Smart Slider WordPress CVE ने 500K साइट्स को फ़ाइल चोरी के खतरे में डाला, Coruna iOS एक्सप्लॉइट किट ने Operation Triangulation को पुनर्जीवित किया, OpenAI ने दुरुपयोग और सुरक्षा बग बाउंटी लॉन्च की
Smart Slider 3 WordPress प्लगइन में एक गंभीर भेद्यता सब्सक्राइबर-स्तर के हमलावरों को 500,000 से अधिक कमजोर वेबसाइटों पर डेटाबेस क्रेडेंशियल सहित मनमानी सर्वर फ़ाइलें पढ़ने की अनुमति देती है। शोधकर्ताओं ने Operation Triangulation से अपडेटेड कर्नेल एक्सप्लॉइट वाले Coruna iOS एक्सप्लॉइट किट की खोज की। OpenAI ने अपने बग बाउंटी प्रोग्राम को दुरुपयोग और सुरक्षा जोखिमों तक विस्तारित किया। Cisco ने कई उच्च-गंभीरता IOS भेद्यताओं को पैच किया। Hightower Holding ने 130,000 व्यक्तियों को प्रभावित करने वाले उल्लंघन का खुलासा किया।
🔴 Smart Slider 3 WordPress Plugin: Arbitrary File Read Exposes 500K+ Websites
A critical vulnerability in the Smart Slider 3 WordPress plugin — installed on more than 800,000 websites — allows authenticated attackers with minimal privileges (subscriber-level) to read arbitrary files from the server, including the sensitive wp-config.php file containing database credentials, cryptographic keys, and salt values.
⚠️ CVE-2026-3098 — Arbitrary File Read
Tracked as CVE-2026-3098, the vulnerability stems from missing capability checks in the plugin's AJAX export actions. The actionExportAll function lacks file type and source validation, allowing any authenticated user to invoke it and include arbitrary server files — including .php files — in the export archive. While nonces are present, they can be obtained by any authenticated user, providing no meaningful protection.
Impact & Timeline
- Discovery: Researcher Dmitrii Ignatyev reported the flaw to Wordfence on February 23, 2026
- Vendor acknowledgment: Nextendweb acknowledged on March 2, 2026
- Patch released: Smart Slider version 3.5.1.34 shipped on March 24, 2026
- Still vulnerable: WordPress.org download stats indicate the plugin was downloaded only ~303K times in the past week, meaning at least 500,000 websites remain on vulnerable versions
- Exploitation status: Not flagged as actively exploited yet, but the low barrier (subscriber access only) makes exploitation trivial
Why This Matters
The vulnerability is rated medium severity due to the authentication requirement, but any website offering membership, subscription, or registration functionality — an extremely common feature — is at risk. Attackers who exfiltrate wp-config.php can obtain database credentials, potentially leading to complete site takeover including user data theft.
🟠 Coruna iOS Exploit Kit: Operation Triangulation's Successor Surfaces
Security researchers have identified a new iOS exploit kit dubbed Coruna that contains an updated version of a kernel exploit originally used in Operation Triangulation — the sophisticated zero-click attack chain that targeted iPhones via iMessage and was first exposed by Kaspersky in 2023.
From Triangulation to Coruna
Operation Triangulation was one of the most technically sophisticated iOS exploit chains ever documented, leveraging an undocumented hardware feature in Apple's chips. The Coruna kit represents a significant evolution:
- Updated kernel exploit: The kit contains a modernized variant of the Triangulation kernel vulnerability, adapted for newer iOS versions
- Exploit kit packaging: Unlike Triangulation's targeted deployment, Coruna appears structured as a reusable exploitation framework
- Attribution unclear: Researchers have not yet definitively linked the kit to the same state-sponsored actors behind the original operation
🔍 Strategic Significance
The emergence of Coruna suggests that the technical knowledge and exploit primitives from Operation Triangulation have either been repurposed by the original developers or have proliferated to other threat actors. Either scenario represents a significant escalation in the iOS threat landscape.
Apple has not yet publicly commented on the Coruna findings. Organizations deploying iOS devices in high-security environments should ensure all devices are running the latest iOS version and monitor for indicators of compromise associated with zero-click exploitation chains.
🟣 OpenAI Expands Bug Bounty to Cover AI Abuse and Safety Risks
OpenAI has launched a new dedicated bug bounty program specifically targeting abuse and safety risks in its AI systems — a significant expansion beyond traditional software vulnerability bounties.
What's New
The new program rewards reports covering design or implementation issues that could lead to material harm, including:
- Abuse vectors: Novel techniques for misusing AI models in ways that bypass existing safety filters
- Safety failures: Cases where models produce harmful outputs that circumvent alignment measures
- Design flaws: Architectural issues that could enable systemic harm at scale
- Implementation gaps: Technical bugs in safety systems that reduce their effectiveness
Industry Implications
This move signals a growing recognition that AI safety is a security discipline. Traditional bug bounties focus on software vulnerabilities — buffer overflows, injection attacks, authentication bypasses. By expanding into abuse and safety, OpenAI is effectively creating a new category of security research.
🔴 Cisco Patches Multiple High-Severity IOS Vulnerabilities
Cisco has released security updates addressing multiple vulnerabilities in its IOS and IOS XE software — the operating systems running on the vast majority of enterprise routers and switches worldwide.
Vulnerability Details
The patched flaws span several severity levels and attack categories:
| Category | Severity | Impact |
|---|---|---|
| Denial of Service | High | Remote crash of affected devices, network disruption |
| Secure Boot Bypass | High | Attackers could load unsigned firmware |
| Information Disclosure | Medium | Exposure of sensitive device configuration data |
| Privilege Escalation | Medium | Authenticated users could elevate to higher privilege levels |
Patch Urgency
Cisco IOS vulnerabilities are perennial favorites for both nation-state actors and cybercriminal groups due to the ubiquity of Cisco infrastructure in enterprise environments. The Secure Boot bypass is particularly concerning — it could allow persistent implants that survive device reboots and firmware updates.
⚠️ Action Required
Network administrators should consult Cisco's Security Advisory page for the full list of affected products and recommended IOS versions. Prioritize devices exposed to the internet or positioned at network boundaries.
🟠 Hightower Holding Data Breach Exposes 130,000 Individuals
Hightower Holding, a financial advisory and wealth management firm, has disclosed a data breach in which threat actors gained access to its environment and exfiltrated personal information belonging to approximately 130,000 individuals.
Stolen Data
The compromised information includes:
- Full names
- Social Security numbers
- Driver's license numbers
This combination represents a particularly dangerous data set for identity theft and financial fraud. Wealth management clients — often high-net-worth individuals — represent attractive targets for spear-phishing, social engineering, and account takeover attacks.
🛡️ If You're Affected
Monitor credit reports, consider freezing credit with all three bureaus, and be vigilant for targeted phishing attempts referencing financial advisor relationships. Hightower is expected to offer identity protection services to affected individuals.
📊 Quick Threat Landscape Summary
| Threat | Category | Severity | Action |
|---|---|---|---|
| Smart Slider CVE-2026-3098 | WordPress Plugin | Critical | Update to 3.5.1.34+ |
| Coruna iOS Exploit Kit | Mobile Exploit | High | Update iOS, monitor IOCs |
| Cisco IOS Vulnerabilities | Network Infrastructure | High | Apply IOS patches |
| Hightower Data Breach | Data Breach | Medium | Credit monitoring |
| OpenAI Safety Bounty | AI Security | Info | Submit research |