Palo Alto Networks Scan Spike

Cyber Security News by CyberSum.net

Published on October 5, 2025 at 08:14 PM

2 sources

GreyNoise observed a significant surge in scans targeting Palo Alto Networks login portals, with over 1,300 unique IP addresses participating, and 93% of IPs classified as suspicious, indicating a possible connection to ongoing scanning activity targeting Cisco ASA devices, and suggesting that the surge may signal the disclosure of new vulnerabilities in the coming weeks, according to a cybersecurity firm's report.

Also Read

PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

By Cyber Security News by CyberSum.netOctober 21, 2025 at 09:00 PM