So this PAN-OS bug, CVE-2026-0300.

Is there a good reason to expose this User-ID Authentication Portal to the internet in the first place? Yes yes, defend against insider threats and all that, but the opportunistic, across-the-ocean attack seems like it relies more on misconfiguration than anything.

It doesn't seem to be very useful to associate a user identity to an internet-based IP address in the first place, so don't do that? Or am I wildly misunderstanding the utility here? (At first I thought it was like a capture portal like you find on hotel WiFi, but it's more specialized than that I think.)

Regardless, @runZeroInc has a Rapid Response out for it now. No Palo Alto patches available yet.

https://www.runzero.com/blog/palo-alto-networks/

CVE Record: CVE-2026-0300 - Title: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

https://www.cve.org/CVERecord?id=CVE-2026-0300

🚨 CVE-2026-0300: CRITICAL PAN-OS vuln in PA-Series & VM-Series. Buffer overflow in User-ID Auth Portal enables unauth RCE as root. Restrict portal access ASAP. Prisma Access & Cloud NGFW not impacted. Details: https://radar.offseq.com/threat/cve-2026-0300-cwe-787-out-of-bounds-write-in-palo--a6a99009 #OffSeq #PaloAltoNetworks #Vuln

CVE-2026-0300: Zero-Day in PAN-OS erlaubt unauthentifizierten Root-Zugriff auf Palo Alto Firewalls

Eine aktiv ausgenutzte Schwachstelle im User-ID-Authentifizierungsportal von PAN-OS erlaubt Angreifern ohne Zugangsdaten die vollständige Übernahme betroffener Firewalls – Patches stehen noch nicht flächendeckend bereit.

https://www.all-about-security.de/cve-2026-0300-zero-day-in-pan-os-erlaubt-unauthentifizierten-root-zugriff-auf-palo-alto-firewalls/

#patch #cve #PANOS #rootzugriff #firewall #PaloAlto #zeroday

"Limited exploitation has been observed targeting Palo Alto Networks User-ID™ Authentication Portals" - Remember kids, "limited exploitation" means at least one customer hasn't been exploited at the time of publication!

Also, Palo Alto, who recently told* us "AI changes everything, assume all OSS is compromised" have a buffer overflow based unauthenticated root RCE in their captive portal

https://security.paloaltonetworks.com/CVE-2026-0300

* https://mastodon.social/@reedmideke/116461338149427043

Palo Alto Networks alerte sur une nouvelle zero-day déjà exploitée (CVE-2026-0300) https://www.it-connect.fr/palo-alto-networks-alerte-sur-une-nouvelle-zero-day-deja-exploitee-cve-2026-0300/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #PaloAlto

📰 Critical Palo Alto Networks Zero-Day (CVE-2026-0300) Actively Exploited for RCE

🚨 CRITICAL ZERO-DAY: Palo Alto Networks warns of an unpatched, actively exploited RCE vulnerability (CVE-2026-0300) in PAN-OS firewalls. The flaw allows root access via the User-ID portal. Mitigate immediately! #CyberSecurity #ZeroDay #PANOS

🔗 https://cyber.netsecops.io

Mañana ha sido hoy:

https://voidnull.es/como-comprobar-y-mitigar-la-vulnerabilidad-copy-fail-cve-2026-31431-en-gnu-linux/

Cómo comprobar y mitigar la vulnerabilidad Copy Fail (CVE-2026-31431) en GNU/Linux
https://voidnull.es/como-comprobar-y-mitigar-la-vulnerabilidad-copy-fail-cve-2026-31431-en-gnu-linux/

Copy-Fail? More like Copy-Fixed. 🛑

At @DE-CIX, our customers depend on our availability and integrity. So when the Linux "Copy-Fail" vulnerability popped up, we took it super seriously and patched things up immediately.

During the mitigation process, one of our system engineers identified a completely alternative way to block the vulnerability using ftrace. Because it’s been supported in the kernel since 2013, it’s an incredibly accessible solution.

