Arctic Wolf Labs observed an ongoing campaign exploiting CVE-2026-0257, a high-severity authentication bypass vulnerability in Palo Alto Networks GlobalProtect. Threat actors are forging authentication override cookies to establish unauthorized VPN sessions, followed by rapid internal network reconnaissance using Impacket tooling.