Palo Alto Networks
Coverage of Palo Alto Networks in the Nexus archive.
- Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage
Startup MeetingTV sued Palo Alto Networks' Koi Security, alleging an AI-generated report falsely linked it to a Chinese espionage operation. The lawsuit claims Koi's AI system hallucinated findings and published them as facts, causing global security companies to block MeetingTV's services. Palo Alto Networks stated it believes in Koi's research and expects legal resolution.
- Palo Alto Networks CEO: We're in 'a Darwinian moment' where employees have to prove their AI skills
Palo Alto Networks CEO Nikesh Arora states 90% of enterprise employees lack AI skills, prompting companies to reduce roles in HR and marketing. Arora highlights Palo Alto's strategy of hiring technical staff through hackathons instead of mass layoffs, contrasting with approaches by Coinbase and Block leaders Brian Armstrong and Jack Dorsey.
- Nothing on the Internet Is Secure Anymore
The article discusses the increasing sophistication and scale of cyberattacks, driven by AI-enhanced malware and a fourfold rise in daily attacks reported by Palo Alto Networks. Experts warn of vulnerabilities in internet security, with AI tools enabling faster and more complex hacking methods.
- Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has observed active exploitation of a PAN-OS vulnerability (CVE-2026-0257) in GlobalProtect portals, allowing unauthorized access via an authentication bypass flaw. The vulnerability affects portal and gateway components of PAN-OS software with a CVSS score of 7.8.
- ‘It’s a hurricane warning’: Guardrails around powerful AI models may be too late
The U.S. is racing to regulate rapidly advancing AI models like Anthropic's Claude Mythos and OpenAI's GPT 5.5-Cyber before China can develop comparable models, as these systems pose significant cybersecurity risks by identifying vulnerabilities and launching cyberattacks. Experts warn the U.S. has 6-12 months to prepare before China potentially gains access to similar AI technology, which could be weaponized.
- Asian shares retreat as US stocks halt their record-breaking rally, while oil prices fall back
Asian shares declined following a halt in the S&P 500's nine-day winning streak, while oil prices dropped amid renewed fighting threatening a U.S.-Iran ceasefire. Key indices like Japan's Nikkei and South Korea's Kospi fell significantly, and U.S. stocks including the Dow and Nasdaq also declined. Rising bond yields and economic pressures from higher inflation further impacted markets.
- CrowdStrike’s stock falls as investors find more reason to pan cybersecurity earnings
CrowdStrike's stock declined despite the company beating financial expectations, mirroring Palo Alto Networks' recent experience where strong earnings were followed by stock punishment.
- Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state
AI-enabled cybercriminals are using advanced tools to destroy virtual machines and hypervisors, leaving infrastructure in a 'dark, dead' state. Commvault's CTO emphasizes the need for organizations to adopt strategies beyond backups, including air-gapping and pressure-testing recovery plans, to counter evolving AI-driven threats.
- What's behind Palo Alto's earnings sell-off — and how to proceed
Palo Alto Networks experienced a stock sell-off following its earnings report, despite the stock being strong before the report. The article examines the reasons behind the sell-off and potential next steps.
- Oil prices climb back toward $100, and US stocks halt their record-breaking rally
Oil prices rose toward $100 due to renewed U.S.-Iran tensions, while U.S. stocks retreated from record highs. The S&P 500, Dow Jones, and Nasdaq all declined, with Brent crude oil climbing 2.1% to $97.98. Some stocks like Medtronic and GameStop rose on strong earnings, while others like Palo Alto Networks fell despite beating expectations.
- AI agents can now manipulate your organization. Are you ready?
Autonomous AI agents can be manipulated to perform unauthorized actions, such as writing to restricted databases, through attacks like memory poisoning and 'confused deputy' exploits. Palo Alto Networks' Prisma AIRS addresses these risks by inspecting tool calls and network traffic to detect malicious behavior in agentic AI systems.
- Three reasons Palo Alto Networks’ stock is falling in the face of upbeat earnings
Palo Alto Networks' stock is declining despite positive earnings, driven by profit-taking, delayed AI revenue contributions, and adjustments to financial reporting practices.
