RED × BLUE

Threat Playbook

Adversary vectors paired with the defensive controls that close them. Read top-to-bottom — engagements are sorted by severity. Baseline controls below apply across the surface.

Severe

Moderate

Low

Baseline

Severe · Act Now

3 engagements

SEVERE R-01 ↔ B-01 Forged GlobalProtect cookies — CVE-2026-0257 active exploitation High confidence

Red · Adversary Vector R-01

Forged GlobalProtect cookies — CVE-2026-0257 active exploitation

Very likely the most operationally pressing exposure surfaced by this recon. CVE-2026-0257 is an authentication bypass in PAN-OS GlobalProtect (ent_045, ent_044) that lets an attacker forge GlobalProtect portal/gateway authentication cookies and establish unauthorized VPN connections. CISA KEV-listed; two in-the-wild attack waves confirmed by Rapid7 against multiple enterprise customers since 2026-05-17. Public PoC tushargurav28/CVE-2026-0257 (2 stars, Python) published 2026-06-03 — 17 days AFTER first exploitation. Attack path: network access to portal → cookie forgery → authenticated session. Counterbalanced by b_01.

Blue · Defensive Control B-01

Patch PAN-OS to remediate CVE-2026-0257; rotate GlobalProtect session keys

Apply PANW security advisory for CVE-2026-0257 to all GlobalProtect portals and gateways across the customer fleet. Rotate any GlobalProtect signing/session keys to invalidate forged cookies. Enable detection rules for cookie-replay anomalies (geographic / temporal). Audit VPN session logs for retroactive evidence of exploitation since 2026-05-17. Where patch deployment lags, place GlobalProtect portals behind IP allowlists.

SEVERE R-03 ↔ B-03 CVE-2024-3400 GlobalProtect OS command injection — still actively used High confidence

Red · Adversary Vector R-03

CVE-2024-3400 GlobalProtect OS command injection — still actively used

Almost certainly still operationally relevant. CVE-2024-3400 (ent_078) is an OS command injection in PAN-OS GlobalProtect with CVSS 10.0. Continuing documentation as a SOC training scenario through 2025-2026 (ev_077) is consistent with ongoing exploitation against unpatched targets. Public IOCs and exploit patterns widely available. Counterbalanced by b_03.

Blue · Defensive Control B-03

Patch CVE-2024-3400 across the GlobalProtect fleet; hunt historical IOCs

Ensure all PAN-OS GlobalProtect deployments are patched to versions no longer affected by CVE-2024-3400. Apply published IOCs against historical telemetry going back to disclosure. Validate against documented exploit patterns in public training repos (CyprianAtsyor/letsdefend-cve2024-3400-case-study, CyberBibs, hashdr1ft, SimoesCTT).

SEVERE R-02 ↔ B-02 PAN-OS User-ID Portal unauth RCE — CVE-2026-0300 Moderate confidence

Red · Adversary Vector R-02

PAN-OS User-ID Portal unauth RCE — CVE-2026-0300

Roughly even chance CVE-2026-0300 (ent_077) is genuinely weaponized to the level the PoC claims, with body-of-evidence inconsistencies that warrant active verification. The PoC repo bannned-bit/CVE-2026-0300-PANOS (ent_080) describes an unauthenticated RCE in the PAN-OS User-ID Portal — typically a vector that attracts immediate researcher attention and rapid PoC proliferation. With only 1 star, the silence is anomalous: possibilities include (a) the PoC is incomplete or the vulnerability is overstated; (b) private exploitation is occurring without community sharing; (c) PANW has suppressed via DMCA or direct outreach. Severity is severe IF functional. Counterbalanced by b_02.

Blue · Defensive Control B-02

Validate CVE-2026-0300 status; remove User-ID Portal from public exposure

Confirm PANW security advisory and patch status for CVE-2026-0300 against the PAN-OS User-ID Portal. Pending verified patches, remove the User-ID Portal from public-internet exposure via firewall rule + VPN gating. Verify the PoC against a controlled environment to determine real-world exploitability. Subscribe to PANW advisories and CISA KEV updates for status escalation.

Moderate · Plan Mitigation

7 engagements

MODERATE R-04 ↔ B-04 Spear-phishing PANW executives via {f}{last} pattern and 654-contact Hunter map High

Red R-04

Spear-phishing PANW executives via {f}{last} pattern and 654-contact Hunter map

Almost certainly an operationally available vector. Hunter (ev_023) confirms paloaltonetworks.com with pattern {f}{last} and 654 executive-level contacts including aoswal@ (Anand Oswal, EVP), gfink@ (Gonen Fink, EVP + Head Israel R&D), anockels@ (Alysse Nockels, VP Competitive Intelligence), mwang@ (Dr. May Wang, CTO IoT Security), dtao@ (Dong Tao, Greater China). accept_all: true reduces validation difficulty. Effectiveness depends on PANW's DMARC enforcement, gateway filtering, and training maturity — observations this passive recon cannot make. Counterbalanced by b_04.

