VulnHub

WatchGuard has reported an exploitation of a zero-day vulnerability in its Firebox devices, which are critical components for network security. This vulnerability has caught the attention of attackers, joining a troubling trend where various edge device vendors are targeted. Organizations using WatchGuard Firebox devices should be particularly vigilant, as the flaw could allow unauthorized access to their networks. The situation emphasizes the need for prompt attention to security updates and patches to protect against potential breaches. Users and IT departments are advised to stay updated on any security advisories from WatchGuard to mitigate risks effectively.

A serious remote code execution (RCE) vulnerability has been discovered in WatchGuard Firebox devices, impacting over 115,000 units that are currently exposed online. Attackers are actively exploiting this flaw, which allows them to execute arbitrary code on the affected firewalls. This vulnerability poses a significant risk to organizations using these devices, as it could lead to unauthorized access and control over network resources. Users of WatchGuard Firebox products are urged to take immediate action to protect their systems. The urgency of addressing this issue is heightened by the active nature of the exploitation, making it critical for companies to ensure their devices are patched as soon as possible.

The hacking group known as LongNosedGoblin has been targeting Asian governments by deploying cyberespionage tools on their networks using Group Policy. This method allows them to effectively infiltrate and operate within government systems, raising concerns about national security and data integrity. Researchers have identified this group as a persistent threat, which could compromise sensitive information and disrupt governmental operations. The implications are significant, as such attacks could weaken trust in governmental digital infrastructures and potentially expose critical data to adversaries. As this activity continues, it emphasizes the need for robust cybersecurity measures in governmental organizations to protect against such sophisticated attacks.

WatchGuard has alerted its customers about a serious remote code execution vulnerability affecting its Firebox firewalls. This flaw is currently being exploited by attackers, which raises significant security concerns for users who have not yet applied the necessary patches. The vulnerability allows unauthorized individuals to execute commands on affected devices, potentially compromising network security. Customers are urged to act swiftly to mitigate risks by updating their systems. This situation underscores the critical need for timely software updates in maintaining cybersecurity.

Cisco has disclosed a critical zero-day vulnerability, tracked as CVE-2025-20393, affecting its Secure Email Gateway and Secure Email/Web Manager products. This vulnerability is currently being exploited by a China-linked advanced persistent threat group known as UAT-9686. The attack campaign began on December 10 and targets specific systems, raising significant concerns for organizations relying on these Cisco products. Users and administrators should be particularly vigilant, as this active exploitation could lead to unauthorized access and data breaches. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on email security and the sensitive information handled by these systems.

SonicWall's SMA1000 devices are facing a serious security threat due to a newly discovered zero-day vulnerability. Attackers have combined this flaw with another critical vulnerability that was revealed earlier this year, creating a dangerous situation for users. This means that anyone using these devices may be at risk of exploitation, potentially allowing unauthorized access to sensitive systems. Companies that rely on SonicWall for secure access should take immediate action to assess their security and implement any available patches. The situation emphasizes the need for vigilance and timely updates in cybersecurity practices.

French authorities have arrested two crew members of an Italian passenger ferry, including a Latvian national, for allegedly installing malware on the vessel. This malware could have allowed them to gain remote control over the ship, raising serious concerns about maritime security. The incident underscores the vulnerabilities that can exist in critical infrastructure like passenger ferries, where cyberattacks could potentially endanger lives and disrupt operations. Authorities are investigating the extent of the malware's capabilities and the intentions behind its installation. This case serves as a reminder for the maritime industry to enhance cybersecurity measures to protect against similar threats.

SonicWall has released patches for a medium-severity vulnerability in its SMA 1000 series, which has been exploited alongside a critical bug to enable remote code execution. This means that attackers could potentially gain control of affected devices, posing serious risks to organizations using this equipment. Users of SonicWall's SMA 1000 should prioritize applying the latest updates to safeguard their systems. The existence of this zero-day exploit indicates that the vulnerability was being actively exploited before it was disclosed, which raises concerns about the security of devices that have not yet been patched. Companies are urged to review their security measures and ensure they are using the most up-to-date software to protect against such threats.

A new vulnerability, tracked as CVE-2025-20393, has been discovered in Cisco's Secure Email Gateway and Secure Email and Web Manager appliances. This zero-day flaw is reportedly being exploited by hackers linked to China, posing a significant risk to organizations using these products. The vulnerability allows attackers to bypass security controls, potentially leading to unauthorized access and data breaches. Companies using these Cisco appliances should prioritize patching and monitoring their systems to mitigate the risks associated with this exploit. The discovery of this flaw is particularly concerning given the ongoing cyber threats targeting critical infrastructure and enterprise environments.