Infosec in brief The US Cybersecurity and Infrastructure Security Agency (CISA) has said two flaws in routers made by Chinese networking biz TP-Link are under active attack and need to be fixed – but there's another flaw being exploited as well.

CISA warned that two flaws, [1]CVE-2023-50224 and [2]CVE-2025-9377 , have been exploited in the wild by persons unknown. The first issue allows an attacker without authentication to find authentication credentials by subverting httpd, while the second exposes the Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 routers to remote code execution.

"CISA [3]strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice," the agency warned.

[4]

Security officials had already warned about the growing influence of TP-Link in the American hardware market, with Rob Joyce, former head of the NSA's hacking team, noting that the Chinese manufacturer had grown its market share in the US from 10 percent in 2019 to nearly 60 percent by selling its kit at a loss. He suspects that its market share and links to the Chinese government puts American users at risk.

[5]

[6]

Another TP-Link flaw was also disclosed this week. A bug in the Customer Premises Equipment WAN Management Protocol (CWMP) leaves routers prone to crashing, [7]according to security researcher Mehrun.

It's possible that TP-Link will be the next candidate on the US [8]rip-and-replace list at this rate, and American companies will be ruing the fact that cheap can be expensive in the long run. Then again, with Cisco's [9]record , there may not be too many other options.

Google categorically denies Gmail has been hacked

Last week started off with Google wanting to make something clear – Gmail hasn't been hacked and everything's fine!

[10]The crazy, true story behind the first AI-powered ransomware

[11]Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

[12]Critical, make-me-super-user SAP S/4HANA bug under active exploitation

[13]Attackers snooping around Sitecore, dropping malware via public sample keys

Persistent reports claimed that the email accounts of Gmail's 1.8 billion users had been open to attack, with the [14]ShinyHunters crew claiming to have had a breakthrough. It turns out that this was a misunderstanding over a series of anti-phishing emails Google sent out over the last couple of months, but the clamor was growing so loud that on Monday September 1 the Chocolate Factory felt it had to say something.

"Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue," it [15]said . "This is entirely false."

[16]

Suffice it to say that if Gmail had suffered such an intrusion then the echo chamber of comments would have gone nuts. So your Gmail account is safe for now, just be careful and – for goodness sake – turn on multi-factor authentication.

Western nations want a software bill-of-materials security check

The NSA and security agencies from 19 other nations are [17]pushing [PDF] companies to insist on a software bill-of-materials check before trusting code.

"By promoting transparency, aligning technical approaches, and leveraging automation, SBOM adoption strengthens the resilience of the global software ecosystem," the group [18]said .

"This guidance urges organizations worldwide to integrate SBOM practices into their security frameworks to collaboratively address supply chain risks and enhance cybersecurity resilience."

The scheme was touted earlier this year as a way for companies to insist on vendors providing an "ingredients list" of code they are deploying, so that customers can have an easy checklist of things to watch out for and fix. However, this is a voluntary action, not one backed up by penalties.

[19]

The agencies are asking for public comments on the plan – the first of which should be "Don't ship buggy code."

Texas moves against PowerSchool after cyberattack

Life is getting worse for the education software provider PowerSchool after it drastically mismanaged a recent cyberattack.

As The Register has [20]reported , the coding biz was hit in May by a ransomware attack. It chose to pay the criminals to delete the purloined data, only to be double-crossed by the thieves.

Now Texas is taking it to court, claiming 880,000 students and teachers were caught up in the breach.

"If Big Tech thinks they can profit off managing children's data while cutting corners on security, they are dead wrong," [21]said Attorney General Ken Paxton.

"Parents should never have to worry that the information they provide to enroll their children in school could be stolen and misused. My office will do everything we can to hold PowerSchool accountable for putting Texas students, teachers, and families at risk."

He claims the company willfully misrepresented its security capabilities and violated the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act.

Paxton is running for a seat in the US Senate – a bid complicated by his wife's decision to [22]divorce him for alleged adultery.

Astronaut scammer convinces victim they need to buy oxygen

There was an unusual twist on the usual [23]pig-butchering scam this week when an elderly Japanese woman was convinced to hand over thousands of dollars by someone pretending to be an astronaut in need of a breath of fresh air.

Police in the province of Hokkaido reported that the 80-year-old woman was convinced to send ¥1 million ($6,750) to a scammer who [24]claimed they were "in space on a spaceship right now" and were "under attack and in need of oxygen."

This appears to be another cruel romance scam, one that the victim fell for after developing "romantic feelings" for the supposed stranded space pilot. ®

Get our [25]Tech Resources



[1] https://nvd.nist.gov/vuln/detail/cve-2023-50224

[2] https://nvd.nist.gov/vuln/detail/CVE-2025-9377

[3] https://www.cisa.gov/news-events/alerts/2025/09/03/cisa-adds-two-known-exploited-vulnerabilities-catalog

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aL79n4FhmIvctkmhztaIHAAAAIQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aL79n4FhmIvctkmhztaIHAAAAIQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aL79n4FhmIvctkmhztaIHAAAAIQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://medium.com/byteray/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679

[8] https://www.theregister.com/2025/01/08/fcc_chief_urges_spectrum_auction/

[9] https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/

[10] https://www.theregister.com/2025/09/05/real_story_ai_ransomware_promptlock/

[11] https://www.theregister.com/2025/09/05/clickfix_castlerat_malware/

[12] https://www.theregister.com/2025/09/05/critical_sap_s4hana_bug_exploited/

[13] https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/

[14] https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/

[15] https://blog.google/products/workspace/gmail-security-protections/

[16] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aL79n4FhmIvctkmhztaIHAAAAIQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[17] https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf

[18] https://www.cisa.gov/news-events/alerts/2025/09/03/cisa-nsa-and-global-partners-release-shared-vision-software-bill-materials-sbom-guidance?utm_source=SBOM&utm_medium=GovDelivery

[19] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aL79n4FhmIvctkmhztaIHAAAAIQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[20] https://www.theregister.com/2025/05/08/powerschool_data_extortionist/

[21] https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-sues-big-tech-company-catastrophic-data-breach-compromised-personal

[22] https://www.texastribune.org/2025/07/10/angela-paxton-divorce-texas-attorney-general-ken/

[23] https://www.theregister.com/2025/05/30/fbi_treasury_funnull_sanctions/

[24] https://www.scmp.com/week-asia/people/article/3324527/love-scam-outer-space-japanese-pensioner-falls-fake-astronauts-desperate-plea

[25] https://whitepapers.theregister.com/