Surge in Malicious Traffic Targets Palo Alto Networks GlobalProtect Portals

Surge in Malicious Traffic Targets Palo Alto Networks GlobalProtect Portals

First seen 2 Dec 2025, 18:33 UTC GreynoiseTheregisterBleepingcomputerScworldLinkedin 70% similarity 25.1

Article Content

Browse articles
ThreatCluster

Beginning on November 14, 2025, Palo Alto Networks' GlobalProtect portals experienced a significant increase in malicious traffic, with nearly 2.3 million IP sessions targeting the login endpoint in just 24 hours. This surge, reported by GreyNoise, represents a 40-fold increase and marks a 90-day high, primarily originating from the AS200373 network, associated with Germany and Canada.

ThreatCluster AI

Community

Browse all →