Microsoft's Fox Tempest takedown exposes a criminal market for code-signing trust sold per payload; a PAN-OS zero-day with six weeks of state-sponsored exploitation went unreported through all of W21; and Shai-Hulud nearly doubled in scope with Grafana's source code as the first named downstream casualty.
CVE-2026-0300 (CVSS 9.3) is an unauthenticated, root-level RCE in the PAN-OS User-ID Authentication Portal of PA-Series and VM-Series firewalls, under active exploitation by a likely China-aligned cluster Unit 42 tracks as CL-STA-1132. First hotfixes ship May 13. Anything with the Captive Portal exposed to untrusted networks needs immediate mitigation.
ShinyHunters expanded Monday's identity breach wave to 275 million education users via Canvas and pivoted to cloud data warehouse infrastructure at Vimeo; separately, an unpatched PAN-OS RCE zero-day leaves internet-facing firewalls exposed until at least May 13.
Security