A CrowdStrike-linked analysis of Operation Lunar Peek shows how CVSS scoring can fail in practice. Attackers chained two Palo Alto CVEs across 13,000 exposed management interfaces, ultimately gaining root. CVSS v4 and v3.1 assigned conflicting, “manageable” ratings that never flagged the combined kill chain, exposing gaps in how teams triage, patch, and report risk.
Swipe through stories, personalise your feed, and save articles for later — all on the app.
