April 26, 2024 at 07:00AM Palo Alto Networks has issued guidance for mitigating a critical security flaw in PAN-OS, identified as CVE-2024-3400, which allows unauthenticated remote command execution. The flaw has been actively exploited as a zero-day by a potentially state-backed hacking group. Remediation advice varies depending on the level of compromise, including updating to … Read more
April 20, 2024 at 01:57AM Palo Alto Networks has disclosed a critical security flaw, CVE-2024-3400, in PAN-OS being actively exploited by threat actors. The flaw allows unauthenticated remote shell command execution via a two-stage attack. The company has expanded patches to cover affected software versions and recommends applying hotfixes to mitigate potential threats. CISA has … Read more
April 13, 2024 at 05:27AM Threat actors have been actively exploiting a critical zero-day flaw (CVE-2024-3400) in Palo Alto Networks PAN-OS software, allowing unauthorized code execution. Dubbed Operation MidnightEclipse, the attack involves creating cron jobs to run commands from an external server, triggering a Python-based backdoor. The actor UTA0218 displays advanced capabilities and likely state-backing. … Read more
April 12, 2024 at 06:52PM Palo Alto Networks has issued a critical alert for a command-injection flaw in PAN-OS software, affecting firewall and VPN products. The flaw, with a top CVSS severity score, may allow unauthorized code execution. Updates to fix the vulnerability will arrive by April 14. Exploitation by threat actors has been observed, … Read more