Vulnerabilities4 min read
Palo Alto GlobalProtect Auth Bypass Under Active Attack — CISA KEV
CVE-2026-0257 lets attackers forge VPN cookies to access internal networks without credentials. CISA adds to KEV after Rapid7 confirms exploitation since May 17. Federal deadline June 19.
Marcus ChenMay 30, 2026