News

CISA Flags Critical SolarWinds RCE Flaw Actively Exploited in Attacks

Luciano Ferrari

05 Feb 2026 — 2 min read

Thursday, February 5, 2026

Top 5 Cybersecurity Stories You Should Know

CISA Flags Critical SolarWinds RCE Flaw Actively Exploited in Attacks — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical Remote Code Execution (RCE) vulnerability in SolarWinds Web Help Desk, which is currently being exploited in active attacks. Federal agencies have been ordered to patch their systems within three days to mitigate potential risks. Organizations using SolarWinds products should prioritize this update to safeguard against unauthorized access and data breaches. Immediate action is advised to ensure system integrity and protect sensitive information.
↪ https://www.bleepingcomputer.com/
CISA Warns of Active Exploitation of SolarWinds Web Help Desk RCE Vulnerability CVE-2025-40551 — tl;dr: The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a critical remote code execution vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk, which has a CVSS score of 9.8. This vulnerability allows unauthenticated attackers to gain admin-level access to help-desk systems. Discovered by Horizon3.ai, it is part of a set of four critical vulnerabilities patched by SolarWinds. Users are urged to update their systems to version 2026.1 immediately to mitigate risks, especially given the software's widespread use in government and private sectors, including education and healthcare.
↪ https://www.infosecurity-magazine.com/news/solarwinds-web-help-desk/
Critical n8n Flaw CVE-2026-25049 Allows System Command Execution — tl;dr: A critical vulnerability, CVE-2026-25049, has been identified in the n8n workflow automation platform, posing a significant risk of arbitrary system command execution. This flaw arises from inadequate sanitization and affects versions prior to 1.123.17 and 2.5.2. Organizations using n8n are urged to update to the latest versions immediately to mitigate potential exploitation risks. The vulnerability could allow authenticated users to manipulate workflows, leading to severe security breaches. Prompt action is essential to safeguard systems against potential attacks.
↪ https://thehackernews.com/
CISA Alerts on VMware ESXi CVE-2025-22225 0-day Exploited in Ransomware Attacks — tl;dr: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the exploitation of a high-severity 0-day vulnerability (CVE-2025-22225) in VMware ESXi, which allows attackers to escape virtual machine isolation and deploy ransomware. This flaw, part of a trio of vulnerabilities including CVE-2025-22224 and CVE-2025-22226, has been actively exploited since early 2025. Organizations using ESXi 7.0 and 8.0 are urged to apply Broadcom patches immediately and enhance defenses with EDR monitoring and restricted admin privileges to mitigate risks of data theft and infrastructure encryption.
↪ https://cybersecuritynews.com/vmware-esxi-0-day-ransomware-attack/
CVE-2025-6554: Importance of Zero Trust in Chrome Browser Security — tl;dr: The recent Chrome zero-day vulnerability, CVE-2025-6554, highlights the urgent need for enhanced browser security measures. Attackers are increasingly exploiting browser vulnerabilities, often before patches are available, putting sensitive data and business operations at risk. Traditional patching methods are insufficient, prompting experts to advocate for a layered Zero Trust approach to safeguard against such threats. Organizations must prioritize real-time protection solutions, like the Menlo Secure Cloud Browser, to mitigate risks without disrupting user experience. Staying updated and vigilant is crucial for maintaining cybersecurity in an evolving threat landscape.
↪ https://www.linkedin.com/posts/menlo-security_chrome-zero-day-why-browser-security-is-activity-7348477992660070416-sdcJ