This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Newsletter: Cloud Delivered Security Services, Oct-2025

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Newsletter: Cloud Delivered Security Services, Oct-2025

kvarshney
L1 Bithead

‎10-28-2025 11:59 AM - edited ‎10-28-2025 12:58 PM

Welcome to the CDSS Monthly Newsletter

 

The Cloud-Delivered Security Services (CDSS) Monthly Newsletter brings you the latest updates, insights, and innovations from Palo Alto Networks’ cloud-powered security platform. Each month, we spotlight key product releases, upcoming events, technical tips, and best practices across our Advanced Core Subscriptions — Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, Advanced DNS Security, and Device Security.

 

Our goal is to help you stay informed, connected, and empowered to get the most from your CDSS investments. Whether you’re a customer, partner, or security practitioner, the newsletter keeps you up to date on how Palo Alto Networks continues to deliver industry-leading threat prevention, AI-driven detection, and unified protection across networks, users, and devices.

 

Together, we’re shaping the future of cloud-delivered security, one step at a time.

 

What’s New In CDSS 

New Precision AI Pro Bundle

We are officially announcing the End-of-Sale for the legacy Precision AI Network Security Bundle SKUs (PAN-PA-XXXX-BND-CORESEC), formerly known as the Precision AI Network Security Bundle, effective December 31, 2025, for Commercial and March 31, 2026, for Public Sector. Active contracts will remain in effect until the end of their term. The new Precision AI Pro Bundle now includes Device Security, delivering unified protection for managed and unmanaged devices across your network. This enhancement strengthens visibility, compliance, and risk management, ensuring every device connecting to your environment is secure. 

Enterprise Secure Access (ESA) with Strata Cloud Manager Pro (SCM Pro)
We have announced the End-of-Sale of the current Enterprise Support Agreement (ESA) for all commercial customers, effective November 1, 2025. This transition introduces the new Enterprise Support Agreement Pro (ESA Pro), which now includes Strata Cloud Manager (SCM) to provide unified visibility, proactive health monitoring, and simplified troubleshooting. Existing ESA customers will not be automatically migrated to ESA Pro, but can continue accessing SCM Pro through the ELA add-on. Public Sector GOV ESA SKUs and ESA add-on SKUs remain unaffected by this change.

 

Threat Intelligence & Insights

Our recent Unit 42 research revealed that code assistants powered by large language models (LLMs) can be manipulated through malicious URLs, prompt injections, and compromised web content, leading to unsafe or hidden code suggestions. These findings highlight the importance of securing every web interaction developers make. Advanced URL Filtering (AURL) helps mitigate this risk by detecting and blocking malicious or manipulated URLs in real time—preventing these threats from ever reaching users or integrated AI systems.

Read more from Unit 42’s latest research here

 

Critical Threat Alerts

"Shai-Hulud" Worm and the NPM Supply Chain Attack

Palo Alto Networks investigated a widespread and active software supply chain attack targeting the Node Package Manager (npm) ecosystem via a novel, self-replicating worm dubbed "Shai-Hulud." This attack represents a significant escalation in supply chain threats, combining credential theft with automated propagation.

The Shai-Hulud attack is a multi-stage, self-propagating NPM supply chain worm that begins with credential theft via phishing. The worm then publishes poisoned package versions with an obfuscated payload that aggressively harvests sensitive data, including cloud credentials, using tools like TruffleHog. It exfiltrates secrets by committing them publicly to a "Shai-Hulud" GitHub repository. It automatically achieves exponential growth by using the victim's stolen NPM token to infect and republish all their other maintained packages.

 

Detection by CDSS subs:

VT analysis of IOCs listed in the unit42 blog shows the earliest appearance of the attack was 9/15/2025. Timeline of detections by CDSS is given below:

  • Advanced URL Filtering (AURL): Starting 9/6/2025, AURL blocks meddler-in-the-middle (MitM) phishing attacks using its real-time detection and classifies them as malicious URLs associated with this activity. 
  • Advanced Threat Prevention (ATP): First detection of the attack on 9/12/2025 using high-severity TID 87042. Then, on 9/19/2025, ATP added another high-severity TID 87046 and a critical-severity TID 87047. 
  • Advanced WildFire (AWF): ML models and analysis techniques of AWF were updated via XDR submissions of the package (bundle-dot-js), starting 9/16/2025.

 

Latest Product Updates Across CDSS Core Subscriptions

Advanced URL Filtering

  • The new File Converter category was released on September 16, 2025, and it is planned to be activated on November 14, 2025. This category helps organizations prevent data leakage and compliance risks by managing access to these sites.
  • The mandatory login requirement for Test-A-Site has been extended from October 1, 2025, to January 15, 2026. 

