A critical vulnerability in the Smart Slider 3 WordPress plugin allows subscriber-level attackers to read arbitrary server files including database credentials on 500,000+ vulnerable sites. Researchers discover the Coruna iOS exploit kit carrying an updated kernel exploit from Operation Triangulation. OpenAI expands its bug bounty to cover abuse and safety risks. Cisco patches multiple high-severity IOS vulnerabilities. Hightower Holding discloses a breach affecting 130,000 individuals.
A critical vulnerability in the Smart Slider 3 WordPress plugin β installed on more than 800,000 websites β allows authenticated attackers with minimal privileges (subscriber-level) to read arbitrary files from the server, including the sensitive wp-config.php file containing database credentials, cryptographic keys, and salt values.
Tracked as CVE-2026-3098, the vulnerability stems from missing capability checks in the plugin's AJAX export actions. The actionExportAll function lacks file type and source validation, allowing any authenticated user to invoke it and include arbitrary server files β including .php files β in the export archive. While nonces are present, they can be obtained by any authenticated user, providing no meaningful protection.
The vulnerability is rated medium severity due to the authentication requirement, but any website offering membership, subscription, or registration functionality β an extremely common feature β is at risk. Attackers who exfiltrate wp-config.php can obtain database credentials, potentially leading to complete site takeover including user data theft.
Security researchers have identified a new iOS exploit kit dubbed Coruna that contains an updated version of a kernel exploit originally used in Operation Triangulation β the sophisticated zero-click attack chain that targeted iPhones via iMessage and was first exposed by Kaspersky in 2023.
Operation Triangulation was one of the most technically sophisticated iOS exploit chains ever documented, leveraging an undocumented hardware feature in Apple's chips. The Coruna kit represents a significant evolution:
The emergence of Coruna suggests that the technical knowledge and exploit primitives from Operation Triangulation have either been repurposed by the original developers or have proliferated to other threat actors. Either scenario represents a significant escalation in the iOS threat landscape.
Apple has not yet publicly commented on the Coruna findings. Organizations deploying iOS devices in high-security environments should ensure all devices are running the latest iOS version and monitor for indicators of compromise associated with zero-click exploitation chains.
OpenAI has launched a new dedicated bug bounty program specifically targeting abuse and safety risks in its AI systems β a significant expansion beyond traditional software vulnerability bounties.
The new program rewards reports covering design or implementation issues that could lead to material harm, including:
This move signals a growing recognition that AI safety is a security discipline. Traditional bug bounties focus on software vulnerabilities β buffer overflows, injection attacks, authentication bypasses. By expanding into abuse and safety, OpenAI is effectively creating a new category of security research.
Cisco has released security updates addressing multiple vulnerabilities in its IOS and IOS XE software β the operating systems running on the vast majority of enterprise routers and switches worldwide.
The patched flaws span several severity levels and attack categories:
| Category | Severity | Impact |
|---|---|---|
| Denial of Service | High | Remote crash of affected devices, network disruption |
| Secure Boot Bypass | High | Attackers could load unsigned firmware |
| Information Disclosure | Medium | Exposure of sensitive device configuration data |
| Privilege Escalation | Medium | Authenticated users could elevate to higher privilege levels |
Cisco IOS vulnerabilities are perennial favorites for both nation-state actors and cybercriminal groups due to the ubiquity of Cisco infrastructure in enterprise environments. The Secure Boot bypass is particularly concerning β it could allow persistent implants that survive device reboots and firmware updates.
Network administrators should consult Cisco's Security Advisory page for the full list of affected products and recommended IOS versions. Prioritize devices exposed to the internet or positioned at network boundaries.
Hightower Holding, a financial advisory and wealth management firm, has disclosed a data breach in which threat actors gained access to its environment and exfiltrated personal information belonging to approximately 130,000 individuals.
The compromised information includes:
This combination represents a particularly dangerous data set for identity theft and financial fraud. Wealth management clients β often high-net-worth individuals β represent attractive targets for spear-phishing, social engineering, and account takeover attacks.
Monitor credit reports, consider freezing credit with all three bureaus, and be vigilant for targeted phishing attempts referencing financial advisor relationships. Hightower is expected to offer identity protection services to affected individuals.
| Threat | Category | Severity | Action |
|---|---|---|---|
| Smart Slider CVE-2026-3098 | WordPress Plugin | Critical | Update to 3.5.1.34+ |
| Coruna iOS Exploit Kit | Mobile Exploit | High | Update iOS, monitor IOCs |
| Cisco IOS Vulnerabilities | Network Infrastructure | High | Apply IOS patches |
| Hightower Data Breach | Data Breach | Medium | Credit monitoring |
| OpenAI Safety Bounty | AI Security | Info | Submit research |
Get daily security briefings delivered with actionable intelligence.
Explore KENSAI βYour daily security briefing from KENSAI. Published March 30, 2026 β Morning Edition. Stay patched, stay vigilant.