InfoSecBulletin Cybersecurity for mankind
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that hackers are using a newly fixed serious SolarWinds Serv-U problem to crash servers.
SolarWinds put out Serv-U 15.5.4 Hotfix 1 on Thursday to fix a denial-of-service problem (known as CVE-2026-28318). They said it comes from a weak point in resource use.
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
“SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,” the company said.
Remote attackers can use the security weakness without needing permissions in simple attacks that don’t need user action.
SolarWinds told admins that if they can’t install the patch right away, they should restrict access to trusted addresses and block any POST requests with “content-encoding.” The Serv-U service doesn’t need this feature. Shodan is tracking more than 12,000 Serv-U servers online, while Shadowserver has tracked over 3,100, but it’s not clear how many have been updated.
Days after SolarWinds fixed the problem, CISA said it was being exploited online. They added it to the Known Exploited Vulnerabilities Catalog and told all Federal Civilian Executive Branch agencies to update their servers by June 19 to stop attacks, as stated in Binding Operational Directive (BOD) 22-01.
BOD 22-01 is for U.S. government agencies only, but the cybersecurity agency asked everyone, including private companies, to protect their networks from ongoing CVE-2026-28318 attacks quickly.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
In recent years, many cybercriminals and state-sponsored hackers have looked for weaknesses in Serv-U to steal important company and customer information. For example, the Clop ransomware group used a Serv-U flaw (CVE-2021-35211) to break into company networks in a campaign in 2021. Chinese hackers called DEV-0322 also used CVE-2021-35211 in surprise attacks that began in July 2021.
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
