Zyxel has released 3 security advisories to address vulnerabilities in Zyxel firewalls, Access Points (APs), extenders, and security router devices. In the first security advisory, Zyxel describes seven vulnerabilities found in their ATP and USG FLEX firewall product lines.
Two vulnerabilities could allow an attacker to create a denial-of-service (DoS) condition, four vulnerabilities could allow an attacker to execute some operating system (OS) commands on an affected device, and one could allow an attacker to gain browser-based information. In the second advisory, Zyxel describes one vulnerability known as CVE-2024-7261, which affects APs and security router devices.
Read more…
Source: NHS Digital
Related:
- DoorDash says personal information of customers, dashers stolen in data breach
November 18, 2025
DoorDash confirmed a data breach that exposed the names, email addresses, phone numbers and physical addresses of some of its users, including customers, dashers and merchants. In a Help Center article published Nov. 13, DoorDash said that although hackers stole personal information from users, “no sensitive information was accessed by the unauthorized third party,” and the ...
- Hackers claim to have hit Under Armour in massive data breach
November 18, 2025
The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim – with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site. The dark leak site post claims the hackers have accessed and exfiltrated ...
- Active Exploitation Reported for CVE-2025-11001 in 7-Zip
November 18, 2025
Active exploitation of CVE-2025-11001 has been observed in the wild. A security researcher has also publicly released a proof-of-concept (PoC) exploit for CVE-2025-11001. The PoC allows attackers to abuse symbolic-link handling to write files outside of the intended extraction folder, which in some scenarios, can enable arbitrary code execution. Read more… Source: NHS Digital Sign up for the Cyber ...
- Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses
November 18, 2025
Microsoft has said it successfully mitigated, “the largest DDoS attack ever observed in the cloud” after cybercriminals running the Aisuru botnet targeted a single endpoint, located in Australia. The attack was a sight to behold: more than 500,000 source IPs, across various regions, descended upon the endpoint, delivering a multi-vector Distributed Denial of Service (DDoS) attack ...
- Google Releases Security Update for Chrome
November 18, 2025
Google has released security updates for Chrome to address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-13223 – Type Confusion in V8 – High severity – Google is aware an exploit exists in the wild. CVE-2025-13224 – Type Confusion in V8 – High severity Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest ...
- Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT
November 14, 2025
Palo Alto Unit 42 researchers have identified two interconnected malware campaigns active throughout 2025, using large-scale brand impersonation to deliver Gh0st remote access Trojan (RAT) variants to Chinese-speaking users. From the first campaign to the second, the adversary advanced from simple droppers to complex, multi-stage infection chains that misuse legitimate, signed software to bypass modern defenses. ...