SolarWinds WHD Under Active Attack via January Zero‑Days
🔒 Analysis by Huntress shows SolarWinds Web Help Desk instances are being actively exploited through a chain of zero‑day and previously disclosed deserialization flaws from late 2025 and January. The incidents combine two January zero‑days—CVE-2025-40551 (deserialization RCE) and CVE-2025-40536 (authentication bypass)—with the earlier CVE-2025-26399. Organizations should urgently upgrade to WHD 2026.1, follow SolarWinds' release notes, reset service and admin credentials, and treat any unexpected Velociraptor, Cloudflared, or Zoho Assist activity and silent MSI installations as indicators of compromise.
