Live Wednesday, 17 June 2026
BREAKING
Egyptian FM holds calls with Iranian counterpart , U.S. Envoy on regional developmentsZverev into French Open last-fourIsraeli fire kills four people in Gaza, medics sayAncelotti eases Neymar W. Cup fearsArab, Islamic states condemn Israeli actions at Al-AqsaSyria Hopes for Terrorism Delisting to Spur Economic RecoveryBenfica linked with Fulham’s SilvaVan der Breggen takes Giro leadKremlin: Saudi Arabia Named Guest of Honor at St. Petersburg Economic Forumرياضة محلية‘Really cool to share this journey with her’: Michelle Wie West playing for her family at U.S. Women’s OpenArchaeological Replicas Showcase Saudi Arabia’s Rich History at Kuala Lumpur Int’l Book FairRenewable Energy Helps Red Sea Global Avoid 118,000 Tons of Carbon EmissionsLetter: Carol Rumens obituaryEngland v India: third and deciding women’s T20 cricket international – liveHealthVolunteers serve comfort food in a worrying Ebola outbreak – Sault Michigan NewsEconomyTrump signs AI executive order asking companies to give government early access to modelsVarietySouth West Water fined nearly £2million after supplying homes with parasite-ridden water that left four people in hospital – and telling people it was safe to drinkScience & TechYour car is following you – how to reclaim your data privacy on the open roadWorldHigh school valedictorian yanked from stage after hijacking speech to rant against Israel and ICESaudi FM Receives Written Message from Russian CounterpartEgyptian FM holds calls with Iranian counterpart , U.S. Envoy on regional developmentsZverev into French Open last-fourIsraeli fire kills four people in Gaza, medics sayAncelotti eases Neymar W. Cup fearsArab, Islamic states condemn Israeli actions at Al-AqsaSyria Hopes for Terrorism Delisting to Spur Economic RecoveryBenfica linked with Fulham’s SilvaVan der Breggen takes Giro leadKremlin: Saudi Arabia Named Guest of Honor at St. Petersburg Economic Forumرياضة محلية‘Really cool to share this journey with her’: Michelle Wie West playing for her family at U.S. Women’s OpenArchaeological Replicas Showcase Saudi Arabia’s Rich History at Kuala Lumpur Int’l Book FairRenewable Energy Helps Red Sea Global Avoid 118,000 Tons of Carbon EmissionsLetter: Carol Rumens obituaryEngland v India: third and deciding women’s T20 cricket international – liveHealthVolunteers serve comfort food in a worrying Ebola outbreak – Sault Michigan NewsEconomyTrump signs AI executive order asking companies to give government early access to modelsVarietySouth West Water fined nearly £2million after supplying homes with parasite-ridden water that left four people in hospital – and telling people it was safe to drinkScience & TechYour car is following you – how to reclaim your data privacy on the open roadWorldHigh school valedictorian yanked from stage after hijacking speech to rant against Israel and ICESaudi FM Receives Written Message from Russian Counterpart
Prices
US dollar50.20EGPEuro58.29EGPBritish pound67.40EGPSaudi riyal13.39EGPUAE dirham13.67EGPKuwaiti dinar162.83EGPJordanian dinar70.81EGPQatari riyal13.79EGPTurkish lira1.08EGPChinese yuan7.42EGPGold 246,872.49EGP/gGold 216,013.43EGP/gGold 185,154.37EGP/gSilver109.83EGP/g
US dollar50.20EGPEuro58.29EGPBritish pound67.40EGPSaudi riyal13.39EGPUAE dirham13.67EGPKuwaiti dinar162.83EGPJordanian dinar70.81EGPQatari riyal13.79EGPTurkish lira1.08EGPChinese yuan7.42EGPGold 246,872.49EGP/gGold 216,013.43EGP/gGold 185,154.37EGP/gSilver109.83EGP/g
NEWS BREAKING
Read story

Palo Alto VPN bug graduates from advisory to active exploitation

By rivo_admin · June 1, 2026 · 2 min read
Palo Alto VPN bug graduates from advisory to active exploitation

Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access. The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations. Palo Alto disclosed the bug on May 13 and initially assigned it a medium-severity rating, saying it was aware of attempts to exploit it but had not observed any malicious exploitation. That assessment has not aged well. Security boffins at Rapid7 said they observed successful exploitation across multiple customer environments dating back to at least May 17 and validated the attack technique using its own proof-of-concept testing. Attackers established unauthorized VPN sessions on vulnerable systems, potentially granting access to internal corporate networks without legitimate credentials, it added. Rapid7’s analysis suggests the flaw comes down to how PAN-OS trusts authentication override cookies. In certain deployments, hackers can create their own cookies and have the firewall accept them as legitimate. The risk is highest where the same certificate is used for both HTTPS services and authentication override cookies, giving the baddies access to the information needed to generate convincing fakes. Rapid7 said it observed multiple waves of activity targeting vulnerable devices. In some cases, cybercrims successfully obtained VPN IP addresses and network access, but the company said it didn’t observe evidence of successful lateral movement following initial access in the incidents it investigated. The flaw has now landed in CISA’s Known Exploited Vulnerabilities catalog, with federal agencies given until June 1 to patch or otherwise secure affected systems. Palo Alto has also revised its advisory, elevating the severity rating and attaching its highest urgency label. Fixes are available for supported releases. “Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the firm said in an update. The latest PAN-OS headache arrives less than a month after another Palo Alto emergency. In May, state-backed attackers were found exploiting CVE-2026-0300, a critical remote code execution flaw in the PAN-OS User-ID Authentication Portal, before patches became widely available. Organizations running vulnerable GlobalProtect gateways now face a familiar choice: patch quickly or find out whether someone else gets there first.®

المصدر: The Register

#cyber-crime
0 Views

Related stories

أضف تعليقاً

Your email address will not be published. Required fields are marked *