Cybersecurity researchers report a surge in login scanning activity directed at Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IPs involved. This increase began on March 17, 2025, with daily attempts peaking at nearly 20,000. The United States and Canada are the primary sources of this probing activity, which aims to identify vulnerable systems. Experts suggest this activity could precede targeted attacks. Organizations are urged to strengthen security for their login portals in light of these findings.
This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation.
Over the past 18 to 24 months, we've observed a consistent pattern of deliberate targeting of older vulnerabilities or well-worn attack and reconnaissance attempts against specific technologies.
Collection
[
|
...
]