TheRegister

State-backed hackers have been quietly exploiting a fresh zero-day in Palo Alto Networks firewalls to gain root access with no login required. The flaw, tracked as CVE-2026-0300 and carrying a CVSS severity rating of 9.3, affects the Captive Portal feature in PAN-OS on PA-Series and VM-Series firewalls. Palo Alto said the issue stems from a memory corruption bug in the User-ID Authentication Portal, a feature used to handle logins for users the firewall cannot automatically identify. If successfully exploited, the bug allows attackers to remotely run arbitrary code on internet-exposed devices with root privileges. According to the vendor’s Unit 42 threat intelligence team, attacks are already underway and tied to a cluster of "likely state-sponsored threat activity" tracked as CL-STA-1132. The attackers allegedly used the zero-day to inject shellcode into an nginx worker process running on compromised devices. Palo Alto said the first failed exploitation attempts began on April 9. About a week later, the attackers successfully achieved remote code execution on a targeted firewall and then cleared logs, crash reports, and other records tied to the compromise. The attackers later used their access to move deeper into victims’ networks, including probing Active Directory systems while continuing to clean up traces of the intrusion from compromised devices. According to Palo Alto, the campaign expanded again on April 29 when the attackers triggered a flood of authentication traffic that caused a secondary firewall to take over internet-facing duties. The attackers then compromised that device as well and installed additional remote access tools. CISA has already shoved the flaw into its Known Exploited Vulnerabilities catalog, which is usually the government’s polite way of saying "patch this before your weekend disappears." There’s just one snag: there is no patch yet. Until one arrives, Palo Alto is urging customers to either lock down the User-ID Authentication Portal so it is reachable only from trusted networks or disable it entirely. The warning also lands after a rough run for PAN-OS customers. Palo Alto firewalls have been a regular target for attackers over the past two years, with multiple zero-day campaigns hitting internet-facing devices before patches were widely deployed. In many cases, attackers chained together flaws to break into networks through the very boxes meant to keep them out. ®

An official draft of the PCI Express (PCIe) 8.0 specification is out, targeting a blistering 1 terabyte per second when the kit finally hits the streets. The PCI Special Interest Group (PCI-SIG) has released draft 0.5 of the version 8.0 standard, incorporating feedback received from member organizations after the release of draft 0.3 last year. With an expected raw bit rate of 256 gigatransfers per second (GT/s) and up to 1 TB/s bi-directionally across a 16-lane configuration, PCIe 8.0 is set to deliver another doubling of bandwidth over its predecessor, something the engineers weren't sure could be done. PCI-SIG says the completed PCIe 8.0 specification remain on track for full release by 2028, though buyers may need to wait longer for any super-fast devices such as solid-state drives (SSDs). Micron, for example, announced mass production of what it claims is the first PCIe 6.0 SSD in February this year, four years after the standard was finalized. And with compatible CPUs from Intel and AMD not expected until later this year, there are only PCIe 5.0 systems available to plug them into. Hardware compatible with PCIe 7.0 (at 128 GT/s and 512 GB/s) is not scheduled to hit the shelves before 2027 at the earliest, and the first devices will likely be SSDs again. PCI-SIG says PCIe 8.0 is designed to meet the high-bandwidth, low-latency demands of data-hungry markets, including AI, datacenter infrastructure, high-speed networking, edge computing, and quantum computing. AI datacenters are dominated by proprietary tech, including Nvidia's NVLink, but PCI-SIG sees an opening for PCIe with Unordered I/O (UIO), an enhancement introduced in the PCIe 6.1 specification. Keeping pace, though, will demand that PCIe continues its cadence of doubling data rate with each generation. This likely means PCIe 8.0 won't target consumers when it arrives. As The Register previously pointed out, a single PCIe 4.0 x1 lane is sufficient for 10 GbE networking, while many consumer GPUs stick to four or eight lanes, since they don't really benefit from the additional bandwidth a full x16 slot would provide. The latest standard maintains the use of PAM4 (Pulse Amplitude Modulation with four levels) signaling and Flit-based encoding, introduced in PCIe 6.0. Flit stands for Flow Control Unit, which specifies a 256-byte packet with forward error correction (FEC) to provide low latency with high efficiency. ®

