SecurityWeek

Recent SolarWinds Flaws Potentially Exploited as Zero-Days

Attacks targeting SolarWinds Web Help Desk instances in December 2025 might have exploited recently patched vulnerabilities as zero-days.
SecurityWeek

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.
The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

After SolarWinds, The CISO Has Become A Steward Of Trust

The SolarWinds breach reshaped the CISO role—expanding it from technical defense to trust, transparency, and accountability under public scrutiny.

Solarwinds WHD flaws exploited in attacks targeting servers and credentials

Two flaws are being actively used to target multiple organizations.
Microsoft

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain ...
GovInfoSecurity

Breach Roundup: Italy Thwarts Russian Olympic Hacks

This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office.
Redmondmag.com

Microsoft Warns of Active SolarWinds Web Help Desk Exploitation

Microsoft's Defender Security Research Team has observed threat actors actively exploiting internet-exposed SolarWinds Web Help Desk instances in multi-stage intrusions that led to lateral movement ...