Advanced DNS Security

  • The Legacy DNS Dashboards on SCM are officially deprecated. DNS security metrics on SCM are available through Activity Insights and SLR. 

Advanced Threat Prevention

  • Insight into "Upcoming CVE" is available in Strata Copilot, in addition to Threat Vault UI
  • C2 DL Model for Sliver TLS 1.3 - Delivered launch deck, Tech Docs, and demo video
  • SecureIQ 2025: In the seven Cobalt Strike and Empire attack suites tested, the Palo Alto Networks firewall was always the top performer.
  • End of Sale: TP SKU has officially reached the end of sale on June 18, 2025

Advanced Wildfire

  • Inline WF endpoint for malware and virus detection by Prisma Access Explicit Proxy (EP) - This release enhances Prisma Access Explicit Proxy's capability to detect malicious content inline, supporting file sizes from 10MB to 100MB, and expands its support to over 65 file types beyond just PE files.
  • Expanded File Support: Improved file identification on Java, increased file size support (up to 300MB) for Java-related file types, and support for zipped kernel objects using XZ and ZSTD compression. 

Device Security 

  • Inbound Policy Recommendations - Device Security now enables comprehensive protection by offering both inbound and outbound policy recommendations for connected IT and IoT devices. While PAN-OS and Panorama previously supported only outbound policies, the addition of inbound recommendations allows for more robust security by addressing risks such as vulnerability exploitation and lateral movement. 
  • Log Viewer under Device Details - For Strata Logging Service customers, Device Security in Strata Cloud Manager now includes a Log Viewer on the Device Details page, providing easy access to the 10 most recent logs for each device. You can filter logs by time range and traffic direction for more granular insights. 
  • Configuration File Parsing Enhancements - Device Security now extends its support for parsing device configuration files to include Mitsubishi MELSOFT Series GX Works2 (.gxw) and Emerson DeltaV Explorer (.fhx) files. You can easily upload these files for parsing by navigating to Device Files, enabling enhanced visibility and management of your device configurations. 
  • Multi-Interface Devices Search via API - The Device Security API enables searching for both standard and multi-interface devices within your asset inventory. Using the Device Search API, you can easily locate multi-interface devices by IP or MAC address. This API is exclusively available with Device Security in Strata Cloud Manager and is not supported by the legacy IoT Security portal.

 

Tips & Best Practices

“Adopt a layered defense approach to stay ahead of attackers.”

Modern threats rarely rely on a single tactic. Attackers use multi-stage techniques like phishing, credential theft, lateral movement, and data exfiltration. Relying solely on one tool or signature-based detection isn’t enough today. Implementing defense in-depth, combining threat prevention, advanced analytics, and continuous monitoring across endpoints, networks, and the cloud, ensures that if one layer is bypassed, the others still protect you.

Best Practice: Integrate solutions that share intelligence and work together across the attack surface. Palo Alto Networks' core Cloud Delivered Security Services, including Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, and Advanced DNS Security, work in unison to detect and block malicious activity in real time. Together, they provide unified visibility, coordinated protection, and faster response to today’s most advanced and evasive threats.

 

Did You Know? Threat Facts & Insights

In 2025, the projected annual global cost of ransomware damage is estimated to reach $57 billion, which is roughly $156 million per day or $2,400 every second. 

 

Upcoming Events In CDSS 

Ignite on Tour – One Day. Big Impact.

Join us for an exclusive one-day event designed for cybersecurity leaders, practitioners, and influencers. Dive into the future of defense as we uncover how AI-driven strategies, threat intelligence, and platform-driven security are reshaping the cyber landscape. With keynote insights, breakout sessions, and peer networking, you’ll leave empowered to build resilience and stop tomorrow’s threats today. Register now for the virtual event. 

 

FUEL Spark Event: Inside the Threat Landscape (A Cybersecurity Roundtable)

Join us for an exclusive in-person FUEL User Group event in Dallas. Hear from cybersecurity experts as they break down the latest threat trends, share what attackers are doing today and discuss practical ways to strengthen your defenses. This interactive roundtable is a great opportunity to network with peers and gain actionable insights for your security strategy.

Sign up here.

 

Explore More Cloud-Delivered Security Services  Resources

 

Stay Protected with Cloud-Delivered Security Services 

Palo Alto Networks Cloud-Delivered Security Services (CDSS) provides comprehensive protection for the modern threat landscape. Powered by Precision AI and industry-leading threat intelligence, CDSS secures your users, devices, and data wherever they connect—detecting and stopping advanced threats before they can cause harm.

 

For more information about CDSS, contact your Palo Alto Networks representative to learn how our solutions protect you from today’s most sophisticated threats and emerging attacks.

 

0 Likes Likes
0 REPLIES 0
  • 47 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks