[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:attackers-are-exploiting-palo-alto-networks-defect-that-initially-flew-under-the-mpwlfobd":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":19,"article_ids":20,"ioc_summary":22,"source_urls":23,"status":25,"expires_at":26,"created_at":27,"updated_at":28,"articles":29},"634913ee-fcf5-455e-b260-3767e7843625","Attackers are exploiting Palo Alto Networks defect that initially flew under the radar","attackers-are-exploiting-palo-alto-networks-defect-that-initially-flew-under-the-mpwlfobd","Palo Alto Networks GlobalProtect portals and gateways are under active attack via CVE-2026-0257, a critical authentication-bypass vulnerability. Attackers can forge valid auth cookies using public TLS certificates and gain VPN access with a single HTTP request. All affected customers are at immediate risk of unauthorized network access.","critical","advisory",[12],"CVE-2026-0257",[14,15,16,17,18],"Palo Alto Networks","PAN-OS","GlobalProtect","Rapid7","CISA","Immediately identify all Palo Alto GlobalProtect instances in your environment. Patch to the latest fixed version or implement vendor mitigations without delay. Monitor VPN logs for suspicious authentication patterns and single-request connection attempts.",[21],"9d7c8dda-60cd-4782-877b-dcfbd00e3a3b",null,[24],"https:\u002F\u002Fcyberscoop.com\u002Fpalo-alto-networks-cve-2026-0257-exploited-vulnerability\u002F","active","2026-06-04T12:08:05.061+00:00","2026-06-02T12:08:09.498948+00:00","2026-06-02T12:10:02.315498+00:00",[30],{"id":21,"title":6,"url":24}]