Palo Alto Networks disclosed a critical authentication bypass vulnerability (CVE-2025-010) in PAN-OS software, rated 8.8. It allows unauthenticated attackers to exploit the management web interface, potentially compromising system integrity and confidentiality. Affected versions include PAN-OS 11.2, 11.1, 10.2, and 10.1. Organizations are advised to restrict access and upgrade systems promptly; no current exploitation is known.
Lazarus Group hiding malware in GitHub and open-source packages
North Korean hacking group, Lazarus Group, is using malware to steal cryptocurrency, according to SecurityScorecard’s STRIKE Team. The malware, named Marstech1, is planted in “undetectable”
