TP-Link is a organization tracked across 19 threat clusters and 46 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 17, 2026.
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
TP-Link has patched multiple critical vulnerabilities in its Archer NX router series, specifically affecting models NX200, NX210, NX500, and NX600. The most severe flaw, CVE-2025-15517, allows unauthenticated attackers…
On March 24, 2026, the Federal Communications Commission (FCC) banned the import of all new foreign-made consumer routers, citing unacceptable risks to U.S. national security. This decision affects routers produced…
TP-Link has issued security updates for two vulnerabilities in its Kasa EC70 v4 and EC71 v4 smart cameras. The vulnerabilities, CVE-2026-9770 and CVE-2026-13230, were published on 2026-07-15 and allow attackers on the…
Recent identity-based attacks have exploited vulnerabilities in authentication systems, targeting credentials and identity infrastructure. Notable incidents include the compromise of over 18,000 routers by APT28 to…
Multiple high-severity vulnerabilities have been identified in TP-Link's Tapo C520WS smart security cameras. These vulnerabilities could allow adjacent attackers to trigger Denial-of-Service (DoS) conditions, crash the…
A high-severity vulnerability, CVE-2026-5509, has been disclosed in TP-Link's Archer BE450 v1 and Archer BE7200 v1 routers. This flaw allows attackers to execute arbitrary system commands if they gain admin access,…