Dutch researchers @midnightbluelab found a critical zero-click vuln in a photo app enabled by default on Synology storage devices, putting millions of systems at risk of being hacked. They found Synology systems owned by police/law firms/critical infrastructure contractors online and all vulnerable to attack. Synology has called the vuln "critical" and issued a patch last week but apparently didn't notify customers. Synology devices don't have automated update capabilities. Here's my story:

WIRED

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers...