cybr.cx Daily Digest — March 20, 2026

Critical Vulnerabilities

CVE-2026-33134 | WeGIA Web Manager | CVSS 9.3 CRITICAL
A nasty authenticated SQL injection in WeGIA (versions ≤3.6.5), a web management platform for charitable institutions. The /html/matPat/restaurar_produto.php endpoint fails to sanitise the id_produto parameter, allowing full database compromise. If you're running WeGIA, patch immediately or restrict access to the affected endpoint—any authenticated user can exploit this.

CVE-2026-26137 | Microsoft 365 Copilot Business Chat | CVSS 8.9 HIGH
SSRF vulnerability in Microsoft 365 Copilot's Business Chat feature allows authenticated attackers to elevate privileges across the network. Given Copilot's deep integration with enterprise data, this is a serious lateral movement vector. Watch for Microsoft's patch guidance and monitor for unusual Copilot activity in your tenant.

CVE-2026-32013 | OpenClaw | CVSS 8.8 HIGH
Symlink traversal in OpenClaw (pre-2026.2.25) lets attackers escape agent workspaces via the agents.files.get and agents.files.set methods. Exploitation could lead to arbitrary file read/write and code execution. Update to 2026.2.25 or later if you're running this AI agent framework.

CVE-2026-4442 | Google Chrome | CVSS 8.8 HIGH
Heap buffer overflow in Chrome's CSS handling (versions before 146.0.7680.153) enables heap corruption via malicious HTML. Remote exploitation is possible—ensure auto-updates are enabled or push the patch manually across your fleet.

CVE-2026-33053 | Langflow | CVSS 8.8 HIGH
Broken access control in Langflow (<1.9.0) allows any authenticated user to delete any other user's API keys. The delete_api_key_route() endpoint doesn't verify key ownership before deletion. Classic IDOR—upgrade to 1.9.0.

CVE-2026-4486/4487/4488 | D-Link DIR-513, UTT HiPER Routers | CVSS 8.8 HIGH
Multiple buffer overflow vulnerabilities in end-of-life D-Link and UTT router firmware. Exploits are public. If you're still running these devices, it's time to replace them—no patches are coming.

Headline News

Navia Breach Exposes 2.7 Million Individuals
Benefits administrator Navia Benefit Solutions has disclosed a breach affecting nearly 2.7 million people. According to BleepingComputer, attackers accessed sensitive personal information, though the full scope of exposed data types hasn't been detailed. Navia handles FSA, HSA, and COBRA administration for employers across the US, meaning the breach likely includes financial and health-adjacent data. If your organisation uses Navia, expect notification letters and prepare for potential identity theft fallout among employees. This is another reminder that benefits administrators are high-value targets sitting on troves of PII.

DoJ Takes Down 3-Million-Device IoT Botnet
The Department of Justice announced the disruption of a massive IoT botnet comprising approximately 3 million compromised devices, linked to some of the largest DDoS attacks on record. The takedown involved international coordination and targeted the command-and-control infrastructure. For defenders, this is a temporary reprieve—these botnets tend to reconstitute. Review your IoT asset inventory and ensure devices aren't exposed with default credentials. The scale here underscores how neglected IoT devices remain the internet's soft underbelly.

"DarkSword" Exploit Targets Older iPhones
Security researchers from Google, iVerify, and Lookout have identified "DarkSword," a browser-based exploit chain capable of silently compromising iPhones running iOS 18. The attack requires no user interaction beyond visiting a malicious page. Millions of users on older devices that can't upgrade to iOS 19 are potentially vulnerable. Apple hasn't commented on patch availability for legacy devices. If you're managing a fleet with older iPhones, this is a strong argument for hardware refresh cycles tied to security support windows.

Nerdy Corner

The French aircraft carrier Charles de Gaulle was tracked in real-time by journalists at Le Monde using… Strava. Fitness-tracking sailors aboard apparently didn't get the OPSEC memo, allowing reporters to pinpoint the nuclear-powered carrier's movements by aggregating workout data. This isn't the first "Stravaleaks" incident, and it won't be the last. Somewhere, a French Navy CISO is drafting a very strongly-worded policy update about leaving your Garmin at home during deployment. The enemy doesn't need satellites when your crew is chasing Kudos.