Palo Alto Networks has warned that a recently patched authentication bypass in PAN-OS GlobalProtect, tracked as CVE-2026-0257, is now being actively exploited in the wild. The vulnerability allows attackers to bypass authentication controls and establish unauthorized VPN connections when devices are configured with specific authentication override cookie and certificate settings. Organizations running GlobalProtect should treat this as urgent: apply vendor
Tag: VPN security
Synology SSL VPN Client Flaws Let Remote Attackers Read Files and Expose PINs — Patch Now
Synology has released a security advisory addressing two important vulnerabilities in its SSL VPN Client that could allow remote attackers to access sensitive files and expose locally stored PINs. Both flaws require user interaction—specifically, visiting a crafted web page while the vulnerable client is running—but their consequences range from quietly reading configuration files and certificates to enabling interception of VPN