Vulnerability Management , Network Security Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered April 20, 2026 Share By SC Staff Palo Alto Networks Unit 42 researchers have identified widespread attempts to exploit CVE-2023-33538, a vulnerability in several end-of-life TP-Link router models, reports Cybersecurity Dive . The security flaw was first revealed publicly in June 2023, and the Cybersecurity and Infrastructure Security Agency added it to its Known Exploited Vulnerabilities in July 2025 due to concerns of active exploitation. The observed payloads resemble malware commonly associated with Mirai-style botnets, indicating attempts to download and run harmful software on the routers. Researchers noted that access credentials for the router's web management interface is required to successfully exploit the flaw. Users have been advised to avoid using default login credentials. TP-Link confirmed that the outdated affected routers no longer receive support and recommends using replacements with currently supported hardware. The findings add to the ongoing scrutiny regarding TP-Link equipment security. There had been previous issues with severe vulnerabilities in TP-Link Omada routers discovered by Forescout Research and a botnet campaign incident in 2025 that targeted TP-Link Archer routers. An In-Depth Guide to Network Security Get essential knowledge and practical strategies to fortify your network security. Learn More SC Staff Related Vulnerability Management Trio of new Windows vulnerabilities under active exploitation SC Staff April 20, 2026 TechCrunch reports that attacks weaponizing the Windows Defender security vulnerabilities BlueHammer, UnDefend, and RedSun which have had their proof-of-concept exploits leaked by security researcher Chaotic Eclipse after a dispute with Microsoft have already compromised at least one organization. Vulnerability Management Critical RCE vulnerability in protobuf.js; Exploit code published SC Staff April 20, 2026 The vulnerability, tracked as GHSA-xq3m-2v4x-88gg, stems from unsafe dynamic code generation within protobuf.js. Security Operations Express website vulnerability exposed customer order details SC Staff April 20, 2026 The vulnerability allowed unauthorized access to order confirmation pages, revealing customer names, phone numbers, email addresses, postal and billing addresses, and details of purchased items. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms ACK Piggybacking Berkeley Internet Name Domain (BIND) Broadcast Address Call Admission Control (CAC) Cell Collision Decapsulation Demilitarized Zone (DMZ) Distance Vector Domain You can skip this ad in 5 seconds