Blue B-04

Enforce DMARC p=reject, MFA on SSO, run executive-targeted phishing simulations

Enforce DMARC with p=reject on paloaltonetworks.com to disable look-alike spoofing. Enforce MFA on all SSO, VPN, M365/GSuite, GitHub, and AWS accounts — particularly for the 654 Hunter-listed executive contacts. Run quarterly red-team phishing simulations against the executive list including the high-value targets (EVPs, COO, CTO IoT Security, Head Israel R&D, Greater China director). Email gateway with attachment sandboxing and URL rewriting. Out-of-band confirmation for sensitive operational requests.

MODERATE R-05 ↔ B-05 Unofficial panw-scm-mcp MCP server — Strata Cloud Manager supply-chain risk Moderate

Red R-05

Unofficial panw-scm-mcp MCP server — Strata Cloud Manager supply-chain risk

Likely a credible vector against enterprise customers that integrate the package. panw-scm-mcp v0.1.8 (ent_087) is an unofficial Model Context Protocol server for PANW Strata Cloud Manager, published 2026-05-17 by zhiyhappy@gmail.com, with 1,146 monthly downloads. MCP servers broker credentials and operational APIs to AI agents; a compromised or malicious update could leak SCM credentials, inject misconfigurations, or bypass access policies. Adversary path: typosquat, package takeover, or malicious update push. Counterbalanced by b_05.

Blue B-05

Inventory MCP servers; disable unofficial Strata Cloud Manager integrations

Block enterprise installation of panw-scm-mcp and similar unofficial MCP servers against PANW management planes until provenance is verified. Publish an official PANW-supported SCM MCP server (or a signed allowlist of approved third-party wrappers). Require MCP server code review and signing before enterprise rollouts. Monitor npm for typosquats of the official @paloaltonetworks scope.

MODERATE R-06 ↔ B-06 Unofficial @cdot65/prisma-airs-sdk — AI security SDK supply-chain risk Moderate

Red R-06

Unofficial @cdot65/prisma-airs-sdk — AI security SDK supply-chain risk

Likely a credible vector. @cdot65/prisma-airs-sdk v0.12.0 (ent_088) is published by cdot.dev@proton.me, unofficial (not under @paloaltonetworks scope), with 2,519 monthly downloads and 4 dependents. The SDK touches scanning, management, model security, and red-teaming APIs of Prisma AIRS — broad attack surface coverage. Adversary path: SDK release compromise → downstream dependents pull poisoned version → adversary gains AI-security observability and potential red-team capability. Counterbalanced by b_06.

Blue B-06

SDK supply-chain governance — pin to official @paloaltonetworks packages

Pin enterprise dependencies to official @paloaltonetworks-scoped npm and PyPI packages (pan-os-python v1.13.0, @paloaltonetworks/pan-cortex-hub, pancloud, official Prisma AIRS SDK when published). Block or quarantine unofficial alternatives such as @cdot65/prisma-airs-sdk in CI/CD. Add Sigstore / npm provenance verification gates. Publish an official PANW-supported Prisma AIRS SDK to displace the unofficial wrapper.

MODERATE R-08 ↔ B-08 CyberArk integration window — PAM migration attack surface Moderate

Red R-08

CyberArk integration window — PAM migration attack surface

Likely a vector during the active integration tempo. CyberArk close 2026-02-11 (ev_051, ev_052) is being merged with Portkey (close 2026-05-29) and surfaced through Idira (launch 2026-05-12, ev_059, ev_060) — three acquisitions in roughly 13 weeks plus a major new platform launch. Sophisticated adversaries who understand CyberArk PAM internals could likely target the migration window to plant persistence, exfiltrate credentials in transit, or bypass new identity policies before steady-state controls land. Counterbalanced by b_08.

Blue B-08

Strict change-control + canary deployment during CyberArk integration window

Apply strict change-control to all CyberArk/Portkey/Idira integration paths: write-protected migrations, all-or-nothing rollback, canary deployment for new identity policies. Daily attestation of CyberArk vault contents and PANW Idira policy state. Adversary detection on credential-reuse patterns across the merged identity fabric. Operate the legacy CyberArk admin consoles read-only during cutover unless write access is explicitly required.

