{"id":219506,"date":"2026-05-25T03:25:07","date_gmt":"2026-05-25T07:25:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/25\/palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking\/"},"modified":"2026-05-25T03:25:09","modified_gmt":"2026-05-25T07:25:09","slug":"palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/25\/palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking\/","title":{"rendered":"Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking"},"content":{"rendered":"

Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking<\/a><\/p>\n

https:\/\/www.securityweek.com\/palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking\/<\/a><\/p>\n

Publish Date: 2026-05-07 11:31:12<\/a><\/p>\n

Source Domain: www.securityweek.com<\/a><\/p>\n

Summary:<\/strong>
\nPalo Alto Networks disclosed a critical zero-day vulnerability (CVE-2026-0300) impacting its User-ID Authentication Portal of PA and VM series firewalls that allows remote code execution with root privileges. The cybersecurity firm detected exploitation attempts attributed to a “likely state-sponsored” threat group referred to as CL-STA-1132, showing evidence pointing towards Chinese actors based on their use of open-source tools like Earthworm and ReverseSocks5, log destruction tactics, and Active Directory targeting. Exploitation attempts initially failed but succeeded a week later, with attackers deploying the tools before extensively cleaning logs, deleting critical evidence, and escalating privileges. Palo Alto Networks advises customers on mitigations and patches are scheduled for May 13 and May 28.<\/p>\n

Key Points:<\/strong><\/p>\n