PAN-OS RCE Under Active Exploitation; Defense Contractor Data Leak; GhostLock SMB Attack Demonstrated

TL;DR Palo Alto Networks has released patches for CVE-2026-0300, a critical remote code execution flaw in PAN-OS User-ID Authentication Portal that is already being exploited in limited attacks. A defense contractor with DOD contracts exposed military training materials and user records through inadequately protected API endpoints. Three separate phishing campaigns are targeting telecom, healthcare, and Russian-speaking entities with infostealers and remote access tools.

What happened

Palo Alto Networks disclosed and began distributing fixes for CVE-2026-0300, a critical buffer overflow vulnerability in the User-ID Authentication Portal service of PAN-OS. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges by sending specially crafted packets. Palo Alto Networks stated it has observed the vulnerability being exploited in limited attacks since at least last month, with unknown threat actors deploying payloads identified as EarthWorm and ReverseSocks5.

In parallel, a defense technology company operating under Department of Defense contracts left API endpoints inadequately protected, exposing sensitive data including user records and military training materials. The affected platform, Schemata, is an AI-powered virtual training system used in military and defense environments. Security researchers from Strix found that a low-privilege account could access data across multiple tenants, including user listings, organization records, course information, training metadata, and direct links to documents stored on Amazon Web Services. Schemata stated it found no evidence of third-party exploitation.

The week also saw active phishing campaigns from three distinct threat clusters. Operation GriefLure targeted Vietnamese telecom and Philippine healthcare sectors with spear-phishing emails distributing RAR archives containing a remote access trojan capable of process enumeration, screenshot capture, file and directory listing, credential harvesting, and file execution. Operation SilentCanvas deployed a weaponized PowerShell payload disguised as a file named sysupdate.jpeg to deliver a trojanized ConnectWise ScreenConnect instance. Operation HumanitarianBait leveraged humanitarian aid-themed lures in phishing emails containing malicious LNK files within RAR archives, targeting Russian-speaking entities with a Python-based infostealer retrieved from GitHub Releases.

A proof-of-concept tool called GhostLock, created by Kim Dvash of Israel Aerospace Industries, demonstrated that a domain user with read access to a file share can indefinitely deny file access to other users by calling CreateFileW with exclusive share mode, producing ransomware-like impacts without deploying encryption or requiring elevated privileges. This technique exploits documented SMB behavior and affects any organization with SMB-backed shared file infrastructure where users have standard domain credentials.

Meta announced Incognito Chat, a private mode for AI interactions in Meta and WhatsApp apps that processes inference in a Trusted Execution Environment, ensuring messages are not accessible to Meta or WhatsApp and deleting conversations on session exit. Additionally, the U.S. Federal Communications Commission extended the deadline for security updates on foreign-produced routers from March 2026 to at least January 1, 2029, allowing importers and owners of already-deployed devices two additional years to provide patches and updates.

Finally, cURL developer Daniel Stenberg reported that Anthropic's Mythos AI model identified four false positives and one confirmed low-severity vulnerability during a scan of cURL. The single confirmed vulnerability will be published as a low-severity CVE in sync with cURL 8.21.0, planned for late June.

Why it matters

CVE-2026-0300 represents a direct threat to Palo Alto Networks deployments serving as authentication gateways, particularly those exposed to untrusted networks. Unauthenticated remote code execution with root privileges permits full system compromise without credential theft or social engineering. Active exploitation means defenders cannot rely on advance warning before attacks arrive.

The Schemata breach affects military training infrastructure, making exposed course materials and user records potential intelligence collection targets. The use of inadequately authorized API endpoints—a common architectural weakness—demonstrates continued gaps in cloud security practices within defense contracting.

The three concurrent phishing campaigns reflect a sustained targeting focus on critical infrastructure (telecom, healthcare) and espionage objectives (Russian-speaking entities). The use of archived LNK files, disguised JPEG payloads, and fileless Python implants indicates operators are actively adapting to detection mechanisms.

GhostLock exposes a denial-of-service vector that organizations cannot easily defend against without restricting file-share permissions for standard domain users—a significant operational constraint. The technique produces no forensic artifacts associated with ransomware, complicating detection and response.

The false positives in Anthropic's cURL scan highlight the current limitations of AI-powered code analysis, where the signal-to-noise ratio remains problematic for triage. However, cURL's maintainer acknowledged that AI analyzers outperform traditional static analysis tools, suggesting that false positives are a tuning problem rather than a fundamental limitation.

Affected systems and CVEs

• Palo Alto Networks PAN-OS — CVE-2026-0300 (critical buffer overflow in User-ID Authentication Portal, unauthenticated remote code execution with root privileges, active exploitation reported)
• Schemata AI training platform — exposed API endpoints lacking authorization checks (no CVE assigned at the time of publication)
• ConnectWise ScreenConnect — targeted by Operation SilentCanvas payload delivery (no specific CVE disclosed for this campaign)
• cURL — one low-severity vulnerability identified by Anthropic Mythos (CVE not yet assigned; planned publication with curl 8.21.0 in late June)

What to do

• Apply Palo Alto Networks patches for CVE-2026-0300 to User-ID Authentication Portal services immediately. Prioritize internet-facing deployments.
• Review API authorization policies on any Schemata instances or similar AI training platforms, ensuring authentication and authorization checks are enforced on all endpoints returning sensitive data.
• Implement or reinforce email security controls including advanced attachment scanning, link rewriting, and user training focused on archive files and suspicious JPEG attachments.
• Disable or restrict file-extension execution policies for JPEG, PDF, and other non-executable file types to prevent PowerShell payloads disguised as images.
• For GhostLock mitigation: restrict or monitor SMB file-share permissions for low-privileged domain users; implement file-access monitoring to detect exclusive locks held indefinitely; consider network segmentation to limit share accessibility.
• Monitor for updates to cURL 8.21.0 in late June and apply the low-severity patch when available, even though the vulnerability details remain embargoed.
• Update foreign-produced routers with available security patches before the January 1, 2029 FCC compliance deadline to avoid import or sale prohibitions.
• For organizations using Meta AI or WhatsApp AI features, evaluate Incognito Chat for sensitive interactions to leverage Trusted Execution Environment processing.

Open questions

• What is the identity and affiliation of the unknown threat actors exploiting CVE-2026-0300?
• How many organizations have been compromised via CVE-2026-0300 beyond the "limited attacks" descriptor?
• What is the geographic origin or affiliation of Operation SilentCanvas?
• How many organizations or individuals have been targeted or compromised by Operation HumanitarianBait?
• Has GhostLock been observed in active attacks, or has it remained a proof-of-concept demonstration?
• What is the nature of the low-severity cURL vulnerability, and why is it low-severity despite AI identification?
• What specific measures did the Indian Cyber Crime Coordination Centre announce to address cyber-enabled financial fraud? (The source article truncates mid-sentence.)

Source

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories