A high-severity security vulnerability in TP-Link routers, tracked as CVE-2023-33538, has been added to the CISA Known Exploited Vulnerabilities catalog following reports of active exploitation. This vulnerability, with a CVSS score of 8.8, enables attackers to execute arbitrary system commands on affected devices, particularly on models like TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2.

Details of the Vulnerability

The flaw exists within the /userRpm/WlanNetworkRpm component, which processes the ssid1 parameter in specially crafted HTTP GET requests. Attackers exploiting this command injection vulnerability can manipulate the routers, potentially gaining unauthorized access, modifying system configurations, and disrupting services.

Security Risks and Potential Exploits

Exploiting this flaw allows attackers to gain administrative control over vulnerable routers, leading to a wide range of malicious activities, including botnet attacks and data exfiltration. The widespread use of TP-Link routers in home and small-business environments significantly amplifies the potential impact of this vulnerability, especially as attackers could use compromised routers to launch additional attacks or access sensitive information.

Impact on End-of-Life Devices

CISA has warned that many of the affected TP-Link products may be end-of-life (EoL) or end-of-service (EoS), meaning they no longer receive official support or security updates. This significantly increases the risk of exploitation for these devices, as they may not be patched or secured. Users are urged to either disconnect vulnerable devices from their networks or apply mitigations if still supported.

Link to Prior Threat Activity

Though specific exploit details remain sparse, Palo Alto Networks’ Unit 42 previously identified a connection between the vulnerable TP-Link routers and the FrostyGoop malware (aka BUSTLEBERM), which was used in an OT-centric attack. This malware was reportedly used to access control devices via the affected TP-Link router. While no conclusive evidence links this malware to CVE-2023-33538, the potential risk remains high.

CISA’s Mandate and Recommended Actions

CISA has mandated remediation by July 7, 2025 for federal agencies and strongly recommends that all organizations, especially those in critical sectors, apply available patches or disconnect affected devices from their networks immediately. Given the high risk of exploitation, prompt action is necessary to prevent unauthorized access and protect sensitive infrastructure from compromise.

New Exploitation Attempts Targeting Zyxel Firewalls (CVE-2023-28771)

In addition to the TP-Link flaw, GreyNoise reports ongoing exploit attempts targeting CVE-2023-28771, a critical vulnerability in Zyxel firewalls (CVSS: 9.8). The vulnerability, an OS command injection flaw, allows unauthenticated attackers to execute commands on vulnerable devices. This critical bug has been linked to an uptick in DDoS botnet creation, particularly using Mirai botnet variants. Although Zyxel released a patch in April 2023, GreyNoise has observed increased exploitation activity as recently as June 16, 2025.

The attacks, which have targeted 244 unique IP addresses across the United States, United Kingdom, Spain, Germany, and India, are part of a large-scale effort to exploit the flaw in order to add devices to botnets for launching distributed denial-of-service (DDoS) attacks. The exploitation of this vulnerability involves sending crafted requests to vulnerable devices, allowing attackers to gain control and use the devices for further malicious actions. It is likely that the attackers are building large-scale botnets to conduct high-volume DDoS attacks on targeted websites or infrastructure.

The Mirai botnet is notorious for its ability to rapidly escalate attacks, and its connection to CVE-2023-28771 could make these efforts even more potent. The fact that 244 unique IP addresses have been used for such attacks within a short timeframe is indicative of the significant threat posed by this vulnerability, underscoring the need for immediate mitigation.

In response to these ongoing threats, users of Zyxel devices are strongly encouraged to update to the latest firmware, which patches CVE-2023-28771, and to monitor for any anomalous activity that might indicate a compromise. Furthermore, users are advised to limit exposure of vulnerable devices and employ network-level defenses, such as firewalls and intrusion detection systems, to reduce the risk of attack. Organizations should also consider implementing two-factor authentication (2FA) and segmenting networks to prevent lateral movement in the event of a breach.

