CSTI
    vulnerabilityThe Commercial Era (2020-Present) Daily Briefing Landmark Event

    Critical Vulnerabilities Discovered in Apple iOS and WordPress Plugins

    Friday, March 6, 2026

    Critical Vulnerabilities Discovered in Apple iOS and WordPress Plugins

    Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding multiple critical vulnerabilities in Apple’s iOS. These vulnerabilities are linked to a sophisticated exploit kit named "Coruna," which has been actively targeting federal agencies. As these exploits pose a severe risk for cyber espionage, immediate patching is advised for all affected systems. Furthermore, a critical flaw in the User Registration & Membership plugin for WordPress has been discovered, allowing unauthenticated attackers to create admin accounts on over 60,000 sites, rated with a CVSS score of 9.8. Organizations using these platforms must act swiftly to mitigate these risks and prevent unauthorized access.

    Also In Security Today

    • Cisco SD-WAN Vulnerability: A severe vulnerability (CVE-2026-20127) in Cisco's SD-WAN has been exploited for nearly three years, with a CVSS score of 10.0. Organizations must patch this immediately to prevent unauthorized access to networks. Learn More
    • Iranian Cyber Campaigns: In light of increasing military tensions, Iranian-aligned cyber groups have initiated a series of attacks dubbed “The Great Epic,” targeting U.S. fuel infrastructure and logistics. Read More
    • Major Data Breaches: Odido and Madison Square Garden reported significant data breaches affecting millions of users. Odido's customer data was leaked following a ransom refusal, while Madison Square Garden has confirmed over 210GB of data compromised. Details Here

    Analyst's Take

    Today's vulnerabilities underscore the persistent and evolving threats faced by organizations. The urgency of patching critical flaws in widely used software like Apple iOS and WordPress plugins emphasizes the need for proactive security measures. Organizations should prioritize vulnerability management and adopt a robust patching strategy to defend against ongoing attacks. The escalation of state-sponsored cyber campaigns also reinforces the necessity for heightened vigilance, particularly in sectors critical to national infrastructure. The landscape demands a multifaceted approach to cybersecurity, combining technology, training, and threat intelligence.

    Sources

    Apple iOS WordPress vulnerability cyber espionage CISA