cybr.cx Daily Digest — March 21, 2026

Critical Vulnerabilities

CVE-2026-32042 & CVE-2026-32051 — OpenClaw Privilege Escalation & Authorization Bypass (CVSS 8.8)
Two high-severity flaws in OpenClaw demand immediate attention. The first allows unpaired devices to self-assign admin-level operator scopes by bypassing pairing requirements—if you have gateway auth, you can promote yourself to operator.admin. The second lets anyone with operator.write scope invoke owner-only control plane functions (gateway, cron) through agent runs. Patch to 2026.3.1 immediately; both are trivially exploitable by authenticated attackers.

CVE-2026-2941 — Linksy Search and Replace WordPress Plugin (CVSS 8.8)
Subscribers can rewrite arbitrary database tables, including wp_capabilities. Missing capability check means any authenticated user can promote themselves to admin or corrupt your entire WordPress database. Affects all versions through 1.0.4. Remove or update now.

CVE-2026-3334 — CMS Commander WordPress Plugin SQL Injection (CVSS 8.8)
SQL injection in the restore workflow via multiple parameters. Authenticated attackers can dump or manipulate your database. Versions through 2.288 are vulnerable. If you're running CMS Commander in any multi-site management capacity, patch urgently.

CVE-2026-4261 — Expire Users WordPress Plugin Privilege Escalation (CVSS 8.8)
Subscribers can manipulate their own role expiration settings to escalate to administrator. Versions through 1.2.2 affected. Another "subscribers shouldn't be able to do that" classic.

CVE-2019-25575 & CVE-2019-25576 — Legacy SQLi in SimplePress CMS & Kepler Wallpaper Script (CVSS 8.2)
Old vulnerabilities newly catalogued. Both allow unauthenticated SQL injection via GET parameters. If you're somehow still running SimplePress 1.0.7 or Kepler Wallpaper 1.1 in 2026, today's the day to fix that.

Headline News

Russian Intelligence Behind Signal Phishing Campaign, FBI Confirms
The FBI issued a public service announcement attributing ongoing phishing attacks against Signal and WhatsApp users to Russian intelligence services. The campaigns have already compromised thousands of accounts by tricking users into linking attacker-controlled devices or surrendering authentication codes. This represents a significant escalation in state-sponsored targeting of encrypted communications platforms. For practitioners: review your organisation's guidance on verifying link requests in Signal, and remind users that legitimate services will never ask them to scan QR codes from unsolicited messages. The targeting appears focused on journalists, activists, and government personnel, but enterprise users of these platforms should assume they're in scope.

Stryker Cyberattack Enters Second Week, Employees Still Locked Out
Medical device manufacturer Stryker remains crippled more than a week after a cyberattack, with employees still unable to access systems or perform work. The attack, claimed by an Iranian government-linked hacking group on March 11, has drawn federal attention—the FBI and DOJ seized the attackers' domains this week, though the group has already restored operations on new infrastructure. This incident underscores both the persistent targeting of healthcare sector suppliers and the whack-a-mole reality of domain seizures against determined adversaries. For those in healthcare supply chain security: assume threat actors have mapped your vendor relationships and are actively probing for entry points.

Trivy GitHub Actions Tags Compromised in Supply Chain Attack
Security scanner Trivy has been hit again via GitHub Actions tag compromise, exposing CI/CD secrets across potentially thousands of pipelines. Attackers modified action tags to exfiltrate environment variables and secrets during build processes. This follows the broader pattern of supply chain attacks targeting development tooling where trust is implicitly granted. If you're using Trivy actions, audit your workflows immediately, rotate any secrets that may have been exposed, and pin to specific commit SHAs rather than mutable tags.

Nerdy Corner

The Tinybox is making waves on Hacker News—an offline AI device running 120 billion parameters locally. For those tired of explaining to compliance why you can't just pipe sensitive data to OpenAI, this might be your answer. It's built on tinygrad and promises actual air-gapped inference without the "but it's just metadata" conversations. Whether it can actually run inference faster than you can make coffee remains to be seen, but the privacy-conscious among us are cautiously optimistic.