Microsoft's Defender Security Research Team has observed threat actors actively exploiting internet-exposed SolarWinds Web Help Desk instances in multi-stage intrusions that led to lateral movement ...

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

Attacks targeting SolarWinds Web Help Desk instances in December 2025 might have exploited recently patched vulnerabilities as zero-days.

SmarterTools says the Warlock ransomware group hacked it through a VM running an unpatched SmarterMail server.

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.

Palo Alto Networks says an Asian cyber espionage campaign breached 70 organizations in 37 countries, targeting government agencies and critical infrastructure.

This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office.

Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the ...

The US cybersecurity watchdog CISA warns of active abuse of a critical vulnerability in SolarWinds Web Help Desk. Government agencies in the United States ...

A US security agency has warned SolarWinds Web Help Desk users that a remote code execution (RCE) vulnerability patched by ...

CISA warns of recently observed attacks on security vulnerabilities in Solarwinds Web Help Desk, FreePBX and Gitlab.

CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV, ordering federal agencies to patch by February 2026 ...