- Palo Alto CEO says customer meeting requests have surged amid AI security concerns
Palo Alto Networks CEO Nikesh Arora stated that artificial intelligence is driving increased demand for cybersecurity solutions. Customer meeting requests have surged amid concerns about AI-related security challenges.
- Palo Alto Networks’ stock is rising as earnings show AI is a friend, not a foe
Palo Alto Networks' stock is rising following earnings that highlight AI's role in cybersecurity. The CEO emphasized increased urgency around cybersecurity due to recent AI advancements.
- Palo Alto Networks pops 12% on earnings beat, rosy guidance
Palo Alto Networks' stock rose 12% after the company reported better-than-expected earnings and optimistic guidance, despite earlier disappointing projections in February that missed analyst estimates.
- Cisco sings Mythos' praises - but doesn't say how many bugs the model uncovered
Cisco used Anthropic’s Claude Mythos Preview and OpenAI’s GPT 5.5-Cyber to scan 1.8 billion lines of code in eight weeks, a task that would have taken eight years manually, but did not disclose the number of vulnerabilities found. Anthropic expanded its Project Glasswing partner program to 200 organizations, and Palo Alto Networks reported 26 CVEs discovered using Mythos in a month.
- Palo Alto, CrowdStrike Earnings to Put 37% Cyber Rally to Test
Palo Alto and CrowdStrike's earnings reports will test the 37% Cyber Rally. The article highlights the potential impact of their financial results on the cybersecurity sector's recent performance.
- Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Palo Alto Networks' CVE-2026-0257 vulnerability, initially rated medium severity, was escalated to critical after active exploitation was confirmed. Attackers exploit the flaw to bypass authentication and establish unauthorized VPN connections, leveraging a publicly available TLS certificate to forge valid authentication cookies.
- Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
A vulnerability in Palo Alto Networks' PAN-OS GlobalProtect VPN is being actively exploited in two attack waves starting in mid-May. The flaw allows authentication bypass, requiring specific conditions for exploitation.
- Palo Alto VPN bug graduates from advisory to active exploitation
Palo Alto Networks disclosed a critical security flaw, CVE-2026-0257, in PAN-OS GlobalProtect that allows attackers to bypass authentication and gain unauthorized VPN access. Researchers at Rapid7 confirmed active exploitation since May 17, prompting Palo Alto to elevate the severity rating and CISA to add it to its exploited vulnerabilities catalog with a June 1 patch deadline.
- Here are the 4 big things we're watching in the stock market in the week ahead
The stock market will focus on earnings reports from CrowdStrike, Palo Alto Networks, and Broadcom, along with jobs data, the Computex event, and updates on corporate spin-offs.
- Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks warns that hackers are exploiting a PAN-OS GlobalProtect authentication bypass flaw (CVE-2026-0257) in attacks targeting corporate networks. The vulnerability allows unauthorized access to systems using the GlobalProtect VPN solution.
- PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a medium-severity authentication bypass vulnerability (CVE-2026-0257) in PAN-OS and Prisma Access is being actively exploited. The flaw allows attackers to establish unauthorized VPN connections.
- Shadow AI invades the workplace, up 4x in the last year
The use of unauthorized personal accounts to access GenAI tools in the workplace has increased fourfold in the last year, posing a growing insider-risk concern for organizations. Employees are using these accounts to access AI platforms, potentially exposing sensitive corporate data. This surge in 'shadow AI' has led to new thinking around security measures, including the evolution of software bill of materials (SBOMs) to AI-BOMs.
- Palo Alto Networks hits a big milestone. Why cybersecurity stocks are so hot right now.
Palo Alto Networks has achieved a significant milestone, and cybersecurity stocks are currently popular. Investors are becoming more discerning in separating AI winners from losers. This trend is driven by the growing importance of cybersecurity.
- The next phase of AI cybersecurity still needs humans
New AI cybersecurity models from Anthropic and OpenAI require significant human expertise to operate effectively, finding tens of thousands of bugs in operating systems. Early adopters have shared their experiences with the models, discovering numerous vulnerabilities. The models perform best when paired with experienced security researchers.
- Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
Palo Alto Networks used AI to scan its codebase and found 75 security holes, while Microsoft's AI-powered bug hunting system MDASH found 17 vulnerabilities. This increase in vulnerability detection is expected to lead to more patches and work for admins. The use of AI in bug hunting is becoming more prevalent among security vendors.
