cybr.cx Daily Digest — March 22, 2026

Critical Vulnerabilities

CVE-2026-4314 — WordPress "WP Extended" Plugin (CVSS 8.8 HIGH)
A privilege escalation vulnerability in "The Ultimate WordPress Toolkit – WP Extended" plugin affects all versions through 3.2.4. The flaw stems from an insecure strpos() check against the request URI in the Menu Editor module, allowing attackers to bypass authorization and escalate privileges. If you're running this plugin, update immediately or disable it—this is trivially exploitable on any WordPress site using the affected versions.

CVE-2026-4529 — D-Link DHP-1320 (CVSS 8.8 HIGH)
A remotely exploitable stack-based buffer overflow in the SOAP Handler's redirect_count_down_page function. Public exploit code exists. The catch: D-Link no longer supports this device. If you're still running a DHP-1320, it's time to retire it—no patch is coming.

CVE-2026-4534, CVE-2026-4535 — Tenda FH451 (CVSS 8.8 HIGH)
Two stack-based buffer overflows in the Tenda FH451 router (firmware 1.0.0.9) via the WrlExtraSet and WrlclientSet endpoints. Both are remotely exploitable with public exploits available. Same story for CVE-2026-4551, CVE-2026-4552, CVE-2026-4553 affecting Tenda F453—three more buffer overflows in various form handlers. Consumer Tenda gear continues to be a soft target; segment these devices or replace them.

CVE-2026-4555 — D-Link DIR-513 (CVSS 8.8 HIGH)
Stack-based buffer overflow in the formEasySetTimezone function, remotely exploitable with a public PoC. Another end-of-life D-Link router with no fix forthcoming. Decommission or isolate.

Headline News

WorldLeaks Ransomware Cripples Los Angeles and Metro System
The WorldLeaks ransomware group has successfully breached the City of Los Angeles, forcing a shutdown of the LA Metro transit system. The attack represents a significant escalation in ransomware targeting municipal infrastructure. Two additional Bay Area cities have declared emergencies following separate ransomware incidents, suggesting either coordinated campaigns or copycat activity exploiting similar vulnerabilities in local government systems. For practitioners managing municipal or transit infrastructure: review your backup integrity, segment OT networks, and ensure your incident response plans account for cascading service disruptions.

"DarkSword" Exploit Threatens Up to 270 Million iPhones
A newly disclosed iOS vulnerability dubbed "DarkSword" could affect up to 270 million iPhones, according to reports gaining significant traction on security forums (589 upvotes on r/cybersecurity). Details on the specific attack vector remain limited, but the scale of potentially vulnerable devices makes this one to watch closely. Apple has not yet commented publicly. Security teams supporting iOS fleets should monitor Apple's security advisories and prepare for an emergency patch cycle. If exploitation details emerge before a fix, MDM-enforced mitigations may become necessary.

Navia Benefit Solutions Breach Exposes 2.7 Million People
Benefits administration provider Navia has disclosed a data breach affecting 2.7 million individuals. The company handles FSA, HSA, and other employee benefit programs, meaning the exposed data likely includes sensitive PII and potentially health-related financial information. Organizations using Navia for benefits administration should proactively notify affected employees and monitor for downstream fraud. This breach underscores the risk concentration in third-party benefits platforms—one vendor compromise ripples across hundreds of employers.

Nerdy Corner

OpenClaw: When Your AI Claw Machine Grabs More Than Plushies
A detailed teardown on Hacker News (165 points) dissects OpenClaw—an open-source robotic claw game project—and discovers it's basically a CVE buffet. We're talking hardcoded credentials, unauthenticated APIs, and enough injection vectors to make a pentester weep with joy. The write-up walks through each vulnerability with the energy of someone who started reviewing code for fun and ended up questioning humanity's ability to ship secure software. If you've ever wanted to own a claw machine (in the infosec sense), this is your weekend reading.

Stay sharp. See you tomorrow.