Active exploits: Palo Alto GlobalProtect, CISA credential leak, Linux kernel RCE

Palo Alto PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) is being actively exploited; additionally, a CISA contractor exposed high-privilege AWS GovCloud and internal credentials on public GitHub, a CIFSwitch Linux kernel local privilege escalation affects multiple distributions, threat actors are abusing ChatGPT share links to deliver malware, and authorities arrested an alleged Kimwolf IoT botnet operator — urgent patching, credential rotation, and containment actions are recommended.