C0XMO is exploiting a 2021 DD-WRT buffer overflow to spread a cross-architecture Gafgyt variant that kills rival botnets. Ubiquiti patched three CVSS 10.0 UniFi OS flaws for unauthenticated root RCE, but JWT keys still work on patched consoles and must be rotated. OpenAI shipped Lockdown Mode that disables browsing, deep research, and agent mode to limit prompt-injection exposure. Same lesson: patch, rotate, and gate capability.

C0XMO botnet exploits DD-WRT, UniFi OS auth-bypass gets CVSS 10.0, and OpenAI ships Lockdown Mode

The TLDR Infosec digest for June 8 had three stories that all matter for the same reason: the attack surface in 2026 is no longer where most security teams are looking. A modular Gafgyt variant called C0XMO is actively spreading by exploiting a 2021 buffer overflow in DD-WRT router firmware and wiping out rival botnets along the way. Ubiquiti patched three CVSS 10.0 UniFi OS flaws chained for unauthenticated root RCE, but the patch leaves JWT signing keys valid against already-patched consoles. And OpenAI shipped Lockdown Mode, a feature that disables browsing, deep research, image retrieval, and agent mode to reduce prompt-injection exposure.

What You Need to Know: Fortinet discovered C0XMO, a modular Gafgyt variant that exploits CVE-2021-27137 in DD-WRT router firmware, supports 19 DDoS methods, and ships binaries for seven CPU architectures. Ubiquiti patched three CVSS 10.0 UniFi OS Server flaws chained for unauthenticated root RCE, but admins still need to rotate JWT keys because the patch doesn't invalidate them. OpenAI introduced Lockdown Mode to limit prompt-injection exposure by disabling live browsing, web image retrieval, deep research, and agent mode.

Why It Matters

Old CVEs in IoT firmware are still the botnet's best friend. CVE-2021-27137 is from 2021. It is still being exploited in 2026. C0XMO also kills competing botnets on the same device, which means the marginal cost of a defense failure is now worse than just being owned. You are also being replaced.
The UniFi OS patch fixes the bypass but not the consequences. Three CVSS 10.0 flaws chained for unauthenticated root RCE, with the patch leaving JWT signing keys valid. If your console was exposed before the patch, the keys are compromised and still work. Patch + rotate is the new normal.
OpenAI Lockdown Mode is a tacit admission that prompt injection is unsolved at the platform level. The platform-level mitigation is to turn off the dangerous features. That is a meaningful capability for high-risk users, but it is not a defense. It is a feature gate.
For builders and defenders: patch hygiene on edge devices is now more important than on servers. The economics of the botnet make the edge the path of least resistance, and the consequences of a compromise on the edge now include prompt-injection relays back into your AI tooling.

What Actually Happened

C0XMO botnet spreads via DD-WRT and kills rivals

Fortinet's researchers identified C0XMO, a modular Gafgyt variant that propagates by exploiting CVE-2021-27137, an unauthenticated buffer overflow in DD-WRT router firmware that allows arbitrary code execution. The botnet ships binaries for ARM, MIPS, PowerPC, SuperH, x86, and x86_64, and propagates across DVRs, routers, video management platforms, and Android devices. It supports 19 DDoS methods, including UDP/TCP/SYN/ICMP floods, ping of death, NTP/Memcached amplification, and Discord- and Valve-specific floods. A downloaded Python scanner using requests, paramiko, and beautifulsoup4 brute-forces weak SSH and Telnet credentials across ports 22, 23, 80/443, 7547, 8080, 8443, and 8888. Persistence comes via copies hidden in /tmp/.sys, /var/tmp/.sys, and /dev/shm/.sys, plus cron jobs that relaunch every 15 minutes. Critically, the botnet terminates competing botnets, red-team tools, and interfering services before reaching its hardcoded C2 over a custom multi-stage handshake. Defenders are advised to keep devices patched, set unique admin credentials, disable unneeded remote access, and hunt for the listed hidden paths and the 15-minute cron persistence.

Ubiquiti patches three CVSS 10.0 UniFi OS auth-bypass flaws

Ubiquiti issued SAB-064 to patch three CVSS 10.0 UniFi OS Server flaws (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) that Bishop Fox chained on 5.0.6 for unauthenticated root RCE via an Nginx auth-gateway bypass (raw vs. normalized URI handling of %2f) into command injection in the package-update service. The patch fixes the auth-bypass, but it does not change JWT verification. Stolen signing keys still mint valid owner-scope tokens against patched 5.0.8 consoles. Admins must update to 5.1.12 (most Cloud Gateways), 5.1.10 (UNAS), 5.1.11 (Dream Machine Beast), or 4.0.14 (UniFi Express), rebuild exposed instances, restrict TCP 11443 to a management VLAN, and rotate the JWT key, TLS keys, tokens, RADIUS secrets, and DB credentials. The lesson: a CVSS 10.0 patch is not the end of the incident if the key material was exposed. Rotate, don't just patch.

OpenAI ships Lockdown Mode for prompt injection

OpenAI introduced Lockdown Mode to reduce exposure to prompt injection attacks from web pages and external content. The feature, documented in OpenAI's help center, disables live web browsing, external web image retrieval, deep research, and agent mode, while keeping some cached content and image-generation functionality available. The framing matters. OpenAI is not claiming to have solved prompt injection. They are saying the platform-level mitigation is to turn off the channels that ingest untrusted content. For high-risk users, that is a useful toggle. For the rest of us, it is a clear signal that prompt injection remains a fundamentally unsolved class of attack at the model layer, and the defense is feature gating, not detection.

The Take

Here is the part to actually internalize: every one of these stories is about the same problem, the gap between what is shipped and what is actually secure. C0XMO is exploiting a 2021 CVE because DD-WRT installs never get patched, and the botnet actively kills rivals so being compromised is worse than being compromised alone. The UniFi OS patch fixes the bug but not the breach, and a CVSS 10.0 without a key rotation is a headline, not a remediation. OpenAI Lockdown Mode is OpenAI admitting the same thing at the model layer. The only model that is safe from prompt injection is the one that is not exposed to untrusted content. None of these are sophisticated attacks. They are all exploitation of known gaps, and the gap is process, not technology. If your security program is built on patching and forgetting, you are in every one of these stories already. The only durable response is patch plus rotate, plus capability gating, plus a real plan for the edge.

Quick Summary

C0XMO is exploiting a 2021 DD-WRT buffer overflow to spread a cross-architecture Gafgyt variant that kills rival botnets. Ubiquiti patched three CVSS 10.0 UniFi OS flaws for unauthenticated root RCE, but JWT keys are still valid against patched consoles and must be rotated. OpenAI shipped Lockdown Mode, which turns off browsing, deep research, and agent mode to limit prompt-injection exposure. The theme is the same. Patch plus rotate, and assume untrusted content is the threat.

C0XMO Botnet Spreads , UniFi OS Auth Bypass , OpenAI Lockdow