CVE-2026-0257: Palo Alto PAN-OS Authentication Bypass Actively Exploited — Patch Immediately
#CyberSecurity
https://securebulletin.com/cve-2026-0257-palo-alto-pan-os-authentication-bypass-actively-exploited-patch-immediately/

En las últimas 24 horas se detectaron ataques que explotan vulnerabilidades críticas en PAN-OS GlobalProtect, un paquete malicioso en NuGet que roba credenciales bancarias, una filtración masiva de datos en programa social y una controversia entre Microsoft y un investigador de seguridad que cuestiona la transparencia en ciberseguridad. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 30/05/26 📆 |====

🔓 EXPLOTACIÓN ACTIVA DE VULNERABILIDAD EN PAN-OS GLOBALPROTECT (CVE-2026-0257)

Se ha detectado la explotación activa de una grave vulnerabilidad en PAN-OS GlobalProtect que permite a los atacantes evadir la autenticación. Esta brecha compromete la seguridad de las redes corporativas que usan este sistema, facilitando accesos no autorizados con potencial daño en la confidencialidad y control de los sistemas. Es vital actualizar y reforzar las políticas de seguridad para mitigar este riesgo. Conoce cómo proteger tus sistemas frente a esta amenaza 👉 https://djar.co/t3SSdE

⚠️ MICROSOFT EN EL OJO DE LA TORMENTA POR AMENAZAS A INVESTIGADOR DE SEGURIDAD

Una disputa pública reciente entre Microsoft y un investigador de seguridad independiente ha reavivado el debate sobre la transparencia y responsabilidad en la seguridad del software. La amenaza de una investigación criminal contra el experto plantea preocupaciones respecto a la colaboración entre grandes empresas y la comunidad de ciberseguridad, fundamental para mejorar la protección global. Entiende las implicaciones de este conflicto y su impacto en la seguridad informática 👉 https://djar.co/vUhRNw

💀 PAQUETE MALICIOSO EN NUGET ROBÓ CREDENCIALES BANCARIAS

Investigadores han identificado un paquete malicioso llamado Sicoob.Sdk en NuGet que robaba certificados PFX e identificadores de clientes, poniendo en riesgo la autenticidad de APIs y la seguridad de pagos digitales. Esta amenaza resalta la importancia de revisar y controlar estrictamente las dependencias y librerías externas utilizadas en proyectos para evitar filtraciones y suplantaciones. Descubre cómo detectar y prevenir este tipo de ataques 👉 https://djar.co/bsW9

🚨 FILTRACIÓN MASIVA EN PÁGINA DE PROGRAMAS SOCIALES: DATOS DE BENEFICIARIOS EXPUESTOS

Un ataque cibernético comprometió la página oficial de programas sociales, dejando expuestos datos personales de miles de beneficiarios de la Pensión Bienestar. Este incidente pone en peligro la privacidad y seguridad de personas vulnerables, subrayando la necesidad urgente de reforzar la ciberseguridad en plataformas gubernamentales y sociales. Infórmate sobre los riesgos y recomendaciones para proteger tu información 👉 https://djar.co/f14k

CVE-2026-0257 exploits a missing signature verification in GlobalProtect's cookie validation. Attackers forge authentication cookies using the /usr/local/bin/gpsvc binary's RSA private keys, gaining VPN access without...

https://captechgroup.com/about-us/threat-intelligence-center/pan-os-globalprotect-authentication-bypass-cve-202-537803?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=pan-os-globalprotect-authentication-bypass-cve-2026-0257-exploited-in-wild

RE: https://c.im/@cdarwin/116660769695837565

One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.

Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.

On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.

For the record, I think @GossiTheDog called it that this person was a former MS employee.

https://x.com/ChaoticEclipse0/with_replies

RE: https://c.im/@cdarwin/116660769695837565

One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.

Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.

On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.

For the record, I think @GossiTheDog called it that this person was a former MS employee.

https://x.com/ChaoticEclipse0/with_replies

This person has been a prolific bug finder for quite some time. Here's their public HackerOne profile: https://hackerone.com/halove23/hacktivity?type=user

Reading their Xitter timeline over the years is pretty interesting. They went from working w/ a lot of these bug bounty programs and giving MS time to fix stuff beyond the usual 90-day window to increasing frustration in dealing w/ vendors. I wish that were less of a common experience than it still is today, but some dynamics in this industry never seem to change.

Also just noticed something interesting. Back in 2019, MS was including hyperlinks to researchers in their advisories. In this advisory, they actually link to the researcher's shitposting Facebook profile, which has posts up until this month.

https://www.facebook.com/com.android.vending

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-1385

CVE-2026-45659: vulnerabilità RCE ad alta severità in SharePoint Server — patch disponibile
#tech
https://spcnet.it/cve-2026-45659-vulnerabilita-rce-ad-alta-severita-in-sharepoint-server-patch-disponibile/
@informatica

CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/write
Severity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
CWE: CWE-59 (Improper Link Resolution Before File Access)

A rogue SFTP server can return symlink targets (absolute paths or relative "../../../" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary "cp" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.

https://www.openwall.com/lists/oss-security/2026/05/30/3

#CVE_2026_47187

Mitigating CVE-2026-31431 ("Copy Fail") in Docker Engine #devopsish https://www.docker.com/blog/mitigating-cve-2026-31431-copy-fail-in-docker-engine/

CVE-2024-42395 - Critical RCE in AP Certificate Management Service. Unauthenticated RCE, CVSS 9.8. Exploitation leads to full system compromise. Patch status unknown, monitor for updates urgently. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2024-42395/

CVE-2024-27143 - Critical RCE in Toshiba printers via SNMP private community. Attackers can execute commands as root. CVSS 9.8. Unpatched. Update firmware immediately. #CVE #Toshiba #infosec

https://www.valtersit.com/cve/CVE-2024-27143/