MirrorFace

JPCERT/CC says a command injection vulnerability in Array Networks AG Series gateways has been exploited since August 2025 to drop web shells; Array fixed the flaw in May and users are urged to apply ArrayOS 9.4.5.9 or disable DesktopDirect and block semicolon-containing URLs if they cannot patch immediately.