TP-Link has issued a warning to users about two vulnerabilities affecting some end-of-life (EOL) router models; the vulnerabilities are exploiting at least two small office/home routers which are then being used to attack Microsoft 365 accounts. According to the Malwarebytes Lab blog, the routers known to be affected so far are the Archer C7 and the TL-WR841N/ND routers. Though they have reached end-of-life status, TP-Link has released firmware updates to address the vulnerabilities for users.

The two vulnerabilities are CVE-2025-50224, a flaw which allows passwords to be stolen from the router, and CVE-2025-9377, a known Parental Control common injection RCE exploit. This flaw allows attackers to run code on the router. The vulnerabilities are chained together to add vulnerable routers to a botnet. The botnet being used in these attacks is called Quad7, or 7777, and it utilizes the infected routers in password-spraying attacks against Microsoft 365 accounts.

For those unfamiliar, Password-spraying is a hacking technique wherein threat actors try common passwords against multiple accounts or use many common passwords on a single account in the hopes that one will grant them access. Microsoft had previously warned about this botnet, specifically last year, but at that time there were no known vulnerabilities. The Quad7 botnet uses thousands of IP addresses from both home and small business users, which makes detection difficult.

The company is investigating reports of possible vulnerabilities in other models, while CISA (the U.S. Cybersecurity and Infrastructure Security Agency) has also issued advisories for these two flaws.

How to stay safe

More from Tom's Guide

• Google just fixed 84 Android security flaws including two actively exploited zero-days — update your phone right now
• PayPal users under attack from sophisticated new phishing scam — don't fall for this
• Major US delivery company hit in data breach with full names, SSNs and medical info of thousands exposed online

As with many Apple products, AirPods headphones and earbuds get firmware updates from time to time. In general, these updates install automatically.

However, today, Apple finally released step-by-step instructions on manually installing a firmware update yourself. You can find the instructions on the updated AirPods support page (spotted by MacRumors).

Before now, Apple stated, "Firmware updates are delivered automatically while your AirPods are charging and in Bluetooth range of your iPhone, iPad, or Mac that's connected to Wi-Fi . You can also use your iPhone, iPad, or Mac to check that your AirPods have the latest version."

You can check your AirPods status in the Bluetooth settings on your iPhone or iPad.

Here are the six steps you can take to force a firmware update:

You won't need to do this for every firmware update as the automatic update process will still run in the background as usual.

The support page does include information on troubleshooting your AirPods if the earbuds won't update, including potentially resetting your AirPods.

The page also has slightly different firmware update steps for those of you with AirPods Max headphones.

Before today, the only option for keeping your AirPods up to date was to wait for the automatic updates. Now, we at least have this other option available, especially if the automatic update fails to take.

More from Tom's Guide

• iOS 18.3 switches on Apple Intelligence without asking — here’s how to turn it off
• Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
• Apple hit with class-action lawsuit over allegedly toxic 'forever' chemicals in Apple Watch bands

Multiple vulnerabilities have been discovered in several models of popular DJI drones that can be exploited to crash a drone mid-flight or even to find the exact location of a drone’s pilot.

Besides being some of the best drones available today, DJI’s drones are also quite popular since the company has been making them since 2013. However, a total of 16 different vulnerabilities were found in several DJI drones by a team led by Nico Schiller at the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany which has published a whitepaper (PDF) on the matter.

During their testing, the security researchers looked at the DJI Mini 2, the DJI Air 2 and the DJI Mavic 2. Fortunately, the researchers alerted DJI about the vulnerabilities which have all been patched at the time of writing.

Fuzzing for vulnerabilities 

According to a blog post from Bitdefender, Schiller and the other researchers used a technique called “fuzzing” to look for vulnerabilities in DJI’s drones. This technique is quite popular among security researchers and it involves providing random types of input to discover ways to interfere with a device’s functionality.

