TL;DR
Microsoft GitHub repositories hit by Miasma worm across 73 repositories; SolarWinds Serv-U DoS flaw added to CISA's actively exploited list; WordPress Everest Forms Pro critical RCE under active attack.
Executive Summary
- Microsoft's GitHub infrastructure compromised by Miasma self-replicating worm targeting 73 repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations
- CISA added SolarWinds Serv-U denial-of-service flaw to Known Exploited Vulnerabilities catalog with confirmed active exploitation
- Critical WordPress plugin vulnerability (CVE-2026-3300) in Everest Forms Pro actively exploited to seize full website control
- OpenAI rolls out ChatGPT Lockdown Mode to mitigate prompt injection data exfiltration risks
- Meta's AI support bot weaponized to reset Instagram accounts; high-profile targets including Obama White House account affected
Top Threats Today
1. Miasma Worm Compromises 73 Microsoft GitHub Repositories
Severity: HIGH Affected: Technology
Microsoft's GitHub repositories have been targeted by the ongoing Miasma self-replicating supply chain attack campaign [1]. The incident impacted 73 Microsoft repositories across four GitHub organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs ⚠[1]. As a self-replicating worm, Miasma represents a supply chain risk capable of spreading to downstream consumers of affected code repositories.
Sources:[1] The Hacker News
Recommended Action
- Audit GitHub organization activity logs for unauthorized commits or branch modifications dating back to the compromise window
- Review and rotate GitHub personal access tokens and deploy keys across all affected organizations
- Conduct source code review of recent commits in affected repositories for malicious payload injection
- Notify downstream users and consumers of affected repositories of potential exposure
2. SolarWinds Serv-U DoS Flaw Actively Exploited in the Wild
Severity: HIGH Affected: Technology
CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation [1]. The denial-of-service vulnerability demonstrates confirmed active abuse in operational environments.
Sources:[1] The Hacker News
Recommended Action
- Identify and inventory all SolarWinds Serv-U installations within your environment
- Apply available security patches for Serv-U immediately
- Monitor SolarWinds advisories for specific version guidance and remediation steps
- Implement network segmentation to restrict access to Serv-U interfaces from untrusted sources
3. Critical WordPress Everest Forms Pro Vulnerability Under Active Exploitation
Severity: HIGH Affected: Technology
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which allows complete takeover of WordPress websites [1]. The active exploitation indicates widespread targeting of WordPress installations using this plugin.
Sources:[1] BleepingComputer
Recommended Action
- Immediately update Everest Forms Pro to the patched version
- If patched version is unavailable, disable or deactivate the plugin until remediation is released
- Audit WordPress user accounts and reset administrator credentials
- Review WordPress access logs and file integrity for unauthorized changes
- Consider temporarily restricting WordPress admin panel access by IP address
4. Meta AI Support Bot Exploited to Compromise High-Profile Instagram Accounts
Severity: HIGH Affected: Technology
Hackers exploited Meta's AI support assistant bot to reset Instagram account credentials, resulting in defacement of the Obama White House and U.S. Space Force Chief ⚠ Master Sergeant Instagram accounts with pro-Iranian imagery [1]. Instructions for the attack circulated on Telegram, indicating broader potential for account compromise.
Sources:[1] Krebs on Security
Recommended Action
- Enable two-factor authentication (2FA) on all Instagram accounts using authenticator apps rather than SMS when available
- Review account recovery email and phone number settings for unauthorized changes
- Audit login activity and authorized applications connected to Instagram accounts
- Avoid relying solely on Meta's account recovery mechanisms; use strong, unique passwords with password manager storage
5. OpenAI Launches ChatGPT Lockdown Mode to Combat Prompt Injection Data Theft
Severity: MEDIUM Affected: Technology
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks [1]. The feature targets users and organizations handling sensitive data requiring stricter protection guarantees.
Sources:[1] The Hacker News
Recommended Action
- For organizations with ChatGPT access, review OpenAI's Lockdown Mode feature and enable for accounts processing sensitive data
- Establish internal policies restricting use of generative AI for unclassified sensitive information pending maturation of guardrail technologies
- Provide security awareness training on prompt injection risks and data exfiltration vectors
Today’s Action Checklist
- ☐ URGENT: Patch or disable Everest Forms Pro plugin across all WordPress installations; verify no unauthorized access occurred
- ☐ URGENT: Audit SolarWinds Serv-U instances and apply patches; monitor for DoS indicators
- ☐ HIGH: Review GitHub commit history across your Microsoft-managed repositories; rotate credentials for all service accounts
- ☐ HIGH: Enable 2FA on all high-profile social media accounts using authenticator apps; audit account recovery settings
- ☐ Inventory and assess ChatGPT usage; enable Lockdown Mode for accounts processing sensitive data