TECH NEWS

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

https://image.theregister.com/5234756.jpg?imageId=5234756&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Add section name here

Internet-facing PAN-OS firewalls are once again doing impressions of initial access brokers

State-backed hackers have been quietly exploiting a fresh zero-day in Palo Alto Networks firewalls to gain root access with no login required.

The flaw, tracked as CVE-2026-0300 and carrying a CVSS severity rating of 9.3, affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Palo Alto said the issue stems from a memory corruption bug in the User-ID Authentication Portal, a feature used to handle logins for users the firewall cannot automatically identify.

If successfully exploited, the bug allows attackers to remotely run arbitrary code on internet-exposed devices with root privileges.

According to the vendor’s Unit 42 threat intelligence team, attacks are already underway and tied to a cluster of "likely state-sponsored threat activity" tracked as CL-STA-1132. The attackers allegedly used the zero-day to inject shellcode into an nginx worker...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more