
“We’ve found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems – Zyxel reports. – The system LED may also flash. Please note this is not related to a CVE or security issue. “
According to Zyxel, the issues are caused by a glitch in the Application Signature Update released on the night of January 24-25, 2025.
Devices that have loaded the flawed update can spit out a wide range of errors, including inability to login to ATP/USG FLEX via web GUI (504 Gateway timeout), high CPU usage, inability to enter any commands in the console, “ZySH daemon is busy” messages, Coredump messages in the console, etc.

The flaw only affects USG FLEX and ATP series firewalls (ZLD firmware versions) with active security licenses. Devices on the Nebula platform and USG FLEX H (uOS) series are not affected.
According to Born City, recovery requires physical access to the affected device that must be connected via an RS232 cable.
“This recovery requires a console cable and must be done on-site. While it’s not ideal, it’s the only guaranteed solution for this issue.” – Zyxel experts say.
Recovery involves a sequence of steps, including configuration backup, downloading and installing special firmware, and connecting via the web interface to restore the saved configuration file.
The above steps are described in detail in the manual, and admins are strongly recommended to review it prior to recovery.

2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →