Cortex XDR Live Terminal Vulnerability Enables C2 Exploitation

Cortex XDR Live Terminal Vulnerability Enables C2 Exploitation

First seen 25 Feb 2026, 20:11 UTC GbhackersCybersecuritynewsCyberpress 85% similarity 26.3

Article Content

Browse articles
ThreatCluster

Research has revealed that attackers can exploit the Cortex XDR Live Terminal feature from Palo Alto Networks to establish command-and-control (C2) communications. This feature operates within a trusted endpoint detection and response (EDR) agent, allowing malicious traffic to bypass many enterprise security measures. Organizations utilizing Cortex XDR may be at risk of undetected cyber operations.

ThreatCluster AI

Timeline

2026-02-25
Research finding disclosed about Cortex XDR Live Terminal exploitation
Date unknown
Attackers began exploiting the vulnerability

Community

Browse all →