URL has been copied successfully!
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers


Tags: , , , , , ,

CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. The flaw impacts the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS […]

First seen on securityaffairs.com

Jump to article: securityaffairs.com/192933/security/cve-2026-0257-rapid7-caught-attackers-abusing-forged-vpn-cookies-against-multiple-customers.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 7 zero-day exploitation trends of 2024
  2. Critical vulnerabilities expose network security risks in Keysight’s infrastructure
  3. Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333 and CVE-2025-20362
  4. Network security devices endanger orgs with ’90s era flaws