Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
Palo Alto Networks has shared some information on the exploitation of the recently disclosed zero-day vulnerability affecting some of its firewalls. The cybersecurity firm has not directly attributed the attack to a specific threat actor or country, but the evidence seems to point to China.
In an advisory published on May 6, Palo Alto Networks informed customers about CVE-2026-0300, a vulnerability affecting the User-ID Authentication Portal of PA and VM series firewalls.
The company said the flaw, which allows unauthenticated remote code execution with root privileges, had been exploited as a zero-day.
Related breach coverage
- Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls2026-05-06
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.
- Cybersecurity M&A Roundup: 33 Deals Announced in April 20262026-05-04
Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket. The post Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 appeared first on SecurityWeek.
- Trellix Source Code Repository Breached2026-05-04
The cybersecurity firm’s investigation has not found any impact on its source code release or distribution process. The post Trellix Source Code Repository Breached appeared first on SecurityWeek.
- AI Firm Braintrust Prompts API Key Rotation After Data Breach2026-05-08
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.