VulnHub

A serious vulnerability in Docker Engine, identified as CVE-2026-34040, has been reported that allows attackers to bypass authorization plugins under certain conditions. This flaw has a high severity rating, with a CVSS score of 8.8, and it is rooted in an incomplete fix for a previous vulnerability, CVE-2024-41110, which was disclosed in July 2024. This means that systems relying on Docker for container management could be at risk, potentially allowing unauthorized access to the host system. Organizations using Docker should take immediate action to assess their exposure and implement necessary security measures. The implications of this vulnerability are significant, as it could lead to unauthorized actions on affected systems, compromising sensitive data and operations.

A new privilege escalation vulnerability, dubbed 'BlueHammer', has been identified in Windows operating systems. This flaw, which merges a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion, allows attackers to gain higher-level access to systems. Users of affected Windows versions are particularly at risk, as this could enable unauthorized actions that compromise system security. The release of exploit code for BlueHammer raises concerns about its potential use in cyberattacks, making it crucial for organizations to address this vulnerability promptly. Keeping systems updated and applying any available patches will be essential to mitigate the risks associated with this flaw.

A new exploit known as GrafanaGhost has been discovered that can bypass AI guardrails, allowing attackers to exfiltrate sensitive data from Grafana instances. This vulnerability combines AI prompt injection techniques with URL flaws to access information that should be protected. Grafana, a widely used open-source platform for data visualization, is particularly vulnerable, and this breach could expose critical insights stored by companies using the software. The implications are serious, as organizations could face data leaks that might compromise their operations and customer trust. Users of Grafana are urged to review their security settings and monitor for any unusual access patterns to safeguard their data.

Recent findings reveal that attackers can exploit Grafana's AI components to leak sensitive enterprise data. By directing Grafana to external resources and using indirect prompts, they can bypass existing security measures. This vulnerability poses a significant risk to organizations that rely on Grafana for data visualization and monitoring, as it may expose confidential information. Companies using Grafana should take immediate action to assess their configurations and consider implementing additional safeguards to protect against such exploitation. The implications of this issue are serious, as it could lead to unauthorized access to critical business data.

Noma Security researchers have discovered a method called 'GrafanaGhost' that exploits Grafana's AI capabilities to extract sensitive corporate data without detection. By using indirect prompt injection, attackers can manipulate the AI to inadvertently share confidential information. This incident raises significant concerns for organizations relying on Grafana for data visualization, as it reveals vulnerabilities in how AI handles user inputs. The implications are serious, as this could lead to unauthorized data exposure for companies that use Grafana's services. Organizations need to be aware of these risks and consider reviewing their AI configurations and security protocols.

Researchers from VulnCheck have discovered that attackers are actively exploiting a severe vulnerability in Flowise, an open-source AI platform. The flaw, identified as CVE-2025-59528, has a maximum CVSS score of 10.0 and allows for remote code execution through a code injection vulnerability in the CustomMCP node. This means that unauthorized users could potentially execute commands on affected systems. Over 12,000 instances of Flowise are exposed, raising significant concerns for users and organizations relying on this platform. It's crucial for those affected to take immediate action to secure their systems against this vulnerability.

Fortinet has released an emergency patch for a serious authentication bypass vulnerability, identified as CVE-2026-35616. This flaw allows attackers to bypass authentication mechanisms, potentially granting unauthorized access to systems using FortiClient. The vulnerability is part of a troubling trend, as it has been exploited in the wild, meaning that it poses an immediate risk to users. Organizations that rely on Fortinet's products should prioritize applying this patch to protect their networks from potential breaches. This incident underscores the importance of timely updates and vigilance in cybersecurity practices.

A new threat group known as UAT-10608 is targeting Next.js applications that are exposed on the web. They are using an automated tool to steal sensitive information such as user credentials and system secrets. This attack can affect any organization using vulnerable Next.js apps, potentially leading to significant data breaches and unauthorized access to systems. It's crucial for companies to assess their web applications for vulnerabilities, especially those related to the React2Shell flaw, to prevent such automated credential harvesting campaigns. The ongoing exploitation of this vulnerability emphasizes the need for timely security updates and monitoring of web applications.

Fortinet has issued an emergency security update for a serious vulnerability found in its FortiClient Enterprise Management Server (EMS). This flaw is currently being exploited in the wild, posing a significant risk to organizations using the software. Users of FortiClient EMS should prioritize applying the patch released over the weekend to protect their systems from potential attacks. The vulnerability affects the management of client devices, which could allow unauthorized access or control if not addressed promptly. The urgency of this update highlights the ongoing challenges companies face in securing their environments against evolving threats.

Hackers are actively exploiting a vulnerability known as React2Shell (CVE-2025-55182) to automate the theft of user credentials from Next.js applications. This attack targets systems that have not been updated or patched against this specific vulnerability, making them susceptible to unauthorized access. Researchers have observed that this campaign is widespread, indicating that many developers using vulnerable versions of Next.js may be at risk. The implications are significant, as stolen credentials can lead to account takeovers and further breaches within organizations. Companies using Next.js should prioritize updating their applications to mitigate this threat and protect user data.

A Chinese cyber group known as TA416 has been targeting European government and diplomatic entities since mid-2025, resuming its activities after a two-year lull. This campaign employs malware like PlugX and uses OAuth-based phishing techniques to compromise systems. TA416 is linked to various other hacking groups, including DarkPeony and RedDelta, indicating a broader network of cyber threats. The resurgence of these attacks raises concerns about the vulnerability of government institutions in Europe, especially given the increasing geopolitical tensions. Authorities and organizations need to bolster their cybersecurity measures to protect sensitive information from these state-sponsored actors.

Hackers have exploited a vulnerability known as React2Shell in a large-scale campaign that has compromised over 750 systems. Using automated scanning tools and the Nexus Listener framework, these attackers targeted organizations to harvest credentials. This incident raises concerns for businesses and users alike, as stolen credentials can lead to unauthorized access and further security breaches. The scale of the attack highlights the need for heightened vigilance and improved security measures among affected organizations. Users and companies are urged to monitor their systems closely and implement stronger authentication protocols to mitigate risks.