Hackers Launch Massive Attack Campaign Against Palo Alto VPN Systems

Cybercriminals exploit Palo Alto VPN vulnerabilities via 7,000 IPs; urgent fixes advised by Palo Alto Networks and CISA.

By Content Team

Dec 7, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are actively targeting Palo Alto Networks' GlobalProtect VPN portals using over 7,000 IP addresses worldwide. The attacks, detected in late November 2025, exploit vulnerabilities in internet-facing VPN gateways through UDP port 4501.

Threat actors are using residential proxies and compromised servers across Asia, Europe, and North America to probe for weak configurations and deploy custom scripts. They're targeting historical flaws like CVE-2024-3400 and misconfigurations that allow unauthorized access.

Palo Alto Networks issued an urgent advisory December 5, recommending multi-factor authentication and firewall restrictions. CISA added related indicators to its Known Exploited Vulnerabilities catalog, giving federal agencies 72 hours to patch.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Ukrainian Hacker Charged in Russian-Backed Attacks on US Water Systems and Meat Plants

Dec 10, 2025

DoorDash Data Breach Exposes Customer Information Through Employee Scam

Nov 20, 2025

GitLab Releases Critical Security Patches for Authentication Bypass and DoS Vulnerabilities

Nov 28, 2025

You've Got a Month Left to Claim a Share of AT&T's Massive $177 Million Settlement

Nov 19, 2025