InfoSecBulletin Cybersecurity for mankind
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that hackers are using a newly fixed serious SolarWinds Serv-U problem to crash servers.
SolarWinds put out Serv-U 15.5.4 Hotfix 1 on Thursday to fix a denial-of-service problem (known as CVE-2026-28318). They said it comes from a weak point in resource use.
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
“SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,” the company said.
Remote attackers can use the security weakness without needing permissions in simple attacks that don’t need user action.
SolarWinds told admins that if they can’t install the patch right away, they should restrict access to trusted addresses and block any POST requests with “content-encoding.” The Serv-U service doesn’t need this feature. Shodan is tracking more than 12,000 Serv-U servers online, while Shadowserver has tracked over 3,100, but it’s not clear how many have been updated.
Days after SolarWinds fixed the problem, CISA said it was being exploited online. They added it to the Known Exploited Vulnerabilities Catalog and told all Federal Civilian Executive Branch agencies to update their servers by June 19 to stop attacks, as stated in Binding Operational Directive (BOD) 22-01.
BOD 22-01 is for U.S. government agencies only, but the cybersecurity agency asked everyone, including private companies, to protect their networks from ongoing CVE-2026-28318 attacks quickly.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
In recent years, many cybercriminals and state-sponsored hackers have looked for weaknesses in Serv-U to steal important company and customer information. For example, the Clop ransomware group used a Serv-U flaw (CVE-2021-35211) to break into company networks in a campaign in 2021. Chinese hackers called DEV-0322 also used CVE-2021-35211 in surprise attacks that began in July 2021.
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
