Telegram News

Source-attributed Telegram item

SIT Reports: 🔍 CVE-2026-0257 exploited via forged GlobalProtect cookies Rapid7 says attackers actively...

Source-attributed Telegram post from SIT Reports: 🔍 CVE-2026-0257 exploited via forged GlobalProtect cookies Rapid7 says attackers actively abused CVE-2026-0257 against multiple customers after Palo Alto...

Global Conflict

SIT Reports

@sitreports | rank 71 | Tier 3 | Fast-alert source

Fast Alert Sensor Tier 3 Fast-alert source Situation-report fast-alert perspective Fast situation reports can outrun confirmation and should be cross-checked source-attributed Telegram source claim Public Telegram post fast-alert sensor global conflict situation reports

Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.

56 views 1 forwards 0 reactions Top 90% in source Source rank #28 Global pct 10.08

Original English English

🔍 CVE-2026-0257 exploited via forged GlobalProtect cookies

Rapid7 says attackers actively abused CVE-2026-0257 against multiple customers after Palo Alto patched the flaw on 13 May. The issue affects PAN-OS GlobalProtect portal and gateway deployments where auth override cookies are enabled and the same certificate is reused for HTTPS and cookie encryption, allowing forged VPN auth cookies and login bypass.

Observed activity began on 17 May, with two waves tied by the same spoofed MAC address. In some cases the forged cookie only authenticated, but in others it also obtained a VPN IP, giving direct internal network access without credentials.

🛰️ Open sources - closed narratives
@sitreports

global-conflict conflict fast-alert-sensor situation-reports cve exploit
Telegram media item Media served by Telegram. The preview loads from telegram.org when this card is visible. Open original Telegram post