Patch & zero-day surge — FortiClient/BlueHammer/Docker/Flatpak/GrafanaGhost/React2Shell/Iran PLCs/Glasswing + Chrome/Android etc.
Key Questions
What is the FortiClientEMS zero-day vulnerability?
FortiClientEMS CVE-2026-35616 is a remote code execution flaw exploited in the wild, added to CISA's KEV catalog. Fortinet released an emergency hotfix for unauthenticated attackers. It requires immediate patching to prevent compromise.
What is Windows BlueHammer?
BlueHammer is an unpatched Windows vulnerability with a public PoC exploit released by a security researcher after Microsoft went silent. It poses risks to systems without a patch available. Users should monitor for updates and apply mitigations.
How severe is the Docker CVE-2026-34040 flaw?
CVE-2026-34040 in Docker allows attackers to bypass security controls and take over hosts. It affects container isolation, enabling full system compromise. Administrators should update Docker immediately.
What is GrafanaGhost?
GrafanaGhost is a vulnerability that bypasses Grafana’s AI defenses for data theft via AI injection, disclosed by Noma Security. It leaves no trace and affects Grafana instances. Users need to apply patches and review configurations.
What does React2Shell vulnerability enable?
React2Shell is an RCE flaw that helps hackers steal credentials, AI platform keys, and sensitive data. It has been exploited in large-scale campaigns. Affected systems should be updated and monitored for theft.
What are the Iranian Rockwell PLC exploits?
Iranian actors are exploiting Rockwell PLCs, including Studio 5000, leading to CISA alerts and US critical infrastructure disruptions. FBI, CISA, and NSA provided IOCs. Operators should secure PLCs and follow agency guidance.
What is Project Glasswing?
Anthropic's Project Glasswing uses AI to stealthily hunt zero-days and spot cybersecurity issues for partners like Apple and Google. It involves tech giants fighting attacks with AI. It enhances proactive vulnerability detection.
What did Qualys warn about patching?
Qualys warns that exploitation is outpacing manual patching, with vuln exploits at 40% and PoCs over 270M. Automated tools are essential for timely defenses. Organizations face growing risks from rapid attacker actions.
Flatpak CVE-2026-34078 sandbox escape patched 1.16.4; Docker CVE-2026-34040 auth bypass/host takeover (29.3.1); Qualys reports -1 day TTE/85% unpatched/6.5x surge; Iranian Rockwell PLC exploits CISA/FBI/NSA/DOE alerts US disruptions; vuln exploits 40%; PoCs 270M+.