A medium-severity vulnerability in the Smart Slider 3 WordPress plugin allows subscriber-level users to read arbitrary server files including wp-config.php — with over 500,000 sites still unpatched. Security researchers identify the Coruna iOS exploit kit as a likely updated successor to the notorious Operation Triangulation. OpenAI opens a new bug bounty track focused on AI abuse and safety risks. TP-Link patches high-severity vulnerabilities across multiple router models. Hightower Holding confirms a data breach affecting 130,000 individuals.
A vulnerability in Smart Slider 3, one of the most popular WordPress plugins with over 800,000 active installations, allows any authenticated user — even those with mere subscriber-level access — to read arbitrary files on the server. The flaw is tracked as CVE-2026-3098.
The vulnerability stems from missing capability checks in the plugin's AJAX export actions. The actionExportAll function lacks both file type and source validation, allowing any authenticated user to invoke it and include arbitrary server files — including wp-config.php — in the export archive.
While the vulnerability requires authentication, this only limits impact to websites that offer user registration or subscription features — which is extremely common on modern WordPress sites with membership systems, WooCommerce shops, or community forums.
WordPress.org download stats show the plugin was downloaded roughly 303,000 times in the past week, meaning at least 500,000 sites are still running vulnerable versions. Update to Smart Slider 3 version 3.5.1.34 immediately. After updating, rotate database credentials and WordPress salts as a precaution if you allow user registrations.
The CVE received a medium severity score due to the authentication requirement, but defenders should not be complacent. In practice:
wp-config.php provides full database access, enabling complete site takeoverDefender Action: Update Smart Slider 3 to 3.5.1.34+. Audit user accounts for suspicious subscriber registrations. Consider disabling user registration if not business-critical. Rotate all secrets in wp-config.php. Monitor for unusual file export activity in server logs.
Security researchers have identified a sophisticated iOS exploit kit dubbed Coruna that contains an updated version of a kernel exploit previously used in Operation Triangulation — the high-profile espionage campaign discovered by Kaspersky in 2023 that targeted iOS devices via zero-click iMessage exploits.
Operation Triangulation was one of the most advanced iOS attack chains ever documented:
The Coruna kit represents a continuation and evolution of the same exploit development program. Researchers found that the kernel exploit component has been updated to work against newer iOS versions, with refinements to bypass mitigations introduced by Apple in response to the original Operation Triangulation disclosures.
The discovery raises critical questions about the longevity of state-sponsored exploit programs and whether the fixes Apple deployed in 2023-2024 fully neutralized the underlying attack surface. The existence of Coruna suggests the exploit developers had deeper knowledge of the targeted hardware and software than the patches addressed.
Organizations in government, diplomacy, defense, and critical infrastructure should ensure all iOS devices are running the latest iOS version. Enable Lockdown Mode on devices used by high-value personnel. The persistence of Operation Triangulation-class exploits underscores why mobile device management and aggressive patching remain essential — even against threats you thought were resolved.
OpenAI has expanded its security research program with a new bug bounty track specifically targeting abuse and safety risks in its AI models and products. Through this new program, OpenAI will reward reports covering design or implementation issues that lead to material harm.
Unlike traditional bug bounty programs that focus on infrastructure vulnerabilities like XSS or SQLi, this new track covers:
This represents a meaningful shift in how AI companies approach safety — treating abuse and misuse as security vulnerabilities worthy of bounty rewards. It acknowledges that jailbreaks, prompt injection attacks, and safety bypasses have real-world consequences and deserve the same structured response as traditional vulnerabilities.
For Security Researchers: OpenAI's expanded program creates new opportunities for AI red-teaming. Researchers with expertise in adversarial machine learning, prompt engineering, and AI safety can now receive financial rewards for identifying weaknesses. This could accelerate the discovery and mitigation of safety gaps across the AI industry if competitors follow suit.
TP-Link has released security updates addressing multiple high-severity vulnerabilities across its router product line. The security defects could be exploited to:
TP-Link routers are among the most widely deployed consumer and small business networking devices globally. Compromised routers serve as:
This comes amid heightened regulatory scrutiny of TP-Link products. The FCC has been evaluating potential restrictions on certain Chinese-manufactured networking equipment, and unpatched vulnerabilities in widely-deployed routers feed directly into those national security concerns.
Defender Action: Check TP-Link's security advisory for affected models and firmware versions. Update router firmware immediately. Change default admin credentials if not already done. Disable remote management unless explicitly required. Review whether WAN-facing management interfaces are exposed.
Hightower Holding, a wealth management and financial advisory firm, has disclosed a data breach affecting approximately 130,000 individuals. The company confirmed that hackers stole sensitive personal information from its environment, including:
The combination of SSNs and driver's license numbers represents a high-value dataset for identity theft. Affected individuals face elevated risk of fraudulent account openings, tax fraud, and synthetic identity creation.
Wealth management firms hold particularly sensitive data — not just personal identifiers but financial account details, investment portfolios, and net worth information. The Hightower breach adds to a growing list of financial sector incidents that highlight the need for:
If You're Affected: Monitor your credit reports across all three bureaus. Consider placing a credit freeze — especially if notified that your SSN was compromised. Watch for phishing attempts that reference Hightower or wealth management services, as threat actors often use stolen data to craft targeted social engineering.
| Threat | Category | Severity | Target |
|---|---|---|---|
| Smart Slider 3 CVE-2026-3098 | Web Application / Plugin | Medium-High | 500K+ WordPress sites |
| Coruna iOS Exploit Kit | Nation-State / Espionage | Critical | High-value iOS users |
| OpenAI Abuse Bug Bounty | AI Safety / Industry | Informational | AI ecosystem |
| TP-Link Router Vulnerabilities | Network Infrastructure | High | Consumer / SMB networks |
| Hightower Holding Breach | Data Breach | High | 130,000 individuals |
KENSAI continuously monitors your attack surface for vulnerabilities, misconfigurations, and exposure — before attackers find them.
Start Your Free Scan →Published by the KENSAI Threat Intelligence Team
March 29, 2026 — Night Edition
Sources: BleepingComputer, SecurityWeek, Wordfence, Defiant