Palo Alto Networks revealed a critical vulnerability (CVE-2025-0108) in PAN-OS that allows unauthenticated attackers to bypass authentication via the management web interface. This flaw, caused by path confusion between Nginx and Apache, exposes systems to significant risks, enabling unauthorized access to sensitive PHP scripts. Users are advised to upgrade to patched versions and restrict interface access.
North Korean hackers spotted using ClickFix tactic to deliver malware
The North Korean group Kimsuky is employing a social engineering tactic called “ClickFix” to distribute malware to South Korean targets. The strategy tricks users into
