WordPress Plugin Under Active Attack as White House AI Policy Shifts

Active exploitation of a critical WordPress plugin, White House AI policy upheaval, and Python's JIT compiler hitting an unexpected governance stop made for a dense Friday in tech.

Security

The Everest Forms Pro plugin is being actively exploited via CVE-2026-3300, a critical unauthenticated vulnerability that hands attackers complete control of affected WordPress sites. The premium form builder is widely deployed across commercial and enterprise installations — it handles file uploads and payment form data, meaning a successful compromise gives an attacker live access to submitted user data, the ability to install persistent backdoors, and a foothold on hosting infrastructure. Exploitation is already underway and the remediation window is narrow. Patch immediately or take the plugin offline; this is not a schedule-for-next-week situation.

OpenAI has begun rolling out ChatGPT Lockdown Mode to eligible personal accounts — an opt-in setting that restricts the external-facing tools available to the model in order to limit prompt-injection-driven data exfiltration. The attack class it addresses is real and underappreciated outside security circles: a hostile instruction embedded in a document, email, or webpage that the model processes can direct it to make outbound requests, leak session context, or forward content through attacker-controlled channels — all without the user's knowledge. Lockdown Mode doesn't solve the root problem; prompt injection at the model level remains an open challenge. But it meaningfully narrows blast radius by restricting what the model can act on. For anyone running ChatGPT over sensitive documents or in an enterprise context, enabling it is a straightforward risk reduction.

Combined with the still-unpatched Cisco SD-WAN and SolarWinds Serv-U exploitation covered in recent breaking posts, defenders are managing active exploitation across three distinct and unrelated attack surfaces simultaneously — an unusually concentrated period.

AI

The White House AI advisory structure is in visible flux. Sriram Krishnan, Trump's AI policy lead since early in the second term, is departing to found an independent institution aimed at continuing to shape AI policy from outside government. His exit coincides with two related policy developments: Trump's stated interest in pursuing a government equity stake in OpenAI — framed as a mechanism for Americans to benefit directly from AI's commercial success — and a House draft bill that would preempt all state-level AI regulation, consolidating all oversight at the federal level.

The three developments compound each other. A federal government moving to become the sole AI regulator while simultaneously exploring a direct financial interest in the dominant AI lab is a structural conflict of interest that will attract legal and political scrutiny regardless of where one stands on AI policy. Krishnan's departure — and his stated intent to keep influencing the space from outside — suggests the internal tension was real.

Meta had a difficult news day. The Meta AI app launched a "For You" feed populated with AI-generated clickbait-style articles, a product direction that optimizes for engagement at the expense of information quality and lands at the worst possible moment for the company's credibility on AI-generated content. Separately, Meta's next major language model continues to slip past expected developer release dates with no new timeline — the sustained silence suggests internal evaluation is driving the hold rather than a scheduling issue.

For those instrumenting agentic pipelines, a new arxiv paper quantifying token distribution in agentic software engineering provides concrete baseline data on where compute actually concentrates across multi-step coding agents — worth reading as these systems move toward production scale.

Tech

Python's steering council has asked the JIT project to pause development. The announcement is brief and offers minimal technical rationale — conspicuous given how openly the project has been developed and discussed since before CPython 3.13. The JIT shipped as an opt-in experimental feature in 3.13 to genuine community enthusiasm; a governance-level stop this early in its post-release life implies something beyond routine prioritization. The discussion thread is sparse and worth monitoring.

Apple's WWDC opens Monday with a major Siri overhaul expected to lead. Apple Intelligence features announced last year are overdue to ship, and deep integration with third-party models including Gemini is reportedly on the agenda. Apple has spent two years trailing every other major platform on AI assistant quality. What ships Monday will determine whether WWDC 2026 marks a genuine catch-up or another well-produced preview of features arriving months later.

Motorola effectively bricked its entire consumer WiFi router line when the MotoSync Plus cloud backend went dark without explanation, leaving customers with non-functional hardware and no official communication. It's a recurring pattern in consumer networking and a persistent argument for router firmware that can operate without a vendor cloud.

Police in England and Wales have been directed to halt AI use in drafting court witness statements pending review — a cautious but appropriate response to a domain where AI errors carry severe downstream consequences for defendants and prosecutions alike. Meanwhile, the Pentagon reportedly elevated its assessment of Israeli intelligence collection against U.S. targets to the highest threat tier, a significant diplomatic signal that received less attention than it probably deserves.

Three active exploit chains, one governance pause in Python's JIT project, and a WWDC keynote on Monday — the weekend has work to do.

Also yesterday

• CISA Confirms Active Exploitation of High-Severity SolarWinds Serv-U Crash Flaw
• Cisco SD-WAN Manager CVE-2026-20245 Is Being Actively Exploited — No Patch Exists
• Miasma Worm Compromises 73 Microsoft GitHub Repositories in Live Supply Chain Attack