New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

The article begins with a depiction of the chaotic nature of cybersecurity threats that organizations face regularly, likening it to a malfunctioning cron job. It highlights the constant barrage of issues such as authentication failures, repository vulnerabilities, and the exploitation of patched systems. The narrative underscores the urgency of addressing old bugs wrapped in new forms and the rapid pace at which these vulnerabilities are being abused. The article advises prioritizing the most obvious and critical patches first before delving into other issues. One of the major threats discussed is the exploitation of a medium-severity security flaw in PAN-OS GlobalProtect, which allows attackers to bypass authentication and establish VPN connections. This vulnerability, tracked as CVE-2026-0257, affects specific configurations of firewalls with GlobalProtect portals or gateways. The article emphasizes the importance of addressing such vulnerabilities swiftly to prevent unauthorized access and potential breaches. The article also highlights a critical zero-day vulnerability in Gogs, an open-source Git service, that exposes servers to remote code execution. This flaw can be exploited by attackers through malicious branch names in pull requests, allowing them to execute arbitrary commands and compromise server security. The lack of a patch for this vulnerability at the time of publication underscores the urgency for organizations using Gogs to implement protective measures. Efforts to dismantle the GlassWorm malware operation are detailed, with CrowdStrike, Google, and the Shadowserver Foundation successfully taking down its command-and-control channels. Despite this success, the article notes that the broader issue of repository abuse remains, as open-source ecosystems provide attackers with low-cost distribution channels. The temporary disruption of GlassWorm highlights the ongoing challenge of eradicating such threats entirely. The article discusses the increasing speed of AI-assisted cyberattacks and the pressure on organizations to patch vulnerabilities quickly. CERT-In in India urges organizations to address exploited vulnerabilities within 12 hours to mitigate the risks posed by AI-accelerated attacks. The framework suggests timelines for remediation based on the criticality of the vulnerabilities and their exposure to threats. A new campaign using AI chatbots to redirect users to cryptojacking malware sites is also covered. This campaign not only aims to mine cryptocurrency but also establishes persistent remote access to compromised hosts, posing additional threats such as data theft and ransomware. The use of AI in these attacks highlights the evolving tactics of cybercriminals. The article concludes with a roundup of trending CVEs and cybersecurity tools, emphasizing the shrinking gap between patch releases and exploitations. It advises organizations to prioritize patching high-severity vulnerabilities and to remain vigilant against potential threats. The article stresses the importance of addressing both obvious and seemingly minor vulnerabilities to prevent future incidents, reminding readers of the persistent and evolving nature of cybersecurity threats.