Today's security brief highlights critical vulnerabilities under active exploitation, including a Cisco SD-WAN zero-day and a WordPress plugin flaw. We also see continued activity from botnets and ransomware groups, alongside new developments in AI-driven security and privacy concerns.

C0XMO botnet exploits DD-WRT router flaw — A new Gafgyt botnet variant, C0XMO, is actively targeting DD-WRT router firmware and can spread to other device types. Read more →
Silent Ransom Group targets law firms with fake IT support calls — The Silent Ransom Group is using social engineering, often leading to data theft within hours, to target U.S. law firms and professional services organizations. Read more →
Critical Everest Forms Pro flaw exploited in WordPress sites — Hackers are actively exploiting CVE-2026-3300, a critical vulnerability in the Everest Forms Pro plugin, to gain full control of WordPress websites. Read more →
New ChatGPT Lockdown Mode limits data exfiltration risks — OpenAI is rolling out a "Lockdown Mode" for ChatGPT personal accounts to reduce data exfiltration risks from prompt injection attacks, aimed at users handling sensitive data. Read more →
CISA adds actively exploited SolarWinds Serv-U DoS flaw to KEV — CISA has added CVE-2026-28318, a high-severity denial-of-service flaw in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog due to active exploitation. Read more →
Miasma Worm hits 73 Microsoft GitHub repositories — The Miasma self-replicating supply chain attack campaign has impacted 73 Microsoft GitHub repositories, leading GitHub to disable access to them. Read more →
Cisco Catalyst SD-WAN Manager zero-day actively exploited — Cisco has warned of active exploitation of a high-severity, unpatched zero-day (CVE-2026-20245) in its Catalyst SD-WAN Manager, allowing root privilege escalation. Read more →
Over 900 US gas station tank gauge systems exposed to attacks — More than 900 automatic tank gauge (ATG) systems in the U.S., used in critical infrastructure, are exposed online and vulnerable to ongoing attacks. Read more →