Summary: Researchers have detected a significant increase in suspicious login probing targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses involved. This coordinated activity raises concerns about potential vulnerabilities being tested, indicating preparation for future exploitation. Organizations using these systems must enhance security measures in response to this alarming trend.
Affected: Palo Alto Networks PAN-OS GlobalProtect gateways
Keypoints :
- Approximately 24,000 unique IP addresses attempted access, with peaks reaching nearly 20,000 daily.
- The majority of suspicious traffic originated from the United States, Canada, Finland, the Netherlands, and Russia.
- Continuous monitoring of older vulnerabilities and reconnaissance attempts have been identified as part of a larger trend over the past 18 to 24 months.
Source: https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html