cybr.cx Daily Digest — March 30, 2026

Critical Vulnerabilities

CVE-2026-2370 | GitLab CE/EE Jira Connect | CVSS 8.1
GitLab's Jira Connect integration has a broken authorization flaw affecting versions 14.3 through 18.8.7, 18.9–18.9.3, and 18.10–18.10.1. Any authenticated user with minimal workspace permissions can steal installation credentials and impersonate the GitLab app within your Jira instance. If you're running Jira Connect integrations, patch immediately—this is a lateral movement goldmine.

CVE-2026-4415 | Gigabyte Control Center | CVSS 8.1
Gigabyte's Control Center has a nasty arbitrary file write vulnerability when the pairing feature is enabled. Unauthenticated remote attackers can drop files anywhere on the system, achieving code execution or privilege escalation with zero credentials. Disable pairing or update the software—gaming rigs in corporate environments just became a liability.

CVE-2026-4416 | Gigabyte Control Center (EasyTune Engine) | CVSS 7.8
A second Gigabyte issue: the EasyTune Engine service suffers from insecure deserialization. Local authenticated attackers can send crafted payloads to escalate privileges. Less severe than CVE-2026-4415 but still a solid privesc path if attackers already have a foothold.

CVE-2026-3124 | WordPress Download Monitor Plugin | CVSS 7.5
The Download Monitor plugin (≤5.1.7) has an IDOR vulnerability in payment processing. Unauthenticated attackers can complete arbitrary pending orders by exploiting mismatches between PayPal tokens and local orders. If you're monetizing downloads, audit your transactions and update now.

CVE-2026-2328 | Unspecified Backend (Path Traversal) | CVSS 7.5
Generic but dangerous: insufficient input validation allows unauthenticated path traversal to access backend components and leak sensitive data. Vendor details are sparse—check your asset inventory for anything matching this pattern.

Headline News

Lockheed Martin Hit by Alleged Pro-Iran Hacktivist Breach
A pro-Iran hacktivist group claims to have breached Lockheed Martin, with threat actors allegedly listing 375TB of stolen data on dark web forums for $600 million. The claim, first reported by Cybersecurity Dive and heavily discussed on Reddit (305+ upvotes), has not been independently verified by Lockheed. If legitimate, this would represent one of the largest defense contractor breaches in history, potentially exposing classified weapons systems data, supply chain information, and employee records. Defense industrial base organizations should review their threat models and monitor for related indicators. The Iranian attribution adds geopolitical weight given ongoing tensions.

F5 BIG-IP Critical Flaw Now Under Active Exploitation
BleepingComputer reports that attackers are actively exploiting a critical vulnerability in F5 BIG-IP appliances in the wild. The flaw enables remote code execution on a device class that typically sits in front of critical infrastructure. F5 load balancers are ubiquitous in enterprise environments—if you haven't patched yet, assume you're already being scanned. Check your F5 advisories, apply patches immediately, and hunt for signs of compromise in your network traffic logs.

DeFi Protocol Loses $25M in Single Key Breach
Another day, another DeFi disaster: a major protocol lost approximately $25 million after attackers compromised a single key. The breach highlights the persistent "not your keys, not your crypto" problem—except this time it's the protocol's keys. The incident renews concerns about centralized failure points in supposedly decentralized systems. For security teams advising crypto projects: key management and access controls remain the critical weak link.

Nerdy Corner

Let's Encrypt ran a mass revocation simulation and discovered most ACME clients simply... didn't notice. The test revoked 3 million certificates, and the majority of automated renewal systems failed to detect or respond appropriately. It's a sobering reminder that certificate lifecycle management is still held together with duct tape and optimism. Maybe add "test your ACME client's revocation handling" to your Q2 goals—right after "finally document that one script."