CISA Sounds Alarm Over TP-Link Wireless Routers Under Attack

CISA Sounds Alarm Over TP-Link Wireless Routers Under Attack

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two vulnerabilities in wireless routers made by Chinese networking company TP-Link. The agency stated that two flaws, CVE-2023-50224 and CVE-2025-9377, have been exploited in the wild by unknown individuals.

The first issue allows an attacker without authentication to find authentication credentials by subverting HTTPD. The second exposes certain Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 routers to remote code execution. CISA strongly urges organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of these vulnerabilities as part of their vulnerability management practice.

Security officials have previously warned about the growing influence of TP-Link in the American hardware market, with Rob Joyce, former head of the NSA's hacking team, noting that the Chinese manufacturer has grown its market share in the US from 10 percent in 2019 to nearly 60 percent by selling its kits at a loss. He suspects that this market share and links to the Chinese government put American users at risk.

Another TP-Link flaw was also disclosed this week. A bug in the Customer Premises Equipment WAN Management Protocol (CWMP) leaves routers prone to crashing, according to security researcher Mehrun. It is possible that TP-Link will be the next candidate on the US rip-and-replace list at this rate, and American companies will be rueing the fact that cheap can be expensive in the long run.

Google Clears Up Gmail Concerns

Last week started off with Google wanting to make something clear – Gmail hasn't been hacked and everything's fine! Persistent reports claimed that the email accounts of Gmail's 1.8 billion users had been open to attack, with the ShinyHunters crew claiming to have had a breakthrough.

It turns out that this was a misunderstanding over a series of anti-phishing emails Google sent out over the last couple of months, but the clamor was growing so loud that on Monday September 1 the Chocolate Factory felt it had to say something. "Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue," it said.

"This is entirely false." Suffice it to say that if Gmail had suffered such an intrusion then the echo chamber of would have gone nuts. So your Gmail account is safe for now, just be careful and – for goodness sake – turn on multi-factor authentication.

NSA Drops SBOM Bomb

The NSA and security agencies from 19 other nations are pushing companies to insist on a software bill-of-materials check before trusting code. "By promoting transparency, aligning technical approaches, and leveraging automation, SBOM adoption strengthens the resilience of the global software ecosystem," the group said.

"This guidance urges organizations worldwide to integrate SBOM practices into their security frameworks to collaboratively address supply chain risks and enhance cybersecurity resilience." The scheme was touted earlier this year as a way for companies to insist on vendors providing an "ingredients list" of code they are deploying, so that customers can have an easy checklist of things to watch out for and fix.

However, this is a voluntary action, not one backed up by penalties. The agencies are asking for public feedback on the plan – the first of which should be "Don't ship buggy code."

Texas Moves Against PowerSchool After Cyberattack

Life is getting worse for the education software provider PowerSchool after it drastically mismanaged a recent cyberattack. As The Register has reported, the software biz was hit in December by a ransomware attack.

It chose to pay the criminals to delete the purloined data, only to be double-crossed by the thieves. Now Texas is taking it to court, claiming 880,000 students and teachers were caught up in the breach. "If Big Tech thinks they can profit off managing children's data while cutting corners on security, they are dead wrong," said Attorney General Ken Paxton.

"Parents should never have to worry that the information they provide to enroll their children in school could be stolen and misused. My office will do everything I can to hold PowerSchool accountable for putting Texas students, teachers, and families at risk."

Astronaut Scammer Convinces Victim They Need To Buy Oxygen

There was an unusual twist on the usual pig-butchering scam this week when an elderly Japanese woman was convinced to hand over thousands of dollars by someone pretending to be an astronaut in need of a breath of fresh air.

Police in the province of Hokkaido reported that the 80-year-old woman was convinced to send ¥1 million ($6,750) to a scammer who claimed they were "in space on a spaceship right now" and were "under attack and in need of oxygen."

This appears to be another cruel romance scam, one that the victim fell for after developing "romantic feelings" for the supposed stranded space pilot.