Palo Alto Networks has patched two zero-day vulnerabilities exploited in Operation Lunar Peek, targeting exposed PAN-OS management web interfaces. The critical flaw, CVE-2024-0012, allows unauthenticated attackers to gain admin privileges and tamper with configurations, while CVE-2024-9474 enables privilege escalation to root. Patches are available for multiple PAN-OS versions, and restricting access to trusted internal IPs is recommended to lower risks. Indicators of compromise (IoCs), including a PHP webshell payload hash, have been shared, and the CISA KEV Catalog mandates remediation by December 9, 2024. The number of exposed interfaces has dropped from 11,000 to 6,600 in a week.