Two flaws are being actively used to target multiple organizations.

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

Attacks targeting SolarWinds Web Help Desk instances in December 2025 might have exploited recently patched vulnerabilities as zero-days.

Microsoft's Defender Security Research Team has observed threat actors actively exploiting internet-exposed SolarWinds Web Help Desk instances in multi-stage intrusions that led to lateral movement ...

CISA warns that a fresh critical-severity SolarWinds vulnerability leading to unauthenticated RCE has been exploited in attacks.

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT and security leaders.

For the second week in a row, SolarWinds has released a patch for a critical vulnerability in its IT help and ticketing software, Web Help Desk (WHD). According to its latest hotfix notice, the issue ...

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. Web Help Desk (WHD) is IT help desk software ...

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.