Threat & Vulnerability Discussions

Port 5060 Remains Blocked Despite Threat Exemption

Port 5060 is still being blocked even after the security threat (Threat ID 40016) responsible for the block was added to the exemption list. We’ve already applied the threat exemption to the corresponding security policy, and also cleared the session

'Virus/Win32.WGeneric.lsngt' generated by PAN NGFW detected on 2 hosts

File Macro SHA256: N/A

IF file macro SHA256 is not available then on what basis PNGFW detected alert "'Virus/Win32.WGeneric.lsngt' generated by PAN NGFW detected on 2 hosts ". Can someone please explain me this?

False Positive

Please, check this false positive:

Link to Virustotal report for the file: https://www.virustotal.com/gui/file/512aee2bf9656af68d0c001af9470070563a1b592e668569d7191998828d1698?nocache=1

File hash: : 512aee2bf9656af68d0c001af9470070563a1b592e66856

Seeing DNS Tunnel traffic to/from our Public Ranges?

Hello,

This past week I've started seeing traffic that's classified as Tunneling:isavscan.[tld] (threat type: dns-c2, ThreatID: 109001001) hitting our Outside intrazone rule where the source and destination are our public ARIN IPs (the rule is curren

DNS issue due to Proxy-Avoidance-and-Anonymizers software

Hello All,

We observered a Sev 1 issue last week which was related to internet slowness that impacted large number of users . During the issue start time , we observed DNS traffic blocks between our DNS server and URL services.disconnect.me ( Palo Al

cortex-xdr-payload.exe access lsass.exe

Hi guys, 

I received an alert regarding cortex-xdr-payload.exe accessing lsass.exe. The full path is: below: C:\ProgramData\Cyvera\LocalSystem\Download\protected_payload_execution\cortex-xdr-payload.exe

From my research, the legitimate cortex-xdr-paylo

VLC update - "Virus" alert PA

Hello,

I have a question regarding alert in Threat detection - type "virus"

Some endpoints were trying to update VLC player, but it detected as "virus" with this threat ID: 706518286. This is file name: mirror.alwyzon.net/videolan/vlc/3.0.21/win64/v

Are these two vulnerabilities CVE-2024-00012 and CVE-2025-0111 the same?

Hello team,
We have some questions regarding the latest Management Web Interface Vulnerability. Please answer below questions :-

Are these two vulnerabilities CVE-2024-00012 and CVE-2025-0111 the same?

When was CVE-2025-0111 identified ?

Exfiltration Shield - Prevent data exfiltration via DNS relay attack

Advanced Threat Prevention (ATP) is the industry's first IPS to stop Zero-day attacks inline. ATP is powered by Precision AI, a proprietary system that leverages the capability of Machine Learning, Deep Learning, and Generative AI.  ATP’s security mo

Microsoft Windows Shortcut Font Name Overflow Vulnerability

Microsoft Windows Shortcut Font Name Overflow Vulnerability

CVE Mapping for Zero-day Exploits: Enhancement in Threat content release notes and Cloud reports

Advanced Threat Prevention (ATP) is industry's first IPS to stop Zero-day attacks inline.

ATP is powered by Precision AI, a proprietary system that leverages the capability of Machine Learning, Deep Learning, and Generative AI.

These security model

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

Translate Suricata IPS signatures into custom Palo Alto Networks threat signatures

Threat Prevention goes beyond a typical intrusion prevention system (IPS) to inspect all traffic for threats (regardless of port, protocol, or encryption), and automatically blocks known vulnerabilities, malware, exploits, spyware, and command-and-co

Malicious Traffic related to CVE-2024-9472 and CVE-2024-3393 DoS Vulnerabilities.

Can anyone share any technical insight into what the attack payload might be or you may be observing in your Threat logs?
We have found some malformed DNS packet sent to port 53 that the FW labels as MS Windows NAT Helper DNS Query DoS Vulnerability