Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The US Cybercquire Giant Polo Alto Network has warned that hackers have used another weakness in its firewall software to enter crude customer networks.
The invaders are using the recently published weakness in Pan-OS, operating system that operates Palo Alto Networks firewalls, California-based agency confirmed on Tuesday.
Cybercquirement Firm Acetnot first Discovery Weakness, as tracked as CV-2025-0108Earlier this month, two Palo Alto Firewall weakness was analyzed when analyzing the weaknesses that were used in previous attacks.
Palo Alto Networks have issued a suggestion on the same day and urged customers to emerge against the latest bug. Organization Updated the advice That weakness is on the active attack to warn Tuesday.
The agency has said that contaminated invaders are disciplined with two defects-CVE-CVE-20-9474 and CVE-2025-01111-to target expansive and unsafe PAN-OS web management interfaces. CV-2024-9474 Has been used in the attack since November 2024We’ve reported before.
Palo Alto networks could not explain how the three weaknesses were being tied together, but mentioned that the complexity of the attack was “low”.
The scale of exploitation is not yet known, but threatened detective startup grenayes Says in a blog post On Tuesday, it was actively exploited PAN-OS weaknesses on Tuesday, more than two IP addresses on February 13, suggesting an incentive for exploitation activities. The attempt to exploit has flagged Grenayes as “malicious”, which suggests that the threat actors advise on exploitation rather than security researchers.
“This high-intensity error allows unspecified attackers to execute specific PHP scripts, leading to unauthorized access to the weak system,” Grenois said.
Grenayes says it has observed the highest level of attack traffic in the United States, Germany and the Netherlands.
It is not known who is behind these attacks or whether any sensitive data was stolen from the customer’s network. Poo Alto networks did not respond to TechCrunch’s questions.
The US Government’s CyberSCURITY Agency CISA has added the latest Palo Alto Bug Its publicly enlisted exploited weakness (KV) catalog Tuesday
