Cybersecuritynews
Cortex XDR Live Terminal Vulnerability Enables C2 Exploitation
First seen 25 Feb 2026, 20:11 UTC
•

•85% similarity
•26.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Research has revealed that attackers can exploit the Cortex XDR Live Terminal feature from Palo Alto Networks to establish command-and-control (C2) communications. This feature operates within a trusted endpoint detection and response (EDR) agent, allowing malicious traffic to bypass many enterprise security measures. Organizations utilizing Cortex XDR may be at risk of undetected cyber operations.
ThreatCluster AI
Timeline
2026-02-25
Research finding disclosed about Cortex XDR Live Terminal exploitation
Date unknown
Attackers began exploiting the vulnerability