Tag: zyxel
-
Chinese hackers spent four years inside Asian telco’s networks
The hackers compromised home routers made by Zyxel to gain entry into a “major” telecommunications company’s environment. First seen on therecord.media Jump to article: therecord.media/chinese-hackers-spent-years-telco
-
Chinese Weaver Ant hackers spied on telco network for 4 years
by
in SecurityNewsA China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-weaver-ant-hackers-spied-on-telco-network-for-4-years/
-
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, vulnerability, windows, zyxelU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a command injection issue in Zyxel CPE Series devices that remains unpatched and has not yet…
-
Actively-Exploited Bugs In Zyxel Routers Require Immediate Device Upgrades
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-zyxel-bugs-require-immediate-device-upgrades
-
Actively exploited Zyxel router bugs require immediate model upgrades
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/actively-exploited-zyxel-router-bugs-require-immediate-model-upgrades
-
Zyxel won’t patch endlife routers against zero-day attacks
Networking hardware vendor Zyxel has no plans to patch multiple end-of-life routers against new zero-day flaws and advises customers to replace affected devices entirely. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618782/Zyxel-wont-patch-end-of-life-routers-against-zero-day-attacks
-
Swap EOL Zyxel routers, upgrade Netgear ones!
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/05/swap-eol-zyxel-routers-upgrade-netgear-ones-patches-cve-2024-40891/
-
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
by
in SecurityNewsThe Taiwanese hardware maker says it has no plans patch the flaws impacting legacy router models First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/
-
Kein Support mehr: Hersteller drängt wegen Router-Lücken auf Entsorgung
by
in SecurityNewsSicherheitslücken in mehreren Zyxel-Routern werden aktiv ausgenutzt. Der Hersteller will nicht patchen und verweist auf den EOL-Status der Geräte. First seen on golem.de Jump to article: www.golem.de/news/kein-support-mehr-hersteller-draengt-wegen-router-luecken-auf-entsorgung-2502-193053.html
-
Zyxel Issues ‘No Patch’ Warning for Exploited Zero-Days
by
in SecurityNewsMultiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched. The post Zyxel Issues ‘No Patch’ Warning for Exploited Zero-Days appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/zyxel-issues-no-patch-warning-for-exploited-zero-days/
-
Support ausgelaufen: Keine Sicherheitsupdates mehr für attackierte Zyxel-Router
by
in SecurityNewsDerzeit hat es eine Mirai-Botnet-Malware auf bestimmte Routermodelle von Zyxel abgesehen. Weil der Support ausgelaufen ist, müssen Admins jetzt handeln. First seen on heise.de Jump to article: www.heise.de/news/Support-ausgelaufen-Keine-Sicherheitsupdates-mehr-fuer-attackierte-Zyxel-Router-10269938.html
-
Zyxel won’t patch newly exploited flaws in endlife routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-wont-patch-newly-exploited-flaws-in-end-of-life-routers/
-
Exploitation of vulnerability in Zyxel CPE targets legacy routers
by
in SecurityNewsZyxel urged users to replace their old devices with modern, supported versions. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/exploitation-vulnerability-zyxel-routers/739182/
-
Attackers exploit zero-day vulnerability in Zyxel CPE devices
by
in SecurityNewsResearchers say the manufacturer has yet to publicly disclose or patch the flaw. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/exploit-zero-day-vulnerability–zyxel/738611/
-
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
by
in SecurityNewsCVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/zyxel-cpe-devices-under-attack-vulnerability-cve-2024-40891/
-
New Zyxel Zero-Day Under Attack, No Patch Available
by
in SecurityNewsGreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-zyxel-zero-day-under-attack-no-patch-available/
-
Hackers exploit critical unpatched flaw in Zyxel CPE devices
by
in SecurityNewsHackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
-
Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
by
in SecurityNewsExperts warn that threat actors are actively exploiting critical zero-day vulnerability, tracked as CVE-2024-40891, in Zyxel CPE Series devices. GreyNoise researchers are observing active exploitation attempts targeting a zero-day, tracked as CVE-2024-40891, in Zyxel CPE Series devices. The vulnerability is a command injection issue that remains unpatched and has not yet been publicly disclosed. Attackers can exploit…
-
Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
by
in SecurityNewsSecurity researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This critical vulnerability, which remains unpatched and undisclosed by the vendor, has left over 1,500 devices globally exposed to potential compromise, as reported by Censys. About the Vulnerability CVE-2024-40891 CVE-2024-40891 […]…
-
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
by
in SecurityNewsCybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.”Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert First seen on thehackernews.com…
-
Fix nur vor Ort möglich: Zyxel schickt Firewalls per Update in Bootschleife
by
in SecurityNewsDie betroffenen Zyxel-Firewalls lassen sich nicht mehr aus der Ferne warten. Admins müssen per Kabel dran, um eine neue Firmware einzuspielen. First seen on golem.de Jump to article: www.golem.de/news/fix-nur-vor-ort-moeglich-zyxel-schickt-firewalls-per-update-in-bootschleife-2501-192799.html
-
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities
by
in SecurityNewsNvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products. The post Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nvidia-zoom-zyxel-patch-high-severity-vulnerabilities/
-
A new ransomware regime is now targeting critical systems with weaker networks
by
in SecurityNews
Tags: access, attack, authentication, breach, control, corporate, credentials, cybercrime, data, defense, exploit, extortion, finance, flaw, fortinet, group, infrastructure, law, lockbit, malware, mfa, network, ransomware, risk, tactics, usa, vmware, vpn, vulnerability, zyxelThe year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant.A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and Fog,…
-
CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, ProjectSend Flaws Exploited in Wild
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, Hardware, infrastructure, mitigation, software, vulnerability, zyxelThe Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being actively exploited in the wild. The vulnerabilities affect popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSend. Organizations using these products are urged to apply mitigations immediately or discontinue usage if fixes are unavailable. CVE-2024-51378: CyberPanel Incorrect…
-
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions First seen on…
-
CISA, German cyber authorities warn Zyxel firewalls facing active exploitation
by
in SecurityNewsAttackers have targeted dozens of companies with Helldown ransomware, researchers found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-german-zyxel-firewalls-exploitation/734581/
-
CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks
by
in SecurityNewsA second vulnerability in Zyxel firewalls has been exploited in Helldown ransomware attacks over the past weeks. The post CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-zyxel-firewall-vulnerability-exploited-in-attacks/
-
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Proself versions before Ver5.62, Ver1.65, and Ver1.08 are vulnerable to XXE attacks, allowing unauthenticated attackers…
-
Mirai-artiges Botnetz greift Zyxel-NAS-Geräte an
by
in SecurityNewsÄltere Network-Attached-Storage-Geräte (NAS) von Zyxel werden aktuell von einem Botnetz angegriffen, das dem berüchtigten Mirai ähnelt. Zweck der Atta… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/mirai-artiges-botnetz-greift-zyxel-nas-gerate-an
-
Zyxel Firewalls Targeted by Helldown Ransomware: CVE-2024-11667 Exploited
by
in SecurityNewsZyxel Firewalls have become a key target in recent cyberattacks, with attackers exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued a warning alongside Zyxel detailing the extent of these attacks and outlining immediate steps that organizations must take to protect their network devices. First seen on thecyberexpress.com…