Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed – but there's another flaw being exploited as well.

CISA warned that two flaws, CVE-2023-50224 and CVE-2025-9377 , have been exploited in the wild by persons unknown. The first issue allows an attacker without authentication to find authentication credentials by subverting httpd, while the second exposes the Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 routers to remote code execution.

"CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice," the agency warned.

See Full Page