Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Zyxel Vulnerability Chaos: Devices Under Siege with No Patch in Sight!
Zyxel CPE Series devices are under siege from threat actors exploiting a command-injection vulnerability, CVE-2024-40891. Disclosed by VulnCheck, the bug remains unpatched, much like a broken umbrella in a hurricane. With over 1,500 devices at risk, users are advised to batten down the hatches and restrict access to keep data safe.

Hot Take:
Well, folks, it seems the Zyxel CPE Series devices have become the new kid on the block that everyone wants a piece of, except Zyxel, apparently. No patch? No problem—for the hackers, that is! Let’s hope Zyxel isn’t busy counting sheep while threat actors are counting vulnerabilities.
Key Points:
- Command-injection vulnerability CVE-2024-40891 in Zyxel CPE Series devices is under attack.
- The bug allows threat actors to execute arbitrary commands, potentially leading to severe system compromise.
- No patch has been released by Zyxel, despite the vulnerability being reported six months ago.
- Researchers have observed a large number of attacks exploiting this flaw, paralleling it to a similar issue CVE-2024-40890.
- GreyNoise suggests monitoring Zyxel’s updates and securing administrative access as a precaution.