InfoSecBulletin Cybersecurity for mankind
CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany.
CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting it allows attackers to upload and download files using crafted URLs, which can compromise sensitive information like system credentials. This may lead to further attacks, such as creating rogue VPN connections and changing firewall settings.
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
The affected devices include:
Zyxel ATP and USG FLEX series firewalls in on-premise mode, using ZLD firmware versions 4.32 to 5.38 with remote management or SSL VPN enabled. Devices using Nebula cloud management are not affected.
Initial Release date: 21, November 2024
Updated date: 27, November-2024
Current Date: November 29, 202
Zyxel Europe was reportedly one of the victims.
At least 32 victims worldwide have been reported on Helldown’s data leak site
According to CERT-Bund, five German groups are potential targets
To keep your network safe, Zyxel suggests taking these steps:
Update Firmware: Update your device to the latest firmware..
Disable Remote Access: If updates can’t be applied right away, temporarily turn off remote access to your device until the firmware is patched.
Review Best Practices: Review general cybersecurity guidelines.
