"Palo Alto Networks Faces Zero-Day Backdoor Exploitation"
Threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on affected firewalls. The attack, known as Operation MidnightEclipse, involves the deployment of a Python-based backdoor to create a cron job that fetches and executes commands from an external server. The attackers have been observed creating a reverse shell, downloading additional tools, and exfiltrating data, prompting the U.S. Cybersecurity and Infrastructure Security Agency to add the flaw to its Known Exploited Vulnerabilities catalog. Organizations are advised to apply patches promptly, as the threat actor, dubbed UTA0218, is suspected to be state-backed and highly capable.