Intelligence Briefing · May 28, 2026
CVE-2026-35435 · CVSS 10.0 · Exploited in the wild
Let's Encrypt mass-revocation drill complete
47-day TLS lifetimes take effect
Q-Day timeline compressed — NIST advisory
Intelligence Briefing · May 28, 2026
CVE-2026-35435 · CVSS 10.0 · Exploited in the wild
Let's Encrypt mass-revocation drill complete
47-day TLS lifetimes take effect
Q-Day timeline compressed — NIST advisory

CVE-2026-0300

5,800+
EXPOSED

Threat Intelligence

PAN-OS Captive Portal RCE: State-Sponsored Exploitation Hits 5,800+ Exposed Firewalls

State-sponsored exploitation of a PAN-OS captive portal RCE has reached more than 5,800 exposed firewalls.

SecureW2 Threat Intelligence

May 25, 2026

· 1 min read

State-sponsored exploitation of a PAN-OS captive portal RCE has reached more than 5,800 exposed firewalls.

The captive portal is the remote-code-execution surface in this campaign.
Activity is attributed to state-sponsored exploitation.
A large population of internet-exposed firewalls is affected.

This briefing is part of SecureW2’s Cybersecurity Intelligence series, which tracks identity, certificate, and network-security events for the teams who have to respond to them.

SecureW2 Threat Intelligence

SIGNAL's threat-intelligence desk tracks identity, certificate, and network-security events and translates them for the teams who have to respond. Reporting is independent of product marketing.