A wide range of critical security updates were released this week, including patches for Docker, the Linux kernel, Microsoft Windows, and the launch of OpenSSL version 4.0.

Key Points

• Docker vulnerability CVE-2026-34040 allows attackers to bypass authentication plugins by submitting empty request bodies.
• Microsoft’s latest Patch Tuesday addresses over 160 security flaws, including the Bluehammer exploit for Windows Defender.
• OpenSSL 4.0 introduced support for Encrypted Client Hello (ECH) to enhance user privacy during TLS handshakes.
• Linux Kernel 7.0 and several LTS versions received a fix for an out-of-bounds memory access bug in the keyring API.
• NIST announced it will stop enriching most CVE entries, limiting its analysis to critical software and government-related vulnerabilities.
• Rockstar Games confirmed a data breach originating from a third-party service provider, though player data remains unaffected.

Why it Matters

These developments highlight a significant increase in the volume and complexity of software vulnerabilities requiring immediate attention from IT administrators and security teams. The reduction in NIST’s vulnerability analysis, combined with the rapid exploitation of known bugs, necessitates a more proactive approach to patch management and internal security monitoring.