🤠 Chrome's 4th Zero-Day, a Cisco 9.8 Auth Bypass, and Docker's One-Request Host Takeover

In partnership with

Turn AI into Your Income Engine

Ready to transform artificial intelligence from a buzzword into your personal revenue generator?

HubSpot’s groundbreaking guide "200+ AI-Powered Income Ideas" is your gateway to financial innovation in the digital age.

Inside you'll discover:

• A curated collection of 200+ profitable opportunities spanning content creation, e-commerce, gaming, and emerging digital markets—each vetted for real-world potential

• Step-by-step implementation guides designed for beginners, making AI accessible regardless of your technical background

• Cutting-edge strategies aligned with current market trends, ensuring your ventures stay ahead of the curve

Download your guide today and unlock a future where artificial intelligence powers your success. Your next income stream is waiting.

Get Your Guide

This is an IT Support Group

Weekly IT Roundup 🤠

Chrome's 4th zero-day of 2026, a Cisco auth bypass so bad it scores 9.8, and Docker lets you pop hosts with one HTTP request

GM IT pros!

Happy Thursday! Your patching backlog just got worse. You're welcome.

-Stetson

Tech News TL;DR

This week's IT and tech news in 5-minutes-ish or less

🔒 CYBER-SECURITY NIGHTMARES

Because sleep is overrated anyway...

🌐 Chrome's 4th Zero-Day of 2026 — Yes, Fourth
CVE-2026-5281 is a use-after-free in Chrome's Dawn WebGPU layer, and it's being actively exploited in the wild. Google patched 21 flaws total. CISA added it to the KEV catalog with a fix deadline of April 15. Update to Chrome 146.0.7680.177+. We're four months into 2026 and already four Chrome zero-days deep. At this rate we'll hit double digits by summer. Read more

🔥 Cisco IMC Auth Bypass — CVSS 9.8 — Patch Immediately
CVE-2026-20093 lets an unauthenticated attacker send a crafted HTTP request and reset any user's password, including Admin. Full control over UCS servers, Cyber Vision appliances, Secure Firewall Management Centers — the works. No workarounds. Firmware update or bust. If your IMC interfaces are internet-exposed, you already have a problem. Read more

🐳 Docker AuthZ Bypass: One Padded HTTP Request = Root on Host
CVE-2026-34040 (CVSS 8.8) is an incomplete fix for a 2024 bug that lets attackers bypass Docker's authorization plugins with a single oversized HTTP request. No special tools needed. From there it's a straight line to host filesystem access, cloud credential theft, and full infrastructure compromise. Update to Docker Engine 29.3.1. Read more

⚡ Langflow Flaw Exploited Within 20 Hours of Disclosure
CVE-2026-33017, a critical flaw in the popular AI workflow tool Langflow, saw exploitation attempts just 20 hours after going public. Twenty. Hours. If you're running Langflow in production, this is your sign to set up automated patching yesterday. Read more

📊 Vulnerability Exploits Now Account for 40% of All Cyber Intrusions
Surpassing phishing for the first time. The median time from CVE publication to CISA's KEV catalog dropped to just 5 days, while orgs still take ~20 days to patch. Attackers are getting faster. Most of us are not. Read more

🪟 WINDOWS & MICROSOFT

Patch Tuesday is coming and your change board isn't ready

🔧 April Patch Tuesday: Kernel Driver Trust Purge Goes Live
Starting with the April security update, Microsoft is removing trust for all kernel drivers signed by the deprecated cross-signed root program. If you have legacy drivers in your fleet, test now or explain to users later why their hardware stopped working. Read more

🔐 Secure Boot Certificate Status Indicators Rolling Out
New indicators in the Windows Security app help IT admins track which devices have received replacement Secure Boot certificates before the 2026 expiration. Windows 11 gets it April 8, Windows 10 on April 14. One more thing to audit across your fleet. Read more

🛡️ Smart App Control No Longer Requires a Clean Install
Finally. Admins can toggle Smart App Control on or off without reimaging. It's the small wins that keep us going. Read more

🤖 AI TAKING OVER

Our future robot overlords are getting smarter

🔋 New AI Approach Cuts Energy Use by 100x While Boosting Accuracy
Researchers have unveiled a neuro-symbolic AI approach that combines neural networks with symbolic reasoning, slashing energy consumption by up to 100x. It mirrors how humans actually solve problems — breaking them into steps instead of brute-forcing everything with more compute. The "just add more GPUs" era may have an expiration date. Read more

💰 OpenAI Hits $25B Revenue, Eyes Late-2026 IPO
OpenAI has surpassed $25 billion in annualized revenue and is reportedly preparing for a public listing as soon as Q4 2026. Anthropic is at $19B. The AI revenue race is real, and the numbers are staggering. Read more

🔌 Anthropic's MCP Crosses 97 Million Installs
The Model Context Protocol hit 97 million installs in March, officially transitioning from "experimental standard" to "foundational infrastructure." If you're building AI agents or integrations, MCP is the protocol to bet on. Read more

🤖 Nvidia Launches Open-Source Agent Toolkit
Nvidia CEO unveiled an open-source platform for building autonomous AI agents, with 17 enterprise software companies already signed on. The agentic AI era isn't coming — it's here, and it has a toolkit now. Read more

🔧 QUICK HITS

The weird stuff that doesn't fit anywhere else

📉 Vulnerability Exploit Time-to-Weaponize Hits 5 Days — the gap between disclosure and exploitation is shrinking fast. If your patching cycle is "monthly," that's 25 days of exposure per CVE. Might want to rethink that.

🔒 Fortinet EMS Patch Follow-Up — If you missed Wednesday's newsletter about CVE-2026-35616, CISA's deadline is tomorrow (Friday). Over 2,000 exposed instances are still out there. Read more

🐧 Learn Linux the hands-on way — Shell Samurai teaches you Linux through real practice, not just reading docs. Built by yours truly. Shameless plug, zero regrets. Try it free

That's the roundup. Chrome's on its 4th zero-day, Cisco's basically handing out admin passwords, and Docker will let you own a host with one HTTP request. It's a great week to be in vulnerability management. And by great, I mean job security.

Stay paranoid. Stay patched. See you next Friday 🤠