Add section name here Internet-facing PAN-OS firewalls are once again doing impressions of initial access brokers State-backed hackers have been quietly exploiting a fresh zero-day in Palo Alto Networks firewalls to gain root access with no login required. The flaw, tracked as CVE-2026-0300 and carrying a CVSS severity rating of 9.3, affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Palo Alto said the issue stems from a memory corruption bug in the User-ID Authentication Portal, a feature used to handle logins for users the firewall cannot automatically identify. If successfully exploited, the bug allows attackers to remotely run arbitrary code on internet-exposed devices with root privileges. According to the vendor’s Unit 42 threat intelligence team , attacks are already underway and tied to a cluster of "likely state-sponsored threat activity" tracked as CL-STA-1132.…