Cybersecurity experts continue to warn of the dangers of exposed devices and the rapid evolution of botnet threats. With botnet attacks increasing in scale and sophistication, these types of vulnerabilities pose a grave risk to businesses, individuals, and government networks alike.

By applying the recommended patches and ensuring their devices are secured, organizations can mitigate the risk of exploitation and help protect their infrastructure from becoming part of a larger malicious network.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

https://www.netizen.net/contact

A serious security vulnerability in Google’s account recovery system, discovered by the Singaporean security researcher “brutecat,” has been addressed by the tech giant after it was found to expose users to significant privacy and security risks. The flaw potentially allowed malicious actors to brute-force an account’s linked phone number, which could be exploited for targeted attacks like SIM-swapping.

The Vulnerability: A Flaw in Account Recovery

The issue resided in a deprecated version of the Google username recovery page, specifically the version that did not use JavaScript. This page, designed to help users recover their usernames, also enabled attackers to check if a recovery phone number or email was associated with a given Google account display name. While Google had some protective measures in place, they were insufficient to prevent abuse. The page lacked anti-abuse features like CAPTCHA to limit excessive or spammy requests.

Exploiting the flaw required bypassing CAPTCHA-based rate-limiting, allowing attackers to systematically try all permutations of a Google account’s phone number in a short amount of time. Depending on the length of the phone number, which varies by country, attackers could quickly determine the correct digits in just seconds or a few minutes. For example, a Singapore-based phone number could be brute-forced in approximately five seconds, while a U.S. phone number could take around 20 minutes.

How the Exploit Worked

In the attack chain, an attacker could:

1. Leak the Google Account Display Name: First, an attacker could use Looker Studio to cause the victim’s full name to be exposed publicly.
2. Run the Forgot Password Flow: The attacker could then use the Forgot Password flow on the target’s email address, revealing the last two digits of the associated phone number.
3. Brute-force the Phone Number: Using the username recovery form, the attacker could attempt to guess the full phone number by testing all permutations.

Once the full phone number was identified, the attacker could use it in a SIM-swapping attack, gaining control over the target’s phone number. From there, they could request account password resets for any Google services or linked accounts, leading to a complete compromise.

Google’s Response and Fix

After the vulnerability was responsibly disclosed by “brutecat” on April 14, 2025, Google acted swiftly to address the issue. The company awarded the researcher a $5,000 bug bounty and worked to patch the flaw. Google completely removed the problematic username recovery form, which had been lacking proper protections, on June 6, 2025. This fix eliminated the vector for brute-forcing linked phone numbers and mitigated the associated risks.

Prior Vulnerabilities Discovered by brutecat

This is not the first time “brutecat” has uncovered a security flaw related to Google services. In fact, the researcher has previously discovered vulnerabilities that exposed sensitive information on platforms like YouTube.

In an earlier report, “brutecat” revealed an issue with the YouTube API that allowed attackers to expose the email addresses of YouTube channel owners by chaining a flaw in an outdated web API. This discovery earned the researcher a $10,000 bug bounty. Furthermore, in March 2025, the researcher uncovered another access control vulnerability in the YouTube Partner Program (YPP) API, which allowed email addresses of YPP members to be exposed, resulting in another $20,000 reward.

What SOC Teams Need to Know:

SOC teams should be aware that this vulnerability could have been leveraged for SIM-swapping attacks, allowing attackers to gain control of a victim’s phone number and compromise their Google accounts or linked services. Although Google has patched the flaw by removing the vulnerable username recovery form, SOC teams should monitor for potential exploitation attempts in their environments. The vulnerability highlights the importance of protecting recovery mechanisms, such as account recovery phone numbers, and ensuring that deprecated forms or features do not remain active without proper security protections. Teams should also ensure that two-factor authentication (2FA) is enabled across all critical accounts, and closely monitor for signs of SIM-swapping or account takeover attempts. Additionally, this issue serves as a reminder to stay ahead of evolving attack methods, continually testing and securing recovery paths and API access to sensitive user data.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

https://www.netizen.net/contact

As the world of cybersecurity evolves alongside advancements in quantum computing, Microsoft is taking proactive steps to future-proof user systems with Post-Quantum Cryptography (PQC) capabilities. The tech giant has announced that PQC support has been integrated into Windows 11 and Linux, allowing early adopters to begin preparing for the security challenges posed by the rise of quantum machines. This shift is part of Microsoft’s broader efforts to ensure its platforms remain secure in an age where traditional encryption methods could be rendered obsolete by the computational power of quantum computers.

