CISA Flags Critical Flaws in WhatsApp and TP-Link—You Could Be at Risk
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two serious security problems—one in WhatsApp and another in a TP-Link Wi-Fi device—to its Known Exploited Vulnerabilities list. When a flaw makes this list, it means hackers have already taken advantage of it in real-world attacks, so quick action is needed to protect against further damage.
One of the flaws affects a TP-Link Wi-Fi extender model known as TL-WA855RE. The issue is especially concerning because attackers don’t even need a password to take control. Someone on the same network could force the device to reset itself and then set a new admin password, locking the real owner out while taking over full control. Because this model is no longer supported and will not receive any more updates, the safest step is to replace it with a newer device that still gets security patches.
The other flaw involves WhatsApp on iOS and macOS. This vulnerability is what’s known as “zero-click,” which means hackers could break into a device without the user doing anything at all—not even clicking a link or opening a file. In situations like this, spyware can be secretly installed, allowing attackers to watch activity, steal data, or track communications. While most people may never be directly targeted, these kinds of flaws are often used in highly focused attacks against individuals of interest, such as journalists, activists, or government officials. Still, it’s important for everyone to update WhatsApp to the latest version as soon as possible.
CISA has set a firm deadline for all federal agencies to fix these issues, but the advice applies to everyone. Unsupported devices like the affected TP-Link extender should be replaced immediately, and all apps and operating systems should be kept up to date. Stronger security settings, such as two-factor authentication, can also add extra protection.
These incidents highlight a bigger lesson: technology doesn’t stay secure forever. Devices that no longer receive updates become easy targets, and even trusted apps can contain hidden weaknesses. Staying safe means being proactive—regularly checking for updates, phasing out older equipment, and taking warnings like this seriously. By making these small changes, individuals and organizations can reduce their risk and stay one step ahead of attackers.
