Cybersecurity Today Critical Cybersecurity Updates: Fortinet, Docker, and Android Malware
4 snips
Feb 4, 2026 A rundown of a widespread Fortinet authentication bypass impacting millions of devices and how attackers maintain persistent access. A critical flaw in Docker's AI assistant that let image metadata trigger hidden actions and possible remote code execution. A stealthy Android malware campaign using Hugging Face to deliver remote access trojans and evade app-store checks.
AI Snips
Chapters
Transcript
Episode notes
FortiCloud SSO Cross-Tenant Risk
- Fortinet's FortiCloud SSO bug let any valid FortiCloud account cross tenant boundaries and access other organizations' devices.
- Attackers created plausible local admin accounts to persist, showing breaches can hide in plain sight.
Patch And Hunt Immediately
- Upgrade affected Fortinet devices to the patched firmware versions immediately to restore FortiCloud SSO functionality safely.
- Review Fortinet's indicators of compromise and hunt for suspicious admin account names listed in the advisory.
AI Assistant Trust Leads To Execution Risk
- Docker's Ask Gordon AI read image metadata and could mistake data for executable instructions, enabling indirect prompt injection.
- The AI's trust within Docker's toolchain allowed those hidden instructions to reach MCP and perform actions with user permissions.