What is Post-Quantum Cryptography (PQC)?

Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against the potential threats posed by quantum computers. These quantum machines will eventually have the power to break conventional cryptographic methods, like RSA and ECC, that currently protect sensitive data. PQC is focused on creating algorithms that cannot be easily broken by quantum systems, ensuring long-term security for data encryption, key exchange, and digital signatures.

Microsoft’s Initiative to Integrate PQC into Windows 11 and Linux

Microsoft’s recent move to integrate PQC into Windows 11 and Linux systems marks an important step toward securing future computing environments. Users can now access PQC support via the Windows Insider Canary Channel Build 27852 and higher, providing an early glimpse into what the future of system security might look like. Additionally, for Linux users, PQC is available through the release of SymCrypt-OpenSSL version 1.9.0, further extending the reach of these new cryptographic capabilities.

This integration is significant as quantum computing continues to make strides, with experts forecasting its arrival within the next decade. Quantum machines hold the potential to crack current encryption methods, posing an existential threat to data security. Microsoft’s move is a preemptive measure, ensuring that its users are not left vulnerable when quantum computing becomes a reality.

Why Post-Quantum Cryptography Matters

The emergence of quantum computers has been a long-discussed topic in the cybersecurity field, with many experts warning that these machines will eventually make traditional encryption methods obsolete. Public-key cryptography algorithms, such as RSA and ECC, which are commonly used to secure sensitive data, rely on mathematical problems that quantum computers can solve much faster than classical computers. This means that sensitive data encrypted today could be at risk in the future, once quantum machines have the computational power to crack these encryption methods.

By introducing PQC, Microsoft is positioning itself to safeguard data against these threats. The transition to PQC is necessary to ensure the continued confidentiality, integrity, and authenticity of data long into the future. It’s not just about protecting against potential breaches today, but ensuring that systems remain resilient in a post-quantum world.

A Step Toward a Quantum-Safe Future

Microsoft’s PQC implementation is one of the first steps in preparing for a quantum-safe future. By offering early access to these capabilities, Microsoft is allowing organizations and users to familiarize themselves with post-quantum cryptography before quantum computers are widely available. This initiative is part of a broader industry trend where tech giants like Microsoft, Google, and others are developing and rolling out quantum-resistant encryption protocols to ensure data remains secure in the face of emerging quantum threats.

As quantum computing becomes a reality, the ability to transition to PQC will be crucial for maintaining secure communications, data storage, and transactions. Microsoft’s integration of PQC into Windows 11 and Linux provides users with a glimpse of the future and underscores the importance of adopting next-generation security measures. It’s clear that the future of cybersecurity will depend on the collaboration between industry leaders, developers, and security experts to stay ahead of quantum threats.

What’s Next for Users and Developers?

For now, the availability of PQC in early builds of Windows 11 and Linux offers a unique opportunity for developers, cybersecurity professionals, and early adopters to experiment with these new cryptographic algorithms. Over time, as the algorithms mature and become more refined, Microsoft is likely to expand PQC capabilities across its other products and services, paving the way for a more secure future. However, the transition to a quantum-safe world will require careful planning, industry collaboration, and timely implementation to ensure a smooth shift when quantum computers finally reach their full potential.

In conclusion, Microsoft’s recent update for PQC support is a critical step toward ensuring that systems remain protected as quantum computing progresses. Users and developers who begin familiarizing themselves with PQC today will be better prepared for the quantum future, keeping their data secure in an increasingly complex digital landscape.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

https://www.netizen.net/contact