SolarWinds is a organization tracked across 40 threat clusters and 63 intelligence report mentions on ThreatCluster. First observed October 23, 2025; most recent activity June 24, 2026.
The Russian Foreign Intelligence Service (SVR) has been exploiting multiple vulnerabilities, including the SolarWinds breach, to compromise U.S. and allied networks. The SolarWinds attack, which began in September 2019,…
The SUNBURST backdoor, discovered by FireEye, exploits trojanized updates to SolarWinds Orion software, affecting numerous public and private organizations globally. The attack vector involves a malicious DLL,…
Between June and December 2025, the Chinese state group Lotus Blossom compromised the shared hosting provider for Notepad++, redirecting update traffic to deliver malicious installers to targeted users. The attackers…
During a House Homeland Security Committee hearing on April 28, 2026, Microsoft faced scrutiny over its handling of security vulnerabilities that contributed to the SolarWinds cyberattack. A ProPublica investigation…
Progress Software has issued urgent advisories regarding critical vulnerabilities in its MOVEit Automation platform, specifically CVE-2026-4670 and CVE-2026-5174. These vulnerabilities allow attackers to bypass…
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway, formerly MobileIron Sentry. The first, CVE-2026-10520, is an OS command injection flaw allowing remote code execution with root…
A critical vulnerability in FFmpeg's MagicYUV decoder, tracked as CVE-2026-8461, allows attackers to exploit heap out-of-bounds writes to crash systems or execute remote code. Discovered by JFrog, the flaw affects a…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a high-severity vulnerability in SolarWinds Serv-U, tracked as CVE-2026-28318. This flaw allows…
The SolarWinds Orion API is vulnerable to an authentication bypass, allowing remote attackers to execute API commands without authentication. This vulnerability, identified as CVE-2020-10148, can be exploited by…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…