Hold Security identifies Russian-speaking threat actors abusing critical 0-day vulnerability within Zyxel NAS allowing execute malicious code bypassing system authentication.

We teamed up with Brian Krebs to alert CERT and vendor about the issue. Nearly 2 weeks later, Zyxel finally released a patch for some of their devices that they still support. Emotet gang is weaponizing these exploits to target IoT.

Read more.