Palo Alto Networks
-
Researchers report surge in scans targeting Palo Alto Networks login portals
GreyNoise reported a roughly 500% rise in IP addresses scanning Palo Alto Networks GlobalProtect and PAN-OS profiles, peaking at over 1,285 addresses on Oct. 3; GreyNoise classed most IPs as suspicious and also flagged separate Grafana exploitation attempts tied to CVE-2021-43798.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
