cybr.cx Daily Digest — March 29, 2026

Critical Vulnerabilities

CVE-2026-32914 | OpenClaw | CVSS 8.8 HIGH
OpenClaw versions before 2026.3.12 have broken access controls in /config and /debug command handlers. Anyone with basic command authorization can read or modify owner-only configuration settings. If you're running OpenClaw in production, update immediately—this is a privilege escalation waiting to happen.

CVE-2026-32915 | OpenClaw | CVSS 8.8 HIGH
Another OpenClaw issue (pre-2026.3.11): sandboxed leaf subagents can escape their boundaries and mess with sibling runs or execute with broader tool policies. Low-privilege workers shouldn't be able to steer or kill other processes. Patch to 2026.3.12 to cover both CVEs.

CVE-2026-33573 | OpenClaw | CVSS 8.8 HIGH
Rounding out the OpenClaw trifecta—authenticated operators can supply malicious spawnedBy and workspaceDir values to escape workspace boundaries and execute arbitrary file operations anywhere the process can access. If you haven't patched OpenClaw yet, you're three CVEs behind.

CVE-2026-5021, 5024, 5036, 5042, 5043 | Consumer Routers | CVSS 8.8 HIGH
Stack-based buffer overflows in Tenda F453, Tenda 4G06, D-Link DIR-513, and Belkin F9K1122 routers. All remotely exploitable, all with public exploits. The D-Link is end-of-life with no patch coming. If any of these are on your network (or your users' home networks), replace or isolate them. These are botnet recruitment devices now.

Headline News

ShinyHunters Claims 350GB European Commission Breach
The notorious ShinyHunters group is claiming responsibility for a massive 350GB data exfiltration from European Commission systems. The threat actor posted samples to their usual channels, though independent verification is still pending. EU officials have acknowledged an investigation is underway. ShinyHunters has a track record of legitimate breaches (Microsoft, Tokopedia, AT&T), so this warrants serious attention. For practitioners: if your organization shares data with EU institutions or uses connected systems, now's the time to review those integrations and monitor for credential exposure.

Iranian Sleeper Network in Canada Raises Cross-Border Concerns
Canadian officials have disclosed that between 700-1,000 Iranian Islamic Revolutionary Guard Corps agents may be embedded in Canada, potentially positioned to target US interests. Shadow Minister Michelle Rempel Garner confirmed the figures to the New York Post amid escalating regional tensions. This follows the reported Iranian strike destroying a $500M US surveillance aircraft, which saw significant discussion on r/pwnhub (728 upvotes). For security teams at critical infrastructure, defense contractors, and government-adjacent organizations in North America: review your insider threat programs and physical security posture.

Integer Overflow Bug Enables TLS Certificate Forgery
A write-up making rounds on r/pwnhub details how a math error—specifically an integer overflow in a TLS parser—can be exploited to forge security certificates. The vulnerability allows attackers to bypass certificate validation entirely, undermining the trust model that secures most internet communications. The technical breakdown is worth reading for anyone doing protocol implementation or security audits. Check your TLS libraries and parsers against the specific vulnerable patterns described.

Nerdy Corner

A Tennessee woman was wrongfully arrested for crimes committed in North Dakota after police relied on AI facial recognition that fingered the wrong person. Angela Lipps found herself explaining to cops that she'd never been to North Dakota—apparently the algorithm disagreed. The story's getting traction on Hacker News (264 points) as the latest exhibit in the "maybe don't let robots do police work unsupervised" gallery. On the bright side, at least the AI didn't also recommend she try the local restaurants while she was theoretically there committing crimes.