Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data.
The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by Docker with the release of version 4.50.0 in November 2025.
“In DockerDash, a single malicious metadata label in a Docker image can be used to compromise your Docker environment through a simple three-stage attack: Gordon AI reads and interprets the malicious instruction, forwards it to the MCP [Model Context Protocol] Gateway, which then executes it through MCP tools,” Sasi Levi, security research lead at Noma, said in a report shared with The Hacker News.
“Every stage happens with zero validation, taking advantage of current agents and MCP Gateway architecture.”
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html
Link: https://www.securityweek.com/dockerdash-flaw-in-docker-ai-assistant-leads-to-rce-data-theft/
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.
The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad actors to gain unauthorized access to network resources. NTLM was formally deprecated in June 2024 and no longer receives updates.
“NTLM consists of security protocols originally designed to provide authentication, integrity, and confidentiality to users,” Mariam Gewida, Technical Program Manager II at Microsoft, explained. “However, as security threats have evolved, so have our standards to meet modern security expectations. Today, NTLM is susceptible to various attacks, including replay and man-in-the-middle attacks, due to its use of weak cryptography.”
Despite the deprecated status, Microsoft said it continues to find the use of NTLM prevalent in enterprise environments where modern protocols like Kerberos cannot be implemented due to legacy dependencies, network limitations, or ingrained application logic. This, in turn, exposes organizations to security risks, such as replay, relay, and pass-the-hash attacks.
Source: The hacker news / Securityweek / Windows IT PRO blog
Link: https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html
Link: https://www.securityweek.com/microsoft-moves-closer-to-disabling-ntlm/
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.
The critical-severity vulnerabilities are listed below –
- CVE-2026-1281 (CVSS score: 9.8) – A code injection allowing attackers to achieve unauthenticated remote code execution
- CVE-2026-1340 (CVSS score: 9.8) – A code injection allowing attackers to achieve unauthenticated remote code execution
However, it bears noting that the RPM patch does not survive a version upgrade and must be reapplied if the appliance is upgraded to a new version. The vulnerabilities will be permanently addressed in EPMM version 12.8.0.0, which will be released later in Q1 2026.
Source: The hacker news / Bleeping computer / Securityweek / Ivanti security advisory
Link: https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
Link: https://www.securityweek.com/ivanti-patches-exploited-epmm-zero-days/
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).
The list of vulnerabilities is as follows –
- CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality
- CVE-2025-40537 (CVSS score: 7.5) – A hard-coded credentials vulnerability that could allow access to administrative functions using the “client” user account
- CVE-2025-40551 (CVSS score: 9.8) – An untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an unauthenticated attacker to run commands on the host machine
- CVE-2025-40552 (CVSS score: 9.8) – An authentication bypass vulnerability that could allow an unauthenticated attacker to execute actions and methods
- CVE-2025-40553 (CVSS score: 9.8) – An untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an unauthenticated attacker to run commands on the host machine
- CVE-2025-40554 (CVSS score: 9.8) – An authentication bypass vulnerability that could allow an attacker to invoke specific actions within Web Help Desk
While Jimi Sebree from Horizon3.ai has been credited with discovering and reporting the first three vulnerabilities, watchTowr’s Piotr Bazydlo has been acknowledged for the remaining three flaws. All the issues have been addressed in WHD 2026.1.
Source: The hacker news / Bleeping computer / Securityweek / Infosecurity magazine / horizon3 blog
Link: https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html
Link: https://www.securityweek.com/solarwinds-patches-critical-web-help-desk-vulnerabilities/
Link: https://www.securityweek.com/fresh-solarwinds-vulnerability-exploited-in-attacks/
Link: https://www.infosecurity-magazine.com/news/solarwinds-web-help-desk/