ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

A confluence of critical vulnerabilities and widespread attack campaigns emerged this week, exposing systemic weaknesses across infrastructure, development tools, and user security practices.

Palo Alto Networks PAN-OS suffered a remote code execution vulnerability enabling unauthenticated attackers to compromise firewalls directly. The flaw bypasses authentication mechanisms entirely, turning security perimeters into entry points for intruders. Organizations running affected PAN-OS versions face immediate risk of network compromise and lateral movement into internal systems.

Mythos cURL, a popular command-line tool and library, contains a bug allowing attackers to execute arbitrary code through specially crafted requests. Applications and scripts relying on cURL for data transfers inherit this risk, potentially exposing millions of systems that depend on the tool for routine operations.

An emerging attack vector targets AI tokenizer implementations, exploiting weaknesses in how machine learning systems parse and process input data. These attacks bypass safety mechanisms designed to prevent model abuse, enabling attackers to extract sensitive information or manipulate AI behavior.

Beyond individual CVEs, the threat landscape deteriorates through lower-impact but persistent attack patterns. Malicious help desk impersonation continues deceiving users into divulging credentials. Supply chain attacks have shifted toward opportunistic, profit-driven tactics rather than targeted espionage, with threat actors weaponizing legitimate software distribution channels for financial gain. Fake forum posts and compromised documentation further blur the line between trusted resources and attack vectors.

The pattern reflects infrastructure fatigue. Security teams battle acute threats like PAN-OS RCE while neglecting hygiene basics that prevent credential theft and social engineering. Adversaries exploit this imbalance, chaining together low-sophistication attacks into effective compromise chains.

Organizations must prioritize immediate patching of PAN-OS and cURL implementations across all environments. Equally pressing is reinforcement of user training against social engineering and verification