Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
05.10.2025
12445
GreyNoise detects 500% spike in Palo Alto login scans, linking it to recent Cisco ASA exploit trends.
🚨 SCANNING ACTIVITY ON PALO ALTO NETWORKS PORTALS JUMP 500% IN ONE DAY
GreyNoise just detected a massive 500% spike in scanning activity targeting Palo Alto Networks portals—literally overnight. This isn't random noise; it's coordinated reconnaissance linked directly to recent Cisco ASA exploit trends.
The threat intel firm observed this dramatic surge in login scans hitting Palo Alto's customer and partner portals. This isn't just curiosity—it's threat actors mapping attack surfaces and probing for weak credentials after the recent Cisco ASA vulnerabilities dropped.
Here's the playbook: attackers are using the same tactics they deployed against Cisco—mass scanning for exposed management interfaces, testing default credentials, and looking for unpatched systems. Palo Alto portals are now in the crosshairs.
- • 500% increase in scanning activity detected by GreyNoise
- • Targeting Palo Alto Networks customer and partner portals
- • Direct correlation to recent Cisco ASA exploit campaigns
- • Attackers probing for weak credentials and unpatched systems
- • Mass reconnaissance preceding potential exploitation attempts
Security teams need to treat this as an early warning system. When scanning activity spikes this hard, exploitation attempts usually follow within days. Check your Palo Alto portal access logs, enforce MFA immediately, and patch any vulnerable systems before attackers escalate from reconnaissance to full compromise.
#brute-force attacks#cybersecurity#cyber threats#port scanning#credentials
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
