Recent Palo Alto Networks Vulnerability Exploited for Weeks

Recent Palo Alto Networks Vulnerability Exploited for Weeks

Threat actors began targeting an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS just four days after public disclosure, Rapid7 warns.

Tracked as CVE-2026-0257 (CVSS score of 7.8), the high-severity security defect allows attackers to bypass restrictions and establish VPN connections to vulnerable appliances.

Palo Alto Networks released fixes for the bug on May 13, noting that it affects firewalls with GlobalProtect portal or gateway enabled, under certain configurations.

On Friday, the company updated its advisory to warn that threat actors are exploiting the flaw in the wild, and NIST flagged the issue as critical.

“Palo Alto Networks has become aware of limited exploit attempts on unpatched PAN-OS devices without mitigations applied,” the company says.

Simultaneously, the US cybersecurity agency CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it by June 1.

Connecticut’s Lamont Signs AI Law With Employer Notice Mandate

A sweeping new AI law ratified by Connecticut’s governor will require businesses to notify employees and job applicants about their use of automation technology in making employment decisions.

The legislation (SB 5) calls for employers to give workers details about the artificial intelligence decision-making tools they use, including what types of personal data are factored into decisions and the data sources. The disclosure requirements apply to AI tools that businesses deploy on or after Oct. 1, 2027, and the measure allows contracting with the technology’s developers to provide the required notices.

The governor’s office announced May 29 that Gov. Ned Lamont (D) had earlier signed the legislation.

The law also mandates that employers notify the state’s Labor Department if a mass layoff or plant closure results from the adoption of AI or other automation, an add-on to existing notice requirements under the federal Worker Adjustment and Retraining Notification, or WARN, Act.

The Governance Gap Emerging Beneath The AI Boom

Artificial intelligence is rapidly becoming embedded into the operational fabric of modern enterprises. What began as experimentation inside innovation teams has expanded into finance, legal, cybersecurity, procurement, software development, customer operations and executive decision-making itself. AI systems are generating recommendations, automating workflows and increasingly influencing business outcomes across virtually every industry.

AI is real, transformative and already delivering measurable value. Organizations that ignore it entirely will almost certainly fall behind. The issue is not whether enterprises should adopt AI. The issue is whether they are deploying it with the governance, accountability and operational discipline required for systems that are beginning to influence critical business decisions. That is where many organizations are falling behind.

Cybersecurity Skills Gap Is Now the Top CISO Concern, SANS 2026 Report

Sixty percent of chief information security officers now cite the cybersecurity skills gap as their primary workforce concern, overtaking headcount shortfalls for the first time, according to the SANS/GIAC 2026 Cybersecurity Workforce Research Report, which surveyed 947 security leaders across industries globally.

• 60% of CISOs named “not having the right staff” as their top challenge; only 40% chose “not enough staff”

• AI is the primary driver: rapid enterprise AI deployment has exposed gaps in what existing teams know how to secure

• The report identifies nine strategic recommendations, led by developing formal AI governance programs and baseline AI security training

• Hiring alone will not close the gap: the market for highly skilled AI-security practitioners is too small and too expensive

The Future of Cybersecurity is Fighting AI with AI

If generative AI takes off like other computing innovations, we’re at the beginning of a major shift in the ways people use technology. “Hockey stick” growth has just begun, as the early adopters in every organisation explore ways to be more efficient and apply new generative AI tools to workflows.

Unfortunately, the bad guys are far ahead of the curve. While enterprises see opportunity in generative AI for new methods of interacting with customers and eliminating the tedium associated with building code or writing reports, the threat actor sees generative AI as a low-cost way to supercharge existing attack strategies and exploit new vulnerabilities at scale.

“The adversaries are moving faster, weaponising vulnerabilities by reverse engineering the patch,” says Michelle Abraham, research director, security and trust, IDC. “Exploits are being developed more quickly.”

Cybersecurity considerations 2026

Technology is advancing at unprecedented speed, unlocking new opportunities for growth while simultaneously amplifying cyber risk. Organizations now face a broader, more complex threat landscape shaped by AI, geopolitics, regulatory pressure, supply chain disruption, non-human identities, hyperconnectivity, and the looming reality of quantum decryption. For cyber leaders, the challenge is no longer just protecting the enterprise but strengthening resilience while enabling innovation at scale, across an expanding digital and operational attack surface.

Cybersecurity considerations 2026 explores eight key considerations leaders should prioritize as cybersecurity becomes central to enterprise resilience and innovation. The report helps Chief Information Security Officers (CISOs) and senior executives navigate a rapidly evolving risk environment, while supporting the adoption of AI and other transformative technologies, to help drive growth, resilience, and competitive advantage.