The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.
SecurityWeek

BeyondTrust Patches Critical RCE Vulnerability

BeyondTrust has patched a critical RS and PRA vulnerability leading to unauthenticated remote code execution (RCE) via ...
SecurityWeek

Recent SolarWinds Flaws Potentially Exploited as Zero-Days

Attacks targeting SolarWinds Web Help Desk instances in December 2025 might have exploited recently patched vulnerabilities as zero-days.
The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.