A new botnet is compromising TP-Link routers:
This botnet may cause command injection vulnerabilities, enabling remote code execution (RCE), which allows the malware to propagate itself across the web autonomously. This critical security vulnerability (identified as CVE-2023-1389) has also been exploited to disseminate various other malware strains dating back to April 2023, when it was involved in the Mirai botnet attacks. Additionally, this vulnerability is associated with the Condi and AndroxGh0st malware incidents.
[…]
Among the thousands of compromised devices, most are found in Brazil, Poland, the United Kingdom, Bulgaria, and Turkey; the botnet is targeting sectors such as manufacturing, medical/healthcare, services, and technology organizations located in the United States, Australia, China, and Mexico.