#solarwinds

[ follow ]
#remote-code-execution #web-help-desk #cybersecurity #deserialization #cisa-kev #cve-2025-40551
fromComputerWeekly.com
2 weeks ago

SolarWinds RCE bug makes Cisa list as exploitation spreads | Computer Weekly

Attackers don't always need 'zero-day' magic when they can just lean on reliable, low-complexity techniques like deserialisation. These flaws get buried in trusted, boring platforms like help desks, and that's exactly why they're so dangerous,
Information security
#cve-2025-40551
fromTheregister
2 weeks ago
Information security

Critical SolarWinds Web Help Desk bug under attack

Attackers exploit SolarWinds Web Help Desk deserialization flaw CVE-2025-40551 enabling remote code execution; federal agencies given a three-day emergency patch deadline.
fromThe Hacker News
2 weeks ago
Information security

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

A critical untrusted-data deserialization vulnerability in SolarWinds Web Help Desk (CVE-2025-40551) enables unauthenticated remote code execution and is actively exploited.
Information security
fromThe Hacker News
2 weeks ago

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

A critical untrusted-data deserialization vulnerability in SolarWinds Web Help Desk (CVE-2025-40551) enables unauthenticated remote code execution and is actively exploited.
more#cve-2025-40551
#web-help-desk
more#web-help-desk
#sec
more#sec
fromTechzine Global
2 months ago

SolarWinds lawsuit dropped: CISOs can breathe a sigh of relief

A lawsuit brought by the US Securities & Exchange Commission (SEC) against SolarWinds has been dropped. The legal fire was also directed at the company's CISO, Timothy G. Brown. Brown's alleged personal responsibility will now not be determined in court. It therefore appears that CISOs have less to fear from the law than previously thought. CISOs are responsible for securing their company's IT infrastructure.
Information security
Information security
fromNextgov.com
2 months ago

SEC to drop high-profile SolarWinds hack lawsuit

The SEC dismissed its lawsuit accusing SolarWinds and its CISO of misleading investors about cybersecurity weaknesses related to the Sunburst breach.
Information security
fromTheregister
2 months ago

SEC bails on SolarWinds lawsuit

The SEC has dismissed its civil enforcement lawsuit against SolarWinds and its CISO over alleged misleading security practices tied to the 2020 SUNBURST supply-chain attack.
[ Load more ]