Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.

Microsoft today announced it was part of a global operation meant to disrupt the world's largest online criminal network. Dubbed Necurs, the network functioned as a botnet - a number of computers infected by malware or otherwise malicious software that are functioning on behalf of a botmaster. The botmaster is basically akin to an administrator - but for nefarious purposes.

Thought to be controlled by criminals based in Russia, Necurs spanned more than nine million computing devices across 35 countries, making it one of the largest spam email threat ecosystems known to authorities - besides being used for pump-and-dump stock scams, fake pharmaceutical spam email and "Russian dating" scams. Necurs was such a well-oiled machine that it was seen sending 3.8 million spam messages to over 40 million targets across a 58-day long time frame in the investigation.