Tag

Palo Alto Networks

All articles tagged with #palo alto networks

technology1 month ago

PANW's Monster Quarter Tests the Durability of Its Software Pivot

PANW posted a blockbuster quarter with about $3 billion in revenue and EPS of $0.85, raising full-year guidance as demand from AI data-center builds drives a hardware surge, while Next-Generation Security ARR grew 60% year over year to $8.1 billion and Prisma AIRS expanded rapidly. But the stock fell pre-market as investors weigh whether hardware-led growth can sustain a software-led future, given a GAAP operating loss and ongoing migration of Prisma Cloud to Cortex Cloud after acquisitions like CyberArk and Chronosphere; the key question is whether software momentum can carry growth when the hardware tailwind fades.

Active Exploitation of PAN-OS Authentication Bypass CVE-2026-0257 Prompts Urgent Patch
cyber-security1 month ago

Active Exploitation of PAN-OS Authentication Bypass CVE-2026-0257 Prompts Urgent Patch

PAN-OS and Prisma Access are being exploited for CVE-2026-0257, a remote authentication bypass in the non-default Authentication Override feature that lets attackers forge session cookies and bypass login to establish unauthorized GlobalProtect VPN connections. Rapid7 has documented two exploitation waves in May 2026, with indicators including spoofed MAC aa:bb:cc:dd:ee:ff and IPs tied to the waves (e.g., 104.207.144.154; 146.19.216.119/120/125). CISA added the flaw to KEV on May 29, 2026. Patches are available for PAN-OS versions 12.1.4-h6/12.1.7, 11.2.12, 11.1.15, 10.2.18-h6 and Prisma Access 11.2.7-h13+ (or later) or 10.2.10-h36+. Mitigations include disabling authentication override if not needed, using a dedicated cookie-encryption certificate, hunting for IOCs in VPN/GlobalProtect logs, and applying MDR detection rules (e.g., “Suspicious Authentication – Palo Alto GlobalProtect Cookie Authentication to Local Admin Account”). Despite a medium CVSSv4 score, rapid remediation is urged due to active exploitation and a public PoC.

Frontier AI flaw-hunters warn attackers could gain broad access within months
technology2 months ago

Frontier AI flaw-hunters warn attackers could gain broad access within months

Palo Alto Networks warns that frontier AI cyber models like Mythos and GPT-5.5 can rapidly identify and chain multiple flaws, finding vulnerabilities across hundreds of products and generating working exploits in internal tests (about 70% success) even as most flaws aren’t actively exploited in the wild. False positives run around 30%, and human expertise remains essential. The firm urges a four‑pronged defense—patch quickly, reduce internet exposure, deploy real‑time detection, and integrate AI/automation into security operations—as policy makers weigh limits on powerful AI in cybersecurity.

Critical PAN-OS zero-day exploited for weeks, attackers gain root access to exposed firewalls
security2 months ago

Critical PAN-OS zero-day exploited for weeks, attackers gain root access to exposed firewalls

Palo Alto Networks warns that a critical PAN-OS zero-day in the User-ID Authentication Portal (CVE-2026-0300) has been exploited for nearly a month, enabling unauthenticated remote code execution with root privileges on Internet-exposed PA-Series and VM-Series firewalls. Attackers deployed Earthworm and ReverseSocks5 tunneling tools, wiped logs to avoid detection, and targeting thousands of devices (Shadowserver cites over 5,400 exposed VM-series firewalls). Cloud NGFW and Panorama are unaffected; patches are slated to begin rolling out on May 13. In the interim, restrict access to or disable the portal. CISA added CVE-2026-0300 to KEV and ordered agencies to secure vulnerable devices by May 9.

Critical PAN-OS Flaw Under Active Exploitation Enabling Root RCE
security2 months ago

Critical PAN-OS Flaw Under Active Exploitation Enabling Root RCE

Palo Alto Networks warns of a critical buffer‑overflow flaw in PAN-OS User-ID Authentication Portal (CVE-2026-0300) that allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls; the bug is under active exploitation, with a CVSS of up to 9.3 when the portal is internet‑exposed and 8.7 otherwise, and PAN-OS 12.1 is listed as affected.

