Critical PAN OS Vulnerability Under Active Attack
Palo Alto Networks has released fixes for a critical security flaw in the User-ID Authentication Portal service of PAN OS. The buffer overflow vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges by sending specially crafted network packets. The company confirmed it has observed the flaw being exploited in limited attacks since at least last month, with unknown threat actors using it to deploy payloads such as EarthWorm and ReverseSocks5.
Meta Introduces Private AI Chats
Meta has announced Incognito Chat for Meta AI across its flagship app and WhatsApp. This feature provides a completely private way to interact with AI, similar to how end to end encryption ensures no one can read conversations, not even Meta or WhatsApp. All AI inference is handled within a Trusted Execution Environment, making messages inaccessible to the company. Conversations on the user’s device also disappear when the session ends. The capability is powered by Private Processing technology already used in Meta’s message summarization and composition tools.
Defense Contractor Exposes Sensitive Military Data
A defense technology company holding Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks. The incident affected Schemata, an AI powered virtual training platform used in military and defense environments. The exposure highlights ongoing risks from API misconfigurations in sensitive government contractor systems.
Source: The Hacker News
