Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

GreyNoise reports a significant increase in scanning activity targeting Palo Alto Networks login portals, with over 1,300 IPs involved, mainly from the U.S. and Europe. This activity resembles recent Cisco ASA scans and may indicate emerging threats or reconnaissance efforts; it underscores the importance of staying updated on software vulnerabilities. #PaloAltoNetworks #CiscoASA #CyberThreats

Keypoints

  • A nearly 500% increase in scans targeting Palo Alto Networks login portals was observed on October 3, 2025.
  • Most scanning IPs are from the U.S., with notable activity also seen in the U.K., Netherlands, Canada, and Russia.
  • Recent activity displays regional clustering and similar fingerprinting methods as seen in Cisco ASA scans.
  • GreyNoise warns that surges in scanning activity often precede the discovery of new CVEs affecting the targeted technology.
  • Vulnerabilities like those in Cisco ASA remain unpatched in many devices, increasing the risk of exploitation by attackers.

Read More: https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html