Malicious hackers have exploited two new zero-day vulnerabilities in Palo Alto Networks' software, compromising potentially thousands of organizations. The vulnerabilities, tracked as CVE-2024-0012 and CVE-2024-9474, were found in PAN-OS, the operating system that runs on all of Palo Alto's next-generation firewalls.

The bugs allow attackers to gain administrator privileges and perform actions on compromised firewalls with higher root privileges. When used together, the vulnerabilities enable hackers to remotely plant malicious code on affected firewalls with the highest possible privileges, granting deeper access to a company's network.

According to the Shadowserver Foundation, over 2,000 affected Palo Alto Networks firewalls have been compromised, with the highest number of compromised devices located in the United States, followed by India, the UK, Australia, and China. Palo Alto Networks has released patches for the vulnerabilities and urged organizations to patch as soon as possible.

This is the latest vulnerability found in corporate security devices, highlighting the importance of robust security measures and timely patching. The incident serves as a wake-up call for organizations to prioritize cybersecurity and protect their networks from potential threats.