👉 https://github.com/philfry/cve-2026-31431-ftrace

A nine-year Linux kernel bug is being actively exploited right now. CVE-2026-31431 (Copy Fail) gives any unprivileged local user a root shell. Works every time. Leaves no trace on disk. Patch status + fixes for Proxmox, Debian, and more in the video.

➡️➡️ Watch Here: https://youtu.be/LwqEUiuXmbg

CISA warns: CopyFail Linux vuln exploited.
• Privilege escalation → root
• Impacts major distros
• Patch deadline May 15

https://www.technadu.com/cisa-warns-of-severe-copyfail-linux-vulnerability-under-active-exploitation-cve-2026-31431/627365/

Are you patched?
#InfoSec #Linux #CyberSecurity

Mocne odkrycie - RCE bez uwierzytelnienia w serwerze Apache znalezione przez Bartłomieja Dmitruka ze striga.ai (detektor błędów oparty na AI) oraz Stanisława Strzałkowskiego z ISEC.pl. Na serwerze musi być włączone mod_http2 - ale na wielu jest.

https://www.cve.org/CVERecord?id=CVE-2026-23918
https://httpd.apache.org/security/vulnerabilities_24.html

So, #GitHub is having a rough go of it lately. With significant instability and frequent outages in the last month and platform uptime dropping below 85%.

But the most fun trick? Any authenticated user could execute arbitrary commands on GitHub's backend servers with a single git push command - using nothing but a standard git client. (Because their architecture didn’t sterilize semicolons, thus prompt injection.)

On GitHub Enterprise Server, the vulnerability grants full server compromise, including access to all hosted repositories and internal secrets.

GitHub Enterprise Server customers should upgrade ASAP. Wiz dot io data indicates that 88% of instances were still vulnerable.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#infosec #live #githubEnterprise #rce

GitHub Enterprise Server: Immediate action required!

Upgrade to #GHES version 3.19.3 or later - this release patches #CVE-2026-3854

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

@DrHyde To put a fine point on it: GitHub's status page showed nothing alarming on April 23—no major outage, no partial outage—because its calculus excludes "Degraded Performance" from downtime numbers. The platform never went down; it was just silently producing wrong merge results, corrupting repository history across 230 organizations and about 3,000 pull requests. That's not a blip. That's a data integrity failure.

Here's GitHub's own heavily-spun blog post on the matter (which also covers another incident on April 27).

Bonus: Five days after the merge queue incident, GitHub disclosed CVE-2026-3854, a critical remote code execution vulnerability where a crafted git push could execute code on GitHub's servers. Patched on github.com in 75 minutes, but 88% of GitHub Enterprise Server instances were still exposed when the disclosure went public.

One bad week doesn't explain a year of red squares, but it does crystallize the pattern.

/cc @choroba

WordPress : le plugin Slider Revolution doit être mis à jour (CVE-2026-6692) https://www.it-connect.fr/wordpress-le-plugin-slider-revolution-doit-etre-mis-a-jour-cve-2026-6692/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Wordpress

pyghidra-mcp v0.2.0 is out with new --gui mode. 👀

Your local LLM drives a real Ghidra CodeBrowser, not a plugin.

New blog post shows firmware RE of the CVE-2024-3273 RCE chain with Gemma4.

https://clearbluejar.github.io/posts/pyghidra-mcp-meets-ghidra-gui-drive-project-wide-re-with-local-ai/

Krytyczna podatność bezpieczeństwa CVE-2026-5757 w Ollamie pozwala na wykradanie danych z serwerów za pomocą specjalnie spreparowanych plików GGUF. Luka ta wykorzystuje brak walidacji metadanych w mechanizmie kwantyzacji, co może prowadzić do nieautoryzowanego dostępu do wrażliwych informacji.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

https://aisight.pl/cyberbezpieczenstwo/cien-w-stercie-podatnosc-cve-2026-5757-umozliwia-kradziez-danych-z-serwerow-ollama/