WatchGuard
-
Amazon says it disrupted GRU-linked campaign that targeted misconfigured edge network devices
Amazon says it disrupted a years-long campaign attributed to the Russian GRU that shifted from exploiting software flaws to targeting misconfigured edge devices on customer cloud infrastructure, and that it has protected affected EC2 instances, notified customers and shared intelligence.
-
CISA orders federal agencies to remediate two exploited Cisco firewall flaws
CISA ordered U.S. federal agencies to remediate two actively exploited Cisco ASA and Firepower vulnerabilities (CVE-2025-20333, CVE-2025-20362), warned that some devices reported as patched remain vulnerable, and added three flaws to its KEV catalog with a December 3, 2025 remediation deadline.
-
Researchers disclose critical WatchGuard Fireware IKEv2 vulnerability allowing unauthenticated code execution
Researchers and vendor advisories describe a critical out‑of‑bounds write in WatchGuard Fireware’s IKEv2 handling that can be exploited pre‑authentication to achieve remote code execution; patches are available.
-
WatchGuard patches critical remote-code vulnerability in Firebox firewalls (CVE-2025-9242)
WatchGuard issued patches for a critical remote-code execution flaw in Firebox firewalls (CVE-2025-9242) caused by an out-of-bounds write in the Fireware OS iked process, affecting several Fireware versions; admins are urged to patch or apply temporary mitigations.
