What's happening Palo Alto Networks disclosed on Wednesday that a suspected state-sponsored threat cluster has been actively exploiting a critical zero-day vulnerability in the company's PAN-OS software since early April. The flaw, tracked as CVE-2026-0300, is a buffer overflow vulnerability in the User ID Authentication Portal service that allows attackers to execute arbitrary code on PA Series and VM Series firewalls. The worst part? A patch won't be available until May 13. That means affected organizations are operating with a known, actively exploited vulnerability in their perimeter security devices for at least another week. CISA has already added the flaw to its Known Exploited Vulnerabilities catalog. How the attack unfolded According to Palo Alto's Unit 42 research team, the first exploitation attempts were traced back to April 9 but were initially unsuccessful. A week later, the attackers broke through and injected shellcode into the targeted device.…