SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
SolarWinds is associated with software supply-chain security, network management tools, and the 2020 compromise that affected public and private organizations.
Search across headline titles and summaries.
Background for this topic.
SolarWinds is a software company whose IT-management and network-monitoring products are used to administer systems and collect operational data. In security news, the tag commonly covers its products, vulnerabilities, and the 2020 Orion supply-chain compromise, in which attackers inserted malicious code into legitimate software updates; selected downstream customers were then targeted.
The central security concern is that management software often has broad network visibility and administrative access, making its build pipeline, update mechanism, and deployment environment high-value attack surfaces. Organizations should distinguish the Orion compromise from separately reported product vulnerabilities, maintain an inventory of affected versions, apply verified fixes, and restrict management servers’ privileges and outbound communications. Monitoring unusual authentication, remote administration, or connections from management infrastructure can support detection, while threat intelligence and incident response may be needed to assess whether a compromised update was installed and what systems it could reach.
Weekly headline count for the current query.
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
In February 2025, Sophos completed the Secureworks deal and SolarWinds went private
Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges
SolarWinds has discovered and fixed a critical remote code execution vulnerability in Web Help Desk
The SEC allegations against SolarWinds and its CISO over statements made after the 2020 ‘Sunburst’ hack were based on "hindsight and speculation,” said the judge
Hewlett Packard Enterprise reveals that Russian state APT29 hackers stole data from corporate mailboxes
Complaint alleges company overstated security posture and understated risks
In a recent 8-K filing with the SEC, the firm said it reached an agreement with shareholders
The discovery comes from the BlackBerry Research & Intelligence Team
Tim Brown, CISO and VP of security at SolarWinds shared his experiences remediating a major cyber-attack during Mandiant’s mWISE event on October 18, 2022
A panel discussion explained that businesses must transform in order to meet the cyber threats of tomorrow