Active-Exploitation

Threat Intelligence

Palo Alto Captive Portal Zero-Day Under Active Chinese-Linked Exploitation, First Patches May 13

May 8, 2026

CVE-2026-0300 (CVSS 9.3) is an unauthenticated, root-level RCE in the PAN-OS User-ID Authentication Portal of PA-Series and VM-Series firewalls, under active exploitation by a likely China-aligned cluster Unit 42 tracks as CL-STA-1132. First hotfixes ship May 13. Anything with the Captive Portal exposed to untrusted networks needs immediate mitigation.

5 min read

Threat Intelligence

When the Security Tool IS the Supply Chain Attack

Apr 28, 2026

TeamPCP's supply-chain campaign has propagated from Trivy to Checkmarx KICS, Checkmarx GitHub Actions, two Open VSX plugins, and now Bitwarden CLI. Lapsus$ is handling the extortion. The blast radius now reaches a password manager with 10M+ users.

2 min read

Threat Intelligence

Three Critical Exploits Hit Management Planes and Endpoints

Apr 26, 2026

Three critical vulnerabilities under active exploitation target FortiClient EMS, Adobe Acrobat Reader, and nginx-ui, collectively exposing enterprise management planes and endpoints to unauthenticated remote code execution.

2 min read