Mastodawn

Fresh IOCs and intel - Our team has identified an active campaign exploiting items associated with two CVEs tied to SolarWinds Web Help Desk (CVE‑2025‑40551 and CVE‑2025‑40536). https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/

Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Security Blog

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.

Microsoft Security Blog