Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

A command-injection zero-day (CVE-2024-40891) affecting Zyxel CPE devices is being actively exploited and remains unpatched; researchers from VulnCheck and GreyNoise observed widespread exploitation and noted Mirai variants have integrated the exploit, with over 1,500 vulnerable devices exposed online, prompting urgent network filtering and access-restriction mitigations.