What you need to know today.

Palo Alto Networks has acknowledged active exploitation of a critical authentication bypass vulnerability in its PAN-OS software, specifically affecting the GlobalProtect portal and gateway. Tracked as CVE-2026-0257, the flaw allows unauthenticated attackers to bypass security restrictions and establish unauthorized VPN connections. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) catalog, highlighting its immediate threat. Multiple security outlets, including CyberScoop and Dark Reading, reported on the escalating situation, emphasizing the urgency for organizations to patch their systems. The company has released security advisories and patches, urging customers to upgrade to fixed versions to mitigate the risk of further compromise.

A significant wave of critical SQL injection vulnerabilities has been disclosed across various software products, with many lacking immediate vendor patches or clear mitigation guidance. Notably, CVE-2026-42298 in Postiz Solutions' AI social media scheduling tool and CVE-2024-13152 in BSS Software's Mobuy Online Machinery Monitoring Panel are among those with a CVSS score of 10.0. Other affected products include WordPress plugins like AI Copilot Content Generator (CVE-2026-48879) and Contest Gallery Pro (CVE-2026-42680), as well as devices from Totolink (CVE-2026-10187) and SDMC (CVE-2026-24444). The sheer volume and critical nature of these SQL injection flaws across diverse applications underscore a widespread risk, particularly for systems that handle sensitive data or user authentication.

Several other critical vulnerabilities have been identified across different vendors, posing significant risks to users. CVE-2018-25412, an arbitrary file upload vulnerability in Delta SQL 1.8.2, allows unauthenticated attackers to upload malicious PHP files. Additionally, multiple SQL injection vulnerabilities have been reported in products from Fayton Software and Consulting Services (CVE-2024-13150), Auto Service Software (CVE-2024-13151), Arma Store (CVE-2024-13149), Mavi Yeşil Software (CVE-2024-12364), Eron Software (CVE-2024-12150), Mobilteg Mobile Informatics (CVE-2024-12143), Finder (CVE-2024-12144), Merkur Software (CVE-2024-13147), Yukseloglu (CVE-2024-13148), Elra (CVE-2023-1547), Adam Retail Automation Systems (CVE-2023-1508), and As Koc Energy (CVE-2023-1050). The widespread nature of these SQL injection flaws, many of which affect business-critical applications, warrants careful attention and prompt patching where available.