Recent revelations from GreyNoise indicate a coordinated cyber exploitation campaign targeting Cisco Secure Firewalls, Palo Alto Networks firewalls, and Fortinet VPN devices, originating from the same subnets. The analysis highlighted a staggering 500% increase in scanning activity related to Palo Alto’s GlobalProtect portals, alongside over 1.3 million unique login attempts on Palo Alto firewalls within a single week. The campaigns exhibit shared TCP fingerprints and synchronized activity peaks, suggesting a common threat actor. Given the history of Cisco’s zero-day vulnerabilities linked to these attacks, organizations are urged to enhance their defenses against potential vulnerabilities and block malicious IPs. This incident underscores the escalating cyber threats facing critical infrastructure and the importance of robust cybersecurity measures.