April 11, 2025 By Pierluigi Paganini
Experts warn of brute-force login attempts on PAN-OS GlobalProtect gateways following increased scanning activity on its devices.
Palo Alto Networks reports brute-force login attempts on PAN-OS GlobalProtect gateways. The security firm pointed out that no known vulnerability has been exploited, but monitoring and analysis continue.
“Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a vulnerability,” a company spokesperson told The Hacker News. “We continue to actively monitor this situation and analyze the reported activity to determine its potential impact and identify if mitigations are necessary.”
Recently, the threat intelligence firm GreyNoise reported a spike in login scanning targeting PAN-OS GlobalProtect portals starting March 17, 2025, peaking at 23,958 unique IPs. The activity, likely coordinated, focused on systems in the U.S., U.K., Ireland, Russia, and Singapore, aiming to find exposed systems.