Digital Combat Zone: Zero-Day Blitz Hits Windows, Fortinet, and Adobe

The Perimeter is Breached

We are under a sustained, multi-front assault. A security researcher has just dropped the BlueHammer zero-day exploit code, leaving over a billion Windows users exposed without a patch Yahoo News UK. This isn't a theoretical exercise; the code is public, and the Microsoft Security Response Centre has yet to issue a fix. Simultaneously, Fortinet is scrambling to contain CVE-2026-35616, a critical flaw in FortiClient EMS with a devastating 9.8 severity rating CyberScoop. Attackers are already using this to send crafted requests to vulnerable systems, gaining full control without needing a single password.

No Clicks Required

If you think you are safe because you don't click suspicious links, think again. A sophisticated Adobe Reader zero-day has been active since December 2025, executing malicious code the moment a PDF is opened Yahoo News Singapore. This exploit uses highly hidden JavaScript to bypass the latest security environments, stealing local file data and system details GIGAZINE. Intelligence suggests these attacks are currently using Russian-language lures related to the oil and gas sector to bait high-value targets.

Tactical Directives

This is a high-velocity threat landscape where groups like Storm-1175 are weaponising flaws faster than vendors can disclose them Dark Reading. You must act now:

• Fortinet Users: Apply the emergency hotfixes for versions 7.4.5 and 7.4.6 immediately. Verify the installation manually SecurityWeek.
• Adobe Reader: Treat every PDF as a potential payload. Disable JavaScript in your PDF reader settings until a formal patch is verified.
• Windows Systems: Monitor for unusual administrative activity. With BlueHammer exploit code in the wild, the 'wait and see' approach is a death sentence for your data.