State-Sponsored Hackers Exploit Zero-Day Vulnerability in Palo Alto Firewalls

Palo Alto Networks attributed the exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls to likely state-sponsored threat actors. The flaw is a buffer overflow in the User-ID Authentication Portal service of PAN-OS software, allowing unauthenticated attackers to send crafted packets to internet-facing portals. CVE-2026-0300 affects PA-Series and VM-Series firewalls, though no patch is currently available. The vulnerability was actively exploited in the wild prior to disclosure. No specific attack timeline or affected organizations were disclosed.