AMD hopes to win over enterprise AI customers with a more affordable datacenter GPU that can drop into conventional air-cooled servers. Announced on Thursday, the MI350P is the House of Zen’s first PCIe-based Instinct accelerator since the MI210 debuted all the way back in 2022. Until now, AMD’s best GPUs have only been available in packs of eight and used socketed OAM modules that weren’t compatible with most server platforms. By comparison, The MI350P can slot into just about any 19-inch pizza box design that offers enough power and airflow, making it a much easier sell for enterprises dipping their toes into on-prem AI for the first time. The 600-watt, dual-slot card is essentially a MI350X that’s been cut in half. That means the CNDA-based GPU is packing 4.6 petaFLOPS of FP4 compute and 144 GB of VRAM spread across four HBM3e stacks delivering a respectable 4 TB/s of memory bandwidth. AMD supports configurations ranging from one to eight MI350Ps, though a lack of high-speed interconnects on these cards means it’ll be limited to PCIe 5.0 speeds (128 GB/s) for chip-to-chip communications, potentially limiting its potential in larger models. AMD hasn’t shared pricing for the cards just yet, but at least on paper, the MI350P is well positioned to compete with either Nvidia’s H200 NVL or RTX Pro 6000 Blackwell PCIe cards. Compared to the 141 GB H200, the MI350P promises about 38 percent higher peak performance at FP8, while eking out a narrow VRAM capacity advantage. But the H200 does pull ahead when it comes to memory bandwidth. With six HBM3e stacks to the MI350P’s four, the nearly two-year-old card’s memory is still about 20 percent faster. Nvidia's H200 also supports high-speed chip-to-chip communications over NVLink, while the MI350P doesn’t use AMD’s equivalent Infinity Fabric interconnect. However, all this assumes you can still find H200 NVLs in the wild. Since last summer, Nvidia has been pushing its RTX Pro 6000 Server cards on enterprise customers. As of writing, the card is Nvidia’s most powerful Blackwell-based accelerator offered in a PCIe formfactor. Compared to the RTX Pro 6000, the MI350P’s price starts becoming a bigger factor than performance. Workstation versions of the RTX Pro, which ditch the passive cooler for an active one, routinely sell for between $8,000 to $10,000 apiece, making it one of Nvidia’s more affordable datacenter-class GPUs. Depending on how pricing shakes out, AMD may have to push hard to be competitive. Having said that, the MI350P is still the better-specced part, delivering 2.3x higher peak flops, 2.5x the memory bandwidth, and 50 percent more vRAN of the RTX Pro. Now, this all assumes peak FLOPS and memory bandwidth, which is rarely realistic. The tensors used by AI workloads are rarely the ideal shape for squeezing the maximum number of FLOPS out of a chip. This is why we run for Maximum Achievable MatMul FLOPS (MAMF) and Babel Stream memory bandwidth benchmarks as part of our AI test suite. AMD seems to understand that peak FLOPS don’t really translate cleanly into real-world performance, and in the marketing materials shared with El Reg prior to publication, compared the MI350P’s theoretical performance against its real-world delivered performance. It’d be nice to see Nvidia and others adopt similar practices regarding accelerator performance claims, though we suspect getting everyone to agree on the best way to measure this might not be easy. The MI350P’s launch comes as AMD prepares to address a very different and likely more lucrative segment with its first rack-scale compute platform, codenamed Helios. That system is due out in the second half of the year, and is aimed primarily at large hyperscale and neocloud deployments. The system packs 72 of its all-new MI455X GPUs into a single double-wide OCP rack that behaves like an enormous accelerator. The platform will be AMD’s first crack at Nvidia’s NVL72 racks, which launched alongside its Blackwell generation nearly two years ago. ®

20-year-old fessed up after investigators found video of crime in progress

Brussels says it's simplification, critics may call it retreat

Plus a petition for the UK Civil Service to go FOSS by default

Fortunately, it was a legit contractor who guessed it

You did remember to opt out of AI, didn't you?

Roles span eGates, passports, visas, asylum applications, and enterprise services – yours for up to £105K

£330M contract defended as value for money despite concerns over IP and lock-in

Former bitcoin miner plans to build an easier cloudy AI on ramp while remaining a friend to FOSS

Someone other than Meta is buying $1bn of its new AGI chips

For AI agents, seeing is expensive

Okay, the rodent was a willing participant - after all, who turns down treats for a spin that charges a phone?

Compute from Colossus leads to relaxed limits

Initial phases of SpaceX's Terafab project in rural Texas are expected to cost about 1.25 Twitters

Cuts appear to hit sales, product, and marketing, accounting for under 10% of staff

13% say they’ve sold logins or know someone who has, survey suggests

All driller, no filler

A new coat of paint