InfoSecBulletin Cybersecurity for mankind
CISA announced on Tuesday that a security flaw in SolarWinds Web Help Desk is now listed in its Known Exploited Vulnerabilities catalog, indicating it is actively being targeted in attacks.
The vulnerability, CVE-2025-40551 (CVSS score: 9.8), allows untrusted data deserialization that could enable remote code execution.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Web Help Desk is widely used by government agencies, large corporations, healthcare organizations, and schools. SolarWinds reports over 300,000 customers globally for its IT management products.
SolarWinds released fixes for a vulnerability last week, including CVE-2025-40536 (CVSS 8.1), CVE-2025-40537 (CVSS 7.5), CVE-2025-40552 (CVSS 9.8), CVE-2025-40553 (CVSS 9.8), and CVE-2025-40554 (CVSS 9.8), in WHD version 2026.1.
There are no public reports on how the vulnerability is being used in attacks, who the targets are, or the scale of these efforts. This highlights how fast threat actors exploit newly revealed flaws.
Also added to the KEV catalog are three other vulnerabilities:
CVE-2019-19006 (CVSS score: 9.8): A vulnerability in Sangoma FreePBX that lets unauthorized users access services without a password.
CVE-2025-64328 (CVSS score: 8): An OS command injection vulnerability in Sangoma FreePBX allows authenticated users to execute commands through the testconnection -> check_ssh_connect() function, potentially gaining remote access as an asterisk user.
CVE-2021-39935 (CVSS score: 7.5/6.8): A security flaw in GitLab that lets unauthorized users make requests to external servers through the CI Lint API.
GreyNoise reported the exploitation of CVE-2021-39935 in March 2025, amid increasing SSRF vulnerability abuses across platforms like DotNetNuke, Zimbra, VMware vCenter, DocumentLocator, BerriAI LiteLLM, and Ivanti Connect Secure.