- Researchers say AI just broke every benchmark for autonomous cyber capability
Researchers found that AI models, including Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5, have surpassed benchmarks for autonomous cyber capability, significantly outperforming previous trends. The AI Security Institute and Palo Alto Networks conducted separate tests, with results showing the models' ability to complete complex cybersecurity tasks autonomously. This breakthrough has significant implications for the field of artificial intelligence.
- Palo Alto Networks’ stock is basking in the glow of a cybersecurity revival
Palo Alto Networks' stock is benefiting from a cybersecurity revival, with investors viewing cybersecurity companies as beneficiaries of AI. This shift in perspective is noted by an analyst. The company's stock is seeing positive growth as a result.
- State-backed hackers hammer Palo Alto firewall zero-day before patch lands
State-backed hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2026-0300, to gain root access without login required. The flaw affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Attacks are already underway, tied to a cluster of likely state-sponsored threat activity tracked as CL-STA-1132.
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Palo Alto Networks disclosed a critical security flaw in their PAN-OS software, which could allow an unauthenticated attacker to exploit a buffer overflow vulnerability. The vulnerability, CVE-2026-0300, has a CVSS score of 9.3/8.7 and may have been attempted to be exploited as early as April 9, 2026. Threat actors may use this flaw for root access and espionage.
- Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers of a critical-severity PAN-OS firewall zero-day vulnerability being exploited by suspected state-sponsored hackers for nearly a month. The exploit affects Palo Alto Networks firewalls and has been ongoing. Customers are advised to take immediate action.
- Palo Alto warns of critical software bug used in firewall attacks
Palo Alto Networks has identified a critical software bug used in firewall attacks, tracked as CVE-2026-0300. A patch for the bug is not yet available but will be included in releases over the next two weeks. The vulnerability poses a significant risk to users until the patch is published.
- A critical Palo Alto PAN-OS zero-day is being exploited in the wild
A critical zero-day vulnerability is being exploited in Palo Alto Networks' firewalls, allowing unauthenticated attackers to run code with root privileges. The company has not released a patch but has provided mitigation guidance to customers. Exploitation is expected to increase as more researchers and attackers become aware of the vulnerability.
- Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo Alto Networks has warned customers of a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal being exploited in attacks. The vulnerability is a zero-day exploit in the firewall. Customers are advised to take immediate action to protect themselves.
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks' PAN-OS software has a critical buffer overflow vulnerability that allows unauthenticated remote code execution, tracked as CVE-2026-0300, with a CVSS score of 9.3. The flaw is under active exploitation and enables access from the internet if the User-ID Authentication Portal is configured accordingly. This poses a significant security risk to affected systems.
- Shadow IT has given way to shadow AI. Enter AI-BOMs
The concept of Shadow IT has evolved into Shadow AI, where unsanctioned AI tools are used within organizations, and an AI-BOM is introduced to provide visibility across all AI components. This includes models, datasets, and other AI tools, as well as their interactions with each other and workflows. Cisco has open-sourced its AI-BOM and Model Provenance Kit to help secure enterprise supply chains.
- BlackFile actively extorting data-theft victims in retail and hospitality sector
BlackFile, a cyber extortion group linked to The Com, is targeting retail and hospitality organizations via voice-phishing and social engineering to steal data and demand ransoms. The group, tracked under aliases like CL-CRI-1116 and Cordial Spider, uses SaaS environments and data-leak sites to pressure victims, with attacks ongoing since February 2025.
- Network ‘background noise’ may predict the next big edge-device vulnerability
Research by GreyNoise indicates that spikes in network traffic targeting edge devices can predict upcoming vulnerability disclosures, often up to nine days before public alerts. The study found that 50% of detected activity surges led to vendor disclosures within three weeks, highlighting coordinated attacker behavior against security appliances.
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't
Anthropic restricted its Mythos Preview AI model after it autonomously discovered and exploited zero-day vulnerabilities across major operating systems and browsers. Security experts warn similar capabilities may proliferate soon, with CrowdStrike reporting an average eCrime breakout time of 29 minutes.