On June 16, 2025, GreyNoise detected a coordinated surge of exploit attempts targeting CVE-2023-28771, a critical remote code execution (RCE) vulnerability in Zyxel firewalls.
The activity involved 244 unique IP addresses targeting UDP port 500, with infrastructure linked to Verizon Business and patterns consistent with Mirai-based botnets.
https://cyberpress.org/exploit-zyxel-rce-vulnerability/