{"id":210342,"date":"2026-05-07T11:48:00","date_gmt":"2026-05-07T15:48:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/07\/palo-alto-networks-warns-state-linked-cluster-behind-zero-day-exploitation\/"},"modified":"2026-05-07T13:00:10","modified_gmt":"2026-05-07T17:00:10","slug":"palo-alto-networks-warns-state-linked-cluster-behind-zero-day-exploitation","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/07\/palo-alto-networks-warns-state-linked-cluster-behind-zero-day-exploitation\/","title":{"rendered":"Palo Alto Networks warns state-linked cluster behind zero-day exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/palo-alto-networks-state-linked-zero-day\/819588\/\">Palo Alto Networks warns state-linked cluster behind zero-day exploitation<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/palo-alto-networks-state-linked-zero-day\/819588\/\">https:\/\/www.cybersecuritydive.com\/news\/palo-alto-networks-state-linked-zero-day\/819588\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-07 11:48:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Palo Alto Networks warned that a suspected state-sponsored threat cluster targeted a critical vulnerability in the User ID Authentication Portal service of PAN-OS software, according to a blog post published Wednesday.\u00a0The vulnerability, tracked as CVE-2026-0300, is a buffer overflow vulnerability that allows attackers to execute arbitrary code on the company\u2019s PA Series and VM Series firewalls.\u00a0<br \/>\nThe cybersecurity company issued an advisory\u00a0on Tuesday warning that a limited number of customers had been exploited in cases where devices were exposed to the public internet or exposed to untrusted IP addresses.\u00a0<br \/>\nThe company is \u201cworking to release software fixes, with the first updates expected to be available by May 13, according to a spokesperson.<br \/>\nThe Cybersecurity and Infrastructure Security Agency on Wednesday added the flaw to its Known Exploited Vulnerabilities catalog.\u00a0<\/p>\n<p>The initial exploitation attempts against a PAN-OS device were traced back to April 9, but were unsuccessful, according to researchers at PAN Unit 42. A week later, attackers broke through and injected shellcode into the device. The cluster is being tracked as CL-STA-1132, but researchers did not provide any details about the specific country of origin or details behind the attackers.\u00a0<br \/>\nFollowing the initial compromise, attackers worked to mitigate detection efforts by clearing crash kernel messages, deleting nginx crash entries and crash records and removing crash core dump files, said Unit 42 in its blog post.\u00a0<br \/>\nBy late April, the attackers conducted a Security Assertion Markup Language flood against the previously targeted device, read the blog post.\u00a0\u00a0<br \/>\nThe hackers also deployed publicly available tunneling tools, including EarthWorm and ReverseSocks5.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks warns state-linked cluster behind zero-day exploitation https:\/\/www.cybersecuritydive.com\/news\/palo-alto-networks-state-linked-zero-day\/819588\/ Publish Date: 2026-05-07 11:48:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210343,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/M03haNroBN6UsBWsangmilWnPJWrpdyDnyyAZhGD_Z8\/g:nowe:8:185\/c:4023:2273\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9JTUdfMjIxOS5KUEc=.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-210342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210342"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210342"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210342\/revisions"}],"predecessor-version":[{"id":210345,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210342\/revisions\/210345"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210343"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}