On April 12, 2024, Palo Alto Networks disclosed a critical vulnerability, CVE-2024-3400, in its PAN-OS operating system affecting the GlobalProtect feature, which allows unauthenticated attackers to execute code with root privileges through command injection. This flaw, actively exploited since at least March 26, 2024, poses significant security risks to approximately 22,500 exposed Palo Alto GlobalProtect firewall devices and affects specific versions of PAN-OS with enabled Device Telemetry. The vulnerability does not impact cloud firewalls, Panorama appliances, or Prisma Access, and has been addressed with hotfix releases and upcoming patches for affected PAN-OS versions. Mitigation strategies include disabling device telemetry for customers without a Threat Prevention subscription until systems are updated. Coralogix's security team has incorporated related indicators of compromise into their threat intel feed to aid detection and offer further assistance through their Security Resource Center.