A critical zero-day attack is actively targeting WatchGuard Firebox firewalls, exposing thousands of organisations worldwide. Australian cyber authorities have issued an urgent alert, warning the flaw enables remote takeover of network devices, with more than 115,000 systems still exposed online.
AI image models are no longer competing on visual flair alone. As OpenAI’s GPT Image 1.5 responds to Google’s Nano Banana Pro, the contest shifts to control, safety and who shapes the visual record online, raising new stakes for creators, platforms and public trust.
Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
A critical zero-day attack is actively targeting WatchGuard Firebox firewalls, exposing thousands of organisations worldwide. Australian cyber authorities have issued an urgent alert, warning the flaw enables remote takeover of network devices, with more than 115,000 systems still exposed online.
As we close out 2025, this marks our final cyber editorial for the year. It has been an absolute pleasure bringing you consistent updates and objective perspectives on cyber threats, risks, emerging technologies and artificial intelligence. We look forward to continuing the conversation in the new year as we track innovation and work toward a safer digital world. Thank you for reading, supporting and staying vigilant with us.
The Australian Cyber Security Centre (ACSC) has issued a critical alert for a zero-day vulnerability in WatchGuard Firebox firewalls that is under active exploitation by threat actors. WatchGuard, an American cybersecurity company, provides network security appliances to over 250,000 businesses worldwide. Their Firebox products are designed to protect networks from external threats by controlling all inbound and outbound traffic.
Update: A critical zero-day vulnerability, identified as CVE-2025-14733, has been discovered in WatchGuard Firebox firewalls and is being actively exploited in the wild. The Australian Cyber Security Centre (ACSC) issued a critical alert on December 22, 2025, urging all Australian organisations to take immediate action.
The vulnerability is an out-of-bounds write issue in the Fireware operating system's IKE daemon, which can be triggered by a remote, unauthenticated attacker to achieve arbitrary code execution. The flaw affects devices running Fireware OS versions 11.x, 12.x, and 2025.1. According to security researchers at Shadowserver, over 115,000 devices remain unpatched and exposed online globally.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also added the vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by December 26. WatchGuard has released security updates and provided indicators of compromise to help organisations identify and remediate affected devices. The vendor has confirmed that the flaw is being targeted as part of a broader campaign against edge networking equipment from multiple vendors.
Why it Matters: The active exploitation of a critical, unauthenticated remote code execution vulnerability in a widely used security appliance like the WatchGuard Firebox represents a significant threat to Australian organisations. These firewalls are the first line of defence for many businesses, including those in critical infrastructure sectors. A compromise could allow attackers to gain a foothold within a network, bypass security controls, exfiltrate sensitive data, or deploy ransomware.
The fact that this is a zero-day vulnerability means that attackers were able to exploit it before a patch was available, increasing the risk for organisations. The ACSC's urgent alert underscores the seriousness of the threat and the need for immediate action. This incident also highlights the ongoing trend of attackers targeting edge devices and the importance of robust vulnerability management programs.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Melbourne-based fleet management firm Netstar Australia has been hit by the Blackshrantac ransomware group in a data extortion attack, underscoring rising cyber risks in the telematics sector that handles sensitive GPS data for government and critical infrastructure operators.
The Rhysida ransomware group has targeted Harbour Town Doctors, a Queensland medical centre, threatening to leak sensitive patient data. The attack highlights the persistent threat of ransomware to the Australian healthcare sector.
One of the largest lead generation datasets ever compiled has been found exposed online, containing 4.3 billion professional records in a 16 terabyte unsecured database.
Melbourne-based broker ThinkMarkets has been hit by the Chaos ransomware group, which stole 512GB of data. The breach includes employee passports and customer KYC records, posing a major risk to the Australian financial services firm and its clients worldwide.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
