Skip to main content

Tag: solarwinds

34 articles

Networked server equipment and cabling in a brightly-lit data center with a blurred background.

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited

A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

Analyst 207
Server room with networked equipment and a single server in the foreground.

Hackers Actively Exploit SolarWinds Serv-U Flaw to Crash Servers

SolarWinds has issued an emergency hotfix to address a critical flaw in its Serv-U file transfer product, which hackers are actively exploiting to crash servers with specially crafted POST requests. A denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered without authentication, posing a significant threat to users.

Analyst 207
SEC Stunning Move Drops SolarWinds Case, Costly Fallout

SEC Stunning Move Drops SolarWinds Case, Costly Fallout

The SEC’s abrupt request to dismiss its high‑profile lawsuit over the 2020 SolarWinds supply‑chain breach has left investors, technologists and policymakers wondering what it signals about enforcement, deterrence and the limits of cyber regulation. After years of litigation that promised to redefine how securities law treats cybersecurity, the surprising reversal raises urgent questions about accountability and how companies should disclose cyber risk.

Analyst 207
Web Help Desk Critical Patch: Must-Have Fix for Risky RCE

Web Help Desk Critical Patch: Must-Have Fix for Risky RCE

SolarWinds has released a third hotfix for a critical CVSS 9.8 RCE in Web Help Desk, forcing admins to weigh urgent patching against potential operational disruption. Verify your version, apply the hotfix, and isolate helpdesk services now to shrink the attack window.

Analyst 207
SolarWinds Web Help Desk Urgent Hotfix — Critical Risk

SolarWinds Web Help Desk Urgent Hotfix — Critical Risk

SolarWinds has issued hotfixes for a critical RCE (CVE-2025-26399) in Web Help Desk—if left unpatched attackers could run arbitrary commands on affected systems. Act now: find exposed instances, apply the hotfix immediately, and review logs for any signs of compromise.

Analyst 207
software procurement Must-Have Guide: Essential Security

software procurement Must-Have Guide: Essential Security

CISA’s new Software Acquisition Guide Web Tool puts buyers back in control of supply‑chain risk with practical checklists, vendor assessment criteria and contract language to make secure software purchasing repeatable and auditable. If adopted thoughtfully, it can turn procurement from a blind spot into a frontline defense—though success will hinge on implementation, resources and market incentives.

Analyst 207
Comment Now on Draft SP 800-53 Controls for Secure Patches

Comment Now on Draft SP 800-53 Controls for Secure Patches

Join the conversation on NISTs draft updates to SP 800-53 and discover how these new guidelines can transform your approach to securing software patches—because safeguarding your systems has never been more crucial!

Analyst 207
NIST Reveals 19 Essential Steps to Build Zero Trust Architectures

NIST Reveals 19 Essential Steps to Build Zero Trust Architectures

Discover how NIST’s 19 essential steps can help your organization ditch outdated defenses and build a powerful zero trust architecture that continuously verifies every access—keeping cyber threats firmly at bay.

Analyst 207
SEC and SolarWinds Reach Settlement in Cyberfraud Case

SEC and SolarWinds Reach Settlement in Cyberfraud Case

SEC settles with SolarWinds over cyberfraud allegations, addressing security lapses and enhancing investor protections in the wake of the breach.

Analyst 207
The Hidden Weaknesses in AI SOC Tools that No One Talks About

The Hidden Weaknesses in AI SOC Tools that No One Talks About

Uncover the overlooked vulnerabilities in AI SOC tools that can jeopardize security. Explore hidden weaknesses and enhance your cybersecurity strategy.

Analyst 207
Is Enhanced MOVEit Transfer Scanning Indicating New Threat Trends?

Is Enhanced MOVEit Transfer Scanning Indicating New Threat Trends?

Explore whether Enhanced MOVEit Transfer Scanning signals emerging threat trends and how it impacts data security and risk management.

Analyst 207
Ex-NATO Hacker: ‘Cyber Warfare Knows No Ceasefire’

Ex-NATO Hacker: ‘Cyber Warfare Knows No Ceasefire’

Ex-NATO hacker warns that cyber warfare is relentless and knows no ceasefire, highlighting the ongoing threats in the digital battlefield.

Analyst 207
Cyber Command Executive Director Transitions to Anticipated Private Sector Position

Cyber Command Executive Director Transitions to Anticipated Private Sector Position

Cyber Command’s Executive Director is set to transition to a new role in the private sector, signaling significant changes in leadership.

Analyst 207
The Importance of Data-Centric Security in Today’s World

The Importance of Data-Centric Security in Today’s World

Discover the critical role of data-centric security in protecting sensitive information and ensuring privacy in an increasingly digital world.

Analyst 207
White House Prohibits WhatsApp Usage

White House Prohibits WhatsApp Usage

White House bans WhatsApp use among staff to enhance security and protect sensitive communications from potential foreign interference.

Analyst 207
Surge in Supply Chain Attacks Leaves Organizations Unaware of Dependencies

Surge in Supply Chain Attacks Leaves Organizations Unaware of Dependencies

“Explore the rising threat of supply chain attacks and how organizations remain oblivious to their critical dependencies and vulnerabilities.”

Analyst 207
Comparing Today’s Pentest Models: The Advantages of Continuous Testing

Comparing Today’s Pentest Models: The Advantages of Continuous Testing

Explore the benefits of continuous testing in modern pentest models and understand how it enhances security through ongoing vulnerability assessment.

Analyst 207
Future Cyber Chief of the White House: Navigating Upcoming Challenges in the U.S

Future Cyber Chief of the White House: Navigating Upcoming Challenges in the U.S

Explore the role of the future Cyber Chief of the White House in tackling emerging cybersecurity challenges and safeguarding national interests.

Analyst 207
Water Curse Utilizes 76 GitHub Accounts for Multi-Stage Malware Operation

Water Curse Utilizes 76 GitHub Accounts for Multi-Stage Malware Operation

Discover how the Water Curse group employs 76 GitHub accounts in a sophisticated multi-stage malware operation targeting various victims.

Analyst 207
Trump’s CISA Nominee Remains Mired in Confirmation Delays

Trump’s CISA Nominee Remains Mired in Confirmation Delays

Trump’s CISA nominee faces ongoing confirmation delays, raising concerns over cybersecurity leadership amid escalating threats and political gridlock.

Analyst 207
ISMG Editors: Supply Chain Attacks Are Spiking – Here’s Why

ISMG Editors: Supply Chain Attacks Are Spiking – Here’s Why

ISMG Editors report a surge in supply chain attacks—exploring the causes and cybersecurity implications driving this alarming trend.

Analyst 207
Supply Chain Attacks Really Are Surging

Supply Chain Attacks Really Are Surging

Supply Chain Attacks are surging. Discover emerging tactics, evolving threats, and strategies to effectively safeguard your organization.

Analyst 207
SentinelOne Reveals New Insights into a China-Connected Breach Attempt

SentinelOne Reveals New Insights into a China-Connected Breach Attempt

SentinelOne reveals new insights into a China-connected breach attempt, detailing hacker tactics and identifying critical system vulnerabilities.

Analyst 207
Former NSA Advisor Warns of US Infrastructure Collapse Under Cyber Threats

Former NSA Advisor Warns of US Infrastructure Collapse Under Cyber Threats

Former NSA advisor warns of an imminent US infrastructure collapse as rising cyber threats expose critical vulnerabilities and national risks.

Analyst 207