ALL POSTS

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer Timothy G. Brown. The SEC alleged in 2023 that SolarWinds and Brown had misled investors about the security practices that led to the 2020 supply chain attack, which was attributed to a Russian state-sponsored threat actor. However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the South