The researchers created a dedicated algorithm to use when fuzzing DJI’s drones and in the process, they found critical flaws in their firmware that let them “gain elevated privileges on two different DJI drones and their remote controls,” according to CyberNews. These vulnerabilities also made it possible to crash a DJI drone while in the air and 14 of the flaws can be triggered remotely using a pilot’s smartphone.

In order to keep an eye on its drones during operation, DJI has developed a tracking protocol called DroneID that is used to transmit the position of a drone and its pilot to both law enforcement and those operating critical infrastructures like airports. During their investigation, the researchers found that data sent back and forth from the company’s drones isn’t encrypted which means it was accessible to anyone. By exploiting this, an attacker could determine the exact location of a drone and its pilot.

Likewise, an attacker can also change the serial number or log data from a vulnerable DJI drone to disguise their identity. This could also allow them to fly over airports and other restricted areas.

How to update your DJI drone

If you own a DJI drone, you should update the firmware immediately as the company has patched all 16 vulnerabilities.

There are two ways to do so: through the DJI Fly App or using DJI Assistant 2. The first method requires a smartphone with the DJI Fly App installed, while the latter involves connecting your drone to a computer. Regardless of which method you choose, you want to make sure that your battery is charged to 50% or higher before you begin.

If you’re using the DJI Fly App, a firmware update alert will appear in the app. Follow the prompts and allow the app to download and install the new firmware which usually takes around 10 minutes. With DJI Assistant 2, you need to connect your drone to a computer and launch the DJI Assistant 2 app. After your drone is connected to the app, a firmware history page will appear. Select Update in the top right-hand corner to begin downloading and installing the latest firmware.

Just like with your smartphone and computer, keeping your drone updated and running the latest software is really important. While bug fixes are often delivered through firmware updates, so too are performance improvements that can improve how your drone flies and handles.

More from Tom's Guide

• I found one of the best uses for a drone — and it’s not what you think
• Best cheap drones under $100 in 2023
• DJI Mavic 3 review: The best camera drone yet

If you've got an HP desktop, laptop or tablet, you should check to see whether there's a BIOS/UEFI system-firmware update ready for it. Sixteen newly disclosed security flaws could let hackers implant deeply buried, undetectable malware, the company announced in a security bulletin yesterday (March 8).

Security firm Binarly, which discovered these 16 flaws, explained in a blog post yesterday that firmware-integrity checks, antivirus software or the Secure Boot process wouldn't be able to detect malware that exploited these UEFI/BIOS flaws. The malware could be implanted as part of other infections or intrusions. 

It's not known how many HP devices are affected, but five of the flaws are already known to affect hundreds of HP business-oriented models, as the company detailed in a previous security bulletin. The identification of consumer models affected by any of these 16 flaws is still pending.

This story was earlier reported by Bleeping Computer.

How to update your HP BIOS/UEFI firmware

HP has made patches available to fix all these flaws. But because we don't know exactly which consumer models are affected, you'll have to check your machine yourself by going to the HP software-and-drivers support page. 

Once there, either type in your device's serial number or let the HP support website detect your model. From there, the support site will walk you through the download-and-installation process. HP has further BIOS-update instructions here.

Serious UEFI flaws

The flaws reside in the UEFI firmware that controls HP motherboards, the most basic form of software running computers. UEFI is the successor to the better-known BIOS system, but both function the same way. It's the software that responds when you press the power button, turning on the motherboard and activating the hard disk so that Windows, Linux or another operating system can load.

Because UEFI and BIOS operate "below" the primary operating system, antivirus software often can't detect malware infections or other problems with them. UEFI generally counters this with firmware-integrity checks during the boot-up sequence, but Binarly said that integrity checks wouldn't work in these cases.

"The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement," said the blog post, which further explained that Microsoft's Secure Boot process could also be bypassed.

In other words, you may never know whether a bad actor has infected your system firmware. Better to take pre-emptive action and make sure it can't happen by installing the above updates. 