MODERATE R-10 ↔ B-10 CVE-2025-0111 + CVE-2025-0108 chain — WAF bypass + authenticated file read Moderate

Red R-10

CVE-2025-0111 + CVE-2025-0108 chain — WAF bypass + authenticated file read

Likely usable against unpatched PAN-OS deployments. CVE-2025-0111 (ent_047, ev_039) is an authenticated file read in PAN-OS firewall devices. CVE-2025-0108 (ent_048, ev_040) is a WAF evasion via HTTP path confusion. Chain potential: path-confusion WAF bypass → authenticated file read → configuration/credential disclosure. Patching status of PANW customer fleet not passively observable. Counterbalanced by b_10.

Blue B-10

Patch PAN-OS for CVE-2025-0111 and CVE-2025-0108; rebuild WAF rules

Patch PAN-OS to remediate CVE-2025-0111 (authenticated file read) and CVE-2025-0108 (WAF path-confusion evasion). Rebuild WAF rules with explicit RFC 3986 path canonicalization and reject non-canonical encodings. Audit firewall configurations for sensitive content accessible to authenticated low-privilege roles. Apply the public PathFault test patterns from Kim & Shin (2025) against current WAF deployments.

MODERATE R-07 ↔ B-07 Israel R&D / Unit 8200 nexus as nation-state target Low

Red R-07

Israel R&D / Unit 8200 nexus as nation-state target

Likely a vector but with low confidence in observability. ent_057 (PANW Israel R&D Center) is headed by Gonen Fink (ent_035) and is connected by academic literature to the IDF Unit 8200 alumni ecosystem (ev_037, ev_038). Adversary motivations: (a) pre-disclosure visibility into PANW security research (the CVE-2026-0257 timeline strongly suggests pre-disclosure exploitation occurred elsewhere); (b) IP acquisition from PANW product pipelines, especially CyberArk and Koi integrations. Operational realization unobserved. Counterbalanced by b_07.

Blue B-07

Insider-threat and counterintelligence posture for Israel R&D Center

Apply elevated counterintelligence posture to PANW Israel R&D Center: physical and logical access segregation, vetting cadence aligned with sensitive-IP holdings, USB/optical-media DLP, encrypted-at-rest source repositories, signed-only release artifacts, two-person rule for production changes during integration windows. Coordinate with Israeli authorities on threat intelligence sharing.

MODERATE R-09 ↔ B-09 ROADtools-style Azure AD enumeration against PANW cloud admin surface Low

Red R-09

ROADtools-style Azure AD enumeration against PANW cloud admin surface

Likely generically applicable; low confidence in PANW-specific operational realization. Unit 42's own 'Paved With Intent: ROADtools and Nation-State Tactics in the Cloud' (ev_071, ent_075) documents the broader pattern: open-source ROADtools framework weaponized by nation-state actors for Azure AD enumeration and lateral movement. PANW itself operates significant cloud infrastructure. Adversary path: credential harvest → ROADtools enumeration → lateral movement into Cortex/Prisma management planes. Counterbalanced by b_09.

Blue B-09

ROADtools-aware Entra ID hardening + detection signatures

Apply conditional access on all PANW Entra ID / Azure AD admin accounts: device compliance, geographic restrictions, MFA, just-in-time elevation. Deploy ROADtools-specific detection signatures (already documented by Unit 42 in 'Paved With Intent'). Disable legacy authentication. Audit application consent grants and service principal credentials quarterly.

Baseline · Surface-Wide

3 controls

B-11 Baseline

Operationalize a monthly vulnerability management cadence with patch SLAs

Baseline control aligned to the recurring CVE pattern observed against PAN-OS (2019-17440, 2024-3400, 2025-0108/0111, 2026-0257/0300): operationalize a monthly vulnerability management cadence with explicit patch SLAs (critical=72h, high=7d, moderate=30d). Subscribe to PANW security advisories, CISA KEV, and Unit 42 threat bulletins as primary feeds. Maintain an asset inventory of all PANW perimeter devices including patch level.

B-12 Baseline

Pre-commit and pre-publish secret scanning across all PANW dev tooling

Baseline control: pre-commit and pre-publish secret scanning (truffleHog, gitleaks, or equivalent) across all PANW-published GitHub orgs (PaloAltoNetworks/, cdot65/, etc.), npm publishes, and CI/CD pipelines. Audit credential storage practices for the dev-rel and SDK engineering orgs. Rotate any credentials matching observed patterns.

B-13 Baseline

Zero-trust internal segmentation between Strata, Prisma, Cortex, and new Idira/AIRS

Baseline control: apply zero-trust internal segmentation between the four platform pillars (Strata, Prisma, Cortex) and the new identity (Idira) and AI runtime (AIRS) extensions. Deny-by-default across boundaries; explicit allowlisting for integration paths required by the platformization architecture. Continuous validation of segmentation policy via internal red-team exercises. Aligned with PANW's own Zero Trust commercial messaging.