Wild PAN-OS Flaw Exposes Palo Alto Firewalls to Root Access
cyber-security-news2 months ago

Wild PAN-OS Flaw Exposes Palo Alto Firewalls to Root Access

A critical, unauthenticated buffer overflow in PAN-OS’s User-ID Authentication Portal (CVE-2026-0300) is being exploited in the wild to gain full root access on PA-Series and VM-Series firewalls. The flaw allows remote code execution with no credentials or user interaction over the network, affecting multiple PAN-OS versions (with some product exclusions). Patches are rolling out May 13–28, 2026; meanwhile, admins should restrict or disable internet-facing Authentication Portals and apply Threat Prevention signatures, and audit exposed configurations immediately.

PANW stock slides after earnings beat but outlook undershoots
market-news4 months ago

PANW stock slides after earnings beat but outlook undershoots

Palo Alto Networks beat Street estimates for Q2 with EPS of $1.03 and revenue of $2.59 billion, but issued lighter guidance for Q3 and full-year 2026, sending the stock down about 5%. The company sees FY2026 EPS of $3.65-$3.70 on revenue of $11.28-$11.31 billion (vs. consensus of about $3.86 and $10.53 billion). Despite the softer outlook, analysts maintain a Strong Buy rating with an average target near $223.68, implying upside.

Palo Alto Networks rides revenue beat but guides softly, shares slide
technology4 months ago

Palo Alto Networks rides revenue beat but guides softly, shares slide

PANW posted a Q2 FY2026 revenue beat and higher-than-expected adjusted EPS, but forward earnings guidance disappointed, sending shares down about 5% after hours. Revenue guidance was raised and exceeded estimates, and acquisitions are expanding real-time data visibility and privileged access management to bolster AI-driven cybersecurity offerings.

Palo Alto Networks to Acquire Koi to Guard AI-Driven Endpoints
technology4 months ago

Palo Alto Networks to Acquire Koi to Guard AI-Driven Endpoints

Palo Alto Networks announced a definitive agreement to acquire Koi to establish Agentic Endpoint Security, addressing the security gaps created by AI agents and tools on endpoints; post-close, Koi’s technology will be integrated with Prisma AIRS and Cortex XDR to improve visibility and policy enforcement for AI-driven operations, with regulatory approvals and closing conditions still to be met and further details to be provided on an investor call.

Asia-based cyberespionage campaign breaches governments worldwide and expands reconnaissance
technology5 months ago

Asia-based cyberespionage campaign breaches governments worldwide and expands reconnaissance

Palo Alto Networks Unit 42 reports an Asia-based cyberespionage group compromised at least 70 institutions across 37 governments and conducted reconnaissance in 155 countries. The attackers used phishing to drop a Cobalt Strike payload and a mix of exploits to gain footholds, with some victims accessed for months (including a parliament and key ministries). The operation is described as potentially the most widespread state-sponsored government breach since SolarWinds, with the group adapting to different targets and events and attribution to a specific country not determined.

Unauthenticated PAN-OS DoS Flaw Forces Quick GlobalProtect Patch
cyber-security-news6 months ago

Unauthenticated PAN-OS DoS Flaw Forces Quick GlobalProtect Patch

Palo Alto Networks patched a critical PAN-OS vulnerability (CVE-2026-0227) that lets unauthenticated attackers trigger a denial-of-service on GlobalProtect gateways/portals. The flaw, rated CVSS 7.7 (HIGH), stems from improper handling of unusual conditions and affects multiple PAN-OS versions (Cloud NGFW is spared). A PoC exists, exploitation is not yet observed, and no workarounds are available. Administrators should upgrade to the latest hotfixes (PAN-OS 12.1.4 or 11.2.10-h2) and verify configurations via Palo Alto’s support portal while monitoring for DoS attempts.

Palo Alto Networks and Google Cloud Secure $10 Billion AI and Cloud Deal
technology6 months ago

Palo Alto Networks and Google Cloud Secure $10 Billion AI and Cloud Deal

Palo Alto Networks and Google Cloud have expanded their partnership to enhance AI security across cloud and hybrid environments, integrating Palo Alto's Prisma AIRS with Google Cloud's AI services to protect AI workloads, improve security management, and streamline deployment, while also migrating Palo Alto's internal workloads to Google Cloud to optimize performance and reliability.

technology6 months ago

Palo Alto Networks and Google Cloud Partner to Boost Cloud and AI Security

Palo Alto Networks and Google Cloud have expanded their partnership to enhance AI security, integrating Palo Alto's Prisma AIRS platform with Google Cloud's AI infrastructure to secure AI workloads, improve security management, and streamline deployment across hybrid multicloud environments, while also migrating Palo Alto's internal workloads to Google Cloud.