You'll also want to install some of the best Windows antivirus software to prevent first-stage infections that could lead to exploitation of these HP flaws.

Hundreds of millions of Dell desktops, laptops and servers have serious security flaws that could allow malware to take over the machines.

The flaws, five in all, have to do with a system driver dating back to 2009 called dbutil_2_3.sys, which lets the user update a computer's BIOS/UEFI firmware (the low-level motherboard software that starts up a PC) from Windows. 

• Millions of Dells can be hacked remotely — what you need to know
• The best laptops you can buy right now
• Plus: Chinese TV maker: Yes, our Android TVs spied on customers

Newer Dell machines have this flawed driver pre-installed, said Sentinel One researcher Kasif Dekel in a report. Older Dell machines may have installed the driver when the updated their BIOS/UEFI or other firmware. 

All versions of Windows are affected, although Dell machines running Linux should be fine.

What you can do now

To fix this flaw, Dell has released a tool that removes the dodgy system driver. You'll have to input your Dell model name or service tag, and then the tool's web page should provide the correct driver along with the removal tool.

However, we found that not everyone can use the tool. While there's a fix available for our 2018 Dell Latitude 5490, our 2013 Dell XPS 13 (which runs the latest Windows 10 build just fine) is out of luck. 

[Correction: We took a second look at the tool page, which is a bit confusing, and realized that what it actually says is that not all systems, especially many that are out of service, cannot get new drivers to replace the faulty one. But all systems can download and use the tool, which you can find at the bottom of the tool page.]

Dell is promising an "enhanced" version of the firmware-removal-and-update tool on May 10 that may resolve some of the issues above. It's hard to tell because neither Dell's security advisory nor its FAQ about the flawed driver were written with anyone but IT professionals in mind. 

Alternately, Dell says, you can see if the dbutil_2_3.sys driver file is in the filepaths "C:\Users\\AppData\Local\Temp" or "C:\Windows\Temp". 

If it is, then select it and click the Delete key on your keyboard while holding down the Shift key to permanently delete the file.

How the flaws let hackers take over your machine

Dekel isn't explaining exactly how these flaws, grouped together in the single vulnerability listing CVE-2021-21551, can be exploited. 

Sentinel One, Dell and Microsoft agree that they won't divulge the details until users have had some time to patch the flaws. But the upshot is that a local user, even one with limited privileges, can use these flaws to "escalate privileges" and gain full system control.

"The high severity flaws could allow any user on the computer, even without privileges, to escalate their privileges and run code in kernel mode," wrote Dekel in his company's report. "Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products" such as antivirus software.

Kernel mode is a system privilege that even users with administrative privileges — the ability to install, update and delete software — don't normally get. 

This means that malware that infects even the least-privileged user account — say, one belonging to a child — can use these flaws to add new powers and totally take over the system.

Here's a video by Sentinel One that shows one of these exploits in action. The command-line screens show a "weak user" with limited privileges running a program called "exploit.exe" that suddenly gives the "weak user" a whole lot of system privileges.

Dekel said that as of yesterday, when his report was released, there was no indication that any bad guys had used these flaws to attack machines.

Update: Dell clarifies some things

A Dell spokesperson told us that "older Dell machines will be able to use the driver-removal tool" as it exists, and that May 10 is simply when Dell owners will start seeing notifications that they need to run the tool.

We were advised to look at two long lists of devices on the official Dell security advisory, one for models still being supported, the other for those that have reached "end of service life." (Our 2013 XPS 13 didn't seem to be on either list.)

For devices that had reached end of service, the Dell representative said, the user must take one of the three options in Step 1 of the security advisory: run the driver-removal tool as it is, remove the driver manually or wait to be notified on May 10. Removal of the faulty driver must be done after updating the BIOS/UEFI, other firmware or other drivers.

• The best Windows 10 antivirus software