Tag: solarwinds
34 articles

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited
A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

Hackers Actively Exploit SolarWinds Serv-U Flaw to Crash Servers
SolarWinds has issued an emergency hotfix to address a critical flaw in its Serv-U file transfer product, which hackers are actively exploiting to crash servers with specially crafted POST requests. A denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered without authentication, posing a significant threat to users.

SEC Stunning Move Drops SolarWinds Case, Costly Fallout
The SEC’s abrupt request to dismiss its high‑profile lawsuit over the 2020 SolarWinds supply‑chain breach has left investors, technologists and policymakers wondering what it signals about enforcement, deterrence and the limits of cyber regulation. After years of litigation that promised to redefine how securities law treats cybersecurity, the surprising reversal raises urgent questions about accountability and how companies should disclose cyber risk.

Web Help Desk Critical Patch: Must-Have Fix for Risky RCE
SolarWinds has released a third hotfix for a critical CVSS 9.8 RCE in Web Help Desk, forcing admins to weigh urgent patching against potential operational disruption. Verify your version, apply the hotfix, and isolate helpdesk services now to shrink the attack window.

SolarWinds Web Help Desk Urgent Hotfix — Critical Risk
SolarWinds has issued hotfixes for a critical RCE (CVE-2025-26399) in Web Help Desk—if left unpatched attackers could run arbitrary commands on affected systems. Act now: find exposed instances, apply the hotfix immediately, and review logs for any signs of compromise.

software procurement Must-Have Guide: Essential Security
CISA’s new Software Acquisition Guide Web Tool puts buyers back in control of supply‑chain risk with practical checklists, vendor assessment criteria and contract language to make secure software purchasing repeatable and auditable. If adopted thoughtfully, it can turn procurement from a blind spot into a frontline defense—though success will hinge on implementation, resources and market incentives.

Comment Now on Draft SP 800-53 Controls for Secure Patches
Join the conversation on NISTs draft updates to SP 800-53 and discover how these new guidelines can transform your approach to securing software patches—because safeguarding your systems has never been more crucial!

NIST Reveals 19 Essential Steps to Build Zero Trust Architectures
Discover how NIST’s 19 essential steps can help your organization ditch outdated defenses and build a powerful zero trust architecture that continuously verifies every access—keeping cyber threats firmly at bay.

SEC and SolarWinds Reach Settlement in Cyberfraud Case
SEC settles with SolarWinds over cyberfraud allegations, addressing security lapses and enhancing investor protections in the wake of the breach.

The Hidden Weaknesses in AI SOC Tools that No One Talks About
Uncover the overlooked vulnerabilities in AI SOC tools that can jeopardize security. Explore hidden weaknesses and enhance your cybersecurity strategy.

Is Enhanced MOVEit Transfer Scanning Indicating New Threat Trends?
Explore whether Enhanced MOVEit Transfer Scanning signals emerging threat trends and how it impacts data security and risk management.

Ex-NATO Hacker: ‘Cyber Warfare Knows No Ceasefire’
Ex-NATO hacker warns that cyber warfare is relentless and knows no ceasefire, highlighting the ongoing threats in the digital battlefield.

Cyber Command Executive Director Transitions to Anticipated Private Sector Position
Cyber Command’s Executive Director is set to transition to a new role in the private sector, signaling significant changes in leadership.

The Importance of Data-Centric Security in Today’s World
Discover the critical role of data-centric security in protecting sensitive information and ensuring privacy in an increasingly digital world.

White House Prohibits WhatsApp Usage
White House bans WhatsApp use among staff to enhance security and protect sensitive communications from potential foreign interference.

Surge in Supply Chain Attacks Leaves Organizations Unaware of Dependencies
“Explore the rising threat of supply chain attacks and how organizations remain oblivious to their critical dependencies and vulnerabilities.”

Comparing Today’s Pentest Models: The Advantages of Continuous Testing
Explore the benefits of continuous testing in modern pentest models and understand how it enhances security through ongoing vulnerability assessment.

Future Cyber Chief of the White House: Navigating Upcoming Challenges in the U.S
Explore the role of the future Cyber Chief of the White House in tackling emerging cybersecurity challenges and safeguarding national interests.

Water Curse Utilizes 76 GitHub Accounts for Multi-Stage Malware Operation
Discover how the Water Curse group employs 76 GitHub accounts in a sophisticated multi-stage malware operation targeting various victims.

Trump’s CISA Nominee Remains Mired in Confirmation Delays
Trump’s CISA nominee faces ongoing confirmation delays, raising concerns over cybersecurity leadership amid escalating threats and political gridlock.

ISMG Editors: Supply Chain Attacks Are Spiking – Here’s Why
ISMG Editors report a surge in supply chain attacks—exploring the causes and cybersecurity implications driving this alarming trend.

Supply Chain Attacks Really Are Surging
Supply Chain Attacks are surging. Discover emerging tactics, evolving threats, and strategies to effectively safeguard your organization.

SentinelOne Reveals New Insights into a China-Connected Breach Attempt
SentinelOne reveals new insights into a China-connected breach attempt, detailing hacker tactics and identifying critical system vulnerabilities.

Former NSA Advisor Warns of US Infrastructure Collapse Under Cyber Threats
Former NSA advisor warns of an imminent US infrastructure collapse as rising cyber threats expose critical vulnerabilities and national risks.