Massive Surge in Palo Alto Login Scans: Are Hackers Plotting a New Attack?

Security experts are scratching their heads as reconnaissance activity targeting Palo Alto Networks login portals skyrockets by 500%. GreyNoise reports 1300 IP addresses in the mix, with 91% hailing from the US. As if the drama wasn’t enough, Cisco ASA and SonicWall have also joined the reconnaissance party.

3P
Published: October 6, 2025 10:07 amAdded: October 6, 2025 at 3:27 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like hackers are eyeing Palo Alto Networks’ login portals like a kid in a candy store with a sudden sugar rush! With reconnaissance activity skyrocketing, it seems like cybercriminals are either getting really bored or really ambitious. Time to tighten those digital belts, folks!

Key Points:

  • Massive increase in reconnaissance activity targeting Palo Alto Networks login portals.
  • GreyNoise observed a jump from 200 to about 1300 IP addresses in a single day.
  • Majority of suspicious IPs located in the US, followed by the UK, Netherlands, Canada, and Russia.
  • No direct correlation yet between activity and new vulnerability disclosures.
  • Similar scanning patterns observed in Cisco ASA products.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?