{"id":185820,"date":"2026-02-09T11:58:00","date_gmt":"2026-02-09T16:58:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/09\/threat-actors-target-solarwinds-web-help-desk-flaw\/"},"modified":"2026-02-09T12:15:12","modified_gmt":"2026-02-09T17:15:12","slug":"threat-actors-target-solarwinds-web-help-desk-flaw","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/09\/threat-actors-target-solarwinds-web-help-desk-flaw\/","title":{"rendered":"Threat actors target SolarWinds Web Help Desk flaw"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/threat-actors-target-solarwinds-web-help-desk-flaw\/811702\/\">Threat actors target SolarWinds Web Help Desk flaw<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/threat-actors-target-solarwinds-web-help-desk-flaw\/811702\/\">https:\/\/www.cybersecuritydive.com\/news\/threat-actors-target-solarwinds-web-help-desk-flaw\/811702\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-09 11:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Security researchers warn that multiple enterprise customers have been compromised in connection with a critical flaw in SolarWinds Web Help Desk.\u00a0<br \/>\nHuntress Labs said that three customers have been exploited, and hackers are deploying remote assist tools against compromised hosts, according to a blog post released Sunday.\u00a0<br \/>\nThe vulnerability, tracked as CVE-2025-40551, involves deserialization of untrusted data and allows an attacker to achieve remote code execution. Last Tuesday, the Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities catalog, just days after SolarWinds patched the vulnerability.\u00a0<br \/>\nSolarWinds issued an advisory on Jan. 28 warning about the flaw and urged users to upgrade to a patched version. The flaw was previously discovered by researchers at Horizon3.ai.\u00a0<br \/>\nShadowserver on Monday reported about 150 exposed instances of Web Help Desk, a slight decrease from the 170 figure it reported last week.\u00a0<br \/>\nIn one case investigated by Huntress, a hacker deployed Zoho Meetings and Cloudflare to gain persistence and also used a tool called Velociraptor to gain command-and-control capabilities.\u00a0<br \/>\nResearchers said that hackers used the file-hosting service Catbox to stage a remote management tool called Zoho ManageAgent RMM, before switching to hands-on-keyboard activity.\u00a0<br \/>\nHuntress researchers believe a threat group tracked as Storm-2603 is behind the attacks.\u00a0<\/p>\n<p>\u201cNormally, these types of incidents would have led to Warlock ransomware, but in this case, it seems as if the attackers were still in reconnaissance mode, since their main objectives appeared to be to collect system information from as many victims as possible,\u201d Jamie Levy, senior director, adversary tactics, told Cybersecurity Dive.\u00a0<br \/>\nIn a separate case, researchers at Microsoft said hackers deployed a remote monitoring and management tool called Zoho ManageEngine on a compromised system, according to a blog post published Friday.\u00a0<br \/>\nThose researchers were unable to link the activity to CVE-2025-40551 and a security control bypass flaw, tracked as CVE-2025-40536, or a prior flaw, tracked as CVE-2025-26399.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors target SolarWinds Web Help Desk flaw https:\/\/www.cybersecuritydive.com\/news\/threat-actors-target-solarwinds-web-help-desk-flaw\/811702\/ Publish Date: 2026-02-09 11:58:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":185821,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/bATTkUiftW8cXoMlWVRKJiuMLtBmXZj4L-acZEBcP48\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzU0MjA1MDg2XzVLWEFFWFcuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,35,27],"class_list":["post-185820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185820"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=185820"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185820\/revisions"}],"predecessor-version":[{"id":185822,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185820\/revisions\/185822"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/185821"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=185820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=185820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=185820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}