Multiple exploitation campaigns are targeting Cisco, Palo Alto Networks, and Fortinet devices, originating from shared IP subnets. These activities include scanning, brute-force attacks, and exploitation of recent vulnerabilities, indicating coordinated threat actor operations. #CiscoVulnerabilities #PaloAltoGlobalProtect #FortinetVPNattacks
Keypoints
- Threat campaigns target Cisco ASA, Palo Alto Networks GlobalProtect, and Fortinet VPNs from common IP subnets.
- Recent vulnerabilities CVE-2025-20333 and CVE-2025-20362 are linked to these exploitation campaigns.
- GreyNoise reports a 500% surge in scanning activity and over 1.3 million login attempts against Palo Alto firewalls.
- Indicators suggest that the same threat actors are behind the campaigns targeting multiple vendors.
- Experts recommend blocking IPs engaged in brute-force activity and hardening security for firewall and VPN devices.