National CERT Pakistan has issued a high-severity cybersecurity advisory warning that attackers are actively exploiting a critical security vulnerability in a widely used corporate VPN system from Palo Alto Networks. The flaw, tracked as CVE-2026-0257, affects the GlobalProtect VPN portal and gateway components running on PAN-OS software. According to the advisory, the issue can allow attackers to bypass authentication mechanisms and gain unauthorized access to VPN sessions without requiring any user interaction.

The flaw, tracked as CVE-2026-0257, affects the GlobalProtect VPN portal and gateway components running on PAN-OS software. According to the advisory, the issue can allow attackers to bypass authentication mechanisms and gain unauthorized access to VPN sessions without requiring any user interaction.

National CERT stated that the vulnerability is already being used in real-world cyberattacks and has been included in the Known Exploited Vulnerabilities (KEV) list, indicating confirmed active exploitation.

The agency warned that successful attacks could give threat actors an initial entry point into organizational networks, particularly impacting government departments, financial institutions, telecom operators, and private enterprises relying on remote access systems.

Once inside, attackers may be able to move laterally across internal systems, steal sensitive data, harvest credentials, and maintain persistent access for extended periods. Officials also cautioned that compromised VPN infrastructure could disrupt critical services and expose interconnected networks to further intrusion.

The advisory emphasized that the vulnerability is especially dangerous because it does not require authentication or user action, increasing the risk for exposed systems connected to the internet.

National CERT has urged organizations to immediately apply vendor-issued security updates for affected PAN-OS versions and implement recommended protections. These include enabling multi-factor authentication (MFA), restricting VPN access to trusted IP ranges, and strengthening logging and monitoring of VPN activity.

Organizations have also been advised to review active sessions, investigate unusual login patterns, and search for signs of compromise such as unexpected IP addresses or unauthorized VPN connections.

Additionally, the advisory calls for improved incident response coordination by correlating VPN, firewall, and authentication logs, isolating suspicious systems, and rotating credentials where necessary.

National CERT stressed that any suspected intrusion attempts or abnormal VPN behavior should be reported immediately, warning that rapid patching and continuous monitoring are essential to reducing the risk of unauthorized network access.

Get the latest tech news, telecom insights, and product launches wherever you prefer.

Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.

Hackers Are Using Popular VPN to Breach Online Company Data in Pakistan

Related stories

CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world

Hackers Are Using New WinRAR Bug to Breach All Computers in Pakistan

Oracle warns of security bug that hackers abused to breach 100+ companies

The worst hacks and breaches of 2026 (so far)

Microsoft under fire for threatening security researcher with criminal investigation