Palo Alto Networks

Palo Alto Networks released an advisory urging all customers to apply patches immediately to mitigate the risk associated with this vulnerability. The advisory was updated to indicate that the vulnerability is currently being exploited in the wild.

Chaining of Vulnerabilities

Attackers are reportedly combining CVE-2025-0108 with two other previously disclosed vulnerabilities: CVE-2024-9474 and CVE-2025-0111. This exploitation targets unpatched and unsecured PAN-OS web management interfaces. Notably, CVE-2024-9474 has been actively exploited since November 2024.

Understanding the Attack Complexity

While Palo Alto Networks has not detailed how these vulnerabilities are being exploited in tandem, they have indicated that the overall complexity of the attacks is considered “low.”

Current Exploitation Activity

The extent of the exploitation remains unclear. However, threat intelligence firm GreyNoise reported a significant increase in activity, noting that 25 IP addresses have been identified as actively exploiting the PAN-OS vulnerability, an increase from just two IP addresses earlier this month. This uptick suggests that malicious actors, rather than security researchers, are conducting these attacks.

Implications of the Exploit

  • Unauthorized Access: The vulnerability allows unauthenticated attackers to execute specific PHP scripts.
  • Potential Data Breaches: This could lead to unauthorized access to vulnerable systems.
  • Geographic Impact: The highest levels of attack traffic have been observed in the U.S., Germany, and the Netherlands.
READ ALSO  Astra Security Secures $2.7M Investment for Innovative AI-Powered Cybersecurity Solutions

Government Response

In response to the growing threat, the Cybersecurity and Infrastructure Security Agency (CISA) has added this latest vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the urgency for organizations to address this risk.

As the situation develops, it remains unclear who is behind these attacks or whether sensitive data has been compromised. Palo Alto Networks has not yet responded to inquiries from TechCrunch regarding the incident.

Similar Posts

Cursor Seeks $10B Valuation Amid AI Coding Boom: Investment Talks Underway

Pentera Secures $60M Funding at $1B Valuation to Revolutionize Cybersecurity Training with Simulated Network Attacks

Bysupport

In today’s rapidly evolving digital landscape, cybersecurity strategies hinge on the effectiveness of strong and intelligent security operations teams. Recently, a Boston-based startup, Pentera, announced a significant funding round that highlights its growth and innovation in providing tools to enhance cybersecurity defense mechanisms. The company has secured $60 million in a Series D funding round,…

Critics Warn: UK's Hidden Apple iCloud Backdoor Order Poses Global Security Threat

Critics Warn: UK’s Hidden Apple iCloud Backdoor Order Poses Global Security Threat

Bysupport

The U.K. government has reportedly ordered Apple to create a backdoor for accessing encrypted cloud data, raising alarms about encryption security and user privacy. This covert directive, issued under the Investigatory Powers Act 2016, targets Apple’s Advanced Data Protection feature, which provides end-to-end encryption for iCloud backups. Officials claim that this encryption hinders criminal investigations, prompting scrutiny of encrypted communication tools. Experts warn that limiting encryption in the U.K. could set a dangerous global precedent, risking user privacy and security. Privacy advocates argue that such measures could be exploited by hackers and authoritarian regimes, threatening civil liberties worldwide.

Russian Zero-Day Seller Targets Telegram Exploits with Up to $4 Million Bounty

Russian Zero-Day Seller Targets Telegram Exploits with Up to $4 Million Bounty

Bysupport

Operation Zero, a key player in the zero-day market, plans to acquire exploits for Telegram, offering up to $4 million for various vulnerabilities. This includes up to $500,000 for a one-click remote code execution (RCE) exploit and $1.5 million for a zero-click RCE exploit. The focus on Telegram is strategic due to its popularity in Russia and Ukraine, despite security concerns over its lack of default end-to-end encryption. The rising demand for zero-day exploits underscores the risks to user privacy and data protection, as government entities and private firms seek these valuable vulnerabilities amid escalating cybersecurity threats.

Insight Partners Confirms January Cyberattack: What You Need to Know

Insight Partners Confirms January Cyberattack: What You Need to Know

Bysupport

U.S. venture capital firm Insight Partners disclosed a significant cybersecurity breach occurring in January, where hackers accessed its systems via a social engineering attack. The firm acted quickly to contain the breach and launched an investigation shortly after detection. While specific details remain undisclosed, Insight Partners, which manages over $90 billion in assets, has notified stakeholders and recommended enhanced security protocols, suggesting possible data access. Despite the incident, the firm assured stakeholders that operations would continue without disruption. This breach underscores rising data security concerns in the investment sector as organizations face evolving cybersecurity threats.

AI Showdown: 6 Innovative Strategies Enterprises Use to Automate Cybersecurity Against AI-Driven Threats

AI Showdown: 6 Innovative Strategies Enterprises Use to Automate Cybersecurity Against AI-Driven Threats

Bysupport

AI-powered threats in cybersecurity are becoming more advanced, posing significant challenges for organizations. Key threats include deepfakes, which can impersonate individuals for fraud; automated breaches that enhance the efficiency of attacks; and morphing malware, capable of changing its code to evade detection. Deepfake technology complicates identity verification, impacting sectors like finance and politics. To combat these threats, organizations should invest in AI-driven security solutions, regularly update security protocols, and train employees to recognize sophisticated threats. Staying informed and adapting strategies is crucial for effective defense against evolving cyber threats.

Google Patches Critical Chrome Zero-Day Vulnerability Targeting Journalists in Recent Hacking Campaign

Google Patches Critical Chrome Zero-Day Vulnerability Targeting Journalists in Recent Hacking Campaign

Bysupport

Google has released a security update to address a critical zero-day vulnerability in Chrome for Windows, identified as CVE-2025-2783. Discovered by Kaspersky, this flaw allows hackers to bypass Chrome’s sandbox protections, affecting Chrome and other Chromium-based browsers. The vulnerability was exploited in a phishing campaign known as Operation ForumTroll, targeting individuals with fake invitations to a Russian political summit. Kaspersky suggests the exploit may be linked to state-sponsored hacking efforts aimed at espionage. Users are urged to update their browsers regularly to safeguard against such threats and ensure their data remains secure.