Hackers Exploit Zero-Day in Discontinued D-Link Devices - SecurityWeek

A zero-day OS command injection vulnerability (CVE-2026-0625) has been exploited in discontinued D-Link gateway devices, allowing remote attackers to execute arbitrary shell commands. D-Link advises users to retire and replace these legacy devices as they will not receive a patch.