Privacy audit meets active exploit warnings

Cloudflare said the newest 1.1.1.1 privacy examination was conducted by the same Big Four accounting firm used previously and followed evidence collection covering the 2024 calendar year; the process required “several months” of cross-team evidence gathering before the final report was issued on April 1, 2026. (blog.cloudflare.com) Cloudflare’s report states source IP addresses for the public resolver are anonymized and deleted within 25 hours and that randomly sampled network packets—no more than 0.05% of traffic—are retained only for troubleshooting and attack mitigation. (blog.cloudflare.com) CISA added CVE-2026-5281 to its Known Exploited Vulnerabilities catalog on April 1, 2026, identifying it as a use-after-free in Google’s Dawn WebGPU component and marking it as actively exploited with a KEV remediation due date of April 15, 2026. (app.opencve.io) (nvd.nist.gov) Vendor advisories show CVE-2026-5281 affects Chrome versions before 146.0.7680.178 and that Google shipped a desktop Stable Channel update that fixed 21 vulnerabilities, including the Dawn use-after-free. (app.opencve.io) (helpnetsecurity.com) The WebLogic flaw tracked as CVE-2026-21962 carries a CVSS score of 10.0 and had public exploit code published on January 22, 2026 with exploitation attempts observed the same day, according to honeypot-based research. (cloudsek.com) (infosecurity-magazine.com) CloudSEK’s 12-day honeypot capture (Jan 22–Feb 3, 2026) recorded high-volume automated scanning and exploitation originating from rented VPS providers such as DigitalOcean and HOSTGLOBAL.PLUS, with attack tooling including libredtail-http and the Nmap Scripting Engine. (cloudsek.com) (infosecurity-magazine.com)