A weekly security roundup covering: a Docker authentication bypass vulnerability (CVE-2026-34040) that allows empty request bodies to circumvent auth plugins; compromise of CPU-Z and HWMonitor download sites distributing malware; X.Org and XWayland security updates fixing memory issues; OpenSSL 4.0 release with Encrypted Client Hello (ECH) support; a Rockstar Games breach via Snowflake/Anodot supply chain; a Linux Kernel 7.0 out-of-bounds certificate handling fix; NIST announcing it will stop enriching most CVE entries in the NVD due to funding constraints; and a record-breaking Microsoft Patch Tuesday with over 160 security updates including a fix for the publicly known Bluehammer Windows Defender bypass.
Table of contents
Windows CPU Tools CompromisedX.Org and XWayland UpdatedOpenSSL 4.0 ReleasedRockstar games breached (again)Linux Kernel Certificate OOBNIST no Longer Enriching CVEPatch Tuesday, Everybody Panic!Botconf Talks StreamingSort: