VulnHub

Hackers are exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to gain unauthorized access to systems. This allows them to execute code on affected machines, deploying legitimate forensic tools like Velociraptor to maintain persistence and enable remote control. Organizations using SolarWinds WHD should be particularly vigilant, as these vulnerabilities can lead to serious security breaches. The situation underscores the need for companies to regularly update and patch their systems to protect against such attacks. Users of the software must act quickly to ensure their environments are secure.

SmarterTools has reported that its network was breached by the Warlock ransomware gang, which gained access through a vulnerability in the company's email system. Fortunately, this incident did not compromise any business applications or account data, meaning that sensitive user information remains secure. However, the breach raises concerns about the security of email systems and the potential for ransomware attacks targeting software vulnerabilities. Organizations using SmarterTools should review their email security practices and ensure they are employing appropriate safeguards against such threats. This incident serves as a reminder that even established software can have weaknesses that attackers might exploit.

VoidLink is a newly identified Linux-based command-and-control (C2) framework that is designed to facilitate credential theft and data exfiltration across multiple cloud platforms. This malware allows attackers to gain unauthorized access to sensitive information, posing a significant risk to organizations that rely on cloud services. As it targets systems in a multi-cloud environment, companies using cloud storage and applications are particularly vulnerable. The presence of AI code within VoidLink suggests that it may employ advanced techniques to evade detection and enhance its operational capabilities. This development is concerning for cybersecurity professionals, as it indicates a growing sophistication in the tools used by cybercriminals.

In December 2025, vulnerabilities in SolarWinds Web Help Desk instances were exploited, allowing attackers to gain initial access to compromised systems. This incident raises concerns for organizations using SolarWinds products, as it indicates that these flaws may have been leveraged as zero-day exploits. Such vulnerabilities can lead to unauthorized access and potential data breaches, making it crucial for affected companies to address these security gaps promptly. Users should be vigilant and monitor their systems for unusual activity while applying any available patches or updates. The incident serves as a reminder of the ongoing risks associated with third-party software vulnerabilities.

Huntress has reported an ongoing attack exploiting vulnerabilities in SolarWinds Web Help Desk software. Attackers are targeting unpatched versions of this tool to execute remote code, which allows them to install Zoho ManageEngine software for persistent access and Velociraptor for control over compromised systems. This incident was confirmed on February 7, 2026, and it raises significant concerns for organizations that rely on SolarWinds products, as it highlights the risks associated with unaddressed software vulnerabilities. Companies using this software should prioritize patching to safeguard against these exploits and prevent unauthorized access to their systems.

SmarterTools has reported a ransomware attack that compromised a data center used for quality control testing. The breach occurred due to a vulnerability in one of SmarterTools' own products, which allowed hackers to infiltrate their systems. As a result, customers have been affected, although specific details on the extent of the impact have not been disclosed. This incident raises concerns about the security of software products, especially those used in business environments. Companies using SmarterTools' services should review their security measures and remain vigilant for any unusual activity.

BeyondTrust has addressed a serious remote code execution vulnerability, identified as CVE-2026-1731, which affects its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This vulnerability can be exploited without authentication, making it particularly dangerous for self-hosted customers. BeyondTrust is urging users to apply the patch immediately to protect their systems. Unlike a previous zero-day vulnerability exploited by threat actors linked to China, this issue was discovered by a security researcher and disclosed privately. The prompt action by BeyondTrust highlights the necessity for timely vulnerability management in remote access tools, which are critical for many organizations.

BridgePay, a payments platform based in Florida, has confirmed that its services are currently offline due to a ransomware attack. While the company has been affected by this incident, it has reassured users that no card data has been compromised during the attack. The disruption highlights the ongoing risks that payment processing companies face from cybercriminals. As users rely on these platforms for financial transactions, the incident raises concerns about the security measures in place to protect sensitive information. BridgePay is working to restore its services while ensuring the safety of its users' data.