Security researchers at GreyNoise have detected a significant surge in cyberattacks targeting Palo Alto Networks GlobalProtect VPN portals, with approximately 2.3 million malicious sessions initiated since November 14, 2025. This coordinated assault, primarily originating from Germany, indicates a well-organized operation with distinct patterns suggesting ongoing threats. Notably, the attackers displayed a focus on various countries, including the United States and Pakistan. Experts warn that this aggressive scanning could precede actual exploitation of vulnerabilities, urging organizations using GlobalProtect to immediately apply available patches and implement enhanced security measures. The implications of these attacks underscore the critical need for robust cybersecurity protocols in enterprise environments globally.