Palo Alto Networks has reported a significant increase in brute-force login attempts targeting its PAN-OS GlobalProtect gateways. This surge follows a warning from threat intelligence firm GreyNoise, which noted an increase in suspicious login scanning activity starting March 17, 2025. The login attempts peaked at 23,958 unique IP addresses, primarily affecting systems in the US, UK, Ireland, Russia, and Singapore. While the activity does not indicate a specific vulnerability being exploited, it underscores the importance of customers ensuring their systems are updated and implementing robust security measures such as multi-factor authentication (MFA).
Palo Alto Networks has observed a surge in brute-force login attempts against PAN-OS GlobalProtect gateways, following a warning from GreyNoise about suspicious login scanning activity.
The coordinated login scanning activity, which peaked at 23,958 unique IP addresses, primarily targeted systems in the US, UK, Ireland, Russia, and Singapore.
Collection
[
|
...
]